认证和鉴权
配置文件方式
<authentication-manager>
<authentication-provider>
<!-- 用户的权限控制 -->
<user-service>
<user name="admin" password="123" authorities="ROLE_USER, ROLE_ADMIN" />
<user name="user" password="123" authorities="ROLE_USER" />
</user-service>
</authentication-provider>
</authentication-manager>
jdbc-user-service方式
<!-- 默认数据库对用户进行存储 Spring Security默认情况下需要两张表,用户表和权限表。-->
<authentication-manager>
<authentication-provider>
<!-- <user-service>
<user name="admin" password="123" authorities="ROLE_USER, ROLE_ADMIN" />
<user name="user" password="123" authorities="ROLE_USER" />
</user-service>-->
<jdbc-user-service data-source-ref="mysqlDataSource"
users-by-username-query="select username,`password`,`status` as enabled from `user` where username = ?"
authorities-by-username-query="select `user`.username,role.`name` from `user`,role,user_role where `user`.id=user_role.user_id and user_role.role_id=role.id and `user`.username = ?" />
</authentication-provider>
</authentication-manager>
- note1: 默认数据库对用户进行存储 Spring Security默认情况下需要两张表,用户表和权限表
- note2: data-source-ref="mysqlDataSource",引用数据源,连接数据库
- note3: 数据库中创建三张表user、role、user_role
- - 角色
create table role(
id bigint,
`name` varchar(50),
descn varchar(200)
);
alter table role add constraint pk_role primary key(id);
- - alter table role alter column id int generated by default as identity(1, 1);
- - 用户
create table `user`(
id bigint,
username varchar(50),
`password` varchar(50),
`status` integer,
descn varchar(200)
);
alter table `user` add constraint pk_user primary key(id);
- - alter table `user` alter column id bigint generated by default as identity(start with 1);
- - 用户角色连接表
create table user_role(
user_id bigint,
role_id bigint
);
alter table user_role add constraint pk_user_role primary key(user_id, role_id);
alter table user_role add constraint fk_user_role_user foreign key(user_id) references `user`(id);
alter table user_role add constraint fk_user_role_role foreign key(role_id) references role(id);
- - 插入数据
insert into user(id,username,password,status,descn) values(1,'admin','admin',1,'管理员');
insert into user(id,username,password,status,descn) values(2,'user','user',1,'用户');
insert into role(id,name,descn) values(1,'ROLE_ADMIN','管理员角色');
insert into role(id,name,descn) values(2,'ROLE_USER','用户角色');
insert into user_role(user_id,role_id) values(1,1);
insert into user_role(user_id,role_id) values(1,2);
insert into user_role(user_id,role_id) values(2,2);
动态加载方式
<!--更改验证信息加载方式 -->
<authentication-manager alias="authenticationManager">
<authentication-provider user-service-ref="MyUserDetailsService">
</authentication-provider>
</authentication-manager>
<!-- 自定义类MyUserDetailsService -->
<beans:bean id="MyUserDetailsService" class="xx.xx.MyUserDetailsService" />
public class MyGrantedAuthority implements GrantedAuthority {
// 权限信息
private String authority;
public MGrantedAuthority(String authority) {
this.authority = authority;
}
public String getAuthority() {
return authority;
}
}
public class MyUserDetails implements UserDetails {
private String username;
private String password;
private Set<MGrantedAuthority> authorities;
public MUserDetails(String username, String password, Set<MGrantedAuthority> authorities) {
this.username = username;
this.password = password;
this.authorities = authorities;
}
public Collection<? extends GrantedAuthority> getAuthorities() {
return authorities;
}
public String getPassword() {
return password;
}
public String getUsername() {
return username;
}
// 账户是否没有过期
public boolean isAccountNonExpired() {
return true;
}
// 账户是否没有被锁
public boolean isAccountNonLocked() {
return true;
}
// 资格是否没有过期
public boolean isCredentialsNonExpired() {
return true;
}
// 该用户信息是否可用
public boolean isEnabled() {
return true;
}
}
public class MyUserDetailsService implements UserDetailsService {
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
// TODO 数据库查询用户信息和数据库信息
// 查询数据库USE表获取用户密码
String password = queryUsr(username);
// 查询role表获取用户权限
Set<MGrantedAuthority> authorities = queryRole(username));
// 将获取到的用户信息放入UserDetails中
MyUserDetails userDetails = new MyUserDetails(username, password, authorities);
return userDetails;
}
}