如何使用身份验证提供程序从数据库对用户进行身份验证?
[英]How to authenticate users from database with an authentication provider?
问题描述
I'm a newbie with spring security and I want to authenticate users with database. 
我是Spring Security的新手,我想使用数据库对用户进行身份验证。 I've created a login page and an authentication Provider with jdbc that cheks if the user exists in the database. 我创建了一个登录页面和一个带有jdbc的身份验证提供程序,它会检查用户是否存在于数据库中。 But the problem that my code doesn't do that, it allows all users to log in! 但是我的代码无法做到这一点,它允许所有用户登录! what's wrong with my code? 我的代码有什么问题? Thanks for your help. 谢谢你的帮助。
@Component(value = "userService")
public class UserService implements AuthenticationProvider {
@Inject
@Named(value = "dataSource")
private DataSource dataSource;
ResultSet resultSet = null;
PreparedStatement preparedStatement = null;
Connection connection = null;
name=auth.getName();
pwd=auth.getCredentials().toString();
public Authentication authenticate(Authentication auth)
throws AuthenticationException {
final String select_auth = "select username,password from users where username='"+name+"' and password='"+pwd+"'";
try {
connection = dataSource.getConnection();
preparedStatement = connection.prepareStatement(select_auth);
resultSet = preparedStatement.executeQuery();
while (resultSet.next()) {
//what to return here ?
}
here is my security-confg.xml: 这是我的security-confg.xml:
<http auto-config="true">
<form-login login-page="/login" username-parameter="j_username"
password-parameter="j_password" default-target-url="/accueil"
authentication-failure-url="/403" />
<logout logout-success-url="/login" />
</http>
<authentication-manager>
<authentication-provider ref="userService">
</authentication-provider>
</authentication-manager>
1 个解决方案
解决方案1
0 2015-07-29 09:57:57
In the code, I don't see the place to set username and password to the query. 在代码中,我看不到为查询设置用户名和密码的地方。 you try to get the name and password and check that your query returns any result 您尝试获取名称和密码,并检查查询是否返回任何结果
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
String select_auth = "select username,password from users where username=? and password=?";
String username = authentication.getName();
String password = (String) authentication.getCredentials();
preparedStatement = connection.prepareStatement(select_auth);
p.setString(1, username);
p.setString(2, password);
resultSet = preparedStatement.executeQuery();
while (resultSet.next()) {
List<SampleAuthority> authorities = new ArrayList<SampleAuthority>();
SampleAuthority a = new SampleAuthority();
authorities.add(a);
Collection<? extends GrantedAuthority> authorities1 = authorities;
return new UsernamePasswordAuthenticationToken(username, password, authorities1);
}
}
@Override
public boolean supports(Class<?> arg0) {
return true;
}
class SampleAuthority implements GrantedAuthority {
@Override
public String getAuthority() {
return "ROLE_USER";
}
}
in the configuration, you can add 在配置中,您可以添加
<intercept-url pattern="/**" access="hasRole('ROLE_USER')" />
<logout logout-url="/logout" />
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.