在Spring Security中從文件中讀取/添加用戶憑據
[英]Read/add user credentials from file in Spring Security
問題描述
是否可以在Spring Security的文件中存儲和修改用戶憑據?
現在我有security.xml:
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<http>
<intercept-url pattern="/**" access="ROLE_USER" />
<form-login />
<logout />
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="admin" password="admin" authorities="ROLE_USER, ROLE_ADMIN" />
<user name="user" password="user" authorities="ROLE_USER" />
</user-service>
</authentication-provider>
</authentication-manager>
我想要的只是將信息存儲在像users.txt或users.xml這樣的文件中,可以動態添加或修改用戶/密碼。
1 個解決方案
解決方案1
4 已采納 2017-03-09 09:48:22
您需要覆蓋UserDetailsService
UserDao.java
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
/**
* @author asif.hossain
* @since 3/9/17.
*/
public class UserDao implements UserDetailsService {
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
String password = readPasswordFromFileOrDatabase(username);
if (password == null) throw new UsernameNotFoundException("");
return User
.withUsername(username)
.password(password)
.authorities("ROLE_USER")
.build();
}
private String readPasswordFromFileOrDatabase(String username) {
// Edit this code and read password and roles from data base or files
if (username.equals("user")) return "password";
return null;
}
}
並在security.xml中添加此類的bean
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<http>
<intercept-url pattern="/**" access="ROLE_USER" />
<form-login />
<logout />
</http>
<bean id="userDao" class="UserDao"></bean>
<authentication-manager alias="authenticationManager">
<authentication-provider user-service-ref="userDao"></authentication-provider>
</authentication-manager>
在Spring-Security中注銷用戶時從會話中刪除用戶登錄憑據
[英]Removing user login credentials from session when user logout in spring-security
Spring 安全 UsernamePasswordAuthenticationToken 始終返回 403:用戶憑據已過期
[英]Spring security UsernamePasswordAuthenticationToken always returns 403: User credentials have expired
Spring Security-使用BCrypt哈希密碼的用戶身份驗證(錯誤的憑證錯誤)
[英]Spring Security - user authentication with BCrypt hashed password (bad credentials error)
即使憑據正確,Spring-security 也不會登錄用戶
[英]Spring-security not logging-in user even when credentials are correct
Spring 安全性:為身份驗證失敗添加自定義消息(“Bad Credentials”到“Invalid Credentials”)
[英]Spring Security : Add custom message for authentication failure ( “Bad Credentials” to “Invalid Credentials”)
Spring Security-從Tomcat 6部署到Tomcat 7時憑據不正確
[英]Spring Security - Bad credentials when deploying from Tomcat 6 to Tomcat 7
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.
相關問題
從 Spring Security 中的文件讀取用戶名/密碼
在Spring-Security中注銷用戶時從會話中刪除用戶登錄憑據
Spring Security-從SSO緩存憑據
在Spring Boot安全性中無法從表單添加用戶
Spring 安全 UsernamePasswordAuthenticationToken 始終返回 403:用戶憑據已過期
Spring Security-使用BCrypt哈希密碼的用戶身份驗證(錯誤的憑證錯誤)
即使憑據正確,Spring-security 也不會登錄用戶
春季安全。 為用戶登錄添加限制
Spring 安全性:為身份驗證失敗添加自定義消息(“Bad Credentials”到“Invalid Credentials”)
Spring Security-從Tomcat 6部署到Tomcat 7時憑據不正確
相關標簽