java - 在 Spring Security 中从文件中读取/添加用户凭据

标签 java spring spring-security

是否可以在 Spring Security 的文件中存储和修改用户凭据?

现在我有 security.xml:

<beans:beans xmlns="http://www.springframework.org/schema/security"
         xmlns:beans="http://www.springframework.org/schema/beans"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://www.springframework.org/schema/beans
       http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
       http://www.springframework.org/schema/security
       http://www.springframework.org/schema/security/spring-security.xsd">
<http>
    <intercept-url pattern="/**" access="ROLE_USER" />
    <form-login />
    <logout />
</http>

<authentication-manager>
    <authentication-provider>
        <user-service>
            <user name="admin" password="admin" authorities="ROLE_USER, ROLE_ADMIN" />
            <user name="user" password="user" authorities="ROLE_USER" />
        </user-service>
    </authentication-provider>
</authentication-manager>

我只想将信息存储在 users.txt 或 users.xml 之类的文件中,并可以动态添加或修改用户/密码。

最佳答案

你需要为此覆盖UserDetailsS​​ervice

UserDao.java

import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;

/**
 * @author asif.hossain
 * @since 3/9/17.
 */
public class UserDao implements UserDetailsService {
    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {

        String password = readPasswordFromFileOrDatabase(username);

        if (password == null) throw new UsernameNotFoundException("");

        return User
                .withUsername(username)
                .password(password)
                .authorities("ROLE_USER")
                .build();
    }

    private String readPasswordFromFileOrDatabase(String username) {
        // Edit this code and read password and roles from data base or files 
        if (username.equals("user")) return "password";
        return null;
    }
}

并在security.xml

中添加一个该类的bean 
<beans:beans xmlns="http://www.springframework.org/schema/security"
         xmlns:beans="http://www.springframework.org/schema/beans"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://www.springframework.org/schema/beans
       http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
       http://www.springframework.org/schema/security
       http://www.springframework.org/schema/security/spring-security.xsd">
<http>
    <intercept-url pattern="/**" access="ROLE_USER" />
    <form-login />
    <logout />
</http>

<bean id="userDao" class="UserDao"></bean>

<authentication-manager alias="authenticationManager">
    <authentication-provider user-service-ref="userDao"></authentication-provider>
</authentication-manager>

关于java - 在 Spring Security 中从文件中读取/添加用户凭据,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/42690732/

上一篇:java - 保护 REST API 的最佳方式是什么?

下一篇:java - 如何在不使用 IDE 的情况下将 Maven pom.xml 添加到现有项目?

相关文章:

java - 在 Java 中通过较小的修改替换字符串模式

java - TreeMap高低键整数排序

java - Spring Boot 应用程序在作为 jar 运行时看不到 bean

Spring - CORS 不适用于安全配置

spring-security - UnAuthenticatedServerOAuth2AuthorizedClientRepository 的替换

java - spring mvc自动日期转换的默认日期格式?

Java:存储和访问对象列表的最佳方式

spring - thymeleaf 使用动态参数/元素生成 REST url

java - Spring MVC 4.0 - Web Config 中的 Hibernate OpenSessioninViewFilter

spring - 如何扩展 OAuth2 授权端点的参数?

©2024 IT工具网  联系我们