You have to combine all of the answers on this page.

您必须结合此页面上的所有答案。

• Teja is correct, there is not facilitated way to add a user on the fly.
• Axtavt is also correct. You need some sort of data access/service layer to update your users table. In other words, you need to create the view like any other page with some kind of super user access.
• Michal and ax give good advice that you probably need to encode your password before saving it. The digest should match whatever you're using when you retrieve credentials.

• Teja 是正确的，没有方便的方法来即时添加用户。
• Axtavt 也是正确的。您需要某种数据访问/服务层来更新您的用户表。换句话说，您需要像具有某种超级用户访问权限的任何其他页面一样创建视图。
• Michal 和 ax 给出了很好的建议，您可能需要在保存密码之前对其进行编码。摘要应与检索凭据时使用的任何内容相匹配。

Here's an example config using JDBC:

这是使用 JDBC 的示例配置：

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
                         http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
                        http://www.springframework.org/schema/security
                         http://www.springframework.org/schema/security/spring-security-2.0.1.xsd">

    <global-method-security secured-annotations="enabled"/>

    <http auto-config="true" access-denied-page="/accessDenied.jsp">
        <!-- login page has anonymous access -->
        <intercept-url pattern="/login.jsp*" filters="none"/>
        <!-- all pages are authenticated -->
        <intercept-url pattern="/**.action" access="ROLE_USER, ROLE_ADMIN"  />  
        <!-- all admin contextual pages are authenticated by admin role -->
        <intercept-url pattern="/admin/**" access="ROLE_ADMIN"  />
        <form-login authentication-failure-url="/login.jsp?login_error=1" default-target-url="/index.action" login-page="/login.jsp"/>
        <logout logout-success-url="/index.action"/>
    </http>     

    <authentication-provider>
        <password-encoder hash="md5" /> 
        <jdbc-user-service data-source-ref="dataSource" 
            authorities-by-username-query="SELECT username, role AS authority FROM sweet_users WHERE username = ?"
            users-by-username-query="SELECT username, password, 1 AS enabled FROM sweet_users WHERE username = ?" />
    </authentication-provider>
</beans:beans>

This is using a custom query to obtain users. Spring Security expects a users table with username, password, and authority column names respectively, so do what you need to do to return those. You need to provide the data source.

这是使用自定义查询来获取用户。Spring Security 需要一个分别包含用户名、密码和权限列名称的用户表，因此请执行您需要执行的操作以返回这些名称。您需要提供数据源。

If you created a page for adding users under the admin/ context, it would be authenticated according to this config.

如果您在 admin/ 上下文下创建了一个用于添加用户的页面，它将根据此配置进行身份验证。

Add a bean for your UserDao and/or UserService and/or AuthenticationService and pass it to your Users controller...

为您的 UserDao 和/或 UserService 和/或 AuthenticationService 添加一个 bean 并将其传递给您的用户控制器...

Spring Security has JdbcUserDetailsManager. It's a subclass of the default JDBC-based UserDetailsServicewith additional methods for creating users and so on. You can use it as a DAO instead of your own.

Spring Security 有JdbcUserDetailsManager. 它是基于 JDBC 的默认子类，UserDetailsService具有用于创建用户等的附加方法。您可以将其用作 DAO 而不是您自己的。

However password hashing should be handled explicitly. For example, if you use SHA hash, you can use ShaPasswordEncoder.encodePassword().

但是，应明确处理密码散列。例如，如果您使用 SHA 哈希，则可以使用ShaPasswordEncoder.encodePassword().

There is no such built in functionality for creating users in spring security. It is implemented only to secure resources based on the rules for users who are trying to login and access resources.

在 Spring Security 中没有用于创建用户的内置功能。它仅用于根据尝试登录和访问资源的用户的规则来保护资源。

To use hash algorithms You can add <password-encoder>to <authentication-provider>.

使用哈希算法您可以将<password-encoder>添加到<authentication-provider>。