1. 首页
  2. 问答
  3. 实施春季安全的自定义UserDetailService

实施春季安全的自定义UserDetailService

2015-06-17 19 views
0

我是新来的春天,我要实现Spring安全的定制UserDetailService,但我的应用程序的认证是通过传统已经暴露一个Web服务是需要用户ID,密码,hotel_code和USER_TYPE完成。 我创建了一个自定义Authnetication提供程序,它接受用户标识,密码,hotel_code和user_type。我没有创建/定义任何userdetailsservice,因为我不能有loadByUsername等,因为只有服务完成验证。实施春季安全的自定义UserDetailService

这里是我创建 DROP DATABASE IF EXISTS rsosdb数据库;

CREATE DATABASE rsosdb; 

use rsosdb; 

-- Create Administrator user and grant privileges 
Drop procedure if exists drop_user_if_exists; 
DELIMITER // 

CREATE PROCEDURE drop_user_if_exists() 
BEGIN 
    DECLARE userCount BIGINT DEFAULT 0 ; 

    SELECT COUNT(*) INTO userCount FROM mysql.user 
    WHERE User = 'admin' and Host = 'localhost'; 

    IF userCount > 0 THEN 
     DROP USER [email protected]; 
    END IF; 
END ; // 
DELIMITER ; 

CALL drop_user_if_exists() ; 

CREATE USER [email protected] IDENTIFIED BY 'gfam'; 

GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP 
ON rsosdb.* 
TO [email protected]; 


-- Create T_Env table 
CREATE TABLE T_Env (
hotel_code tinyint(4), 
hotel_name varchar(50) NOT NULL, 
logo_img mediumblob NOT NULL, 
password varchar(30) NOT NULL, 
order_start time NOT NULL, 
order_end time NOT NULL, 
currency varchar(4), 
regist_date datetime, 
update_date datetime, 
del_flag tinyint(4) NOT NULL DEFAULT '0', 
PRIMARY KEY (hotel_code) 
); 

-- Create T_Delivery Table 
CREATE TABLE T_Delivery(
hotel_code tinyint(4), 
delivery_code tinyint(4) auto_increment, 
delivery_name varchar(50), 
regist_date datetime, 
update_date datetime, 
del_flag tinyint(4) DEFAULT '0', 
FOREIGN KEY (hotel_code) 
REFERENCES T_Env(hotel_code), 
PRIMARY KEY (delivery_code, hotel_code) 
); 

-- Create T_Category Table 
CREATE TABLE T_Category(
hotel_code tinyint(4), 
category_code tinyint(4) auto_increment, 
category_name varchar(20) NOT NULL, 
img_file mediumblob, 
regist_date datetime, 
update_date datetime, 
version tinyint(4) DEFAULT '1', 
del_flag tinyint(4) DEFAULT '0', 
PRIMARY KEY (category_code, hotel_code), 
FOREIGN KEY (hotel_code) 
REFERENCES T_Env(hotel_code) 
); 

-- Create T_Items Table 
CREATE TABLE T_Items(
hotel_code tinyint(4), 
item_code tinyint(6) auto_increment, 
category_code tinyint(4) NOT NULL, 
item_name varchar(50) NOT NULL, 
price decimal NOT NULL, 
item_summary varchar(50) NOT NULL, 
item_detail text NOT NULL, 
img_file mediumblob NOT NULL, 
order_limit int NOT NULL, 
order_stop tinyint(1) NOT NULL DEFAULT '0', 
regist_date datetime, 
update_date datetime, 
version tinyint(4) DEFAULT '1', 
del_flag tinyint(4) DEFAULT '0', 

FOREIGN KEY (hotel_code) 
REFERENCES T_Env(hotel_code), 
FOREIGN KEY (category_code) 
REFERENCES T_Category(category_code), 
PRIMARY KEY (item_code, hotel_code) 
); 

-- Create T_Order table 
CREATE TABLE T_Order(
hotel_code tinyint(4), 
order_code int(10) auto_increment, 
room_number tinyint(4), 
delivery_code tinyint(4), 
order_date datetime, 
delivery_date datetime, 
response_person varchar(50), 
order_person varchar(50), 
status tinyint(4) DEFAULT '0', 
regist_date datetime, 
update_date datetime, 
version tinyint(4) DEFAULT '1', 
asap tinyint(4) , 
del_flag tinyint(4) DEFAULT '0', 
FOREIGN KEY (hotel_code) 
REFERENCES T_Env(hotel_code), 
FOREIGN KEY (delivery_code) 
REFERENCES T_Delivery(delivery_code), 
PRIMARY KEY (order_code, hotel_code) 
); 

-- Create T_Concierge table 
CREATE TABLE T_Concierge(
hotel_code tinyint(4), 
concierge_code varchar(4), 
concierge_name varchar(30), 
password varchar(30) NOT NULL, 
regist_date datetime, 
update_date datetime, 
version tinyint(4) DEFAULT '1', 
del_flag tinyint(4) DEFAULT '0', 
PRIMARY KEY (concierge_code, hotel_code) 
); 

-- Create T_OrderItem Table 
CREATE TABLE T_OrderItem(
hotel_code tinyint(4), 
order_code int(10), 
item_code tinyint(6), 
amount tinyint(4) DEFAULT '0', 
price decimal NOT NULL, 
status tinyint(4) DEFAULT '0', 
delivery_person varchar(25), 
delivery_time datetime, 
del_flag tinyint(4) DEFAULT '0', 

FOREIGN KEY (hotel_code) 
REFERENCES T_Env(hotel_code), 

FOREIGN KEY (order_code) 
REFERENCES T_Order(order_code), 

FOREIGN KEY (item_code) 
REFERENCES T_Items(item_code), 

PRIMARY KEY (hotel_code, order_code, item_code) 
);

这里是MyBatis的

HotelConcierge

<select id="selectOne" parameterType="map" resultType="kh.com.gfam.rsos.common.entity.HotelConciergeEntity"> 
    SELECT 
     hotel_code, 
     concierge_code, 
     concierge_name, 
     password, 
     regist_date, 
     update_date, 
     version, 
     del_flag 
    FROM 
     t_concierge 
    WHERE 
     hotel_code = #{hotel_code} 
    AND 
     concierge_code = #{concierge_code} 
    AND 
     del_flag = 0   
</select>

HotelEnvironment

<select id="selectOne" parameterType="java.lang.Integer" resultType="kh.com.gfam.rsos.common.entity.HotelEnvironmentEntity"> 

    SELECT 
     hotel_code, 
     hotel_name, 
     logo_img, 
     password, 
     order_start, 
     order_end, 
     currency, 
     regist_date, 
     update_date, 
     del_flag 
    FROM 
     t_env 
    WHERE 
     hotel_code = #{hotel_code} 
    AND 
     del_flag = 0  
</select>

这里是DTO类

/** Hotel Code */ 
private int hotel_code; 
/** Concierge Code */ 
@Size(min = 1, max = 4) 
@NotNull 
@Pattern(regexp = "0-9") 
private String concierge_code; 
/** Concierge Name */ 
@Size(min = 1, max = 30) 
@Pattern(regexp = "[A-Za-z]") 
private String concierge_name; 
/** Password */ 
@Size(min = 8, max = 30) 
@NotNull 
private String password; 
/** Delete Flag */ 
private int delete_flag; 
/** Register Date */ 
private Date regist_date; 
/** Update Date */ 
private Date update_date;

环境

/** Hotel Code */ 
private int hotel_code; 
/** Hotel Name */ 
@Size(min = 1, max = 50) 
@NotNull 
@Pattern(regexp = "[A-Za-z]") 
private String hotel_name; 
/** Image File */ 
@NotNull 
private byte[] logo_img; 
/** Password */ 
@Size(min = 8, max = 30) 
@NotNull 
private String password; 
/** Order Start Time */ 
@NotNull 
@DateTimeFormat(pattern = "HH:mm:ss") 
@Column(name="order_start") 
private Date order_start; 
/** Order Stop Time */ 
@NotNull 
@Future 
@Column(name="order_end") 
@DateTimeFormat(pattern = "HH:mm:ss") 
private Date order_end; 
/** Currency */ 
@Size(min = 3, max = 4) 
@NotNull 
@Pattern(regexp = "[A-Za-z]") 
private String currency; 
/** Register Date */ 
private Date regist_date; 
/** Update Date */ 
private Date update_date; 
/** Delete Flag */ 
private int del_flag;

LoginServiceImpl从LogicService其中实现具有延伸UserDetailService

@Service 
@Transactional 
public class LoginServiceImpl implements LoginService { 

    @Autowired 
    private HotelConciergeDAO conciergeDao; 

    @Autowired 
    private HotelEnvironmentDAO environentDao; 

    @Override 
    public UserDTO authenicate(int hotel_code, String user_id, String password, int user_type) 
      throws ApplicationException { 

     if (user_type == 1) { 
      HotelConciergeEntity entity = conciergeDao.selectOne(hotel_code, user_id); 
      if (entity == null) { 
       throw new ApplicationException("12345"); 
      } else if (!password.equals(entity.getPassword())) { 
       throw new ApplicationException("12345"); 
      } 
      UserDTO dto = new UserDTO(); 
      dto.setHotel_code(hotel_code); 
      dto.setUser_id(user_id); 
      dto.setUser_name(entity.getConcierge_name()); 
      dto.setPassword(password); 
      dto.setUser_type(user_type); 
      return dto; 
     } else { 
      HotelEnvironmentEntity entity = environentDao.selectOne(hotel_code); 
      if (entity == null) { 
       throw new ApplicationException("12345"); 
      } else if (!password.equals(entity.getPassword())) { 
       throw new ApplicationException("12345"); 
      } 
      UserDTO dto = new UserDTO(); 
      dto.setHotel_code(hotel_code); 
      dto.setUser_name("Admin"); 
      dto.setPassword(password); 
      dto.setUser_type(user_type); 
      return dto; 
     } 
    } 

    @Override 
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { 
     return new User(username,"",true,true,true,true,AuthorityUtils.NO_AUTHORITIES); 
    } 
}

这里是控制器类

@RequestMapping(value = "/Login", method = RequestMethod.POST) 
public String authenicate(UserDTO dto, Model model, HttpSession session) { 
    logger.info("User is attemp to loggin");; 
    int hotel_code = dto.getHotel_code(); 
    String user_id = dto.getUser_id(); 
    String password = dto.getPassword(); 
    int user_type = dto.getUser_type(); 
    UserDTO userData = null; 
    try { 
     userData = login.authenicate(hotel_code, user_id, password, user_type); 
    } catch (ApplicationException e) { 
     e.printStackTrace(); 
    } 
    model.addAttribute("userData", userData); 
    session.setAttribute("userData", userData); 
    if (userData.getUser_type() == 1) { 
     return "redirect:New_Arrival"; 
    } else { 
     return "redirect:Admin/Main_Info"; 
    } 
}

,这是我的弹簧安全配置类

@Configuration 
@ComponentScan("kh.com.gfam.rsos.common.config") 
@EnableWebSecurity 
public class SecurityConfig extends WebSecurityConfigurerAdapter { 

    @Autowired 
    LoginService service; 

    @Override 
    protected void configure(HttpSecurity http) throws Exception { 

     http.authorizeRequests().antMatchers("/Admin/**", "/Concierge/**") 
       .access("isAuthenticated()").and().formLogin() 
       .loginPage("/Login").failureUrl("/Login?error") 
       .and().logout().logoutSuccessUrl("/Login?logout") 
       .and().csrf() 
       .and().exceptionHandling().accessDeniedPage("/403") 
       .and().sessionManagement().maximumSessions(1).maxSessionsPreventsLogin(true); 
    } 
}

,这是登录查看 enter image description here

我无法得到它在所有的工作,任何人都可以指出错误或告诉我是可以不?

谢谢。

来源

2015-06-17 Razeth

+0

此配置不使用弹簧安全来控制访问..每次尝试登录时。 loadUserByUsername,然后让你访问,因为你还没有在loadUserByUsername – ArunM

+0

做过实际的身份验证。那么,我怎样才能配置它使用弹簧安全?请帮忙,我现在想出了想法。 – Razeth

回答

0

将此添加到Spring安全性配置类。

@Autowired 
    public void configure(AuthenticationManagerBuilder auth) throws Exception { 
     auth.userDetailsService(service); 
    }

来源

2015-06-17 08:10:12 ArunM

+0

仍然无法正常工作,当我尝试访问/ Admin时没有登录,而不是将我重定向到403,它给我带空指针异常的状态500。 – Razeth

相关问题

 相关问题