Authentication - Username/Password - Password Storage - JDBC Authentication

JDBC Authentication

Spring Security’s JdbcDaoImpl implements UserDetailsService to provide support for username-and-password-based authentication that is retrieved by using JDBC. JdbcUserDetailsManager extends JdbcDaoImpl to provide management of UserDetails through the UserDetailsManager interface. UserDetails-based authentication is used by Spring Security when it is configured to accept a username/password for authentication.

Spring Security 的JdbcDaoImpl实现了UserDetailsService,以支持使用 JDBC 检索的基于用户名和密码的身份验证。JdbcUserDetailsManager扩展了JdbcDaoImpl,以通过UserDetailsManager接口提供对UserDetails的管理。当 Spring Security 配置为接受用户名/密码进行身份验证时,将使用基于 UserDetails 的身份验证。

In the following sections, we discuss: 

Default Schema    默认模式

Spring Security provides default queries for JDBC-based authentication. This section provides the corresponding default schemas used with the default queries. You need to adjust the schema to match any customizations to the queries and the database dialect you use.

Spring Security 为基于 JDBC 的身份验证提供默认查询。本节提供了与默认查询一起使用的相应默认架构。您需要调整架构以匹配您使用的查询和数据库方言的任何自定义。

User Schema     用户模式

JdbcDaoImpl requires tables to load the password, account status (enabled or disabled) and a list of authorities (roles) for the user.

JdbcDaoImpl 需要 tables 来加载用户的密码、帐户状态(启用或禁用)和权限(角色)列表。

【Note】

The default schema is also exposed as a classpath resource named org/springframework/security/core/userdetails/jdbc/users.ddl.
默认模式也作为名为 org/springframework/security/core/userdetails/jdbc/users.ddl 的 Classpath 资源公开。
Default User Schema 
create table users(
    username varchar_ignorecase(50) not null primary key,
    password varchar_ignorecase(500) not null,
    enabled boolean not null
);

create table authorities (
    username varchar_ignorecase(50) not null,
    authority varchar_ignorecase(50) not null,
    constraint fk_authorities_users foreign key(username) references users(username)
);
create unique index ix_auth_username on authorities (username,authority);

Oracle is a popular database choice but requires a slightly different schema: (略)

Group Schema

If your application uses groups, you need to provide the groups schema:

如果您的应用程序使用 groups,则需要提供 groups 架构:(略)

Setting up a DataSource

Before we configure JdbcUserDetailsManager, we must create a DataSource. In our example, we set up an embedded DataSource that is initialized with the default user schema.

在配置 JdbcUserDetailsManager 之前,我们必须创建一个 DataSource。在我们的示例中,我们设置了一个使用默认用户架构初始化的嵌入式 DataSource。

Embedded Data Source

 

@Bean
DataSource dataSource() {
    return new EmbeddedDatabaseBuilder()
        .setType(H2)
        .addScript(JdbcDaoImpl.DEFAULT_USER_SCHEMA_DDL_LOCATION)
        .build();
}

 

In a production environment, you want to ensure that you set up a connection to an external database.

在生产环境中,您需要确保设置与外部数据库的连接。

JdbcUserDetailsManager Bean

In this sample, we use Spring Boot CLI to encode a password value of password and get the encoded password of {bcrypt}$2a$10$GRLdNijSQMUvl/au9ofL.eDwmoohzzS7.rmNSJZ.0FxO/BTk76klW. See the PasswordEncoder section for more details about how to store passwords.

在此示例中,我们使用 Spring Boot CLI 对 password 值进行编码,并获取编码后的密码 {bcrypt}$2a$10$GRLdNijSQMUvl/au9ofL.eDwmoohzzS7.rmNSJZ.0FxO/BTk76klW。有关如何存储密码的更多详细信息,请参阅 PasswordEncoder 部分。

JdbcUserDetailsManager

@Bean
UserDetailsManager users(DataSource dataSource) {
    UserDetails user = User.builder()
        .username("user")
        .password("{bcrypt}$2a$10$GRLdNijSQMUvl/au9ofL.eDwmoohzzS7.rmNSJZ.0FxO/BTk76klW")
        .roles("USER")
        .build();
    UserDetails admin = User.builder()
        .username("admin")
        .password("{bcrypt}$2a$10$GRLdNijSQMUvl/au9ofL.eDwmoohzzS7.rmNSJZ.0FxO/BTk76klW")
        .roles("USER", "ADMIN")
        .build();
    JdbcUserDetailsManager users = new JdbcUserDetailsManager(dataSource);
    users.createUser(user);
    users.createUser(admin);
    return users;
}
----  The End  ----

 

posted @ 2024-08-29 11:14  红拂夜奔  阅读(25)  评论(0)    收藏  举报