Spring Security使用數據庫認證

在Spring Security中如果想要使用數據進行認證操作，有很多種操作方式，這里我們介紹使用UserDetails、UserDetailsService來完成操作。

UserDetails

public interface UserDetails extends Serializable {Collection<? extends GrantedAuthority> getAuthorities();String getPassword();String getUsername();boolean isAccountNonExpired();boolean isAccountNonLocked();boolean isCredentialsNonExpired();boolean isEnabled(); }

UserDetails是一個接口，我們可以認為UserDetails作用是于封裝當前進行認證的用戶信息，但由于其是一個接口，所以我們可以對其進行實現，也可以使用Spring Security提供的一個UserDetails的實現類User來完成

以下是User類的部分代碼

public class User implements UserDetails, CredentialsContainer {private String password;private final String username;private final Set<GrantedAuthority> authorities;private final boolean accountNonExpired; //帳戶是否過期private final boolean accountNonLocked; //帳戶是否鎖定private final boolean credentialsNonExpired; //認證是否過期private final boolean enabled; //帳戶是否可用 ｝

UserDetailsService

public interface UserDetailsService {UserDetails loadUserByUsername(String username) throws UsernameNotFoundException; }

上面將UserDetails與UserDetailsService做了一個簡單的介紹，那么我們具體如何完成Spring Security的數據庫認證操作哪，我們通過用戶管理中用戶登錄來完成Spring Security的認證操作。

用戶管理

用戶登錄

spring security的配置

<security:authentication-manager><security:authentication-provider user-service-ref="userService"><!-- 配置加密的方式<security:password-encoder ref="passwordEncoder"/>--></security:authentication-provider> </security:authentication-manager>

登錄頁面login.jsp

Service

public interface IUserService extends UserDetailsService{} @Service("userService") @Transactional public class UserServiceImpl implements IUserService {@Autowiredprivate IUserDao userDao;@Overridepublic UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {UserInfo userInfo = userDao.findByUsername(username);List<Role> roles = userInfo.getRoles();List<SimpleGrantedAuthority> authoritys = getAuthority(roles);User user = new User(userInfo.getUsername(), "{noop}" + userInfo.getPassword(),userInfo.getStatus() == 0 ? false : true, true, true, true, authoritys);return user;}private List<SimpleGrantedAuthority> getAuthority(List<Role> roles) {List<SimpleGrantedAuthority> authoritys = new ArrayList();for (Role role : roles) {authoritys.add(new SimpleGrantedAuthority(role.getRoleName()));}return authoritys;} }

IUserDao

public interface IUserDao {@Select("select * from user where id=#{id}")public UserInfo findById(Long id) throws Exception;@Select("select * from user where username=#{username}")@Results({@Result(id = true, property = "id", column = "id"),@Result(column = "username", property = "username"),@Result(column = "email", property = "email"),@Result(column = "password", property = "password"),@Result(column = "phoneNum", property = "phoneNum"),@Result(column = "status", property = "status"),@Result(column = "id", property = "roles", javaType = List.class, many =@Many(select = "com.learn.ssm.dao.IRoleDao.findRoleByUserId")) })public UserInfo findByUsername(String username);} }

?

超強干貨來襲 云風專訪：近40年碼齡，通宵達旦的技術人生

總結

以上是生活随笔為你收集整理的用户操作-登录代码实现的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。