一、

1.It’s quite common for user data to be stored in a relational database, accessed via JDBC . To configure Spring Security to authenticate against a JDBC -backed user store,you can use the jdbcAuthentication() method. The minimal configuration required is as follows:

   在数据库保存用户数据

   @Autowired

   DataSource dataSource;

   @Override

     protected void configure(AuthenticationManagerBuilder auth) throws Exception {

         auth.jdbcAuthentication().dataSource(dataSource);

     }

The only thing you must configure is a DataSource so that it’s able to access the relational database. The DataSource is provided here via the magic of autowiring.

2.重写默认的查询语句

Although this minimal configuration will work, it makes some assumptions about your database schema. It expects that certain tables exist where user data will be kept. More specifically, the following snippet of code from Spring Security’s internals shows the SQL queries that will be performed when looking up user details:

 public static final String DEF_USERS_BY_USERNAME_QUERY =

     "select username,password,enabled " +

     "from users " +

     "where username = ?";

 public static final String DEF_AUTHORITIES_BY_USERNAME_QUERY =

     "select username,authority " +

     "from authorities " +

     "where username = ?";

 public static final String DEF_GROUP_AUTHORITIES_BY_USERNAME_QUERY =

     "select g.id, g.group_name, ga.authority " +

     "from groups g, group_members gm, group_authorities ga " +

     "where gm.username = ? " +

     "and g.id = ga.group_id " +

     "and g.id = gm.group_id";

If you’re okay with defining and populating tables in your database that satisfy those queries, then there’s not much else for you to do. But chances are your database doesn’t look anything like this, and you’ll want more control over the queries. In that case, you can configure your own queries like this:

 @Override

 protected void configure(AuthenticationManagerBuilder auth)

 throws Exception {

     auth

         .jdbcAuthentication()

         .dataSource(dataSource)

         .usersByUsernameQuery(

             "select username, password, true " +

             "from Spitter where username=?")

         .authoritiesByUsernameQuery(

             "select username, 'ROLE_USER' from Spitter where username=?");

 }

3.

SPRING IN ACTION 第4版笔记-第九章Securing web applications-003-把用户数据存在数据库的更多相关文章

  1. SPRING IN ACTION 第4版笔记-第九章Securing web applications-001-SpringSecurity简介(DelegatingFilterProxy、AbstractSecurityWebApplicationInitializer、WebSecurityConfigurerAdapter、@EnableWebSecurity、@EnableWebMvcS)

    一.SpringSecurity的模块 At the least, you’ll want to include the Core and Configuration modules in your ...

  2. SPRING IN ACTION 第4版笔记-第九章Securing web applications-011-把敏感信息请求转为https(requiresChannel())

    1.把包含敏感信息的请求转为https请求,则较为安全,但如何只把有需要安全的请求转为https,而不是不加分辩就把所有请求都转为https呢?可以用requiresChannel() @Overri ...

  3. SPRING IN ACTION 第4版笔记-第九章Securing web applications-010-拦截请求

    一. What if you wanted to restrict access to certain roles only on Tuesday? Using the access() method ...

  4. SPRING IN ACTION 第4版笔记-第九章Securing web applications-008-使用非关系型数据库时如何验证用户(自定义UserService)

    一. 1.定义接口 Suppose that you need to authenticate against users in a non-relational database suchas Mo ...

  5. SPRING IN ACTION 第4版笔记-第九章Securing web applications-007-设置LDAP server比较密码(contextSource、root()、ldif()、)

    一.LDAP server在哪 By default, Spring Security’s LDAP authentication assumes that the LDAP server is li ...

  6. SPRING IN ACTION 第4版笔记-第九章Securing web applications-004-对密码加密passwordEncoder

    一. 1.Focusing on the authentication query, you can see that user passwords are expected to be stored ...

  7. SPRING IN ACTION 第4版笔记-第九章Securing web applications-002-把用户数据存在memory里(AuthenticationManagerBuilder、 UserDetailsManagerConfigurer.UserDetailsBuilder)

    Spring Security is extremely flexible and is capable of authenticating users against virtually any d ...

  8. SPRING IN ACTION 第4版笔记-第九章Securing web applications-009-拦截请求()

    一. 对特定的请求拦截 For example, consider the requests served by the Spittr application. Certainly, thehome ...

  9. SPRING IN ACTION 第4版笔记-第九章Securing web applications-006-用LDAP比较密码(passwordCompare()、passwordAttribute("passcode")、passwordEncoder(new Md5PasswordEncoder()))

    一. The default strategy for authenticating against LDAP is to perform a bind operation,authenticatin ...

随机推荐

  1. JAVA解析XML的四种方式

    java解析xml文件四种方式 1.介绍 1)DOM(JAXP Crimson解析器) DOM是用与平台和语言无关的方式表示XML文档的官方W3C标准.DOM是以层次结构组织的节点或信息片断的集合.这 ...

  2. android 数据库的增删改查

    主java package com.itheima.crud; import android.app.Activity; import android.content.Context; import ...

  3. jQuery网页元素拖拽插件

    效果说明:配合已有CSS样式,载入插件后,网页元素可以随意在窗口内拖拽,设置了原位置半透明和拖拽半透明的效果选项,可根据需要选择.另外,当页面上有多个可拖拽元素时,可以载入另外一个用于设置z-inde ...

  4. artdialog 提示 确定或取消

    dialog({ title:'提示', content:"下载需扣除" + point + "个积分<br />重复下载不扣积分,需要继续吗?", ...

  5. grails的插件

    今天来歪理邪说一下grails的插件. 有个问题让本人困惑了一段时间,插件是属于grails的,还是属于某个工程的?为什么会有这个问题呢,这涉及到grails插件的安装方式. grails的插件像是一 ...

  6. 用css3写出来的进度条

    夜深了,废话不多说,先上代码: <style> * { box-sizing: border-box } .wrapper { width: 350px; margin: 200px au ...

  7. CentOS 安装jdk1.7 64位

    [root@localhost ~]# java -versionjava version "1.6.0"OpenJDK Runtime Environment (build 1. ...

  8. C++ 编写 CorelDRAW CPG 插件例子(2)—ClearFill

    这是另一个例子: 贴上主要代码: #include "stdafx.h" #include <tchar.h> #import "libid:95E23C91 ...

  9. C#快速学习笔记(译)

    下面是通过代码快速学习C#的例子. 1.学习任何语言都必定会学到的hello,world! using System; public class HelloWorld { public static ...

  10. Android UI学习前言:Android UI系统的知识结构

    Android UI系统的知识结构如下图所示: 对于 一个GUI系统地使用,首先是由应用程序来控制屏幕上元素的外观和行为,这在各个GUI系统中是不相同的,但是也具有相通性.Android系统在这方面, ...