java 使用带有 hdbc 的 spring security 3.0 的逐步登录示例
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/7977575/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Step by step login example using spring security 3.0 with hdbc
提问by Raje
I am new to Spring and Spring Security. I just need a pointer in the right direction:
我是 Spring 和 Spring Security 的新手。我只需要一个指向正确方向的指针:
I have a simple Spring MVC/Spring Security webapp. I want to add login functionality into web app. I have created following two table.
我有一个简单的 Spring MVC/Spring Security webapp。我想将登录功能添加到 Web 应用程序中。我创建了以下两个表。
CREATE TABLE "users" (
"USER_ID" NUMBER(10) NOT NULL,
"USERNAME" VARCHAR(45) NOT NULL,
"PASSWORD" VARCHAR(45) NOT NULL,
"ENABLED" NUMBER(1) NOT NULL,
PRIMARY KEY ("USER_ID")
)
CREATE TABLE "user_roles" (
"USER_ROLE_ID" NUMBER(10) NOT NULL,
"USER_ID" NUMBER(10) NOT NULL,
"AUTHORITY" VARCHAR(45) NOT NULL,
PRIMARY KEY ("USER_ROLE_ID"),
CONSTRAINT "FK_user_roles" FOREIGN KEY ("USER_ID") REFERENCES "users" ("USER_ID")
)
I want to authenticate user from database then it checks role of the user. I know this is dirt simple, so I just need to hear how the process should flow.
我想从数据库中对用户进行身份验证,然后它会检查用户的角色。我知道这很简单,所以我只需要了解流程应该如何进行。
采纳答案by Adriaan Koster
It's just a matter of taking your time to read the Security namespace configuration
这只是花时间阅读安全命名空间配置的问题
Here are some other resources I found useful when I was figuring this out:
以下是我在弄清楚这一点时发现有用的其他一些资源:
- Configuring Spring Security Form Login with Remember-Me Enabled
- Spring Security and Wicket-auth-roles
- Hashing and salting passwords with Spring Security 2
Basically you are asking for a complete tutorial. It's better to ask about specific problems you encounter and show us what you have tried (creating two tables is a bit meagre).
基本上你要求一个完整的教程。最好询问您遇到的具体问题并向我们展示您的尝试(创建两个表有点微不足道)。
And one more thing: configuring security, even with Spring, is NOT dirt simple. You have to learn about the implications of decisions you make regarding password hashing & salting, password recovery schemes and remember-me functionality to name a few common pitfalls. Also the choice of which pages/paths to secure (intercept-urls) has to be made wisely. This depends on the type of application and the context in which it runs.
还有一件事:配置安全性,即使使用 Spring,也不是那么简单。您必须了解您做出的有关密码散列和加盐、密码恢复方案和记住我的功能的决定的含义,以列举一些常见的陷阱。此外,必须明智地选择要保护的页面/路径(拦截网址)。这取决于应用程序的类型及其运行的上下文。
回答by Simeon
A step by step example can be found in the spring pet clinic tutorial.
可以在spring 宠物诊所教程中找到分步示例。
However.
然而。
You just need to implement your own UserDetailsServiceand inject it into your security context.
您只需要实现自己的UserDetailsService并将其注入到您的安全上下文中。
Thisis a good howto on implementing it.
这是一个很好的实现方法。
