摘要:在上一篇基本配置了一些文件中,基本可以在文件中指定用户名和密码来进行实现的验证,这次和一起来配合使用加入的配置文件别名在的中配置数据源查找配置事物然后建立层,和层以及对应这里省略实
在上一篇基本配置了一些文件中,基本可以在文件中指定用户名和密码来进行实现SpringSecurity的验证,
这次和mynatis一起来配合使用
加入mybatis的配置文件:
mybatis-config.xml
在spring的ApplicationContext.xml中配置数据源
ApplicationContext.xml
然后建立dao层,和server层以及对应mapper(这里省略)
实现UserDetailService里面的loadUserByUsername方法
public class MyUserDetailService implements UserDetailsService {
@Autowired
UserDao userdao;
@Override
public UserDetails loadUserByUsername(String username)
throws UsernameNotFoundException {
MyUser user =userdao.getUserByName(username);
if(user==null)
{
throw new UsernameNotFoundException("找不到该用户");
}
//这里最好的做法就是遍历用户身份,获取用户权限
// Collection grantedAuthorities = new ArrayList<>();
// SimpleGrantedAuthority grantedAuthority = new SimpleGrantedAuthority(role);
// grantedAuthorities.add(grantedAuthority);
return new MyUserDetail(user, getAuthorities(user.getUser_role()));
}
private Collection getAuthorities(String role) {
Collection grantedAuthorities = new ArrayList<>();
SimpleGrantedAuthority grantedAuthority = new SimpleGrantedAuthority(role);
grantedAuthorities.add(grantedAuthority);
return grantedAuthorities;
}
}
UserDetail
public class MyUserDetail implements UserDetails {
private MyUser myUser;
private Collection authorities;
public MyUserDetail(MyUser user,Collection authorities) {
this.myUser = user;
this.authorities = authorities;
}
@Override
public Collection getAuthorities() {
// TODO Auto-generated method stub
return authorities;
}
@Override
public String getPassword() {
return myUser.getUser_password();
}
@Override
public String getUsername() {
return myUser.getUser_name();
}
//下面的方法可以以后再添加
@Override
public boolean isAccountNonExpired() {
// TODO Auto-generated method stub
return false;
}
@Override
public boolean isAccountNonLocked() {
// TODO Auto-generated method stub
return false;
}
@Override
public boolean isCredentialsNonExpired() {
// TODO Auto-generated method stub
return false;
}
@Override
public boolean isEnabled() {
// TODO Auto-generated method stub
return false;
}
AuthenticationProvider类
关于类中的这个UsernamePasswordAuthenticationToken,Spring官方文档中给出的说明如下:
1. The username and password are obtained and combined into an instance of UsernamePasswordAuthenticationToken (an instance of
the Authentication interface, which we saw earlier).
2. The token is passed to an instance of AuthenticationManager for validation.
3. The AuthenticationManager returns a fully populated Authentication instance on successful authentication.
4. The security context is established by calling SecurityContextHolder.getContext().setAuthentication(… ) , passing in the returned
authentication object.
UsernamePasswordAuthenticationToken继承AbstractAuthenticationToken实现Authentication
所以当在页面中输入用户名和密码之后首先会进入到UsernamePasswordAuthenticationToken验证(Authentication),然后生成的Authentication会被交由AuthenticationManager来进行管理而AuthenticationManager管理一系列的AuthenticationProvider,而每一个Provider都会通UserDetailsService和UserDetail来返回一个以UsernamePasswordAuthenticationToken实现的带用户名和密码以及权限的Authentication
public class SecurityProvider implements AuthenticationProvider {
@Autowired
private MyUserDetailService userDetailsService;
@Override
public Authentication authenticate(Authentication authentication)
throws AuthenticationException {
//
UsernamePasswordAuthenticationToken token = (UsernamePasswordAuthenticationToken) authentication;
UserDetails userDetails = userDetailsService.loadUserByUsername(token.getName());
if (userDetails == null) {
throw new UsernameNotFoundException("找不到该用户");
}
if(!userDetails.getPassword().equals(token.getCredentials().toString()))
{
throw new BadCredentialsException("密码错误");
}
return new UsernamePasswordAuthenticationToken(userDetails,userDetails.getPassword(),userDetails.getAuthorities());
}
@Override
public boolean supports(Class authentication) {
// TODO Auto-generated method stub
return UsernamePasswordAuthenticationToken.class.equals(authentication);
}
}
项目地址:https://github.com/Somersames...
文章版权归作者所有,未经允许请勿转载,若此文章存在违规行为,您可以联系管理员删除。
转载请注明本文地址:https://www.ucloud.cn/yun/66718.html
