認證和鑑權
配置文件方式
<authentication-manager>
<authentication-provider>
<!-- 用戶的權限控制 -->
<user-service>
<user name="admin" password="123" authorities="ROLE_USER, ROLE_ADMIN" />
<user name="user" password="123" authorities="ROLE_USER" />
</user-service>
</authentication-provider>
</authentication-manager>
jdbc-user-service方式
<!-- 默認數據庫對用戶進行存儲 Spring Security默認狀況下須要兩張表,用戶表和權限表。-->
<authentication-manager>
<authentication-provider>
<!-- <user-service>
<user name="admin" password="123" authorities="ROLE_USER, ROLE_ADMIN" />
<user name="user" password="123" authorities="ROLE_USER" />
</user-service>-->
<jdbc-user-service data-source-ref="mysqlDataSource"
users-by-username-query="select username,`password`,`status` as enabled from `user` where username = ?"
authorities-by-username-query="select `user`.username,role.`name` from `user`,role,user_role where `user`.id=user_role.user_id and user_role.role_id=role.id and `user`.username = ?" />
</authentication-provider>
</authentication-manager>
- note1: 默認數據庫對用戶進行存儲 Spring Security默認狀況下須要兩張表,用戶表和權限表
- note2: data-source-ref="mysqlDataSource",引用數據源,鏈接數據庫
- note3: 數據庫中建立三張表user、role、user_role
- - 角色
create table role(
id bigint,
`name` varchar(50),
descn varchar(200)
);
alter table role add constraint pk_role primary key(id);
- - alter table role alter column id int generated by default as identity(1, 1);
- - 用戶
create table `user`(
id bigint,
username varchar(50),
`password` varchar(50),
`status` integer,
descn varchar(200)
);
alter table `user` add constraint pk_user primary key(id);
- - alter table `user` alter column id bigint generated by default as identity(start with 1);
- - 用戶角色鏈接表
create table user_role(
user_id bigint,
role_id bigint
);
alter table user_role add constraint pk_user_role primary key(user_id, role_id);
alter table user_role add constraint fk_user_role_user foreign key(user_id) references `user`(id);
alter table user_role add constraint fk_user_role_role foreign key(role_id) references role(id);
- - 插入數據
insert into user(id,username,password,status,descn) values(1,'admin','admin',1,'管理員');
insert into user(id,username,password,status,descn) values(2,'user','user',1,'用戶');
insert into role(id,name,descn) values(1,'ROLE_ADMIN','管理員角色');
insert into role(id,name,descn) values(2,'ROLE_USER','用戶角色');
insert into user_role(user_id,role_id) values(1,1);
insert into user_role(user_id,role_id) values(1,2);
insert into user_role(user_id,role_id) values(2,2);
動態加載方式
<!--更改驗證信息加載方式 -->
<authentication-manager alias="authenticationManager">
<authentication-provider user-service-ref="MyUserDetailsService">
</authentication-provider>
</authentication-manager>
<!-- 自定義類MyUserDetailsService -->
<beans:bean id="MyUserDetailsService" class="xx.xx.MyUserDetailsService" />
public class MyGrantedAuthority implements GrantedAuthority {
// 權限信息
private String authority;
public MGrantedAuthority(String authority) {
this.authority = authority;
}
public String getAuthority() {
return authority;
}
}
public class MyUserDetails implements UserDetails {
private String username;
private String password;
private Set<MGrantedAuthority> authorities;
public MUserDetails(String username, String password, Set<MGrantedAuthority> authorities) {
this.username = username;
this.password = password;
this.authorities = authorities;
}
public Collection<? extends GrantedAuthority> getAuthorities() {
return authorities;
}
public String getPassword() {
return password;
}
public String getUsername() {
return username;
}
// 帳戶是否沒有過時
public boolean isAccountNonExpired() {
return true;
}
// 帳戶是否沒有被鎖
public boolean isAccountNonLocked() {
return true;
}
// 資格是否沒有過時
public boolean isCredentialsNonExpired() {
return true;
}
// 該用戶信息是否可用
public boolean isEnabled() {
return true;
}
}
public class MyUserDetailsService implements UserDetailsService {
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
// TODO 數據庫查詢用戶信息和數據庫信息
// 查詢數據庫USE表獲取用戶密碼
String password = queryUsr(username);
// 查詢role表獲取用戶權限
Set<MGrantedAuthority> authorities = queryRole(username));
// 將獲取到的用戶信息放入UserDetails中
MyUserDetails userDetails = new MyUserDetails(username, password, authorities);
return userDetails;
}
}