I want to use Spring security to authenticate users in my web application.. Since am not a matured user to Spring framework ,i can't get a clear idea about how we can do the configuration settings to use jdbc-user-service .. i had done the following configurations.but its not working
我想使用Spring安全性来验证我的Web应用程序中的用户。由于我不是Spring框架的成熟用户,我无法清楚地了解如何使用jdbc-user-service进行配置设置。我做了以下配置。但它没有工作
<authentication-manager>
<authentication-provider>
<jdbc-user-service data-source-ref="myDataSource"/>
</authentication-provider>
</authentication-manager>
<beans:bean id="myDataSource" class="org.apache.commons.dbcp.BasicDataSource" destroy-method="close">
<beans:property name="driverClassName" value="com.mysql.jdbc.Driver"/>
<beans:property name="url" value="jdbc:mysql://localhost:3306/testDB"/>
<beans:property name="username" value="admin"/>
<beans:property name="password" value="admin"/>
</beans:bean>
..can anyone please help me to solve the issue with a sample config file. Thanks in advance.
..可以请任何人帮我解决一个示例配置文件的问题。提前致谢。
3 个解决方案
#1
6
another way to do this is to create tables using the standard spring security database schema (http://static.springsource.org/spring-security/site/docs/3.0.x/reference/appendix-schema.html). Then you can simply use spring's jdbc-userservice:
另一种方法是使用标准的spring安全数据库模式(http://static.springsource.org/spring-security/site/docs/3.0.x/reference/appendix-schema.html)创建表。然后你可以简单地使用spring的jdbc-userservice:
<security:authentication-provider >
<security:jdbc-user-service data-source-ref="dataSource" />
<security:password-encoder hash="sha" />
</security:authentication-provider>
Or if you want to use your own schema you can override the queries like this:
或者,如果您想使用自己的架构,可以覆盖这样的查询:
<security:authentication-provider>
<securiy:jdbc-user-service
data-source-ref="dataSource"
users-by-username-query="select username, password from users where username=?"
authorities-by-username-query="select username, roleName from role..."
role-prefix="ROLE_"
/>
</security:authentication-provider>
#2
6
You usually do it with a custom UserDetailsService. The UserDetailsService is a DAO used to load data about a user when they attempt login. Have a look at the loadUserByUsername(String username) method and the UserDetails class in spring.
您通常使用自定义UserDetailsService来执行此操作。 UserDetailsService是一个DAO,用于在用户尝试登录时加载有关用户的数据。在spring中查看loadUserByUsername(String username)方法和UserDetails类。
Yo need to define it in your context:
你需要在你的上下文中定义它:
<bean id="myDetailsService"
class="com.company.service.impl.MyDetailsService" />
To use it you can add this to your security config:
要使用它,您可以将其添加到您的安全配置:
<authentication-manager>
<authentication-provider user-service-ref="myDetailsService" />
</authentication-manager>
and all you security filters will use it.
并且所有安全过滤器都将使用它。
You can ask a more specific question if you need help implementing it, but you won't have trouble IMO.
如果您需要帮助实施,可以提出更具体的问题,但IMO不会有问题。
#3
1
Add these lines to your <authentication-provider> tag:
将这些行添加到
<authentication-provider>
<password-encoder hash="sha-256" />
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query="
SELECT username, password, enabled
FROM user WHERE username = ?"
authorities-by-username-query="
SELECT u.username, r.role_name
FROM user u, user_role r, assigned_role a
WHERE u.id = a.username
AND r.id = a.role_id
AND u.username = ?"
/>
</authentication-provider>
Of course you'll have to tweak the queries to match your table names.
当然,您必须调整查询以匹配您的表名。
#1
6
another way to do this is to create tables using the standard spring security database schema (http://static.springsource.org/spring-security/site/docs/3.0.x/reference/appendix-schema.html). Then you can simply use spring's jdbc-userservice:
另一种方法是使用标准的spring安全数据库模式(http://static.springsource.org/spring-security/site/docs/3.0.x/reference/appendix-schema.html)创建表。然后你可以简单地使用spring的jdbc-userservice:
<security:authentication-provider >
<security:jdbc-user-service data-source-ref="dataSource" />
<security:password-encoder hash="sha" />
</security:authentication-provider>
Or if you want to use your own schema you can override the queries like this:
或者,如果您想使用自己的架构,可以覆盖这样的查询:
<security:authentication-provider>
<securiy:jdbc-user-service
data-source-ref="dataSource"
users-by-username-query="select username, password from users where username=?"
authorities-by-username-query="select username, roleName from role..."
role-prefix="ROLE_"
/>
</security:authentication-provider>
#2
6
You usually do it with a custom UserDetailsService. The UserDetailsService is a DAO used to load data about a user when they attempt login. Have a look at the loadUserByUsername(String username) method and the UserDetails class in spring.
您通常使用自定义UserDetailsService来执行此操作。 UserDetailsService是一个DAO,用于在用户尝试登录时加载有关用户的数据。在spring中查看loadUserByUsername(String username)方法和UserDetails类。
Yo need to define it in your context:
你需要在你的上下文中定义它:
<bean id="myDetailsService"
class="com.company.service.impl.MyDetailsService" />
To use it you can add this to your security config:
要使用它,您可以将其添加到您的安全配置:
<authentication-manager>
<authentication-provider user-service-ref="myDetailsService" />
</authentication-manager>
and all you security filters will use it.
并且所有安全过滤器都将使用它。
You can ask a more specific question if you need help implementing it, but you won't have trouble IMO.
如果您需要帮助实施,可以提出更具体的问题,但IMO不会有问题。
#3
1
Add these lines to your <authentication-provider> tag:
将这些行添加到
<authentication-provider>
<password-encoder hash="sha-256" />
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query="
SELECT username, password, enabled
FROM user WHERE username = ?"
authorities-by-username-query="
SELECT u.username, r.role_name
FROM user u, user_role r, assigned_role a
WHERE u.id = a.username
AND r.id = a.role_id
AND u.username = ?"
/>
</authentication-provider>
Of course you'll have to tweak the queries to match your table names.
当然,您必须调整查询以匹配您的表名。