一、

1.It’s quite common for user data to be stored in a relational database, accessed via JDBC . To configure Spring Security to authenticate against a JDBC -backed user store,you can use the jdbcAuthentication() method. The minimal configuration required is as follows:

   在数据库保存用户数据

   @Autowired

   DataSource dataSource;

   @Override

     protected void configure(AuthenticationManagerBuilder auth) throws Exception {

         auth.jdbcAuthentication().dataSource(dataSource);

     }

The only thing you must configure is a DataSource so that it’s able to access the relational database. The DataSource is provided here via the magic of autowiring.

2.重写默认的查询语句

Although this minimal configuration will work, it makes some assumptions about your database schema. It expects that certain tables exist where user data will be kept. More specifically, the following snippet of code from Spring Security’s internals shows the SQL queries that will be performed when looking up user details:

 public static final String DEF_USERS_BY_USERNAME_QUERY =

     "select username,password,enabled " +

     "from users " +

     "where username = ?";

 public static final String DEF_AUTHORITIES_BY_USERNAME_QUERY =

     "select username,authority " +

     "from authorities " +

     "where username = ?";

 public static final String DEF_GROUP_AUTHORITIES_BY_USERNAME_QUERY =

     "select g.id, g.group_name, ga.authority " +

     "from groups g, group_members gm, group_authorities ga " +

     "where gm.username = ? " +

     "and g.id = ga.group_id " +

     "and g.id = gm.group_id";

If you’re okay with defining and populating tables in your database that satisfy those queries, then there’s not much else for you to do. But chances are your database doesn’t look anything like this, and you’ll want more control over the queries. In that case, you can configure your own queries like this:

 @Override

 protected void configure(AuthenticationManagerBuilder auth)

 throws Exception {

     auth

         .jdbcAuthentication()

         .dataSource(dataSource)

         .usersByUsernameQuery(

             "select username, password, true " +

             "from Spitter where username=?")

         .authoritiesByUsernameQuery(

             "select username, 'ROLE_USER' from Spitter where username=?");

 }

3.

SPRING IN ACTION 第4版笔记-第九章Securing web applications-003-把用户数据存在数据库的更多相关文章

  1. SPRING IN ACTION 第4版笔记-第九章Securing web applications-001-SpringSecurity简介(DelegatingFilterProxy、AbstractSecurityWebApplicationInitializer、WebSecurityConfigurerAdapter、@EnableWebSecurity、@EnableWebMvcS)

    一.SpringSecurity的模块 At the least, you’ll want to include the Core and Configuration modules in your ...

  2. SPRING IN ACTION 第4版笔记-第九章Securing web applications-011-把敏感信息请求转为https(requiresChannel())

    1.把包含敏感信息的请求转为https请求,则较为安全,但如何只把有需要安全的请求转为https,而不是不加分辩就把所有请求都转为https呢?可以用requiresChannel() @Overri ...

  3. SPRING IN ACTION 第4版笔记-第九章Securing web applications-010-拦截请求

    一. What if you wanted to restrict access to certain roles only on Tuesday? Using the access() method ...

  4. SPRING IN ACTION 第4版笔记-第九章Securing web applications-008-使用非关系型数据库时如何验证用户(自定义UserService)

    一. 1.定义接口 Suppose that you need to authenticate against users in a non-relational database suchas Mo ...

  5. SPRING IN ACTION 第4版笔记-第九章Securing web applications-007-设置LDAP server比较密码(contextSource、root()、ldif()、)

    一.LDAP server在哪 By default, Spring Security’s LDAP authentication assumes that the LDAP server is li ...

  6. SPRING IN ACTION 第4版笔记-第九章Securing web applications-004-对密码加密passwordEncoder

    一. 1.Focusing on the authentication query, you can see that user passwords are expected to be stored ...

  7. SPRING IN ACTION 第4版笔记-第九章Securing web applications-002-把用户数据存在memory里(AuthenticationManagerBuilder、 UserDetailsManagerConfigurer.UserDetailsBuilder)

    Spring Security is extremely flexible and is capable of authenticating users against virtually any d ...

  8. SPRING IN ACTION 第4版笔记-第九章Securing web applications-009-拦截请求()

    一. 对特定的请求拦截 For example, consider the requests served by the Spittr application. Certainly, thehome ...

  9. SPRING IN ACTION 第4版笔记-第九章Securing web applications-006-用LDAP比较密码(passwordCompare()、passwordAttribute("passcode")、passwordEncoder(new Md5PasswordEncoder()))

    一. The default strategy for authenticating against LDAP is to perform a bind operation,authenticatin ...

随机推荐

  1. 用sublime编译C++的方法

    sublime代码高亮这么好看,怎么能不用sublime敲代码呢: ) 本人用的版本是sublime Text3中文版 在网上查了查,自己的sublime现在也能编译C++了,设置步骤如下: 1.找到 ...

  2. XML格式以及相关libxml库学习

    本文参考 XML文件格式语法以及DTD,摘除其中自己认为必要的知识点,在此记录如下. 先给出一个xml的实例文件, <?xml version="1.0" encoding= ...

  3. Spring零碎知识复习

    自学了Spring也有一段时间了,多多少少掌握了一些Spring的知识,现在手上也没有很多的项目练手,就将就着把这些学到的东西先收集起来,方便日后用到的时候没地方找. 1.spring的国际化 主要是 ...

  4. Centos 6.5 配置nginx服务

    官方网站:http://nginx.org最新版本:1.7.11官方文档:http://nginx.org/en/docs/ 一.安装NGINX查看当前centos版本: #cat /etc/redh ...

  5. jQuery插件开发 - 其实很简单

    [前言] jQuery已经被广泛使用,凭借其简洁的API,对DOM强大的操控性,易扩展性越来越受到web开发人员的喜爱,我在社区也发布了很多的jQuery插件,经常有人询问一些技巧,因此干脆写这么一篇 ...

  6. 获取JAVA对象占用的内存大小

    介绍两种获取JAVA对象内存大小的方法. 第一种:Instrumentation 简介: 使用java.lang.instrument 的Instrumentation来获取一个对象的内存大小.利用I ...

  7. wap网站获取访问者手机号PHP类文件

    <?php /** * 类名: mobile * 描述: 手机信息类 * 其他: */ class mobile { /** * 函数名称: getPhoneNumber * 函数功能: 取手机 ...

  8. psp系统需求分析

    软件开发方向“PSP系统”软件需求规约 目录 1 引言... 4 1.1 目的... 4 1.2 文档格式... 4 1.3 预期的读者和阅读建议... 4 1.4 范围... 5 1.5 术语... ...

  9. 虚拟机安装Centos6.5之后的网络配置

    我使用的是minimal模式安装的,默认是无法联网的,需要自己配置,下面我列举2种联网的配置方法 方法1: 默认使用的是NAT模式,修改/etc/sysconfig/network-scripts/i ...

  10. C/C++错误分析errno,perror,strerror和GetLastError()函数返回的错误代码的意义

    在C语言编译中,经常会出现一些系统的错误,这些错误如果在编译的时候不能很好的“预见”,会使系统“崩溃”,常见的捕获错误函数有: errno #include<errno.h> 这个变量是程 ...