问题:
如何在运行时向Spring Security添加新用户
壤驷德宇
我通过HiberNate将用户保存在DB表中,我使用Spring Security进行身份验证:
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.*;
import org.springframework.security.config.annotation.authentication.builders.*;
import org.springframework.security.config.annotation.web.configuration.*;
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("user").password("password").roles("USER");
}
}
这非常有效,但有一点需要注意:用户在服务器启动时被加载。我需要编写方法RegisterUser(用户用户),在运行时将新用户添加到Spring Security。这种方法应该只关注这项任务。我不知道如何开始实现这个功能,所以谢谢你的建议!;)
Ofc用户有登录名、密码、角色字符串等字段。。。
请不要发布带有Spring MVC的解决方案。该系统是使用Spring Web Boost和Spring Security Boost的RESTful应用程序,版本为4.0。十、
共有3个答案
郭炳
首先,创建一个用于注册用户的表单。
<%@ taglib prefix="form" uri="http://www.springframework.org/tags/form" %>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
<!doctype html>
<html lang="en">
<head>
<title>Register New User Form</title>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<!-- Reference Bootstrap files -->
<link rel="stylesheet"
href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css">
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.0/jquery.min.js"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>
</head>
<body>
<div>
<div id="loginbox" style="margin-top: 50px;"
class="mainbox col-md-3 col-md-offset-2 col-sm-6 col-sm-offset-2">
<div class="panel panel-primary">
<div class="panel-heading">
<div class="panel-title">Register New User</div>
</div>
<div style="padding-top: 30px" class="panel-body">
<!-- Registration Form -->
<form:form action="${pageContext.request.contextPath}/register/processRegistrationForm"
modelAttribute="user"
class="form-horizontal">
<!-- Place for messages: error, alert etc ... -->
<div class="form-group">
<div class="col-xs-15">
<div>
<!-- Check for registration error -->
<c:if test="${registrationError != null}">
<div class="alert alert-danger col-xs-offset-1 col-xs-10">
${registrationError}
</div>
</c:if>
</div>
</div>
</div>
<!-- User name -->
<div style="margin-bottom: 25px" class="input-group">
<span class="input-group-addon"><i class="glyphicon glyphicon-user"></i></span>
<form:input path="username" placeholder="username" class="form-control" />
</div>
<!-- Password -->
<div style="margin-bottom: 25px" class="input-group">
<span class="input-group-addon"><i class="glyphicon glyphicon-lock"></i></span>
<form:password path="password" placeholder="password" class="form-control" />
</div>
<!-- Register Button -->
<div style="margin-top: 10px" class="form-group">
<div class="col-sm-6 controls">
<button type="submit" class="btn btn-primary">Register</button>
</div>
</div>
</form:form>
</div>
</div>
</div>
</div>
</body>
</html>
并在控制器中编写动作方法,获取表单信息并将用户保存在数据库中。
@Controller
@RequestMapping( "/register" )
public class RegistrationController
{
@Autowired
private UserDetailsManager userDetailsManager;
private PasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
private Logger logger = Logger.getLogger( getClass().getName() );
@InitBinder
public void initBinder( WebDataBinder dataBinder )
{
StringTrimmerEditor stringTrimmerEditor = new StringTrimmerEditor( true );
dataBinder.registerCustomEditor( String.class, stringTrimmerEditor );
}
@PostMapping( "/processRegistrationForm" )
public String processRegistrationForm( @Valid @ModelAttribute( "user" ) com.exmaple.spring_demo.entity.User user, BindingResult theBindingResult, Model theModel )
{
String userName = user.getUsername();
logger.info( "Processing registration form for: " + userName );
// form validation
if ( theBindingResult.hasErrors() )
{
theModel.addAttribute( "user", new com.exmaple.spring_demo.entity.User() );
theModel.addAttribute( "registrationError", "User name/password can not be empty." );
logger.warning( "User name/password can not be empty." );
return "security/user/registration-form";
}
// check the database if user already exists
boolean userExists = doesUserExist( userName );
if ( userExists )
{
theModel.addAttribute( "user", new com.exmaple.spring_demo.entity.User() );
theModel.addAttribute( "registrationError", "User name already exists." );
logger.warning( "User name already exists." );
return "security/user/registration-form";
}
//
// whew ... we passed all of the validation checks!
// let's get down to business!!!
//
// encrypt the password
String encodedPassword = passwordEncoder.encode( user.getPassword() );
// prepend the encoding algorithm id
encodedPassword = "{bcrypt}" + encodedPassword;
// give user default role of "ROLE_USER"
List<GrantedAuthority> authorities = AuthorityUtils.createAuthorityList( "ROLE_USER" );
// create user object (from Spring Security framework)
User tempUser = new User( userName, encodedPassword, authorities );
// save user in the database
userDetailsManager.createUser( tempUser );
logger.info( "Successfully created user: " + userName );
return "security/user/registration-confirmation";
}
@GetMapping( "/showRegistrationForm" )
public String showMyLoginPage( Model theModel )
{
theModel.addAttribute( "user", new com.exmaple.spring_demo.entity.User() );
return "security/user/registration-form";
}
private boolean doesUserExist( String userName )
{
logger.info( "Checking if user exists: " + userName );
// check the database if the user already exists
boolean exists = userDetailsManager.userExists( userName );
logger.info( "User: " + userName + ", exists: " + exists );
return exists;
}
}
现在,在Spring配置中定义数据源。
package com.exmaple.spring_demo.config;
import java.beans.PropertyVetoException;
import javax.sql.DataSource;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.PropertySource;
import org.springframework.core.env.Environment;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.provisioning.JdbcUserDetailsManager;
import org.springframework.security.provisioning.UserDetailsManager;
import com.mchange.v2.c3p0.ComboPooledDataSource;
@Configuration
@EnableWebSecurity
@ComponentScan( "com.exmaple.spring_demo.config" )
@PropertySource( "classpath:persistence-mysql.properties" )
public class SecurityConfigJDBC extends WebSecurityConfigurerAdapter
{
/**
* set up variable to hold the properties
*/
@Autowired
private Environment env;
// define a bean for our security datasource
@Bean
public DataSource dataSource()
{
// create connection pool
ComboPooledDataSource securityDataSource = new ComboPooledDataSource();
// set the jdbc driver class
try
{
securityDataSource.setDriverClass( env.getProperty( "jdbc.driver" ) );
}
catch ( PropertyVetoException exc )
{
throw new RuntimeException( exc );
}
// log the connection props
// for sanity's sake, log this info
// just to make sure we are REALLY reading data from properties file
System.out.println( ">>> jdbc.url=" + env.getProperty( "jdbc.url" ) );
System.out.println( ">>> jdbc.user=" + env.getProperty( "jdbc.user" ) );
// set database connection props
securityDataSource.setJdbcUrl( env.getProperty( "jdbc.url" ) );
securityDataSource.setUser( env.getProperty( "jdbc.user" ) );
securityDataSource.setPassword( env.getProperty( "jdbc.password" ) );
// set connection pool props
securityDataSource.setInitialPoolSize( getIntProperty( "connection.pool.initialPoolSize" ) );
securityDataSource.setMinPoolSize( getIntProperty( "connection.pool.minPoolSize" ) );
securityDataSource.setMaxPoolSize( getIntProperty( "connection.pool.maxPoolSize" ) );
securityDataSource.setMaxIdleTime( getIntProperty( "connection.pool.maxIdleTime" ) );
return securityDataSource;
}
@Bean
public UserDetailsManager userDetailsManager()
{
JdbcUserDetailsManager jdbcUserDetailsManager = new JdbcUserDetailsManager();
jdbcUserDetailsManager.setDataSource( dataSource() );
return jdbcUserDetailsManager;
}
@Override
protected void configure( AuthenticationManagerBuilder auth ) throws Exception
{
auth.jdbcAuthentication().dataSource( dataSource() );
}
@Override
protected void configure( HttpSecurity http ) throws Exception
{
http.authorizeRequests()
.antMatchers( "/home/**" ).hasRole( "USER" )
.antMatchers( "/manager/**" ).hasRole( "MANAGERS" )
.antMatchers( "/admin/**" ).hasRole( "ADMIN" )
.and()
.formLogin()
.loginPage( "/showMyLoginPage" )
.loginProcessingUrl( "/authenticateTheUser" )// submit form data
.permitAll()
.and()
.logout().permitAll()
.and()
.exceptionHandling().accessDeniedPage( "/access-denied" )
.and()
.csrf()
.disable();
}
/**
* need a helper method
* read environment property and convert to int
*/
private int getIntProperty( String propName )
{
String propVal = env.getProperty( propName );
// now convert to int
int intPropVal = Integer.parseInt( propVal );
return intPropVal;
}
}
最后,在src/main/resources/persistence-mysql中创建JDBC属性文件。财产。
#
# JDBC connection properties
#
jdbc.driver=com.mysql.jdbc.Driver
jdbc.url=jdbc:mysql://localhost:3306/spring_security_demo?useSSL=false
jdbc.user=springstudent
jdbc.password=springstudent
#
# Connection pool properties
#
connection.pool.initialPoolSize=5
connection.pool.minPoolSize=5
connection.pool.maxPoolSize=20
connection.pool.maxIdleTime=3000
UserDetailsService(JdbcDaoImpl)的标准JDBC实现需要表来加载用户的密码、帐户状态(已启用或已禁用)和权限(角色)列表。您需要调整此模式以匹配您正在使用的数据库方言。
CREATE TABLE `authorities` (
`username` varchar(50) NOT NULL,
`authority` varchar(50) NOT NULL,
UNIQUE KEY `authorities_idx_1` (`username`,`authority`),
CONSTRAINT `authorities_ibfk_1`
FOREIGN KEY (`username`)
REFERENCES `users` (`username`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
CREATE TABLE `users` (
`username` varchar(50) NOT NULL,
`password` varchar(50) NOT NULL,
`enabled` tinyint(1) NOT NULL,
PRIMARY KEY (`username`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
卫甫
您可以使用Spring数据JPA创建用户。
@Repository
public interface UserRepository extends JpaRepository<User, Long> {
}
用法:
User user = new User();
userRepository.save(user);
如何验证上述用户:
- 创建自定义
AuthenticationProvider,从数据库中选择用户数据并进行身份验证:
@Component
public class MyAuthenticationProvider implements AuthenticationProvider {
@Autowired
private UserRepository userRepository;
@Override
public Authentication authenticate(final Authentication authentication) throws AuthenticationException {
final UsernamePasswordAuthenticationToken upAuth = (UsernamePasswordAuthenticationToken) authentication;
final String name = (String) authentication.getPrincipal();
final String password = (String) upAuth.getCredentials();
final String storedPassword = userRepository.findByName(name).map(User::getPassword)
.orElseThrow(() -> new BadCredentialsException("illegal id or passowrd"));
if (Objects.equals(password, "") || !Objects.equals(password, storedPassword)) {
throw new BadCredentialsException("illegal id or passowrd");
}
final Object principal = authentication.getPrincipal();
final UsernamePasswordAuthenticationToken result = new UsernamePasswordAuthenticationToken(
principal, authentication.getCredentials(),
Collections.emptyList());
result.setDetails(authentication.getDetails());
return result;
}
...
@EnableWebSecurity
public class MyWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
@Autowired
private MyAuthenticationProvider authProvider;
@Override
protected void configure(final HttpSecurity http) throws Exception {
http
.authorizeRequests()
.anyRequest().authenticated()
.and()
.httpBasic();
http.authenticationProvider(authProvider);
}
}
参考文献:
- Spring Security架构
- 完整的代码示例
仉成益
如果用户正在注册,您可能希望将其存储在数据库中,而不是内存中:)
>
List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
authorities.add(new SimpleGrantedAuthority("ROLE_USER"));
实例化用户(用一个类实现用户详细信息)
UserDetails user = new User("user@example.com", passwordEncoder.encode("s3cr3t"), authorities);
将用户保存在有用的地方。JdbcUserDetailsManager可以很容易地将用户保存到数据库中。
userDetailsManager.createUser(user);
创建一个用户密码验证令牌
Authentication authentication = new UsernamePasswordAuthenticationToken(user, null, authorities);
将身份验证添加到SecurityContext
SecurityContextHolder.getContext().setAuthentication(authentication);
类似资料:
-
当Java11排除了JavaFX作为最新版本的一部分时,我得到了以下错误。 那么如何在Java11中将JavaFX添加到Eclipse中呢?谢了。
-
我是Spring的新手。我有下面的Person bean,其中包含姓名、地址和年龄作为属性。现在我想在我的自定义BeanFactoryPostProcess中向Person bean添加名为性别的新属性。我的人bean实现了属性访问器。 XML配置文件 自定义BeanFactoryPostProcess 人员类别 客户端程序 如果我访问性别我得到null 请让我知道如何动态设置和获取属性。
-
在XML中,我想要的配置如下所示(但我不想使用XML):
-
在运行时添加到当单击时。 我使用以下代码: 但是在中没有显示任何。
-
Spring Boot:如何在运行时添加新数据源 我的项目想要连接两个数据源。 第一个数据源我可以在application.properties配置,但第二个数据源不能配置,因为此配置位于第一个数据源的DB的表配置中。 所以, 配置第一个数据源 现在,我从application.properties配置两个数据源,它的工作。 但需求需要更改第一个数据源表中的第二个数据源。T、 T型 请给我一些建议
-
XML布局