SPRING IN ACTION 第4版笔记-第九章Securing web applications-008-使用非关系型数据库时如何验证用户(自定义UserService)
一、
1.定义接口
Suppose that you need to authenticate against users in a non-relational database such
as Mongo or Neo4j. In that case, you’ll need to implement a custom implementation
of the UserDetailsService interface.
public interface UserDetailsService {
UserDetails loadUserByUsername(String username) throws UsernameNotFoundException;
}
2.实现接口
All you need to do is implement the loadUserByUsername() method to find a user
given the user’s username. loadUserByUsername() then returns a UserDetails object
representing the given user. The following listing shows an implementation of
UserDetailsService that looks up a user from a given implementation of Spitter-
Repository
package spittr.security;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.
SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.
UserDetailsService;
import org.springframework.security.core.userdetails.
UsernameNotFoundException;
import spittr.Spitter;
import spittr.data.SpitterRepository; public class SpitterUserService implements UserDetailsService { private final SpitterRepository spitterRepository; public SpitterUserService(SpitterRepository spitterRepository) {
this.spitterRepository = spitterRepository;
} @Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
Spitter spitter = spitterRepository.findByUsername(username);
if (spitter != null) {
List < GrantedAuthority > authorities = new ArrayList < GrantedAuthority > ();
authorities.add(new SimpleGrantedAuthority("ROLE_SPITTER"));
return new User(
spitter.getUsername(),
spitter.getPassword(),
authorities);
}
throw new UsernameNotFoundException("User '" + username + "' not found.");
}
}
What’s interesting about SpitterUserService is that it has no idea how the user data
is persisted. The SpitterRepository it’s given could look up the Spitter from a rela-
tional database, from a document database, from a graph database, or it could just
make it up. SpitterUserService doesn’t know or care what underlying data storage is
used. It just fetches the Spitter object and uses it to create a User object. ( User is a
concrete implementation of UserDetails .)
3.配置service
To use SpitterUserService to authenticate users, you can configure it in your
security configuration with the userDetailsService() method:
@Autowired
SpitterRepository spitterRepository;
@Override
protected void configure(AuthenticationManagerBuilder auth)
throws Exception {
auth
.userDetailsService(new SpitterUserService(spitterRepository));
}
The userDetailsService() method (like jdbcAuthentication() , ldapAuthentication ,
and inMemoryAuthentication() ) configures a configuration store. But instead of using
one of Spring’s provided user stores, it takes any implementation of UserDetailsService .
Another option worth considering is that you could change Spitter so that it
implements UserDetailsService . By doing that, you could return the Spitter
directly from the loadUserByUsername() method without copying its values into a
User object.
SPRING IN ACTION 第4版笔记-第九章Securing web applications-008-使用非关系型数据库时如何验证用户(自定义UserService)的更多相关文章
- SPRING IN ACTION 第4版笔记-第九章Securing web applications-001-SpringSecurity简介(DelegatingFilterProxy、AbstractSecurityWebApplicationInitializer、WebSecurityConfigurerAdapter、@EnableWebSecurity、@EnableWebMvcS)
一.SpringSecurity的模块 At the least, you’ll want to include the Core and Configuration modules in your ...
- SPRING IN ACTION 第4版笔记-第九章Securing web applications-011-把敏感信息请求转为https(requiresChannel())
1.把包含敏感信息的请求转为https请求,则较为安全,但如何只把有需要安全的请求转为https,而不是不加分辩就把所有请求都转为https呢?可以用requiresChannel() @Overri ...
- SPRING IN ACTION 第4版笔记-第九章Securing web applications-010-拦截请求
一. What if you wanted to restrict access to certain roles only on Tuesday? Using the access() method ...
- SPRING IN ACTION 第4版笔记-第九章Securing web applications-007-设置LDAP server比较密码(contextSource、root()、ldif()、)
一.LDAP server在哪 By default, Spring Security’s LDAP authentication assumes that the LDAP server is li ...
- SPRING IN ACTION 第4版笔记-第九章Securing web applications-004-对密码加密passwordEncoder
一. 1.Focusing on the authentication query, you can see that user passwords are expected to be stored ...
- SPRING IN ACTION 第4版笔记-第九章Securing web applications-003-把用户数据存在数据库
一. 1.It’s quite common for user data to be stored in a relational database, accessed via JDBC . To c ...
- SPRING IN ACTION 第4版笔记-第九章Securing web applications-002-把用户数据存在memory里(AuthenticationManagerBuilder、 UserDetailsManagerConfigurer.UserDetailsBuilder)
Spring Security is extremely flexible and is capable of authenticating users against virtually any d ...
- SPRING IN ACTION 第4版笔记-第九章Securing web applications-009-拦截请求()
一. 对特定的请求拦截 For example, consider the requests served by the Spittr application. Certainly, thehome ...
- SPRING IN ACTION 第4版笔记-第九章Securing web applications-006-用LDAP比较密码(passwordCompare()、passwordAttribute("passcode")、passwordEncoder(new Md5PasswordEncoder()))
一. The default strategy for authenticating against LDAP is to perform a bind operation,authenticatin ...
随机推荐
- javascript笔记——密码组合规则
//6-16个字符,字母加数字或符号的组合密码[必须全部包含] var filter = /^(?=.*[0-9])(?=.*[a-z])(?=.*[!@#$%^&*])(?=.*[A-Z]) ...
- CSS 样式二
CSS文本样式 text-align:设置文本的对齐方式 取值: left 向左对齐 right:向右对齐 center:居中对齐 text-indent:设置文本的首行缩进 例如,字体设为12px, ...
- 方法:查询MongoDB数据库中最新一条数据(JAVA)
使用JAVA语言查询MongoDB中某个数据库某个集合的最新一条数据: MongoCollection<Document> cpu = MongoClient.getDatabase(&q ...
- 开启Windows的索引服务
除开SearchEverything电脑内部的全硬盘搜索之外,如果要搜索文件内的内容的话,就无能为力的了.Window内置的索引服务就派上用场了,这么好的服务,默认设置居然是关闭的,想不通. 下面来介 ...
- XPOSED-LUA
转载说明 本篇文章可能已经更新,最新文章请转:http://www.sollyu.com/xposed-lua/ 说明 Xposed Lua Module 是一个Xposed的模块,他有下面的优点 本 ...
- 服务器 tfs不提供 TeamFoundation服务。基础连接已经关闭
服务器 tfs(服务器名或url)不提供 TeamFoundation服务.基础连接已经关闭,发送时发生错误.TFS突然间连接不上到,到服务器上配置团队项目的组成员资格提示这样的错误,客户端连接的时候 ...
- 父节点使用css的transform: translate(0, 0)时position:fixed在chrome浏览器中无效
今天在做移动端的页面,无意间发现了一个Chrome浏览器下的一个bug,在使用CSS3的transform: translate(0, 0)属性对节点A进行位置转化,此时A节点下面有一个字节点B,节点 ...
- hibernate的n+1问题
下面选自<精通Hibernate:Java对象持久化技术详解>作者:孙卫琴 在Session的缓存中存放的是相互关联的对象图.默认情况下,当Hibernate从数据库中加载Customer ...
- 转 在无法通过yum下载非标准包时,怎么办
在CentOS下,我们可以通过yum来下载或更新rpm包,但是标准的源(repository)里只提供一部分的rpm包,虽然大部分情况下,这些包是够用的.但是有时候还是需要下载其他的一些非标准的包,如 ...
- unity3d KeyCode各键值说明
KeyCode :KeyCode是由Event.keyCode返回的.这些直接映射到键盘上的物理键. http://docs.unity3d.com/ScriptReference/KeyCode.h ...