Follow me to learn spring security--online Pet Shop development (VI)

Source: Internet
Author: User

The first few sections are to configure the user and permissions in the configuration file, in the enterprise, this method is undesirable, so we are today to move the user information and permissions information to the database.

in order to get the user permission information from the database, all we need is to modify the Authentication-provider section in the configuration file, replace the User-service in the file with Jdbc-user-service, and replace the contents as follows:

<authentication-manager alias= "AuthenticationManager" ><authentication-provider>< Jdbc-user-service data-source-ref= "DataSource"/></authentication-provider></authentication-manager >

As you can see from the above, you need a data source, and now we're adding a data source in spring's dogstore-base.xml, typically configured as follows:

<context:property-placeholder location= "/web-inf/jdbc.properties"/><bean id= "DataSource" class= " Org.apache.commons.dbcp.BasicDataSource "> <property name=" driverclassname "value=" ${jdbc.driverclassname} "/ > <property name= "url" value= "${jdbc.url}"/> <property name= "username" value= "${jdbc.username}"/ > <property name= "password" value= "${jdbc.password}"/> </bean>

Jdbc.properties:

Jdbc.driverclassname=oracle.jdbc.driver.oracledriverjdbc.url=jdbc:oracle:thin: @localhost: 1521:ORCL Jdbc.username=projectjdbc.password=project

Note Add the three jars of the Basicdatasource data source and the JDBC so jar.

Spring security requires two tables, user tables, and permission tables by default. The following are the built-in statements in Oracle:

The CREATE TABLE users (username varchar () Not NULL primary key, password varchar (2) is not NULL, enabled char ()); CR Eate Table Authorities (username varchar () not NULL, authority varchar () is not null);

Spring Security obtains user information and corresponding permissions from both tables at initialization time, saving the information to the cache. The logins and passwords in the users table are used to control the user's login, and the information in the permissions table is used to control whether the user has access to protected system resources after logging on.

Insert into users (username,password,enabled) VALUES (' admin ', ' admin ', 1); INSERT into users (username,password,enabled) VALUES (' User ', ' user ', 1); INSERT into authorities (username,authority) VALUES (' admin ', ' role_admin '); INSERT into Authorities (Username,authority) VALUES (' admin ', ' role_user '); INSERT into authorities (username,authority) VALUES (' User ', ' role_user ');

Note that the iptokenbasedremembermeservicesbean of the previous section is commented out because no userservice is provided.


In fact, in the enterprise, the above two tables on the rights control is too simple, so many enterprises are their own design to meet their own business forms and their corresponding rights control system, then how can we let spring security to run in their own design of the authority control it?

The common enterprise practice is that the user tables, the role table, the Role User association table three tables to design permission control, we are based on this idea to design:

--  role Create table role (    id number),     name  varchar (    descn varchar);--  user create table users (     id number (one),     username varchar (,  )   password varchar (),     status number (one),     Descn varchar ($));--  User Role Connection table Create table user_role (    user_id  Number (one),     role_id number (11));--Add primary key, foreign key alter table role add  Constraint pk_role primary key (ID);   alter table  "USER"  add  constraint pk_user primary key (ID);     alter table user_ Role add constraint fk_user_id foreign key (user_id)  REFERENCES  "user" (ID);     alter&nbsp Table user_role add constraint fk_role_id foreign key (role_id)  references  role (ID);    --add data
Insert into USERS (ID,USERNAME,PASSWORD,STATUS,DESCN) VALUES (1, ' admin ', ' admin ', 1, ' admin ');
Insert into USERS (ID,USERNAME,PASSWORD,STATUS,DESCN) VALUES (2, ' username ', ' user ', 1, ' users ');

Insert into role (ID,NAME,DESCN) VALUES (1, ' role_admin ', ' Administrator role ');
Insert into role (ID,NAME,DESCN) VALUES (2, ' role_user ', ' user roles ');

Insert into User_role (user_id,role_id) values (+);
Insert into User_role (user_id,role_id) values;
Insert into User_role (user_id,role_id) values (2,2);

Now we want to use the data structure based on the Spring security,spring Security required to deal with only two cases, one is to determine whether the login user is legitimate, and the second is to determine whether the logged on users have access to protected system resources.

The work we have to do is to provide these two kinds of data to spring security on the basis of the existing data structures:

Handling User Login

Select Username,password,status as enabled from user where username=?

Verify user Permissions

Select U.username,r.name as authority from user u join user_role ur to u.id=ur.user_id join role R on R.id=ur.rol e_id where u.username=?

Now let's modify the configuration file:

 <authentication-provider>        <jdbc-user-service  data-source-ref= "DataSource"                      users-by-username-query= "Select username,password,status  as enabled                                           from user                                          where username= ?"                      authorities-by-uSername-query= "select u.username,r.name as authority                                                from user u                                               join user_role  ur                                                on u.id=ur.user_id                                                join role r                                                 on r.id= ur.role_id                                              where u.username=? " />    </authentication-provider>

Users-by-username-query to find the user based on the user name, the system queries the current user's login name, password, and whether the status is disabled by the incoming user name.


Authorities-by-username-query to find permissions based on the user name, the system queries the incoming user name for all permissions that the current user has been granted.


This article is from the "attack on the Program Ape" blog, please be sure to keep this source http://zangyanan.blog.51cto.com/11610700/1877212

Follow me to learn spring security--online Pet Shop development (VI)

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.