Spring security中怎么利用數(shù)據(jù)庫(kù)實(shí)現(xiàn)賬戶(hù)密碼認(rèn)證

Spring security中怎么利用數(shù)據(jù)庫(kù)實(shí)現(xiàn)賬戶(hù)密碼認(rèn)證，很多新手對(duì)此不是很清楚，為了幫助大家解決這個(gè)難題，下面小編將為大家詳細(xì)講解，有這方面需求的人可以來(lái)學(xué)習(xí)下，希望你能有所收獲。

一、原理分析

前臺(tái)的登錄請(qǐng)求發(fā)送到后端后會(huì)由spring security進(jìn)行攔截，即controller層由框架自己提供。這樣用戶(hù)名和密碼的認(rèn)證就需要在service層完成,所以框架需要在service層獲取到我們自己的數(shù)據(jù)庫(kù)賬號(hào)信息。

spring security 提供了一個(gè)接口 UserDetailsService 來(lái)讓用戶(hù)提供賬號(hào)和密碼,其內(nèi)容如下

public interface UserDetailsService {
  UserDetails loadUserByUsername(String username) throws UsernameNotFoundException;
}

用戶(hù)實(shí)現(xiàn)這個(gè)接口中的loadUserByUsername方法，通過(guò)數(shù)據(jù)庫(kù)中查詢(xún)的賬號(hào)和密碼構(gòu)造一個(gè)UserDetails對(duì)象返回給spring security，然后框架自己完成認(rèn)證操作。

其中UserDetails也是一個(gè)接口，spring security用它來(lái)封裝當(dāng)前進(jìn)行認(rèn)證的用戶(hù)信息

public interface UserDetails extends Serializable {
  Collection<? extends GrantedAuthority> getAuthorities();
  String getPassword();
  String getUsername();
  boolean isAccountNonExpired();
  boolean isAccountNonLocked();
  boolean isCredentialsNonExpired();
  boolean isEnabled();
}

spring security 自己提供了一個(gè)實(shí)現(xiàn)類(lèi)我們可以直接使用,以下是User中的部分代碼

public class User implements UserDetails, CredentialsContainer {
private String password;
private final String username;
private final Set<GrantedAuthority> authorities;
private final boolean accountNonExpired; //帳戶(hù)是否過(guò)期
private final boolean accountNonLocked; //帳戶(hù)是否鎖定
private final boolean credentialsNonExpired; //認(rèn)證是否過(guò)期
private final boolean enabled; //帳戶(hù)是否可用
｝

所以，使用數(shù)據(jù)庫(kù)完成認(rèn)證的關(guān)鍵就是實(shí)現(xiàn)UserDetailsService接口，并在loadUserByUsername方法中封裝一個(gè)框架需要的UserDetails對(duì)象，即User對(duì)象返回給框架，由框架完成后續(xù)的認(rèn)證操作。

同時(shí)需要在spring security的配置文件中指定要用來(lái)認(rèn)證的userService 的bean

二、代碼實(shí)現(xiàn)

1.新建一個(gè)javaWeb工程

新建一個(gè)javaweb工程,導(dǎo)入相關(guān)依賴(lài),pom文件的內(nèi)容如下

pom文件

<?xml version="1.0" encoding="UTF-8"?>

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
 <modelVersion>4.0.0</modelVersion>

 <groupId>com.lyy</groupId>
 <artifactId>spring_security_1</artifactId>
 <version>1.0-SNAPSHOT</version>
 <packaging>war</packaging>

 <name>spring_security_1 Maven Webapp</name>
 <!-- FIXME change it to the project's website -->
 <url>http://www.example.com</url>

 <properties>
  <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
  <spring.version>5.0.2.RELEASE</spring.version>
  <slf4j.version>1.6.6</slf4j.version>
  <log4j.version>1.2.12</log4j.version>
  <mysql.version>5.1.6</mysql.version>
  <mybatis.version>3.4.5</mybatis.version>
  <spring.security.version>5.0.1.RELEASE</spring.security.version>
 </properties>

 <dependencies>
  <dependency>
   <groupId>org.aspectj</groupId>
   <artifactId>aspectjweaver</artifactId>
   <version>1.6.8</version>
  </dependency>
  <dependency>
   <groupId>org.springframework</groupId>
   <artifactId>spring-aop</artifactId>
   <version>${spring.version}</version>
  </dependency>
  <dependency>
   <groupId>org.springframework</groupId>
   <artifactId>spring-context</artifactId>
   <version>${spring.version}</version>
  </dependency>
  <dependency>
   <groupId>org.springframework</groupId>
   <artifactId>spring-context-support</artifactId>
   <version>${spring.version}</version>
  </dependency>
  <dependency>
   <groupId>org.springframework</groupId>
   <artifactId>spring-web</artifactId>
   <version>${spring.version}</version>
  </dependency>
  <dependency>
   <groupId>org.springframework</groupId>
   <artifactId>spring-orm</artifactId>
   <version>${spring.version}</version>
  </dependency>
  <dependency>
   <groupId>org.springframework</groupId>
   <artifactId>spring-beans</artifactId>
   <version>${spring.version}</version>
  </dependency>
  <dependency>
   <groupId>org.springframework</groupId>
   <artifactId>spring-core</artifactId>
   <version>${spring.version}</version>
  </dependency>
  <dependency>
   <groupId>org.springframework</groupId>
   <artifactId>spring-test</artifactId>
   <version>${spring.version}</version>
  </dependency>
  <dependency>
   <groupId>org.springframework</groupId>
   <artifactId>spring-webmvc</artifactId>
   <version>${spring.version}</version>

  </dependency>
  <dependency>
   <groupId>org.springframework</groupId>
   <artifactId>spring-tx</artifactId>
   <version>${spring.version}</version>
  </dependency>
  <dependency>
   <groupId>junit</groupId>
   <artifactId>junit</artifactId>
   <version>4.12</version>
   <scope>test</scope>
  </dependency>

  <dependency>
   <groupId>javax.servlet</groupId>
   <artifactId>javax.servlet-api</artifactId>
   <version>3.1.0</version>
   <scope>provided</scope>
  </dependency>
  <dependency>
   <groupId>javax.servlet.jsp</groupId>
   <artifactId>jsp-api</artifactId>
   <version>2.0</version>
   <scope>provided</scope>
  </dependency>
  <dependency>
   <groupId>jstl</groupId>
   <artifactId>jstl</artifactId>
   <version>1.2</version>
  </dependency>    <!-- log start -->
  <dependency>
   <groupId>log4j</groupId>
   <artifactId>log4j</artifactId>
   <version>${log4j.version}</version>
  </dependency>
  <dependency>
   <groupId>org.slf4j</groupId>
   <artifactId>slf4j-api</artifactId>
   <version>${slf4j.version}</version>
  </dependency>
  <dependency>
   <groupId>org.slf4j</groupId>
   <artifactId>slf4j-log4j12</artifactId>
   <version>${slf4j.version}</version>
  </dependency>    <!-- log end -->

  <dependency>
   <groupId>mysql</groupId>
   <artifactId>mysql-connector-java</artifactId>
   <version>${mysql.version}</version>
  </dependency>

  <dependency>
   <groupId>org.mybatis</groupId>
   <artifactId>mybatis</artifactId>
   <version>${mybatis.version}</version>
  </dependency>
  <dependency>
   <groupId>org.mybatis</groupId>
   <artifactId>mybatis-spring</artifactId>
   <version>1.3.0</version>
  </dependency>
  <dependency>
   <groupId>c3p0</groupId>
   <artifactId>c3p0</artifactId>
   <version>0.9.1.2</version>
   <type>jar</type>
   <scope>compile</scope>
  </dependency>
  <dependency>
   <groupId>com.github.pagehelper</groupId>
   <artifactId>pagehelper</artifactId>
   <version>5.1.2</version>
  </dependency>
  <dependency>
   <groupId>org.springframework.security</groupId>
   <artifactId>spring-security-web</artifactId>
   <version>${spring.security.version}</version>
  </dependency>
  <dependency>
   <groupId>org.springframework.security</groupId>
   <artifactId>spring-security-config</artifactId>
   <version>${spring.security.version}</version>
  </dependency>
  <dependency>
   <groupId>org.springframework.security</groupId>
   <artifactId>spring-security-core</artifactId>
   <version>${spring.security.version}</version>
  </dependency>
  <dependency>
   <groupId>org.springframework.security</groupId>
   <artifactId>spring-security-taglibs</artifactId>
   <version>${spring.security.version}</version>
  </dependency>


  <dependency>
   <groupId>javax.annotation</groupId>
   <artifactId>jsr250-api</artifactId>
   <version>1.0</version>
  </dependency>

  <dependency>
   <groupId>com.fasterxml.jackson.core</groupId>
   <artifactId>jackson-databind</artifactId>
   <version>2.9.7</version>
  </dependency>

  <dependency>
   <groupId>com.fasterxml.jackson.core</groupId>
   <artifactId>jackson-core</artifactId>
   <version>2.9.7</version>
  </dependency>
  <dependency>
   <groupId>org.projectlombok</groupId>
   <artifactId>lombok</artifactId>
   <version>1.16.16</version>
  </dependency>
 </dependencies>

 <build>
  <plugins>
   <plugin>
    <groupId>org.apache.tomcat.maven</groupId>
     <artifactId>tomcat7-maven-plugin</artifactId>
      <version>2.1</version>
       <configuration>
        <port>80</port>
        <path>/</path>
        <uriEncoding>UTF-8</uriEncoding>
        <server>tomcat7</server>
       </configuration>
   </plugin>

  </plugins>
 </build>
</project>

在web.xml中配置spring security的過(guò)濾器

web.xml

<web-app xmlns="http://java.sun.com/xml/ns/javaee"
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
     xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
           http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
     version="3.0">

  <display-name>spring security 01</display-name>

  <context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>classpath:spring-security.xml,classpath*:applicationContext.xml</param-value>
  </context-param>

  <!-- 配置監(jiān)聽(tīng)器 -->
  <listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
  </listener>

  <filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
  </filter>
  <filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>

  <!-- 解決中文亂碼過(guò)濾器 -->
  <filter>
    <filter-name>characterEncodingFilter</filter-name>
    <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
    <init-param>
      <param-name>encoding</param-name>
      <param-value>UTF-8</param-value>
    </init-param>
  </filter>
  <filter-mapping>
    <filter-name>characterEncodingFilter</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>

  <welcome-file-list>
    <welcome-file>index.html</welcome-file>
    <welcome-file>index.htm</welcome-file>
    <welcome-file>index.jsp</welcome-file>
    <welcome-file>default.html</welcome-file>
    <welcome-file>default.htm</welcome-file>
    <welcome-file>default.jsp</welcome-file>
  </welcome-file-list>
</web-app>

整合spring和mybatis,spring的配置文件applicationContext.xml

spring配置文件

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:context="http://www.springframework.org/schema/context"
    xmlns:aop="http://www.springframework.org/schema/aop"
    xmlns:tx="http://www.springframework.org/schema/tx"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
  http://www.springframework.org/schema/beans/spring-beans.xsd
  http://www.springframework.org/schema/context
  http://www.springframework.org/schema/context/spring-context.xsd
  http://www.springframework.org/schema/aop
  http://www.springframework.org/schema/aop/spring-aop.xsd
  http://www.springframework.org/schema/tx
  http://www.springframework.org/schema/tx/spring-tx.xsd">

  <!-- 開(kāi)啟注解掃描，管理service和dao -->
  <context:component-scan base-package="com.lyy.service">
  </context:component-scan>
  <context:component-scan base-package="com.lyy.dao">

  </context:component-scan>

  <context:property-placeholder location="classpath:db.properties"/>
  <!-- 配置連接池 -->
  <bean id="dataSource" class="com.mchange.v2.c3p0.ComboPooledDataSource">
    <property name="driverClass" value="${jdbc.driver}"/>
    <property name="jdbcUrl" value="${jdbc.url}"/>
    <property name="user" value="${jdbc.username}"/>
    <property name="password" value="${jdbc.password}"/>
  </bean>

  <!--配置SqlSessionFactory工廠(chǎng)-->
  <bean id="sqlSessionFactory" class="org.mybatis.spring.SqlSessionFactoryBean">
    <property name="dataSource" ref="dataSource" />
    <property name="typeAliasesPackage" value="com.lyy.domain"/>
  </bean>

  <!--配置Dao接口所在包-->
  <bean id="mapperScanner" class="org.mybatis.spring.mapper.MapperScannerConfigurer">
    <property name="basePackage" value="com.lyy.dao"/>
  </bean>

  <!-- 配置Spring的聲明式事務(wù)管理 -->
  <!-- 配置事務(wù)管理器 -->
  <bean id="transactionManager" class="org.springframework.jdbc.datasource.DataSourceTransactionManager">
    <property name="dataSource" ref="dataSource"/>
  </bean>

  <tx:annotation-driven transaction-manager="transactionManager"/>
</beans>

spring security配置文件

spring security的配置文件的內(nèi)容,spring-security.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:security="http://www.springframework.org/schema/security"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
     http://www.springframework.org/schema/beans/spring-beans.xsd
     http://www.springframework.org/schema/security
     http://www.springframework.org/schema/security/spring-security.xsd">

  <!--spring-security的入門(mén)配置-->

  <!--配置哪些資源不會(huì)被攔截 /xxx表示根路徑下的某個(gè)資源-->
  <security:http security="none" pattern="/login.html"/>
  <security:http security="none" pattern="/failed.html"/>

  <security:http auto-config="true" use-expressions="false">
    <!-- 配置鏈接地址，表示任意路徑都需要ROLE_USER權(quán)限,這里可以配置
     一個(gè)逗號(hào)隔開(kāi)的角色列表-->
    <security:intercept-url pattern="/**" access="ROLE_USER"/>

    <!--自定義登錄頁(yè)面-->
    <security:form-login login-page="/login.html" login-processing-url="/login"
               username-parameter="username" password-parameter="password"
               authentication-failure-forward-url="/failed.html"
               default-target-url="/index.html"

    />
    <!--關(guān)閉csrf,默認(rèn)是開(kāi)啟的-->
    <security:csrf disabled="true"/>

    <!-- 退出 -->
    <security:logout invalidate-session="true" logout-url="/logout.do" logout-success-url="/login.html" />
  </security:http>
  <security:authentication-manager>
    <!--配置使用給定的userservice完成認(rèn)證-->
    <security:authentication-provider user-service-ref="userService">
    </security:authentication-provider>
  </security:authentication-manager>
</beans>

在這個(gè)配置文件中要注意的是配置用來(lái)認(rèn)證的userService Bean

<!--配置使用給定的userservice完成認(rèn)證-->
<security:authentication-provider user-service-ref="userService">

創(chuàng)建登錄頁(yè)面和登錄失敗的頁(yè)面login.html,failed.html

2.用戶(hù)認(rèn)證的實(shí)現(xiàn)

新建一個(gè)IUserService接口繼承UserDetailsService

package com.lyy.service;
import org.springframework.security.core.userdetails.UserDetailsService;
public interface IUserService extends UserDetailsService {
}

實(shí)現(xiàn)類(lèi)如下

@Service("userService")
public class UserServiceImpl implements IUserService {

  @Autowired
  private IUserDao userDao;

  public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
    UserInfo userInfo = userDao.findByUsername(username);
    User user=new User(userInfo.getUsername(),"{noop}"+userInfo.getPassword(),getRoles());
    return user;
  }
  /*給用戶(hù)賦值角色信息*/
  private List<SimpleGrantedAuthority> getRoles(){
    List<SimpleGrantedAuthority> list=new ArrayList<SimpleGrantedAuthority>();
    list.add(new SimpleGrantedAuthority("ROLE_USER"));
    list.add(new SimpleGrantedAuthority("ROLE_ADMIN"));
    return list;
  }
}

其中在loadUserByUsername方法中完成查詢(xún)數(shù)據(jù)庫(kù)信息，封裝成框架需要的用戶(hù)信息。

注意 :

UserInfo是封裝數(shù)據(jù)庫(kù)用戶(hù)信息的實(shí)體類(lèi)

getRoles用來(lái)給用戶(hù)賦角色信息，spring security認(rèn)證時(shí)用戶(hù)必須有角色信息，角色信息可以從數(shù)據(jù)庫(kù)中查詢(xún)，在這里直接在代理中寫(xiě)固定值來(lái)示意。

用戶(hù)密碼中拼接的"{noop}"字符串是因?yàn)槲覀儧](méi)有對(duì)密碼進(jìn)行加密，所以要告訴框架認(rèn)證密碼時(shí)不需要加密。

3.測(cè)試

啟動(dòng)工程，訪(fǎng)問(wèn)localhost,會(huì)跳轉(zhuǎn)到登錄頁(yè)面，輸入數(shù)據(jù)庫(kù)中存在的賬戶(hù)和密碼就會(huì)登錄成功并跳轉(zhuǎn)到首頁(yè)index.html

看完上述內(nèi)容是否對(duì)您有幫助呢？如果還想對(duì)相關(guān)知識(shí)有進(jìn)一步的了解或閱讀更多相關(guān)文章，請(qǐng)關(guān)注億速云行業(yè)資訊頻道，感謝您對(duì)億速云的支持。