Spring Security: jdbc-user-query, PreparedStatementCallback

Question

I got a problem with my query but I don't know what has caused it so I need your help =)

I got the following exception:

PreparedStatementCallback; bad SQL grammar [select USERNAME as username, PASSWORD as password, from ams.user where USERNAME=?]; nested exception is com.mysql.jdbc.exceptions.MySQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'from ams.user where USERNAME='admin'' at line 1

Here's my login.jsp:

<div class="box">

    <h1><spring:message code="login.description" /></h1>
    <br/>

    <form name='f' action="<c:url value='j_spring_security_check' />" method='POST'>                    
        <ol>
            <li>
                <label><spring:message code="user.user" />:</label>
                <em><img src="images/star_red.png" alt="required"></img></em>   
                <input type='text' name='j_username'>
            </li>
            <li>
                <label><spring:message code="user.password" />:</label>
                <em><img src="images/star_red.png" alt="required"></img></em>   
                <input type='password' name='j_password' />
            </li>
            <li>
                <label>&ensp;</label>
                <input type='hidden' name='remember_me' id="remember_hidden" value="false"/>
                <input type='checkbox' id='remember_checkbox' onchange="toggleRememberMe()" class="checkbox"/>
                <spring:message code="login.remember" />
            </li>
            <li>
                <label>&ensp;</label>
                <input type="submit" value="<spring:message code="login"/>"/>
            </li>
        </ol>

        <br />
        <br />

    </form>

    <c:if test="${not empty param.login_error}">
        <div class="error">
            <br />
            <spring:message code="login.error" />
            <br />
            <spring:message code="login.errorReason" />:
            <c:out value="${SPRING_SECURITY_LAST_EXCEPTION.message}" />
        </div>
    </c:if>
</div>

Here's my Security-Context code:

    <?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:context="http://www.springframework.org/schema/context"
    xmlns:security="http://www.springframework.org/schema/security"
    xmlns:tx="http://www.springframework.org/schema/tx"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
              http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
              http://www.springframework.org/schema/security 
              http://www.springframework.org/schema/security/spring-security-3.1.xsd">

    <!-- <security:http auto-config="true" access-decision-manager-ref="accessDecisionManager"> -->
    <security:http auto-config="true">
        <security:intercept-url pattern="/login/login.do" access="IS_AUTHENTICATED_ANONYMOUSLY" />
        <security:intercept-url pattern="/login/doLogin.do" access="IS_AUTHENTICATED_ANONYMOUSLY" />
        <security:intercept-url pattern="/lib/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
        <security:intercept-url pattern="/css/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
        <security:intercept-url pattern="/images/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
        <security:intercept-url pattern="/resources/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
        <security:intercept-url pattern="/**" access="IS_AUTHENTICATED_REMEMBERED" />
        <security:form-login login-page="/login/login.do" authentication-failure-url="/login/login.do?login_error=true" default-target-url="/test/showTest.do"/>
        <security:logout logout-success-url="/login/login.do" invalidate-session="true" />
        <security:remember-me key="rememberMe"/>
    </security:http>    

    <security:authentication-manager>
        <security:authentication-provider>
            <security:jdbc-user-service data-source-ref="dataSource" 
            users-by-username-query="select USERNAME as username, PASSWORD as password, from ams.user where USERNAME=?"
            authorities-by-username-query="
                select distinct user.USERNAME as username, permission.NAME as authority 
                from ams.user, ams.user_role, ams.role, ams.role_permission, ams.permission
                where user.ID=user_role.USER_ID AND user_role.ROLE_ID=role_permission.ROLE_ID AND role_permission.PERMISSION_ID=permission.ID AND user.EMAIL=?"/>
            <security:password-encoder ref="passwordEncoder" />
        </security:authentication-provider>
    </security:authentication-manager>

    <bean id="passwordEncoder"
        class="org.springframework.security.authentication.encoding.ShaPasswordEncoder">
        <constructor-arg value="256" />
    </bean>
</beans>

Does anyone have an idea what might have caused this error? Would really appreciate your help on this one =)

Answer 1

There is a comma in the sql after password, remove that

change sql from

select USERNAME as username, PASSWORD as password, from ams.user where USERNAME=?

to

select USERNAME as username, PASSWORD as password from ams.user where USERNAME=?