您好,登錄后才能下訂單哦!
今天就跟大家聊聊有關(guān)怎么在Spring Security中使用數(shù)據(jù)庫(kù)認(rèn)證,可能很多人都不太了解,為了讓大家更加了解,小編給大家總結(jié)了以下內(nèi)容,希望大家根據(jù)這篇文章可以有所收獲。
流程圖:
spring-security.xml中的配置:
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:security="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd"> <!-- 配置不攔截的資源 --> <security:http pattern="/login.jsp" security="none"/> <security:http pattern="/failer.jsp" security="none"/> <security:http pattern="/css/**" security="none"/> <security:http pattern="/img/**" security="none"/> <security:http pattern="/plugins/**" security="none"/> <!-- 配置具體的規(guī)則 auto-config="true" 不用自己編寫(xiě)登錄的頁(yè)面,框架提供默認(rèn)登錄頁(yè)面 use-expressions="false" 是否使用SPEL表達(dá)式(沒(méi)學(xué)習(xí)過(guò)) --> <security:http auto-config="true" use-expressions="false"> <!-- 配置具體的攔截的規(guī)則 pattern="請(qǐng)求路徑的規(guī)則" access="訪問(wèn)系統(tǒng)的人,必須有ROLE_USER或者ROLE_ADMIN的角色" --> <security:intercept-url pattern="/**" access="ROLE_USER,ROLE_ADMIN"/> <!-- 定義跳轉(zhuǎn)的具體的頁(yè)面 --> <security:form-login login-page="/login.jsp" login-processing-url="/login.do"//請(qǐng)求路徑 default-target-url="/index.jsp" authentication-failure-url="/failer.jsp" authentication-success-forward-url="/pages/main.jsp" /> <!-- 關(guān)閉跨域請(qǐng)求 --> <security:csrf disabled="true"/> <!-- 只要訪問(wèn)到/logout.do就退出,自動(dòng)跳轉(zhuǎn)到/login.jsp頁(yè)面 --> <security:logout invalidate-session="true" logout-url="/logout.do" logout-success-url="/login.jsp" /> </security:http> <!-- 切換成數(shù)據(jù)庫(kù)中的用戶名和密碼 --> <security:authentication-manager> <security:authentication-provider user-service-ref="userService">//userService是認(rèn)證器需要定義出來(lái) <!-- 配置加密的方式,用戶登錄的時(shí)候可以知道 --> <security:password-encoder ref="passwordEncoder"/> </security:authentication-provider> </security:authentication-manager> <!-- 配置加密類(lèi),當(dāng)添加用戶的時(shí)候,對(duì)用戶密碼進(jìn)行加密 --> <bean id="passwordEncoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"/> <!-- 提供了入門(mén)的方式,在內(nèi)存中存入用戶名和密碼 <security:authentication-manager> <security:authentication-provider> <security:user-service> <security:user name="admin" password="{noop}admin" authorities="ROLE_USER"/> </security:user-service> </security:authentication-provider> </security:authentication-manager> --> </beans>
3.定義一個(gè)IUserService繼承UserDetailsService接口:
在創(chuàng)建一個(gè)UserServiceImpl去實(shí)現(xiàn)IUserService接口,覆蓋loadUserByUsername方法:
@Service("userService")//這個(gè)名字必須與spring-security.xml中配置的認(rèn)證器名字一樣
public class UserServiceImpl implements IUserService { @Autowired private IUserDao userDao; @Autowired//當(dāng)執(zhí)行保存用戶的時(shí)候?qū)τ脩舻拿艽a進(jìn)行加密 private BCryptPasswordEncoder bCryptPasswordEncoder; @Override public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { UserInfo userInfo = null; try { userInfo = userDao.findByUsername(username);//調(diào)用到層根據(jù)用戶查找用戶信息,返回值為UserInfo對(duì)象 } catch (Exception e) { e.printStackTrace(); } //處理自己的用戶對(duì)象封裝成UserDetails // User user=new User(userInfo.getUsername(),"{noop}"+userInfo.getPassword(),getAuthority(userInfo.getRoles()));//下面這個(gè)三元表達(dá)式代表該賬戶是否激活可用 User user = new User(userInfo.getUsername(), userInfo.getPassword(), userInfo.getStatus() == 0 ? false : true, true, true, true, getAuthority(userInfo.getRoles())); return user; } //作用就是返回一個(gè)List集合,集合中裝入的是角色描述 public List<SimpleGrantedAuthority> getAuthority(List<Role> roles) { List<SimpleGrantedAuthority> list = new ArrayList<>(); for (Role role : roles) { list.add(new SimpleGrantedAuthority("ROLE_" + role.getRoleName())); } return list; } /** * 用戶的添加 * @param userInfo */ @Override public void save(UserInfo userInfo) throws Exception { //對(duì)密碼進(jìn)行加密處理 userInfo.setPassword(bCryptPasswordEncoder.encode(userInfo.getPassword())); userDao.save(userInfo); } }
4.啟動(dòng)項(xiàng)目進(jìn)行測(cè)試添加用戶,新添加的用戶是否可以登錄成功。
看完上述內(nèi)容,你們對(duì)怎么在Spring Security中使用數(shù)據(jù)庫(kù)認(rèn)證有進(jìn)一步的了解嗎?如果還想了解更多知識(shí)或者相關(guān)內(nèi)容,請(qǐng)關(guān)注億速云行業(yè)資訊頻道,感謝大家的支持。
免責(zé)聲明:本站發(fā)布的內(nèi)容(圖片、視頻和文字)以原創(chuàng)、轉(zhuǎn)載和分享為主,文章觀點(diǎn)不代表本網(wǎng)站立場(chǎng),如果涉及侵權(quán)請(qǐng)聯(lián)系站長(zhǎng)郵箱:is@yisu.com進(jìn)行舉報(bào),并提供相關(guān)證據(jù),一經(jīng)查實(shí),將立刻刪除涉嫌侵權(quán)內(nèi)容。