Spring Security lgoin 始终重定向到身份验证失败 URL

 <http auto-config="true">
     <form-login login-page='/home.jsp?OPS=9999' default-target-url='/secure/user.jsp' always-use-default-target='true' />
     <logout logout-success-url="/home.jsp" logout-url="/j_spring_security_logout" />
 </http>
<authentication-provider>
    <jdbc-user-service data-source-ref="Application.DataSource2" users-by-username-query="select USERNAME, PASSWORD from USER where lower(USERNAME) = lower(?)"/>
</authentication-provider>

我建议再添加一个intercept-url。它应该如下所示：

<http auto-config="true" 
      use-expressions="true"
      disable-url-rewriting="true">
    <intercept-url pattern="/home.jsp**" access="isAnonymous()"/>
    <intercept-url pattern="/secure/extreme/**" access="hasRole('ROLE_OPERATOR')" />
    <intercept-url pattern="/secure/**" access="hasRole('ROLE_USER')" />
    <intercept-url pattern="/**" access="isAuthenticated()" />
    <form-login login-page='/home.jsp?OPS=9999' default-target-url='/secure/user.jsp' always-use-default-target='true' />
    <logout logout-success-url="/home.jsp" logout-url="/j_spring_security_logout" />
</http>

尝试通过创建 Bean like，将身份验证提供程序设置为身份验证管理器。

<authentication-manager>
    <authentication-provider user-service-ref="userDetailsService" />
</authentication-manager>
<beans:bean id="userDetailsService" class="org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl">
    <property name="usersByUsernameQuery" value="select USERNAME, PASSWORD, 1 from USER where lower(USERNAME) = lower(?)"/>
    <property name="authoritiesByUsernameQuery" value="SELECT USERNAME, ROLE as authorities FROM USER u, USER_ROLE ur, ROLE r WHERE u.ID = ur.USER_ID AND ur.ROLE_ID = r.ID AND lower(USERNAME) = lower(?)" />
    <property name="dataSource" ref="Application.DataSource2" />
</beans:bean>

意识到 applicationContext-security xml 文件中的用户按用户名查询缺少启用的列，基本上 Spring security 期望语句中有 3 列，而我缺少启用列。

所以正确的 SQL 语句应该是："从用户中选择用户名、密码、状态，其中更低（用户名）= 更低（？）"

状态列的类型为布尔值。（1=启用，0=禁用）

希望它能帮助那里的人:)

感谢大家的帮助！