数据库管理用户权限
第 2 章 使用数据库管理用户权限
上一章节中,我们把用户信息和权限信息放到了xml文件中,这是为了演示如何使用最小的配置就可以使用Spring Security,而实际开发中,用户信息和权限信息通常是被保存在数据库中的,为此Spring Security提供了通过数据库获得用户权限信息的方式。
2.1. 修改配置文件
为了从数据库中获取用户权限信息,我们所需要的仅仅是修改配置文件中的authentication-provider部分。
将上一章配置文件中的user-service替换为jdbc-user-service,替换内容如下所示:
将上述红色部分替换为下面黄色部分。
现在只要再为jdbc-user-service提供一个dataSource就可以让Spring Security使用数据库中的权限信息了。在此我们使用spring创建一个演示用的dataSource实现,这个dataSource会连接到hsqldb数据库,从中获取用户权[]1限信息。
need to use loan funds according to this drawing application for external payments.job titles, job title, education, professional qualifications, such as copies of original and supporting information; (F) the loan documents, such as contracts, etc; (G) loans for business, should also provide an original and one copy of the following information: 1 the identification code of the business information, including business licenses, corporate
最终的配置文件如下所示:
2.2. 数据库
表
关于同志近三年现实表现材料材料类招标技术评分表图表与交易pdf视力表打印pdf用图表说话 pdf
结构
Spring Security默认情况下需要两张表,用户表和权限表。以下是hsqldb中
的建表语句:
need to use loan funds according to this drawing application for external payments.job titles, job title, education, professional qualifications, such as copies of original and supporting information; (F) the loan documents, such as contracts, etc; (G) loans for business, should also provide an original and one copy of the following information: 1 the identification code of the business information, including business licenses, corporate
create table users(
username varchar_ignorecase(50) not null primary key,
password varchar_ignorecase(50) not null,
enabled boolean not null
);
create table authorities (
username varchar_ignorecase(50) not null,
authority varchar_ignorecase(50) not null,
constraint fk_authorities_users foreign key(username) references
users(username)
);
create unique index ix_auth_username on authorities (username,authority);
users:用户表。包含username用户登录名,password登陆密码,enabled
用户是否被禁用三个字段。
其中username用户登录名为主键。
authorities:权限表。包含username用户登录名,authorities对应权限
两个字段。
其中username字段与users用户表的主键使用外键关联。
对authorities权限表的username和authority创建唯一索引,提高查询
效率。
Spring Security会在初始化时,从这两张表中获得用户信息和对应权限,将这
些信息保存到缓存中。其中users表中的登录名和密码用来控制用户的登录,而
权限表中的信息用来控制用户登陆后是否有权限访问受保护的系统资源。
我们在示例中预先初始化了一部分数据:
insert into users(username,password,enabled) values('admin','admin',true);
insert into users(username,password,enabled) values('user','user',true);
insert into authorities(username,authority) values('admin','ROLE_ADMIN');
insert into authorities(username,authority) values('admin','ROLE_USER');
need to use loan funds according to this drawing application for external payments.job titles, job title, education, professional qualifications, such as copies of original and supporting information; (F) the loan documents, such as contracts, etc; (G) loans for business, should also provide an original and one copy of the following information: 1 the identification code of the business information, including business licenses, corporate
insert into authorities(username,authority) values('user','ROLE_USER');
上述sql中,我们创建了两个用户admin和user,其中admin拥有ROLE_ADMIN
和ROLE_USER权限,而user只拥有ROLE_USER权限。这和我们上一章中的配置
相同,因此本章实例的效果也和上一章完全相同,这里就不再赘述了。
need to use loan funds according to this drawing application for external payments.job titles, job title, education, professional qualifications, such as copies of original and supporting information; (F) the loan documents, such as contracts, etc; (G) loans for business, should also provide an original and one copy of the following information: 1 the identification code of the business information, including business licenses, corporate