1. 首页
  2. 问答
  3. 在Spring Security中从文件读取/添加用户凭证

在Spring Security中从文件读取/添加用户凭证

2017-03-09 61 views
2

是否可以在Spring Security的文件中存储和修改用户凭证?在Spring Security中从文件读取/添加用户凭证

现在我的security.xml:

<beans:beans xmlns="http://www.springframework.org/schema/security" 
     xmlns:beans="http://www.springframework.org/schema/beans" 
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
     xsi:schemaLocation="http://www.springframework.org/schema/beans 
     http://www.springframework.org/schema/beans/spring-beans-3.0.xsd 
     http://www.springframework.org/schema/security 
     http://www.springframework.org/schema/security/spring-security.xsd"> 
<http> 
    <intercept-url pattern="/**" access="ROLE_USER" /> 
    <form-login /> 
    <logout /> 
</http> 

<authentication-manager> 
    <authentication-provider> 
     <user-service> 
      <user name="admin" password="admin" authorities="ROLE_USER, ROLE_ADMIN" /> 
      <user name="user" password="user" authorities="ROLE_USER" /> 
     </user-service> 
    </authentication-provider> 
</authentication-manager>

所有我想要的是存储在像users.txt或users.xml中有可能性的文件信息,添加或修改用户/密码在飞行中。

来源

2017-03-09 zelenov aleksey

回答

2

你需要重写UserDetailsService

UserDao.java

import org.springframework.security.core.userdetails.User; 
import org.springframework.security.core.userdetails.UserDetails; 
import org.springframework.security.core.userdetails.UserDetailsService; 
import org.springframework.security.core.userdetails.UsernameNotFoundException; 

/** 
* @author asif.hossain 
* @since 3/9/17. 
*/ 
public class UserDao implements UserDetailsService { 
    @Override 
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { 

     String password = readPasswordFromFileOrDatabase(username); 

     if (password == null) throw new UsernameNotFoundException(""); 

     return User 
       .withUsername(username) 
       .password(password) 
       .authorities("ROLE_USER") 
       .build(); 
    } 

    private String readPasswordFromFileOrDatabase(String username) { 
     // Edit this code and read password and roles from data base or files 
     if (username.equals("user")) return "password"; 
     return null; 
    } 
}

而且在security.xml文件添加这个类的一个bean

<beans:beans xmlns="http://www.springframework.org/schema/security" 
     xmlns:beans="http://www.springframework.org/schema/beans" 
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
     xsi:schemaLocation="http://www.springframework.org/schema/beans 
     http://www.springframework.org/schema/beans/spring-beans-3.0.xsd 
     http://www.springframework.org/schema/security 
     http://www.springframework.org/schema/security/spring-security.xsd"> 
<http> 
    <intercept-url pattern="/**" access="ROLE_USER" /> 
    <form-login /> 
    <logout /> 
</http> 

<bean id="userDao" class="UserDao"></bean> 

<authentication-manager alias="authenticationManager"> 
    <authentication-provider user-service-ref="userDao"></authentication-provider> 
</authentication-manager>

来源

2017-03-09 09:48:22 mirmdasif

+0

非常感谢,但登录表单不显示,我应该添加一些东西到我的web.xml或applicationContext.xml? (现在我只需将security.xml导入到applicationContext中) –

+1

@zelenov aleksey在applicationContext.xml中提到了bean,并且工作正常! –

相关问题

 相关问题