堆棧內存溢出
  簡體   English   中英

使用Hibernate進行Spring Security 3數據庫身份驗證

[英]Spring Security 3 database authentication with Hibernate

 原文  2010-04-21 13:32:07       database/ hibernate/ authentication/ spring-security

問題描述

我需要從數據庫驗證用戶,Spring Security文檔不告訴如何使用hibernate進行身份驗證。 這可能嗎?我該怎么做?

3 個解決方案

解決方案1
 133 已采納  2010-04-23 20:16:32

您必須創建自己的自定義身份驗證提供程序。

示例代碼:

從Hibernate加載用戶的服務: 

import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;    

@Service("userDetailsService") 
public class UserDetailsServiceImpl implements UserDetailsService {

  @Autowired private UserDao dao;
  @Autowired private Assembler assembler;

  @Transactional(readOnly = true)
  public UserDetails loadUserByUsername(String username)
      throws UsernameNotFoundException, DataAccessException {

    UserDetails userDetails = null;
    UserEntity userEntity = dao.findByName(username);
    if (userEntity == null)
      throw new UsernameNotFoundException("user not found");

    return assembler.buildUserFromUserEntity(userEntity);
  }
}

將您的實體轉換為spring用戶對象的服務: 

import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.GrantedAuthorityImpl;
import org.springframework.security.core.userdetails.User;

@Service("assembler")
public class Assembler {

  @Transactional(readOnly = true)
  User buildUserFromUserEntity(UserEntity userEntity) {

    String username = userEntity.getName();
    String password = userEntity.getPassword();
    boolean enabled = userEntity.isActive();
    boolean accountNonExpired = userEntity.isActive();
    boolean credentialsNonExpired = userEntity.isActive();
    boolean accountNonLocked = userEntity.isActive();

    Collection<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
    for (SecurityRoleEntity role : userEntity.getRoles()) {
      authorities.add(new GrantedAuthorityImpl(role.getRoleName()));
    }

    User user = new User(username, password, enabled,
      accountNonExpired, credentialsNonExpired, accountNonLocked, authorities, id);
    return user;
  }
}

基於命名空間的application-context-security.xml看起來像: 

<http>
  <intercept-url pattern="/login.do*" filters="none"/>
  <intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
  <form-login login-page="/login.do"
              authentication-failure-url="/login.do?error=failed"
              login-processing-url="/login-please.do" />
  <logout logout-url="/logoff-please.do"
          logout-success-url="/logoff.html" />
</http>

<beans:bean id="daoAuthenticationProvider"
 class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
  <beans:property name="userDetailsService" ref="userDetailsService"/>
</beans:bean>

<beans:bean id="authenticationManager"
    class="org.springframework.security.authentication.ProviderManager">
  <beans:property name="providers">
    <beans:list>
      <beans:ref local="daoAuthenticationProvider" />
    </beans:list>
  </beans:property>
</beans:bean>

<authentication-manager>
  <authentication-provider user-service-ref="userDetailsService">
    <password-encoder hash="md5"/>
  </authentication-provider>
</authentication-manager>

解決方案2
 4  2014-04-02 17:56:49

如果您正在使用JDBC可訪問數據庫,則可以使用以下身份驗證提供程序並避免創建自定義數據庫。 它減少了9行XML所需的代碼: 

<authentication-provider>
    <jdbc-user-service data-source-ref="dataSource" users-by-username-query="select username,password from users where username=?" authorities-by-username-query="select u.username, r.authority from users u, roles r where u.userid = r.userid and u.username =?" />
</authentication-provider>

然后,您可以按如下方式設置dataSource 

<bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
    <property name="driverClassName" value="com.mysql.jdbc.Driver" />
    <property name="url" value="jdbc:mysql://localhost:3306/DB_NAME" />
    <property name="username" value="root" />
    <property name="password" value="password" />
</bean>

看看這篇文章: http//codehustler.org/blog/spring-security-tutorial-form-login/它涵蓋了您需要了解的有關自定義Spring Security表單登錄的所有信息。

解決方案3
 1  2014-03-05 09:04:12

java配置看起來像這樣 

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private UserDetailsServiceImpl userDetailsService;

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth)
            throws Exception {

        DaoAuthenticationProvider daoAuthenticationProvider =
                new DaoAuthenticationProvider();
        daoAuthenticationProvider
                .setUserDetailsService(userDetailsService);

        auth.authenticationProvider(daoAuthenticationProvider);
    }
}

暫無
暫無

聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.

相關問題 Spring Security數據庫身份驗證 Spring Security:數據庫身份驗證提供程序 Spring Security或數據庫,用於管理用戶的視圖和身份驗證 在Spring Security中如何進行LDAP身份驗證和數據庫授權 如何在 Spring 安全性中同時使用數據庫和 LDAP 身份驗證? Spring,通過數據庫進行身份驗證 使用Spring和Hibernate - 未知數據庫 使用Spring和Hibernate將異常記錄到數據庫 Hibernate spring 3中的高性能數據庫 如何在Spring Security中檢查多個表以進行身份​​驗證
相關標簽
 
粵ICP備18138465號  © 2020-2024 STACKOOM.COM