SPRING IN ACTION 第4版笔记-第九章Securing web applications-008-使用非关系型数据库时如何验证用户(自定义UserService)
2016-03-08 10:19
791 查看
一、
1.定义接口
Suppose that you need to authenticate against users in a non-relational database such
as Mongo or Neo4j. In that case, you’ll need to implement a custom implementation
of the UserDetailsService interface.
2.实现接口
All you need to do is implement the loadUserByUsername() method to find a user
given the user’s username. loadUserByUsername() then returns a UserDetails object
representing the given user. The following listing shows an implementation of
UserDetailsService that looks up a user from a given implementation of Spitter-
Repository
What’s interesting about SpitterUserService is that it has no idea how the user data
is persisted. The SpitterRepository it’s given could look up the Spitter from a rela-
tional database, from a document database, from a graph database, or it could just
make it up. SpitterUserService doesn’t know or care what underlying data storage is
used. It just fetches the Spitter object and uses it to create a User object. ( User is a
concrete implementation of UserDetails .)
3.配置service
To use SpitterUserService to authenticate users, you can configure it in your
security configuration with the userDetailsService() method:
The userDetailsService() method (like jdbcAuthentication() , ldapAuthentication ,
and inMemoryAuthentication() ) configures a configuration store. But instead of using
one of Spring’s provided user stores, it takes any implementation of UserDetailsService .
Another option worth considering is that you could change Spitter so that it
implements UserDetailsService . By doing that, you could return the Spitter
directly from the loadUserByUsername() method without copying its values into a
User object.
1.定义接口
Suppose that you need to authenticate against users in a non-relational database such
as Mongo or Neo4j. In that case, you’ll need to implement a custom implementation
of the UserDetailsService interface.
public interface UserDetailsService { UserDetails loadUserByUsername(String username) throws UsernameNotFoundException; }
2.实现接口
All you need to do is implement the loadUserByUsername() method to find a user
given the user’s username. loadUserByUsername() then returns a UserDetails object
representing the given user. The following listing shows an implementation of
UserDetailsService that looks up a user from a given implementation of Spitter-
Repository
package spittr.security; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority. SimpleGrantedAuthority; import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails. UserDetailsService; import org.springframework.security.core.userdetails. UsernameNotFoundException; import spittr.Spitter; import spittr.data.SpitterRepository; public class SpitterUserService implements UserDetailsService { private final SpitterRepository spitterRepository; public SpitterUserService(SpitterRepository spitterRepository) { this.spitterRepository = spitterRepository; } @Override public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { Spitter spitter = spitterRepository.findByUsername(username); if (spitter != null) { List < GrantedAuthority > authorities = new ArrayList < GrantedAuthority > (); authorities.add(new SimpleGrantedAuthority("ROLE_SPITTER")); return new User( spitter.getUsername(), spitter.getPassword(), authorities); } throw new UsernameNotFoundException("User '" + username + "' not found."); } }
What’s interesting about SpitterUserService is that it has no idea how the user data
is persisted. The SpitterRepository it’s given could look up the Spitter from a rela-
tional database, from a document database, from a graph database, or it could just
make it up. SpitterUserService doesn’t know or care what underlying data storage is
used. It just fetches the Spitter object and uses it to create a User object. ( User is a
concrete implementation of UserDetails .)
3.配置service
To use SpitterUserService to authenticate users, you can configure it in your
security configuration with the userDetailsService() method:
@Autowired SpitterRepository spitterRepository; @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth .userDetailsService(new SpitterUserService(spitterRepository)); }
The userDetailsService() method (like jdbcAuthentication() , ldapAuthentication ,
and inMemoryAuthentication() ) configures a configuration store. But instead of using
one of Spring’s provided user stores, it takes any implementation of UserDetailsService .
Another option worth considering is that you could change Spitter so that it
implements UserDetailsService . By doing that, you could return the Spitter
directly from the loadUserByUsername() method without copying its values into a
User object.
相关文章推荐
- ijkplayer编译脚本分析(一)——init-android.sh
- 谈谈Objective-C的警告
- JS和Native交互之 -WebViewJavascriptBridge源码分析
- Android MVP Pattern
- Swift中的willSet与didSet zhuan
- 12步创建高性能Web APP
- Android实现再按一次退出程序
- 【Android】自定义ViewPager控制其页面切换速度
- Android M权限请求
- Android4.2锁屏流程【Android锁屏解析三】
- Android 系统属性SystemProperty分析
- JS和Native交互之 -WebViewJavascriptBridge
- Android 数据存储之文件存储
- 如何在Android studio中使用java8 的Lambda表达式
- Android打开或者关闭软键盘的解决方案
- Android 4.4 以上更改状态栏颜色
- iOS8 【xcode6中添加pch全局引用文件】
- Android和服务器通信,从服务器端获取图片
- 获取android软键盘高度
- 2016年3月8日Android实习日记