在Spring Security中添加新用户 [英] Adding new users in Spring Security
问题描述
我在Spring / Java EE Web应用程序中设置了基本的Spring安全性。我可以限制对某些页面的访问并强制登录(使用角色等)。需要有一个表单,新用户可以注册并指定登录名和密码。
I have basic spring security set up in my Spring / Java EE web app. I can restrict access to certain pages and force login (with roles etc.). There needs to be a form where new users can register and specify a login name and password.
我想知道,为了创建新用户,我只是查询和更新适当的弹簧安全表(例如使用hibernate),就像我对任何查询一样,还是内置功能来创建新用户?如果我只是使用标准DAO来更新用户,我该如何处理密码哈希?
I am wondering if, to create new users, I simply query and update the appropriate spring security tables (e.g. using hibernate) as I would for any query, or is there built in functionality to create new users? If I am simply to use a standard DAO to update the users, how should I handle hashing of passwords?
谢谢!
推荐答案
您必须将此页面上的所有答案组合在一起。
You have to combine all of the answers on this page.
- Teja是正确的,没有便利的方式来动态添加用户。
- Axtavt也是正确的。您需要某种数据访问/服务层来更新您的用户表。换句话说,您需要像具有某种超级用户访问权限的任何其他页面一样创建视图。
- Michal和ax给出了很好的建议,您可能需要在保存之前对密码进行编码。摘要应该与您在检索凭据时使用的内容相匹配。
这是使用JDBC的示例配置:
Here's an example config using JDBC:
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-2.0.1.xsd">
<global-method-security secured-annotations="enabled"/>
<http auto-config="true" access-denied-page="/accessDenied.jsp">
<!-- login page has anonymous access -->
<intercept-url pattern="/login.jsp*" filters="none"/>
<!-- all pages are authenticated -->
<intercept-url pattern="/**.action" access="ROLE_USER, ROLE_ADMIN" />
<!-- all admin contextual pages are authenticated by admin role -->
<intercept-url pattern="/admin/**" access="ROLE_ADMIN" />
<form-login authentication-failure-url="/login.jsp?login_error=1" default-target-url="/index.action" login-page="/login.jsp"/>
<logout logout-success-url="/index.action"/>
</http>
<authentication-provider>
<password-encoder hash="md5" />
<jdbc-user-service data-source-ref="dataSource"
authorities-by-username-query="SELECT username, role AS authority FROM sweet_users WHERE username = ?"
users-by-username-query="SELECT username, password, 1 AS enabled FROM sweet_users WHERE username = ?" />
</authentication-provider>
</beans:beans>
这是使用自定义查询来获取用户。 Spring Security期望用户表分别包含用户名,密码和权限列名,因此您需要执行返回这些操作的操作。您需要提供数据源。
This is using a custom query to obtain users. Spring Security expects a users table with username, password, and authority column names respectively, so do what you need to do to return those. You need to provide the data source.
如果您创建了一个用于在admin / context下添加用户的页面,它将根据此配置进行身份验证。
If you created a page for adding users under the admin/ context, it would be authenticated according to this config.
为您的UserDao和/或UserService和/或AuthenticationService添加一个bean并将其传递给您的Users控制器......
Add a bean for your UserDao and/or UserService and/or AuthenticationService and pass it to your Users controller...
这篇关于在Spring Security中添加新用户的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!