Spring security does not work

0
votes

I am getting an error when I try to login (or, when I abort the HTTP Basic dialog with escape)

HTTP Status 401 - PreparedStatementCallback; bad SQL grammar [select username,authority from authorities where username = ?]; nested exception is org.postgresql.util.PSQLException: ERROR: relation "authorities" does not exist Position: 32

However, shouldn't it be enough with the two query attributes below when I want to use group based security? Do I need to define query for this attribute to? authorities-by-username-query="" Why isn't it working?

<security:authentication-manager>
    <security:authentication-provider>
        <security:jdbc-user-service data-source-ref="dataSource"
                                    users-by-username-query="..."
                                    group-authorities-by-username-query="..." />
    </security:authentication-provider>
</security:authentication-manager>

Source from JdbcDaoImpl:

if (enableAuthorities) {
    dbAuthsSet.addAll(loadUserAuthorities(user.getUsername()));
}

if (enableGroups) {
    dbAuthsSet.addAll(loadGroupAuthorities(user.getUsername()));
}
1
javaspringjakarta-eespring-mvcspring-security
Bad SQL grammar has nothing to do with Spring Security. Check what your tables and columns are called. - Sotirios Delimanolis
"...relation "authorities" does not exist " should tell you what you need to know. - Jim Garrison
Uhh, why would I need it when I AM USING GROUP BASED AUTHENTICATION? After reading the documentation it seems like you shouldn't need it. - LuckyLuke
@SotiriosDelimanolis Can't find a sentence in my question where I state that either, I was wondering why I need it. - LuckyLuke
@LuckyLuke I don't know Spring security, but it seems to me like it's trying to connect to a database expecting a table which you don't have. What is the required Spring security config? - Sotirios Delimanolis

1 Answers

0
votes

Is the problem that enableGroups is still set to false? It doesn't seem like there's a way to configure that using the jdbc-user-service element in the namespace configuration. The Spring JIRA issue SEC-1625 seems to confirm this.

Try declaring the JdbcDaoImpl instance as a bean instead.