简体   繁体   中英

How to get user's data from a database in Spring Security's JdbcAuthentication?

I'd like to add a user login verification function to my application. My website is based on another one which uses a complex hash to transform the real password regular and then saves it to the database. The regular created a salt and save it to user table, like this:

String salt = HashKit.generateSaltForSha256();
password = HashKit.sha256(salt + password);
user.setPassword(password).setSalt(salt).save();

When the user logs in, the original application will get salt from the database like this:

User user = dao.find(username);
password = HashKit.sha256(user.getSalt() + password);
if (password.equels(user.getPassword())){ Login Success! }

But, now I want to using Spring Boot to rewrite that application, and use Spring Security to validate login, like this:

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Autowired
    private DruidPlugin druidPlugin;
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.jdbcAuthentication()
                .dataSource(druidPlugin.getDataSource())
                .usersByUsernameQuery(
                        "select userName username, password, true from account where userName=?"
                )
                .authoritiesByUsernameQuery(
                        "select userName username, 'ROLE_USER' from account where userName=?"
                )
                .passwordEncoder(new PasswordEncoder() {
                    @Override
                    public String encode(CharSequence password) {
                        String salt = HashKit.generateSaltForSha256();
                        password = HashKit.sha256(salt + password);
                        return password.toString();
                    }

                    @Override
                    public boolean matches(CharSequence charSequence, String s) {
                        return false;
                    }
                });
    }
}

How can I get user data from database in PasswordEncoder ?

I think, DaoAuthenticationProvider should solve your problem. We need to provide the service instance and the password encoder to it.

Once configured, we need to set it to the AuthenticationManagerBuilder.

 @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
            auth.authenticationProvider(authProvider());
   } 

Reference here

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM