[英]How to authenticate Google users by using spring security and spring boot, having mongoDB as repository?
[英]How to authenticate users from an oracle database using jdbc in spring security?
我是Spring Mvc的新手。 我已经创建了一个login.jsp
页面,并且我想使用Spring Security从数据库动态认证用户。
这是我的春季安全配置:
<http auto-config="true">
<form-login login-page="/login" username-parameter="j_username"
password-parameter="j_password" default-target-url="/accueil"
authentication-failure-url="/403" />
<logout logout-success-url="/login"/>
</http>
<authentication-manager>
<authentication-provider ref="userService">
</authentication-provider>
</authentication-manager>
这是我的userService:
@Component(value = "userService")
public class UserService implements AuthenticationProvider {
@Inject
@Named(value = "dataSource")
private DataSource dataSource1;
final String select_auth = "select username,password from users";
public Authentication authenticate(Authentication auth) throws AuthenticationException {
ResultSet resultSet = null;
PreparedStatement preparedStatement = null;
Connection connection = null;
try {
connection = dataSource1.getConnection();
preparedStatement = connection.prepareStatement(select_auth);
resultSet = preparedStatement.executeQuery();
while (resultSet.next()) {
String name=resultSet.getString("username");
String pwd =resultSet.getString("password");
if (name.equals("what?")){
}
}
} catch (SQLException e) {
e.printStackTrace();
} finally {
if (resultSet != null) {
try {
resultSet.close();
} catch (SQLException e) {
}
}
if (preparedStatement != null) {
try {
preparedStatement.close();
} catch (SQLException e) {
}
}
if (connection != null) {
try {
connection.close();
} catch (SQLException e) {
}
}
}
return new UsernamePasswordAuthenticationToken("", "");
}
public boolean supports(Class<?> arg0) {
return true;
}
}
与数据库的连接有效,但是我的问题是如何从login.jsp
获取输入并测试数据库中的用户名和密码是否相同?
如果用户存在于数据库中,返回什么?
用户名和密码存储在Authentication对象中
String username = auth.getName();
String password = auth.getCredentials().toString();
因此您可以对照您的数据库数据检查它们(如我在评论中所建议)。
final String select_auth = "select username,password from users WHERE username=?"; // Use your prepared statement to bind the username
一旦获得记录(如果存在),就可以使用PasswordEncoder检查密码(希望您的密码已编码,例如加密/散列)。 然后,例如
return new UsernamePasswordAuthenticationToken(new MyUserDetails(username, password, ...), password); // There is also a constructor that accepts granted authorities
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.