zoukankan      html  css  js  c++  java

  • Spring Security 03

    认证和鉴权

    配置文件方式

    <authentication-manager>
        <authentication-provider>
        	<!-- 用户的权限控制 -->
            <user-service>
                <user name="admin" password="123" authorities="ROLE_USER, ROLE_ADMIN" />
                <user name="user" password="123" authorities="ROLE_USER" />
            </user-service>
        </authentication-provider>
    </authentication-manager>

    jdbc-user-service方式

     <!-- 默认数据库对用户进行存储 Spring Security默认情况下需要两张表,用户表和权限表。-->
    <authentication-manager>
        <authentication-provider>
           <!-- <user-service>
                <user name="admin" password="123" authorities="ROLE_USER, ROLE_ADMIN" />
                <user name="user" password="123" authorities="ROLE_USER" />
            </user-service>-->
            <jdbc-user-service data-source-ref="mysqlDataSource"
                  users-by-username-query="select username,`password`,`status` as enabled from `user` where username = ?"
                  authorities-by-username-query="select `user`.username,role.`name` from `user`,role,user_role where `user`.id=user_role.user_id and user_role.role_id=role.id and `user`.username = ?" />
 
        </authentication-provider>
    </authentication-manager>
    • note1: 默认数据库对用户进行存储 Spring Security默认情况下需要两张表,用户表和权限表
    • note2: data-source-ref="mysqlDataSource",引用数据源,连接数据库
    • note3: 数据库中创建三张表user、role、user_role
    - - 角色  
create table role(  
    id bigint,  
    `name` varchar(50),  
    descn varchar(200)  
);  
alter table role add constraint pk_role primary key(id);  
- - alter table role alter column id int generated by default as identity(1, 1); 
  
- - 用户  
create table `user`(  
    id bigint,  
    username varchar(50),  
    `password` varchar(50),  
    `status` integer,  
    descn varchar(200)  
);  
alter table `user` add constraint pk_user primary key(id);  
- - alter table `user` alter column id bigint generated by default as identity(start with 1);  
  
- - 用户角色连接表  
create table user_role(  
    user_id bigint,  
    role_id bigint  
);  
alter table user_role add constraint pk_user_role primary key(user_id, role_id);  
alter table user_role add constraint fk_user_role_user foreign key(user_id) references `user`(id);  
alter table user_role add constraint fk_user_role_role foreign key(role_id) references role(id);
 
- - 插入数据
insert into user(id,username,password,status,descn) values(1,'admin','admin',1,'管理员');  
insert into user(id,username,password,status,descn) values(2,'user','user',1,'用户');  
  
insert into role(id,name,descn) values(1,'ROLE_ADMIN','管理员角色');  
insert into role(id,name,descn) values(2,'ROLE_USER','用户角色');  
  
insert into user_role(user_id,role_id) values(1,1);  
insert into user_role(user_id,role_id) values(1,2);  
insert into user_role(user_id,role_id) values(2,2);

    动态加载方式

        <!--更改验证信息加载方式 -->
    <authentication-manager alias="authenticationManager">
        <authentication-provider user-service-ref="MyUserDetailsService">
        </authentication-provider>
    </authentication-manager>

    <!-- 自定义类MyUserDetailsService -->
    <beans:bean id="MyUserDetailsService" class="xx.xx.MyUserDetailsService" />
    • 自定义权限类
    public class MyGrantedAuthority implements GrantedAuthority {
    // 权限信息
    private String authority;

    public MGrantedAuthority(String authority) {
        this.authority = authority;
    }

    public String getAuthority() {
        return authority;
    }
}
    • 自定义用户信息类
    public class MyUserDetails implements UserDetails {

    private String username;
    private String password;
    private Set<MGrantedAuthority> authorities;

    public MUserDetails(String username, String password, Set<MGrantedAuthority> authorities) {

        this.username = username;
        this.password = password;
        this.authorities = authorities;
    }

    public Collection<? extends GrantedAuthority> getAuthorities() {
        return authorities;
    }

    public String getPassword() {
        return password;
    }

    public String getUsername() {
        return username;
    }

    // 账户是否没有过期
    public boolean isAccountNonExpired() {
        return true;
    }

    // 账户是否没有被锁
    public boolean isAccountNonLocked() {
        return true;
    }

    // 资格是否没有过期
    public boolean isCredentialsNonExpired() {
        return true;
    }

    // 该用户信息是否可用
    public boolean isEnabled() {
        return true;
    }
}
    • 获取用户信息
    public class MyUserDetailsService implements UserDetailsService {

    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
        // TODO 数据库查询用户信息和数据库信息

        // 查询数据库USE表获取用户密码
        String password = queryUsr(username);
        // 查询role表获取用户权限
        Set<MGrantedAuthority> authorities = queryRole(username));
        
        // 将获取到的用户信息放入UserDetails中
        MyUserDetails userDetails = new MyUserDetails(username, password, authorities);

        return userDetails;
    }
}
  • 相关阅读:
    ftp如果有文件夹直接建文件,没有创建文件夹
    jfinal相关
    jfinal多数据源
    创建maven项目多模块项目
    多线程分批处理list内的值
    内部类_常见的用途
    获取aplicationContext对象,从而获取任何注入的对象
    jquery表单验证
    monkeyrunner录制回放
    android稳定性测试
  • 原文地址:https://www.cnblogs.com/nwu-edu/p/9424967.html
Copyright © 2011-2022 走看看