Spring Security 03

认证和鉴权

配置文件方式

<authentication-manager>
        <authentication-provider>
        	<!-- 用户的权限控制 -->
            <user-service>
                <user name="admin" password="123" authorities="ROLE_USER, ROLE_ADMIN" />
                <user name="user" password="123" authorities="ROLE_USER" />
            </user-service>
        </authentication-provider>
    </authentication-manager>

jdbc-user-service方式

 <!-- 默认数据库对用户进行存储 Spring Security默认情况下需要两张表，用户表和权限表。-->
    <authentication-manager>
        <authentication-provider>
           <!-- <user-service>
                <user name="admin" password="123" authorities="ROLE_USER, ROLE_ADMIN" />
                <user name="user" password="123" authorities="ROLE_USER" />
            </user-service>-->
            <jdbc-user-service data-source-ref="mysqlDataSource"
                  users-by-username-query="select username,`password`,`status` as enabled from `user` where username = ?"
                  authorities-by-username-query="select `user`.username,role.`name` from `user`,role,user_role where `user`.id=user_role.user_id and user_role.role_id=role.id and `user`.username = ?" />
 
        </authentication-provider>
    </authentication-manager>

note1: 默认数据库对用户进行存储 Spring Security默认情况下需要两张表，用户表和权限表
note2: data-source-ref="mysqlDataSource"，引用数据源，连接数据库
note3: 数据库中创建三张表user、role、user_role

- - 角色  
create table role(  
    id bigint,  
    `name` varchar(50),  
    descn varchar(200)  
);  
alter table role add constraint pk_role primary key(id);  
- - alter table role alter column id int generated by default as identity(1, 1); 
  
- - 用户  
create table `user`(  
    id bigint,  
    username varchar(50),  
    `password` varchar(50),  
    `status` integer,  
    descn varchar(200)  
);  
alter table `user` add constraint pk_user primary key(id);  
- - alter table `user` alter column id bigint generated by default as identity(start with 1);  
  
- - 用户角色连接表  
create table user_role(  
    user_id bigint,  
    role_id bigint  
);  
alter table user_role add constraint pk_user_role primary key(user_id, role_id);  
alter table user_role add constraint fk_user_role_user foreign key(user_id) references `user`(id);  
alter table user_role add constraint fk_user_role_role foreign key(role_id) references role(id);
 
- - 插入数据
insert into user(id,username,password,status,descn) values(1,'admin','admin',1,'管理员');  
insert into user(id,username,password,status,descn) values(2,'user','user',1,'用户');  
  
insert into role(id,name,descn) values(1,'ROLE_ADMIN','管理员角色');  
insert into role(id,name,descn) values(2,'ROLE_USER','用户角色');  
  
insert into user_role(user_id,role_id) values(1,1);  
insert into user_role(user_id,role_id) values(1,2);  
insert into user_role(user_id,role_id) values(2,2);

动态加载方式

    <!--更改验证信息加载方式 -->
    <authentication-manager alias="authenticationManager">
        <authentication-provider user-service-ref="MyUserDetailsService">
        </authentication-provider>
    </authentication-manager>

    <!-- 自定义类MyUserDetailsService -->
    <beans:bean id="MyUserDetailsService" class="xx.xx.MyUserDetailsService" />

自定义权限类

public class MyGrantedAuthority implements GrantedAuthority {
    // 权限信息
    private String authority;

    public MGrantedAuthority(String authority) {
        this.authority = authority;
    }

    public String getAuthority() {
        return authority;
    }
}

自定义用户信息类

public class MyUserDetails implements UserDetails {

    private String username;
    private String password;
    private Set<MGrantedAuthority> authorities;

    public MUserDetails(String username, String password, Set<MGrantedAuthority> authorities) {

        this.username = username;
        this.password = password;
        this.authorities = authorities;
    }

    public Collection<? extends GrantedAuthority> getAuthorities() {
        return authorities;
    }

    public String getPassword() {
        return password;
    }

    public String getUsername() {
        return username;
    }

    // 账户是否没有过期
    public boolean isAccountNonExpired() {
        return true;
    }

    // 账户是否没有被锁
    public boolean isAccountNonLocked() {
        return true;
    }

    // 资格是否没有过期
    public boolean isCredentialsNonExpired() {
        return true;
    }

    // 该用户信息是否可用
    public boolean isEnabled() {
        return true;
    }
}

获取用户信息

public class MyUserDetailsService implements UserDetailsService {

    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
        // TODO 数据库查询用户信息和数据库信息

        // 查询数据库USE表获取用户密码
        String password = queryUsr(username);
        // 查询role表获取用户权限
        Set<MGrantedAuthority> authorities = queryRole(username));
        
        // 将获取到的用户信息放入UserDetails中
        MyUserDetails userDetails = new MyUserDetails(username, password, authorities);

        return userDetails;
    }
}

posted @ 2018-09-11 10:55 [烟火里的尘埃] 阅读(111) 评论(0) 编辑收藏举报

刷新页面返回顶部

[烟火里的尘埃]

Spring Security 03

认证和鉴权

配置文件方式

jdbc-user-service方式

动态加载方式

公告