[英]How to authenticate users from an oracle database using jdbc in spring security?
我是Spring Mvc的新手。 我已经创建了一个login.jsp页面,并且我想使用Spring Security从数据库动态认证用户。
这是我的春季安全配置:
<http auto-config="true">
<form-login login-page="/login" username-parameter="j_username"
password-parameter="j_password" default-target-url="/accueil"
authentication-failure-url="/403" />
<logout logout-success-url="/login"/>
</http>
<authentication-manager>
<authentication-provider ref="userService">
</authentication-provider>
</authentication-manager>
这是我的userService:
@Component(value = "userService")
public class UserService implements AuthenticationProvider {
@Inject
@Named(value = "dataSource")
private DataSource dataSource1;
final String select_auth = "select username,password from users";
public Authentication authenticate(Authentication auth) throws AuthenticationException {
ResultSet resultSet = null;
PreparedStatement preparedStatement = null;
Connection connection = null;
try {
connection = dataSource1.getConnection();
preparedStatement = connection.prepareStatement(select_auth);
resultSet = preparedStatement.executeQuery();
while (resultSet.next()) {
String name=resultSet.getString("username");
String pwd =resultSet.getString("password");
if (name.equals("what?")){
}
}
} catch (SQLException e) {
e.printStackTrace();
} finally {
if (resultSet != null) {
try {
resultSet.close();
} catch (SQLException e) {
}
}
if (preparedStatement != null) {
try {
preparedStatement.close();
} catch (SQLException e) {
}
}
if (connection != null) {
try {
connection.close();
} catch (SQLException e) {
}
}
}
return new UsernamePasswordAuthenticationToken("", "");
}
public boolean supports(Class<?> arg0) {
return true;
}
}
与数据库的连接有效,但是我的问题是如何从login.jsp获取输入并测试数据库中的用户名和密码是否相同?
如果用户存在于数据库中,返回什么?
用户名和密码存储在Authentication对象中
String username = auth.getName();
String password = auth.getCredentials().toString();
因此您可以对照您的数据库数据检查它们(如我在评论中所建议)。
final String select_auth = "select username,password from users WHERE username=?"; // Use your prepared statement to bind the username
一旦获得记录(如果存在),就可以使用PasswordEncoder检查密码(希望您的密码已编码,例如加密/散列)。 然后,例如
return new UsernamePasswordAuthenticationToken(new MyUserDetails(username, password, ...), password); // There is also a constructor that accepts granted authorities
如何使用spring安全性和spring boot来验证Google用户,将mongoDB作为存储库?
[英]How to authenticate Google users by using spring security and spring boot, having mongoDB as repository?
如何使用带有Spring Security 5.1+的Google OIDC对用户进行身份验证
[英]How can I authenticate users using google OIDC with Spring Security 5.1+
如何使用Spring Security验证两种不同类型的用户?
[英]How to use spring security to authenticate two different types of users?
如何使用身份验证提供程序从数据库对用户进行身份验证?
[英]How to authenticate users from database with an authentication provider?
如何使用基本身份验证配置spring security以对数据库进行身份验证?
[英]How do you configure spring security to authenticate against a database using basic auth?
如何使用自己的数据库用户通过Spring Security和JWT进行身份验证
[英]How to authenticate with spring security and JWT with user of own database
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.