Springsecurity database-based authentication user

Prior to the Springsecurity program is to store data in memory, through

1 <security:user-service>2             <security:user name= "user" password= "user" authorities= " Role_user "/>3             <security:user name=" admin "password=" admin "authorities=" Role_user, role_admin "/ >4          </security:user-service>

User-service Specify user information, such as Name,password and permissions

However, such validation is not scientific in development, so we want to connect to the database, by matching the information in the database to determine whether the user login

First we need to add dependencies that need to continue to add the dependencies have Spring-jdbc,spring-core,spring-web,spring-webmvc,mysql-connector-java

After adding dependencies we need to join the database configuration file

Configuring DataSource in the Spring-security configuration file

Jdbc-user-service element, through which we can define a userdetailsservice that gets userdetails from the database, DataSource is the bean reference for the corresponding data source configuration

Full Spring-security.xml configuration file:

1<beans xmlns= "Http://www.springframework.org/schema/beans"2Xmlns:security= "Http://www.springframework.org/schema/security"3Xmlns:xsi= "Http://www.w3.org/2001/XMLSchema-instance"4xmlns:context= "Http://www.springframework.org/schema/context"5Xsi:schemalocation= "Http://www.springframework.org/schema/beans6http//www.springframework.org/schema/beans/spring-beans-3.1.xsd7http//www.springframework.org/schema/security8http//www.springframework.org/schema/security/spring-security-3.1.xsdHttp://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd">9<!--load the database configuration file--Ten<context:property-placeholder location= "Classpath:db.properties"/> One<!--configuring data sources- A<bean id= "DataSource"class= "Org.springframework.jdbc.datasource.DriverManagerDataSource" > -<property name= "Driverclassname" value= "${jdbc.driverclass}"/> -<property name= "Password" value= "${jdbc.password}"/> the<property name= "url" value= "${jdbc.jdbcurl}"/> -<property name= "username" value= "${jdbc.user}"/> -</bean> -<!-- +Custom forms, via form-Login Tab -authentication-failure-URL Specifies the page that should jump after login failed +         default-target-URL Specifies the page to jump after successful landing, the default is the index.jsp page A- at<security:http auto-config= "true" > -<security:form-login login-page= "/login.jsp" -                              default-target-url= "/successful.jsp" -Login-processing-url= "/login.do" -Authentication-failure-url= "/login_failure.jsp" -always-use-default-target= "true" inUsername-parameter= "username" -password-parameter= "Password" to/> +<!--means that anonymous users can access -<security:intercept-url pattern= "/login*.jsp*" theaccess= "is_authenticated_anonymously"/> *<security:intercept-url pattern= "/**" access= "Role_user"/> $</security:http>Panax Notoginseng  -  the<security:authentication-manager> +<security:authentication-provider> A<security:jdbc-user-service data-source-ref= "DataSource"/> the</security:authentication-provider> +</security:authentication-manager> -  $</beans>

By default jdbc-user-service will use the SQL statement "Select username, password, enabled from users where username =?" to obtain user information; Use SQL statement "s Elect username, authority from authorities where Username =? "To obtain user-corresponding permissions;

If the database table name is not the system default, we can use the property users-by-username-query to specify when the user information is queried from the custom user information table, through Authorities-by-username-query to query the user permissions

Springsecurity database-based authentication user