在Spring Security中,如何使用jdbc从Oracle数据库认证用户?
[英]How to authenticate users from an oracle database using jdbc in spring security?
问题描述
I'm a newbie with spring Mvc. 
我是Spring Mvc的新手。 I've created a login.jsp page and I want to authenticate users dynamically from database using spring security. 我已经创建了一个login.jsp页面,并且我想使用Spring Security从数据库动态认证用户。
This is my spring security configuration: 这是我的春季安全配置:
<http auto-config="true">
<form-login login-page="/login" username-parameter="j_username"
password-parameter="j_password" default-target-url="/accueil"
authentication-failure-url="/403" />
<logout logout-success-url="/login"/>
</http>
<authentication-manager>
<authentication-provider ref="userService">
</authentication-provider>
</authentication-manager>
And this is my userService: 这是我的userService:
@Component(value = "userService")
public class UserService implements AuthenticationProvider {
@Inject
@Named(value = "dataSource")
private DataSource dataSource1;
final String select_auth = "select username,password from users";
public Authentication authenticate(Authentication auth) throws AuthenticationException {
ResultSet resultSet = null;
PreparedStatement preparedStatement = null;
Connection connection = null;
try {
connection = dataSource1.getConnection();
preparedStatement = connection.prepareStatement(select_auth);
resultSet = preparedStatement.executeQuery();
while (resultSet.next()) {
String name=resultSet.getString("username");
String pwd =resultSet.getString("password");
if (name.equals("what?")){
}
}
} catch (SQLException e) {
e.printStackTrace();
} finally {
if (resultSet != null) {
try {
resultSet.close();
} catch (SQLException e) {
}
}
if (preparedStatement != null) {
try {
preparedStatement.close();
} catch (SQLException e) {
}
}
if (connection != null) {
try {
connection.close();
} catch (SQLException e) {
}
}
}
return new UsernamePasswordAuthenticationToken("", "");
}
public boolean supports(Class<?> arg0) {
return true;
}
}
The connection to the database works, but my problem is how to get the inputs from login.jsp and test if the username and the password are the same in the database? 与数据库的连接有效,但是我的问题是如何从login.jsp获取输入并测试数据库中的用户名和密码是否相同?
And what to return if the user exists in the database ? 如果用户存在于数据库中,返回什么?
1 个解决方案
解决方案1
0 已采纳 2015-07-28 15:07:13
Username and password are stored within the Authentication object 用户名和密码存储在Authentication对象中
String username = auth.getName();
String password = auth.getCredentials().toString();
so you can check them against your DB data (as I suggested in the comment). 因此您可以对照您的数据库数据检查它们(如我在评论中所建议)。
final String select_auth = "select username,password from users WHERE username=?"; // Use your prepared statement to bind the username
Once you get the record back (if exists) you can check the password using your PasswordEncoder (hopefully your password is encoded, eg encrypted / hashed). 一旦获得记录(如果存在),就可以使用PasswordEncoder检查密码(希望您的密码已编码,例如加密/散列)。 And then, eg 然后,例如
return new UsernamePasswordAuthenticationToken(new MyUserDetails(username, password, ...), password); // There is also a constructor that accepts granted authorities
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.