使用 mysql 数据库在 Spring security 中对用户进行身份验证?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/7171460/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Using mysql database to authenticate users in Spring security?
提问by Tijo K Varghese
I want to use Spring security to authenticate users in my web application.. Since am not a matured user to Spring framework ,i can't get a clear idea about how we can do the configuration settings to use jdbc-user-service .. i had done the following configurations.but its not working
我想使用 Spring security 来验证我的 web 应用程序中的用户.. 由于我不是 Spring 框架的成熟用户,我无法清楚地了解我们如何进行配置设置以使用 jdbc-user-service ..我已经完成了以下配置。但它不起作用
<authentication-manager>
<authentication-provider>
<jdbc-user-service data-source-ref="myDataSource"/>
</authentication-provider>
</authentication-manager>
<beans:bean id="myDataSource" class="org.apache.commons.dbcp.BasicDataSource" destroy-method="close">
<beans:property name="driverClassName" value="com.mysql.jdbc.Driver"/>
<beans:property name="url" value="jdbc:mysql://localhost:3306/testDB"/>
<beans:property name="username" value="admin"/>
<beans:property name="password" value="admin"/>
</beans:bean>
..can anyone please help me to solve the issue with a sample config file. Thanks in advance.
..任何人都可以用示例配置文件帮助我解决问题。提前致谢。
回答by Simeon
You usually do it with a custom UserDetailsService. The UserDetailsServiceis a DAO used to load data about a user when they attempt login. Have a look at the loadUserByUsername(String username)method and the UserDetailsclass in spring.
您通常使用自定义UserDetailsService. 这UserDetailsService是一个 DAO,用于在用户尝试登录时加载有关用户的数据。看看spring中的loadUserByUsername(String username)方法和UserDetails类。
Yo need to define it in your context:
你需要在你的上下文中定义它:
<bean id="myDetailsService"
class="com.company.service.impl.MyDetailsService" />
To use it you can add this to your security config:
要使用它,您可以将其添加到您的安全配置中:
<authentication-manager>
<authentication-provider user-service-ref="myDetailsService" />
</authentication-manager>
and all you security filters will use it.
你所有的安全过滤器都会使用它。
You can ask a more specific question if you need help implementing it, but you won't have trouble IMO.
如果您需要帮助实施它,您可以提出更具体的问题,但您不会遇到 IMO 问题。
回答by Jens
another way to do this is to create tables using the standard spring security database schema (http://static.springsource.org/spring-security/site/docs/3.0.x/reference/appendix-schema.html). Then you can simply use spring's jdbc-userservice:
另一种方法是使用标准的 spring 安全数据库模式(http://static.springsource.org/spring-security/site/docs/3.0.x/reference/appendix-schema.html)创建表。然后你可以简单地使用spring的jdbc-userservice:
<security:authentication-provider >
<security:jdbc-user-service data-source-ref="dataSource" />
<security:password-encoder hash="sha" />
</security:authentication-provider>
Or if you want to use your own schema you can override the queries like this:
或者,如果您想使用自己的架构,您可以像这样覆盖查询:
<security:authentication-provider>
<securiy:jdbc-user-service
data-source-ref="dataSource"
users-by-username-query="select username, password from users where username=?"
authorities-by-username-query="select username, roleName from role..."
role-prefix="ROLE_"
/>
</security:authentication-provider>
回答by MattL
Add these lines to your <authentication-provider>tag:
将这些行添加到您的<authentication-provider>标签中:
<authentication-provider>
<password-encoder hash="sha-256" />
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query="
SELECT username, password, enabled
FROM user WHERE username = ?"
authorities-by-username-query="
SELECT u.username, r.role_name
FROM user u, user_role r, assigned_role a
WHERE u.id = a.username
AND r.id = a.role_id
AND u.username = ?"
/>
</authentication-provider>
Of course you'll have to tweak the queries to match your table names.
当然,您必须调整查询以匹配您的表名。
