一、

1.It’s quite common for user data to be stored in a relational database, accessed via JDBC . To configure Spring Security to authenticate against a JDBC -backed user store,you can use the jdbcAuthentication() method. The minimal configuration required is as follows:

   在数据库保存用户数据

   @Autowired

   DataSource dataSource;

   @Override

     protected void configure(AuthenticationManagerBuilder auth) throws Exception {

         auth.jdbcAuthentication().dataSource(dataSource);

     }

The only thing you must configure is a DataSource so that it’s able to access the relational database. The DataSource is provided here via the magic of autowiring.

2.重写默认的查询语句

Although this minimal configuration will work, it makes some assumptions about your database schema. It expects that certain tables exist where user data will be kept. More specifically, the following snippet of code from Spring Security’s internals shows the SQL queries that will be performed when looking up user details:

 public static final String DEF_USERS_BY_USERNAME_QUERY =

     "select username,password,enabled " +

     "from users " +

     "where username = ?";

 public static final String DEF_AUTHORITIES_BY_USERNAME_QUERY =

     "select username,authority " +

     "from authorities " +

     "where username = ?";

 public static final String DEF_GROUP_AUTHORITIES_BY_USERNAME_QUERY =

     "select g.id, g.group_name, ga.authority " +

     "from groups g, group_members gm, group_authorities ga " +

     "where gm.username = ? " +

     "and g.id = ga.group_id " +

     "and g.id = gm.group_id";

If you’re okay with defining and populating tables in your database that satisfy those queries, then there’s not much else for you to do. But chances are your database doesn’t look anything like this, and you’ll want more control over the queries. In that case, you can configure your own queries like this:

 @Override

 protected void configure(AuthenticationManagerBuilder auth)

 throws Exception {

     auth

         .jdbcAuthentication()

         .dataSource(dataSource)

         .usersByUsernameQuery(

             "select username, password, true " +

             "from Spitter where username=?")

         .authoritiesByUsernameQuery(

             "select username, 'ROLE_USER' from Spitter where username=?");

 }

3.

SPRING IN ACTION 第4版笔记-第九章Securing web applications-003-把用户数据存在数据库的更多相关文章

  1. SPRING IN ACTION 第4版笔记-第九章Securing web applications-001-SpringSecurity简介(DelegatingFilterProxy、AbstractSecurityWebApplicationInitializer、WebSecurityConfigurerAdapter、@EnableWebSecurity、@EnableWebMvcS)

    一.SpringSecurity的模块 At the least, you’ll want to include the Core and Configuration modules in your ...

  2. SPRING IN ACTION 第4版笔记-第九章Securing web applications-011-把敏感信息请求转为https(requiresChannel())

    1.把包含敏感信息的请求转为https请求,则较为安全,但如何只把有需要安全的请求转为https,而不是不加分辩就把所有请求都转为https呢?可以用requiresChannel() @Overri ...

  3. SPRING IN ACTION 第4版笔记-第九章Securing web applications-010-拦截请求

    一. What if you wanted to restrict access to certain roles only on Tuesday? Using the access() method ...

  4. SPRING IN ACTION 第4版笔记-第九章Securing web applications-008-使用非关系型数据库时如何验证用户(自定义UserService)

    一. 1.定义接口 Suppose that you need to authenticate against users in a non-relational database suchas Mo ...

  5. SPRING IN ACTION 第4版笔记-第九章Securing web applications-007-设置LDAP server比较密码(contextSource、root()、ldif()、)

    一.LDAP server在哪 By default, Spring Security’s LDAP authentication assumes that the LDAP server is li ...

  6. SPRING IN ACTION 第4版笔记-第九章Securing web applications-004-对密码加密passwordEncoder

    一. 1.Focusing on the authentication query, you can see that user passwords are expected to be stored ...

  7. SPRING IN ACTION 第4版笔记-第九章Securing web applications-002-把用户数据存在memory里(AuthenticationManagerBuilder、 UserDetailsManagerConfigurer.UserDetailsBuilder)

    Spring Security is extremely flexible and is capable of authenticating users against virtually any d ...

  8. SPRING IN ACTION 第4版笔记-第九章Securing web applications-009-拦截请求()

    一. 对特定的请求拦截 For example, consider the requests served by the Spittr application. Certainly, thehome ...

  9. SPRING IN ACTION 第4版笔记-第九章Securing web applications-006-用LDAP比较密码(passwordCompare()、passwordAttribute("passcode")、passwordEncoder(new Md5PasswordEncoder()))

    一. The default strategy for authenticating against LDAP is to perform a bind operation,authenticatin ...

随机推荐

  1. (转)微软开放了.NET 4.5.1的源代码

    微软开放了.NET 4.5.1的源代码 .NET Reference Source发布了beta版,可以在线浏览.NET Framework 4.5.1的源代码,并且可以通过配置,在Visual St ...

  2. 关于ajax解析

    出处:http://www.cnblogs.com/huashanlin/archive/2006/10/09/524707.html 要很好地领会Ajax技术的关键是了解超文本传输协议(HTTP), ...

  3. 第一节 Hibernate 基本配置

    1 新建maven工程 1)打开eclipse,依次点击File---->New---->Maven Project. 2)选择org.apache.maven.archetypes ma ...

  4. AE实现投影定义和投影转换

    添加引用ESRI.ArcGIS.DataManagementTools 1.获取要定义和要转换的投影 IWorkspaceFactory wsf = new ShapefileWorkspaceFac ...

  5. poj 3616 Milking Time

                                                                                                 Milking ...

  6. 解决xtraFinder在EI下不能使用问题

    在EI (10.11)下,由于SIP(System Integrity Protection)机制,导致一些第三方插件不能使用,如xtrafinder. 要想使用,在目前的情况下,启用的方法:一种是安 ...

  7. C++ 对数组sizeof 和对数组元素sizeof

    这一段程序 下面这段程序很有看点://arr1 is an array of intsint *source=arr1;size_t sz=sizeof(arr1)/sizeof(*arr1);//n ...

  8. 快速搭建Web环境 Angularjs + Express3 + Bootstrap3

    快速搭建Web环境 Angularjs + Express3 + Bootstrap3 AngularJS体验式编程系列文章, 将介绍如何用angularjs构建一个强大的web前端系统.angula ...

  9. dapper 自定义数据库字段和代码中Model字段不一致时候的mapping方法

    namespace YourNamespace { /// <summary> /// Uses the Name value of the ColumnAttribute specifi ...

  10. 部门招聘开发人员(python相关)

    岗位职责: 1.参与需求分析,产品设计,功能开发: 2.负责系统平台的日常维护: 3.与团队技术交流,共同进步 任职要求: 1.精通Python:对Python有兴趣. 2.熟悉MVC架构,精通Dja ...