Spring安全认证管理器问题
Spring安全认证管理器问题
提问于 2017-03-09 22:13:18
我的应用程序中有以下实体(用户和角色)
实体用户
@Entity
@Table(name="users")
public class User {
@Id
@GeneratedValue
private Integer id;
private String username;
private String password;
@OneToOne(cascade=CascadeType.ALL)
@JoinTable(name="user_roles",
joinColumns = {@JoinColumn(name="user_id", referencedColumnName="id")},
inverseJoinColumns = {@JoinColumn(name="role_id", referencedColumnName="id")}
)
private Role role;
public Integer getId() {
return id;
}
public void setId(Integer id) {
this.id = id;
}
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
public Role getRole() {
return role;
}
public void setRole(Role role) {
this.role = role;
}
}实体角色
@Entity
@Table(name="roles")
public class Role {
@Id
@GeneratedValue
private Integer id;
private String role;
@OneToMany(cascade=CascadeType.ALL)
@JoinTable(name="user_roles",
joinColumns = {@JoinColumn(name="role_id", referencedColumnName="id")},
inverseJoinColumns = {@JoinColumn(name="user_id", referencedColumnName="id")}
)
private Set<User> userRoles;
public Integer getId() {
return id;
}
public void setId(Integer id) {
this.id = id;
}
public String getRole() {
return role;
}
public void setRole(String role) {
this.role = role;
}
public Set<User> getUserRoles() {
return userRoles;
}
public void setUserRoles(Set<User> userRoles) {
this.userRoles = userRoles;
}
}这是我的认证经理,我肯定这里有问题。
<authentication-manager>
<authentication-provider>
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query=
"select username,password from users where username=?"
authorities-by-username-query=
"select user_id, role_id from user_roles where user_id =? " />
</authentication-provider>
</authentication-manager>我对sql语句的形成有问题,有人能帮我解决这个问题吗?
回答 1
Stack Overflow用户
回答已采纳
发布于 2017-03-10 07:12:33
我建议使用spring概念来实现更好的安全性。
你随便问吧。
安全xml:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-4.2.xsd">
<import resource="servlet-context.xml"/>
<security:global-method-security pre-post-annotations="enabled"></security:global-method-security>
<security:http auto-config="true" use-expressions="true">
<security:intercept-url pattern="/login" access="permitAll()"/>
<security:intercept-url pattern="/" access="permitAll()"/>
<security:intercept-url pattern="/register/**" access="permitAll()"/>
<security:intercept-url pattern="/admin/**" access="isAuthenticated()"/>
<security:intercept-url pattern="/admin/saveLocation" access="permitAll()"/>
<security:intercept-url pattern="/admin/addFriend" access="permitAll()"/>
<security:form-login login-page="/login?error=0"
username-parameter="userName"
password-parameter="password"
authentication-success-handler-ref="customSuccessHandler"
authentication-failure-url="/login?error=1" />
<security:access-denied-handler error-page="/accessDenied"/>
<security:logout delete-cookies="JSESSIONID" invalidate-session="true" success-handler-ref="logoutSuccessHandler"/>
<security:csrf disabled="true"/>
<security:headers>
<security:cache-control/>
</security:headers>
</security:http>
<security:authentication-manager>
<security:authentication-provider user-service-ref="userAuthenticator">
</security:authentication-provider>
</security:authentication-manager>
<bean id="customSuccessHandler" class="com.mycompany.lts.security.CustomSuccessHandler"></bean>
<bean id="userAuthenticator" class="com.mycompany.lts.security.UserAuthenticator"></bean>
<bean id="logoutSuccessHandler" class="com.mycompany.lts.security.LogoutSuccessHandler"></bean>
</beans>UserAuthenticator.java
import java.util.Arrays;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import com.mycompany.lts.entities.UserDetail;
import com.mycompany.lts.exception.MyException;
import com.mycompany.lts.service.UserService;
public class UserAuthenticator implements UserDetailsService {
@Autowired
private UserService userService;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
UserDetail entity = null;
System.out.println(" LOAD BY USER NAME ---- LOADING USERS ");
try {
entity = userService.getUserByUserName(username);
} catch (MyException e) {
e.printStackTrace();
}
GrantedAuthority authority = new SimpleGrantedAuthority("ROLE_USER");
UserDetails userDetails = (UserDetails) new User(entity.getUserName(), entity.getPassword(),
Arrays.asList(authority));
return userDetails;
}
}执行查询:
@Override
public UserDetail getUserByUserName(String userName) throws MyException {
try {
Session session = sessionFactory.getCurrentSession();
return (UserDetail) session.createCriteria(UserDetail.class).add(Restrictions.eq("userName", userName))
.uniqueResult();
} catch (Exception e) {
throw new MyException(e.getMessage());
}
} 页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/42706482
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号