如何与弹簧安全认证规则数据库用户

Question

我从动弹簧了解春季安全，我想实现这样的：我有一个Web应用程序中，有两种存储在数据库中的用户：

1）管理员

2）客户

这是弹簧security.xml文件：

<beans:beans xmlns="http://www.springframework.org/schema/security" 
xmlns:beans="http://www.springframework.org/schema/beans" 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xsi:schemaLocation="http://www.springframework.org/schema/beans 
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd 
http://www.springframework.org/schema/security 
http://www.springframework.org/schema/security/spring-security-3.0.3.xsd"> 

<http auto-config="true"> 
    <intercept-url pattern="/welcome*" access="ROLE_USER" /> 
</http> 

<authentication-manager> 
    <authentication-provider> 
    <user-service> 
    <user name="name" password="password" authorities="ROLE_USER" /> 
    </user-service> 
    </authentication-provider> 
</authentication-manager> 

</beans:beans> 

因此，如何联系：

<user-service> <user name="name" password="password" authorities="ROLE_USER" /> </user-service> 给数据库用户条目（管理员和客户端）？ 我将此部分添加到web.xml中：

<!-- Spring Security --> 
<filter> 
    <filter-name>springSecurityFilterChain</filter-name> 
    <filter-class> 
     org.springframework.web.filter.DelegatingFilterProxy 
    </filter-class> 
</filter> 

<filter-mapping> 
    <filter-name>springSecurityFilterChain</filter-name> 
    <url-pattern>/*</url-pattern> 
</filter-mapping> 

Answer 1

您不能这样映射。

您需要为此使用自定义UserDetailsService。使用userDetailsS​​ervice，您可以从数据库加载用户并将其传递给spring安全框架。

public class UserDetailsServiceImpl implements UserDetailsService { 
    public UserDetails loadUserByUsername(String userName) 
      throws UsernameNotFoundException, DataAccessException { 
     User user = getUser(userName); //Load user from database 
     if (user == null) { 
      throw new UsernameNotFoundException("User not found: " + userName); 
     } 
     return user; 
    } 
} 

的security.xml

<authentication-manager> 
    <authentication-provider user-service-ref="userDetailsService" /> 
</authentication-manager>