Java 如何在spring security中使用自己的数据库作为身份验证
我有课堂记录,有现场电子邮件和密码 我有班级登记服务Java 如何在spring security中使用自己的数据库作为身份验证,java,hibernate,spring-security,Java,Hibernate,Spring Security,我有课堂记录,有现场电子邮件和密码 我有班级登记服务 public Registration searchUser(String email) { logger.debug("Getting Email"); Session session = sessionFactory.getCurrentSession(); String query = "FROM Registration WHERE email=:email"; Query query2
public Registration searchUser(String email)
{
logger.debug("Getting Email");
Session session = sessionFactory.getCurrentSession();
String query = "FROM Registration WHERE email=:email";
Query query2 = session.createQuery(query);
query2.setString("email",email);
return (Registration) query2.uniqueResult();
}
我使用在线示例应用了spring安全性
他在CustomUserDetails服务中写了这篇文章
private UserDAO userDAO = new UserDAO();
/**
* Retrieves a user record containing the user's credentials and access.
*/
public UserDetails loadUserByUsername(String username)
throws UsernameNotFoundException, DataAccessException {
// Declare a null Spring User
UserDetails user = null;
try {
// Search database for a user that matches the specified username
// You can provide a custom DAO to access your persistence layer
// Or use JDBC to access your database
// DbUser is our custom domain user. This is not the same as Spring's User
DbUser dbUser = userDAO.searchDatabase(username);
// Populate the Spring User object with details from the dbUser
// Here we just pass the username, password, and access level
// getAuthorities() will translate the access level to the correct role type
user = new User(
dbUser.getUsername(),
dbUser.getPassword().toLowerCase(),
true,
true,
true,
true,
getAuthorities(dbUser.getAccess()) );
} catch (Exception e) {
logger.error("Error in retrieving user");
throw new UsernameNotFoundException("Error in retrieving user");
}
示例中给出的示例数据库运行良好,但我不知道如何使用我的Registration和RegistrationService类通过该用户名和密码对用户进行身份验证请同时添加代码/配置,以说明如何使用身份验证提供器?您是否正在使用中所示的Md5PasswordEncoder?是的,我使用的都是相同的,但我只需要电子邮件、来自我自己的mysql tableDaoAuthenticationProvider的密码调用UserDetailsService实现(在您的情况下是Customuserdetailsservice)来检索和验证用户信息。获取用户信息后,提供者调用passwordEncoder来验证密码。passwordEncoder将j_密码值与用户的值进行比较。getPassword()。如果您有正确的passwordEncoder(这意味着它是否正确地将即将到来的密码与user.getpassword匹配),那么您不必做任何额外的事情来验证用户。