当前位置: 首页 > 知识库问答 >
问题:

如何在运行时向Spring Security添加新用户

壤驷德宇
2023-03-14

我通过HiberNate将用户保存在DB表中,我使用Spring Security进行身份验证:

import org.springframework.beans.factory.annotation.Autowired;

import org.springframework.context.annotation.*;
import org.springframework.security.config.annotation.authentication.builders.*;
import org.springframework.security.config.annotation.web.configuration.*;

@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth
            .inMemoryAuthentication()
                .withUser("user").password("password").roles("USER");
    }
}

这非常有效,但有一点需要注意:用户在服务器启动时被加载。我需要编写方法RegisterUser(用户用户),在运行时将新用户添加到Spring Security。这种方法应该只关注这项任务。我不知道如何开始实现这个功能,所以谢谢你的建议!;)

Ofc用户有登录名、密码、角色字符串等字段。。。

请不要发布带有Spring MVC的解决方案。该系统是使用Spring Web Boost和Spring Security Boost的RESTful应用程序,版本为4.0。十、

共有3个答案

郭炳
2023-03-14

首先,创建一个用于注册用户的表单。

<%@ taglib prefix="form" uri="http://www.springframework.org/tags/form" %>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>  

<!doctype html>
<html lang="en">

<head>
    
    <title>Register New User Form</title>
    
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
    
    <!-- Reference Bootstrap files -->
    <link rel="stylesheet"
         href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css">
    
    <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.0/jquery.min.js"></script>
    
    <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>

</head>

<body>

    <div>
        
        <div id="loginbox" style="margin-top: 50px;"
            class="mainbox col-md-3 col-md-offset-2 col-sm-6 col-sm-offset-2">
            
            <div class="panel panel-primary">

                <div class="panel-heading">
                    <div class="panel-title">Register New User</div>
                </div>

                <div style="padding-top: 30px" class="panel-body">

                    <!-- Registration Form -->
                    <form:form action="${pageContext.request.contextPath}/register/processRegistrationForm" 
                               modelAttribute="user"
                               class="form-horizontal">

                        <!-- Place for messages: error, alert etc ... -->
                        <div class="form-group">
                            <div class="col-xs-15">
                                <div>
                                
                                    <!-- Check for registration error -->
                                    <c:if test="${registrationError != null}">
                                
                                        <div class="alert alert-danger col-xs-offset-1 col-xs-10">
                                            ${registrationError}
                                        </div>
        
                                    </c:if>
                                                                            
                                </div>
                            </div>
                        </div>

                        <!-- User name -->
                        <div style="margin-bottom: 25px" class="input-group">
                            <span class="input-group-addon"><i class="glyphicon glyphicon-user"></i></span> 
                            
                            <form:input path="username" placeholder="username" class="form-control" />
                        </div>

                        <!-- Password -->
                        <div style="margin-bottom: 25px" class="input-group">
                            <span class="input-group-addon"><i class="glyphicon glyphicon-lock"></i></span> 
                            
                            <form:password path="password" placeholder="password" class="form-control" />
                        </div>

                        <!-- Register Button -->
                        <div style="margin-top: 10px" class="form-group">                       
                            <div class="col-sm-6 controls">
                                <button type="submit" class="btn btn-primary">Register</button>
                            </div>
                        </div>
                        
                    </form:form>

                </div>

            </div>

        </div>

    </div>

</body>
</html>

并在控制器中编写动作方法,获取表单信息并将用户保存在数据库中。

@Controller
@RequestMapping( "/register" )
public class RegistrationController
{
    
    @Autowired
    private UserDetailsManager userDetailsManager;
    
    private PasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
    
    private Logger logger = Logger.getLogger( getClass().getName() );
    
    @InitBinder
    public void initBinder( WebDataBinder dataBinder )
    {
        
        StringTrimmerEditor stringTrimmerEditor = new StringTrimmerEditor( true );
        
        dataBinder.registerCustomEditor( String.class, stringTrimmerEditor );
    }
    
    
    @PostMapping( "/processRegistrationForm" )
    public String processRegistrationForm( @Valid @ModelAttribute( "user" ) com.exmaple.spring_demo.entity.User user, BindingResult theBindingResult, Model theModel )
    {
        
        String userName = user.getUsername();
        
        logger.info( "Processing registration form for: " + userName );
        
        // form validation
        if ( theBindingResult.hasErrors() )
        {
            
            theModel.addAttribute( "user", new com.exmaple.spring_demo.entity.User() );
            theModel.addAttribute( "registrationError", "User name/password can not be empty." );
            
            logger.warning( "User name/password can not be empty." );
            
            return "security/user/registration-form";
        }
        
        // check the database if user already exists
        boolean userExists = doesUserExist( userName );
        
        if ( userExists )
        {
            theModel.addAttribute( "user", new com.exmaple.spring_demo.entity.User() );
            theModel.addAttribute( "registrationError", "User name already exists." );
            
            logger.warning( "User name already exists." );
            
            return "security/user/registration-form";
        }
        
        //
        // whew ... we passed all of the validation checks!
        // let's get down to business!!!
        //
        
        // encrypt the password
        String encodedPassword = passwordEncoder.encode( user.getPassword() );
        
        // prepend the encoding algorithm id
        encodedPassword = "{bcrypt}" + encodedPassword;
        
        // give user default role of "ROLE_USER"
        List<GrantedAuthority> authorities = AuthorityUtils.createAuthorityList( "ROLE_USER" );
        
        // create user object (from Spring Security framework)
        User tempUser = new User( userName, encodedPassword, authorities );
        
        // save user in the database
        userDetailsManager.createUser( tempUser );
        
        logger.info( "Successfully created user: " + userName );
        
        return "security/user/registration-confirmation";
    }
    
    
    @GetMapping( "/showRegistrationForm" )
    public String showMyLoginPage( Model theModel )
    {
        
        theModel.addAttribute( "user", new com.exmaple.spring_demo.entity.User() );
        
        return "security/user/registration-form";
        
    }
    
    
    private boolean doesUserExist( String userName )
    {
        
        logger.info( "Checking if user exists: " + userName );
        
        // check the database if the user already exists
        boolean exists = userDetailsManager.userExists( userName );
        
        logger.info( "User: " + userName + ", exists: " + exists );
        
        return exists;
    }
    
}

现在,在Spring配置中定义数据源。

package com.exmaple.spring_demo.config;

import java.beans.PropertyVetoException;
import javax.sql.DataSource;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.PropertySource;
import org.springframework.core.env.Environment;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.provisioning.JdbcUserDetailsManager;
import org.springframework.security.provisioning.UserDetailsManager;
import com.mchange.v2.c3p0.ComboPooledDataSource;


@Configuration
@EnableWebSecurity
@ComponentScan( "com.exmaple.spring_demo.config" )
@PropertySource( "classpath:persistence-mysql.properties" )
public class SecurityConfigJDBC extends WebSecurityConfigurerAdapter
{


    /**
     * set up variable to hold the properties 
     */
    @Autowired
    private Environment env;


    // define a bean for our security datasource
    @Bean
    public DataSource dataSource()
    {

        // create connection pool
        ComboPooledDataSource securityDataSource = new ComboPooledDataSource();

        // set the jdbc driver class    
        try
        {
            securityDataSource.setDriverClass( env.getProperty( "jdbc.driver" ) );
        }
        catch ( PropertyVetoException exc )
        {
            throw new RuntimeException( exc );
        }

        // log the connection props
        // for sanity's sake, log this info
        // just to make sure we are REALLY reading data from properties file

        System.out.println( ">>> jdbc.url=" + env.getProperty( "jdbc.url" ) );
        System.out.println( ">>> jdbc.user=" + env.getProperty( "jdbc.user" ) );


        // set database connection props    
        securityDataSource.setJdbcUrl( env.getProperty( "jdbc.url" ) );
        securityDataSource.setUser( env.getProperty( "jdbc.user" ) );
        securityDataSource.setPassword( env.getProperty( "jdbc.password" ) );

        // set connection pool props    
        securityDataSource.setInitialPoolSize( getIntProperty( "connection.pool.initialPoolSize" ) );

        securityDataSource.setMinPoolSize( getIntProperty( "connection.pool.minPoolSize" ) );

        securityDataSource.setMaxPoolSize( getIntProperty( "connection.pool.maxPoolSize" ) );

        securityDataSource.setMaxIdleTime( getIntProperty( "connection.pool.maxIdleTime" ) );

        return securityDataSource;
    }


    @Bean
    public UserDetailsManager userDetailsManager()
    {

        JdbcUserDetailsManager jdbcUserDetailsManager = new JdbcUserDetailsManager();

        jdbcUserDetailsManager.setDataSource( dataSource() );

        return jdbcUserDetailsManager;
    }


    @Override
    protected void configure( AuthenticationManagerBuilder auth ) throws Exception
    {

        auth.jdbcAuthentication().dataSource( dataSource() );
    }


    @Override
    protected void configure( HttpSecurity http ) throws Exception
    {
        
        
        http.authorizeRequests()
                .antMatchers( "/home/**" ).hasRole( "USER" )
                .antMatchers( "/manager/**" ).hasRole( "MANAGERS" )
                .antMatchers( "/admin/**" ).hasRole( "ADMIN" )
                .and()
                .formLogin()
                .loginPage( "/showMyLoginPage" )
                .loginProcessingUrl( "/authenticateTheUser" )// submit form data
                .permitAll()
                .and()
                .logout().permitAll()
                .and()
                .exceptionHandling().accessDeniedPage( "/access-denied" )
                .and()
                .csrf()
                .disable();
        
        
    }


    /**
     * need a helper method
     * read environment property and convert to int
     */
    private int getIntProperty( String propName )
    {

        String propVal = env.getProperty( propName );

        // now convert to int
        int intPropVal = Integer.parseInt( propVal );

        return intPropVal;
    }


}

最后,在src/main/resources/persistence-mysql中创建JDBC属性文件。财产。

#
# JDBC connection properties
#
jdbc.driver=com.mysql.jdbc.Driver
jdbc.url=jdbc:mysql://localhost:3306/spring_security_demo?useSSL=false
jdbc.user=springstudent
jdbc.password=springstudent
#
# Connection pool properties
#
connection.pool.initialPoolSize=5
connection.pool.minPoolSize=5
connection.pool.maxPoolSize=20
connection.pool.maxIdleTime=3000

UserDetailsService(JdbcDaoImpl)的标准JDBC实现需要表来加载用户的密码、帐户状态(已启用或已禁用)和权限(角色)列表。您需要调整此模式以匹配您正在使用的数据库方言。

CREATE TABLE `authorities` (
`username` varchar(50) NOT NULL,
`authority` varchar(50) NOT NULL,
UNIQUE KEY `authorities_idx_1` (`username`,`authority`),
CONSTRAINT `authorities_ibfk_1`
FOREIGN KEY (`username`)
REFERENCES `users` (`username`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1;


CREATE TABLE `users` (
`username` varchar(50) NOT NULL,
`password` varchar(50) NOT NULL,
`enabled` tinyint(1) NOT NULL,
PRIMARY KEY (`username`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
卫甫
2023-03-14

您可以使用Spring数据JPA创建用户。

@Repository
public interface UserRepository extends JpaRepository<User, Long> {
}

用法:

User user = new User();
userRepository.save(user);

如何验证上述用户:

  1. 创建自定义AuthenticationProvider,从数据库中选择用户数据并进行身份验证:
@Component
public class MyAuthenticationProvider implements AuthenticationProvider {

    @Autowired
    private UserRepository userRepository;

    @Override
    public Authentication authenticate(final Authentication authentication) throws AuthenticationException {
        final UsernamePasswordAuthenticationToken upAuth = (UsernamePasswordAuthenticationToken) authentication;
        final String name = (String) authentication.getPrincipal();

        final String password = (String) upAuth.getCredentials();

        final String storedPassword = userRepository.findByName(name).map(User::getPassword)
            .orElseThrow(() -> new BadCredentialsException("illegal id or passowrd"));

        if (Objects.equals(password, "") || !Objects.equals(password, storedPassword)) {
            throw new BadCredentialsException("illegal id or passowrd");
        }

        final Object principal = authentication.getPrincipal();
        final UsernamePasswordAuthenticationToken result = new UsernamePasswordAuthenticationToken(
            principal, authentication.getCredentials(),
            Collections.emptyList());
        result.setDetails(authentication.getDetails());

        return result;
    }
    ...
@EnableWebSecurity
public class MyWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {

    @Autowired
    private MyAuthenticationProvider authProvider;

    @Override
    protected void configure(final HttpSecurity http) throws Exception {
        http
            .authorizeRequests()
            .anyRequest().authenticated()
            .and()
            .httpBasic();
        http.authenticationProvider(authProvider);
    }
}

参考文献:

  • Spring Security架构
  • 完整的代码示例
仉成益
2023-03-14

如果用户正在注册,您可能希望将其存储在数据库中,而不是内存中:)

>

List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
authorities.add(new SimpleGrantedAuthority("ROLE_USER"));

实例化用户(用一个类实现用户详细信息)

UserDetails user = new User("user@example.com", passwordEncoder.encode("s3cr3t"), authorities);

将用户保存在有用的地方。JdbcUserDetailsManager可以很容易地将用户保存到数据库中。

userDetailsManager.createUser(user);

创建一个用户密码验证令牌

Authentication authentication = new UsernamePasswordAuthenticationToken(user, null, authorities);

将身份验证添加到SecurityContext

SecurityContextHolder.getContext().setAuthentication(authentication);
 类似资料:
  • 当Java11排除了JavaFX作为最新版本的一部分时,我得到了以下错误。 那么如何在Java11中将JavaFX添加到Eclipse中呢?谢了。

  • 我是Spring的新手。我有下面的Person bean,其中包含姓名、地址和年龄作为属性。现在我想在我的自定义BeanFactoryPostProcess中向Person bean添加名为性别的新属性。我的人bean实现了属性访问器。 XML配置文件 自定义BeanFactoryPostProcess 人员类别 客户端程序 如果我访问性别我得到null 请让我知道如何动态设置和获取属性。

  • 在XML中,我想要的配置如下所示(但我不想使用XML):

  • 在运行时添加到当单击时。 我使用以下代码: 但是在中没有显示任何。

  • Spring Boot:如何在运行时添加新数据源 我的项目想要连接两个数据源。 第一个数据源我可以在application.properties配置,但第二个数据源不能配置,因为此配置位于第一个数据源的DB的表配置中。 所以, 配置第一个数据源 现在,我从application.properties配置两个数据源,它的工作。 但需求需要更改第一个数据源表中的第二个数据源。T、 T型 请给我一些建议