Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Spring security : java.sql.SQLException: Column Index out of range, 3 > 2

I'm using spring 4 and I want to use spring security 3 to control my login form. So I have the following tables in database :

users table :

CREATE TABLE IF NOT EXISTS `users` (
  id INT(11) NOT NULL AUTO_INCREMENT,
  name VARCHAR(45) NOT NULL,
  password VARCHAR(45) NOT NULL,
  email VARCHAR(45) NOT NULL,
  enabled TINYINT NOT NULL DEFAULT 1 ,
  PRIMARY KEY (id),
  UNIQUE KEY uni_name_email_key (name, email)
  )ENGINE = InnoDB;

roles table :

CREATE TABLE IF NOT EXISTS `roles` (
  id INT(11) NOT NULL AUTO_INCREMENT,
  name VARCHAR(45) NOT NULL,
  PRIMARY KEY (id),
  UNIQUE KEY uni_name_id_role (name)
  )ENGINE = InnoDB;

And users_roles

CREATE TABLE IF NOT EXISTS `users_roles` (
  id INT(11) NOT NULL AUTO_INCREMENT,
  user_id INT(11) NOT NULL ,
  role_id INT(11) NOT NULL ,
  PRIMARY KEY (id),
  UNIQUE KEY uni_user_role_key (user_id,role_id),
  CONSTRAINT fk_user_id FOREIGN KEY (user_id) REFERENCES users (id),
  CONSTRAINT fk_role_id FOREIGN KEY (role_id) REFERENCES roles (id)
  ON DELETE NO ACTION
  ON UPDATE NO ACTION
)ENGINE = InnoDB;

My spring-security config file has the following lines :

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
             xmlns:beans="http://www.springframework.org/schema/beans"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xsi:schemaLocation="http://www.springframework.org/schema/beans
           http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
           http://www.springframework.org/schema/security
           http://www.springframework.org/schema/security/spring-security.xsd">

    <http use-expressions="true">
        <intercept-url pattern="/users**" access="hasRole('ROLE_ADMIN')" />
        <intercept-url pattern="/users/ **" access="hasRole('ROLE_ADMIN')" />
        <intercept-url pattern="/roles **" access="hasRole('ROLE_ADMIN')" />
        <intercept-url pattern="/roles/ **" access="hasRole('ROLE_ADMIN')" />
        <form-login login-page='/login'/>
        <logout logout-url="/logout"/>
        <logout />
    </http>

    <authentication-manager>
        <authentication-provider>
            <jdbc-user-service data-source-ref="dataSource"
                users-by-username-query="select users.name, roles.name from users
                    join users_roles on users.id = users_roles.user_id
                    join roles on users_roles.role_id = roles.id
                    where users.name = ?"
                authorities-by-username-query="select users.name, users.password , 1
                    from users where users.name = ?" />
        </authentication-provider>
    </authentication-manager>

</beans:beans>

When i try to connect i have the following error :

> 2014-12-31 20:35:21 ERROR UsernamePasswordAuthenticationFilter:218 -
> An internal error occurred while trying to authenticate the user.
> org.springframework.security.authentication.InternalAuthenticationServiceException:
> PreparedStatementCallback; SQL [select users.name, roles.name from
> users join users_roles on users.id = users_roles.user_id join roles on
> users_roles.role_id = roles.id where users.name = ?]; Column Index out
> of range, 3 > 2. ; nested exception is java.sql.SQLException: Column
> Index out of range, 3 > 2.    at
> org.springframework.security.authentication.dao.DaoAuthenticationProvider.retrieveUser(DaoAuthenticationProvider.java:110)
>   at
> org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:132)
>   at
> org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156)
>   at
> org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:177)
>   at
> org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter.attemptAuthentication(UsernamePasswordAuthenticationFilter.java:94)
>   at
> org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:211)
>   at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
>   at
> org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:110)
>   at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
>   at
> org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
>   at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
>   at
> org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
>   at
> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
>   at
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:344)
>   at
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:261)
>   at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
>   at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>   at
> org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88)
>   at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
>   at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
>   at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>   at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
>   at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
>   at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
>   at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
>   at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
>   at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
>   at
> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:861)
>   at
> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:606)
>   at
> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
>   at java.lang.Thread.run(Thread.java:745) Caused by:
> org.springframework.dao.TransientDataAccessResourceException:
> PreparedStatementCallback; SQL [select users.name, roles.name from
> users join users_roles on users.id = users_roles.user_id join roles on
> users_roles.role_id = roles.id where users.name = ?]; Column Index out
> of range, 3 > 2. ; nested exception is java.sql.SQLException: Column
> Index out of range, 3 > 2.    at
> org.springframework.jdbc.support.SQLStateSQLExceptionTranslator.doTranslate(SQLStateSQLExceptionTranslator.java:108)
>   at
> org.springframework.jdbc.support.AbstractFallbackSQLExceptionTranslator.translate(AbstractFallbackSQLExceptionTranslator.java:73)
>   at
> org.springframework.jdbc.support.AbstractFallbackSQLExceptionTranslator.translate(AbstractFallbackSQLExceptionTranslator.java:81)
>   at
> org.springframework.jdbc.support.AbstractFallbackSQLExceptionTranslator.translate(AbstractFallbackSQLExceptionTranslator.java:81)
>   at
> org.springframework.jdbc.core.JdbcTemplate.execute(JdbcTemplate.java:660)
>   at
> org.springframework.jdbc.core.JdbcTemplate.query(JdbcTemplate.java:695)
>   at
> org.springframework.jdbc.core.JdbcTemplate.query(JdbcTemplate.java:727)
>   at
> org.springframework.jdbc.core.JdbcTemplate.query(JdbcTemplate.java:737)
>   at
> org.springframework.jdbc.core.JdbcTemplate.query(JdbcTemplate.java:787)
>   at
> org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl.loadUsersByUsername(JdbcDaoImpl.java:192)
>   at
> org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl.loadUserByUsername(JdbcDaoImpl.java:151)
>   at
> org.springframework.security.authentication.dao.DaoAuthenticationProvider.retrieveUser(DaoAuthenticationProvider.java:102)
>   ... 30 more Caused by: java.sql.SQLException: Column Index out of
> range, 3 > 2.     at
> com.mysql.jdbc.SQLError.createSQLException(SQLError.java:996)     at
> com.mysql.jdbc.SQLError.createSQLException(SQLError.java:935)     at
> com.mysql.jdbc.SQLError.createSQLException(SQLError.java:924)     at
> com.mysql.jdbc.SQLError.createSQLException(SQLError.java:870)     at
> com.mysql.jdbc.ResultSetImpl.checkColumnBounds(ResultSetImpl.java:758)
>   at com.mysql.jdbc.ResultSetImpl.getBoolean(ResultSetImpl.java:1503)
>   at
> org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl$1.mapRow(JdbcDaoImpl.java:196)
>   at
> org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl$1.mapRow(JdbcDaoImpl.java:192)
>   at
> org.springframework.jdbc.core.RowMapperResultSetExtractor.extractData(RowMapperResultSetExtractor.java:93)
>   at
> org.springframework.jdbc.core.RowMapperResultSetExtractor.extractData(RowMapperResultSetExtractor.java:60)
>   at
> org.springframework.jdbc.core.JdbcTemplate$1.doInPreparedStatement(JdbcTemplate.java:708)
>   at
> org.springframework.jdbc.core.JdbcTemplate.execute(JdbcTemplate.java:644)
>   ... 37 more

Could you please tell me what's wrong in my configuration ?

Thank you

like image 643
helTech Avatar asked Dec 31 '14 19:12

helTech


2 Answers

The users-by-username-query and authorities-by-username-query are mixed up. Move the first SQL query to the second and vice versa.

Maybe you want to change 1 to users.enabled too.

like image 68
holmis83 Avatar answered Nov 12 '22 04:11

holmis83


This error is because of column missing. The PreparedStatement is looking for 3 columns to get the 3 values and it finds only 2.

The users-by-username-query and authorities-by-username-query required 3 columns in select.

like image 38
Atul Avatar answered Nov 12 '22 04:11

Atul