实现数据库验证
首先做一些准备工作:
必备知识:spring springMVC mybatis mysql gradle 。。。。。
了解 :Security ;
如果您对ssm环境不了解,可以参考我的之前更新的博文,
下面开始:.
上一篇实现登录的功能是采用 内存方式登录,下面的代码采用数据库的方式进行验证,由于数据库不允许采用明文的方式验证,
所以采用 BCrypt 加密算法
@Autowired
public MyUserService myUserService;
@Autowired
private PasswordEncoder passwordEncoder;
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
// auth
// .inMemoryAuthentication()
// .withUser("user").password("user").roles("USER")
// .and()
// .withUser("admin").password("admin").roles("USER", "ADMIN");
auth.userDetailsService(myUserService).passwordEncoder(passwordEncoder);
}
在配置类下方添加如下方法,
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder(11);
}
创建 MyUserService 实现类:
这里多说几句: 下面的User是security 自己封装的类,而UserDetails 是我们自己封装的用户的对象,通过调用我们自己的DAO
查询用户信息;
@Service
public class MyUserService implements UserDetailsService {
@Autowired
public UserDao userdao;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
MyUserDetails myUserDetails = userdao.getUserByUsername(username);
List<GrantedAuthority> list = new ArrayList<GrantedAuthority>();
getRoles(myUserDetails,list);
if(null== myUserDetails) {
throw new UsernameNotFoundException("用户不存在!");
} else {
User user = new User(myUserDetails.getUsername(),myUserDetails.getPassword(),list);
return user;
}
}
public void getRoles(MyUserDetails user,List<GrantedAuthority> list) {
for (String role:user.getStatus().split(",")) {
list.add(new SimpleGrantedAuthority("ROLE_"+role));
}
}
}
创建dao:
@Mapper
public interface UserDao {
MyUserDetails getUserByUsername(@Param("username") String name);
}
创建Mapper:
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
<resultMap type="com.oa.entity.MyUserDetails" id="userinfoMap">
<result column="id" property="id"/>
<result column="username" property="username"/>
<result column="password" property="password"/>
<result column="status" property="status"/>
<result column="descn" property="descn"/>
<!--<result column="update_time" property="updateTime"/>-->
<!--<result column="update_user" property="updateUser"/>-->
</resultMap>
<select id="getUserByUsername" resultType="com.oa.entity.MyUserDetails">
select * from user where username= #{username}
</select>
</mapper>
数据库表:
这样,我们就实现了数据库验证,同时也实现了角色验证;
下面增加几个controller;
TestController:
@Controller
@RequestMapping("/test")
public class TestController {
@Autowired
private TestService testService;
@Secured("ROLE_TEST")
@RequestMapping("index")
public String testIndex(ModelMap map){
int id =testService.AddUser();
List<Test> list = testService.getList();
map.put("list",list);
map.put("userId",id);
return "test";
//对应刚刚创建的jsp文件名,这里用的是逻辑视图
}
}
UserController:
@Controller
@RequestMapping("/user")
public class UserController {
@RequestMapping
public String adminIndex(ModelMap map){
return "user/index";
}
}
AdminController:
@Controller
@RequestMapping("/admin")
public class AdminController {
@RequestMapping
public String adminIndex(ModelMap map){
return "admin/index";
}
}
同样在WEB-INF 下新建jsp页面用于测试角色;
到此 Security数据库自定义验证结束。