The first few sections are to configure the user and permissions in the configuration file, in the enterprise, this method is undesirable, so we are today to move the user information and permissions information to the database.
in order to get the user permission information from the database, all we need is to modify the Authentication-provider section in the configuration file, replace the User-service in the file with Jdbc-user-service, and replace the contents as follows:
<authentication-manager alias= "AuthenticationManager" ><authentication-provider>< Jdbc-user-service data-source-ref= "DataSource"/></authentication-provider></authentication-manager >
As you can see from the above, you need a data source, and now we're adding a data source in spring's dogstore-base.xml, typically configured as follows:
<context:property-placeholder location= "/web-inf/jdbc.properties"/><bean id= "DataSource" class= " Org.apache.commons.dbcp.BasicDataSource "> <property name=" driverclassname "value=" ${jdbc.driverclassname} "/ > <property name= "url" value= "${jdbc.url}"/> <property name= "username" value= "${jdbc.username}"/ > <property name= "password" value= "${jdbc.password}"/> </bean>
Jdbc.properties:
Jdbc.driverclassname=oracle.jdbc.driver.oracledriverjdbc.url=jdbc:oracle:thin: @localhost: 1521:ORCL Jdbc.username=projectjdbc.password=project
Note Add the three jars of the Basicdatasource data source and the JDBC so jar.
Spring security requires two tables, user tables, and permission tables by default. The following are the built-in statements in Oracle:
The CREATE TABLE users (username varchar () Not NULL primary key, password varchar (2) is not NULL, enabled char ()); CR Eate Table Authorities (username varchar () not NULL, authority varchar () is not null);
Spring Security obtains user information and corresponding permissions from both tables at initialization time, saving the information to the cache. The logins and passwords in the users table are used to control the user's login, and the information in the permissions table is used to control whether the user has access to protected system resources after logging on.
Insert into users (username,password,enabled) VALUES (' admin ', ' admin ', 1); INSERT into users (username,password,enabled) VALUES (' User ', ' user ', 1); INSERT into authorities (username,authority) VALUES (' admin ', ' role_admin '); INSERT into Authorities (Username,authority) VALUES (' admin ', ' role_user '); INSERT into authorities (username,authority) VALUES (' User ', ' role_user ');
Note that the iptokenbasedremembermeservicesbean of the previous section is commented out because no userservice is provided.
In fact, in the enterprise, the above two tables on the rights control is too simple, so many enterprises are their own design to meet their own business forms and their corresponding rights control system, then how can we let spring security to run in their own design of the authority control it?
The common enterprise practice is that the user tables, the role table, the Role User association table three tables to design permission control, we are based on this idea to design:
-- role Create table role ( id number), name varchar ( descn varchar);-- user create table users ( id number (one), username varchar (, ) password varchar (), status number (one), Descn varchar ($));-- User Role Connection table Create table user_role ( user_id Number (one), role_id number (11));--Add primary key, foreign key alter table role add Constraint pk_role primary key (ID); alter table "USER" add constraint pk_user primary key (ID); alter table user_ Role add constraint fk_user_id foreign key (user_id) REFERENCES "user" (ID); alter  Table user_role add constraint fk_role_id foreign key (role_id) references role (ID); --add data
Insert into USERS (ID,USERNAME,PASSWORD,STATUS,DESCN) VALUES (1, ' admin ', ' admin ', 1, ' admin ');
Insert into USERS (ID,USERNAME,PASSWORD,STATUS,DESCN) VALUES (2, ' username ', ' user ', 1, ' users ');
Insert into role (ID,NAME,DESCN) VALUES (1, ' role_admin ', ' Administrator role ');
Insert into role (ID,NAME,DESCN) VALUES (2, ' role_user ', ' user roles ');
Insert into User_role (user_id,role_id) values (+);
Insert into User_role (user_id,role_id) values;
Insert into User_role (user_id,role_id) values (2,2);
Now we want to use the data structure based on the Spring security,spring Security required to deal with only two cases, one is to determine whether the login user is legitimate, and the second is to determine whether the logged on users have access to protected system resources.
The work we have to do is to provide these two kinds of data to spring security on the basis of the existing data structures:
Handling User Login
Select Username,password,status as enabled from user where username=?
Verify user Permissions
Select U.username,r.name as authority from user u join user_role ur to u.id=ur.user_id join role R on R.id=ur.rol e_id where u.username=?
Now let's modify the configuration file:
<authentication-provider> <jdbc-user-service data-source-ref= "DataSource" users-by-username-query= "Select username,password,status as enabled from user where username= ?" authorities-by-uSername-query= "select u.username,r.name as authority from user u join user_role ur on u.id=ur.user_id join role r on r.id= ur.role_id where u.username=? " /> </authentication-provider>
|
Users-by-username-query to find the user based on the user name, the system queries the current user's login name, password, and whether the status is disabled by the incoming user name. |
|
Authorities-by-username-query to find permissions based on the user name, the system queries the incoming user name for all permissions that the current user has been granted. |
This article is from the "attack on the Program Ape" blog, please be sure to keep this source http://zangyanan.blog.51cto.com/11610700/1877212
Follow me to learn spring security--online Pet Shop development (VI)