问题
I have searched for a couple of hours for a way to do this but couldn't find anything similar. I am new to Spring framework.
I have created a small app with a login form but no registration form. In order to log in I used the in memory function of the Spring framework.
Now I wanted to actually be able to add users to the DB and log in with the users that exist from the actual database without having to create a register form. So the best way to do that was to add a .sql file with the user queries called data.sql and which looks like this:
INSERT INTO users (name, password, role) VALUES ('user1','$2y$12$x6ttHRkoBggiFDS42..nleKvu/grzYnJNaoIjr6Fhja2Lch8lrwr6','USER');
INSERT INTO users (name, password, role) VALUES ('user2','$2y$12$NPwnUv.XKreK1N9/boQU2uHRvarqXwzsMvatQGu2C1MXcquJHJalW','USER');
INSERT INTO users (name, password, role) VALUES ('admin','$2y$12$vAtmAv/hYaVv2RiDmD8yYea0eUxW7MwsTYAygtzx1bXqfUvguF7xy','ADMIN');
this is my application.propreties file:
spring.jpa.show-sql=true
spring.datasource.url=jdbc:mysql://localhost:3306/textmanager
spring.datasource.username=root
spring.datasource.password=root
#Using database platform for spring 2.0
spring.jpa.database-platform=org.hibernate.dialect.MySQL8Dialect
spring.jpa.hibernate.ddl-auto=update
spring.datasource.initialization-mode=always
spring.data=data.sql
my spring security looks like this
private static final String[] PUBLIC_MATCHERS = {
"/webjars/**",
"/css/**",
"/js/**",
"/images/**",
"/"
};
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("user").password(passwordEncoder().encode("password")).roles("USER").and()
.withUser("admin").password(passwordEncoder().encode("password")).roles("USER", "ADMIN");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers(HttpMethod.GET, "/resources/**", "/js/**", "/css/**", "/images/**", "/fonts/**", "/scss/**", "/index", "/", "/login").permitAll()
.antMatchers(PUBLIC_MATCHERS).permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.permitAll()
.defaultSuccessUrl("/home", true)
.and()
.logout()
.logoutUrl("/signout")
.logoutSuccessUrl("/login4.html")
.invalidateHttpSession(true)
.and()
.csrf().disable();
}
Now the users are saved in the database correctly.
How do I actually configure Spring security to be able to access the users in the database that where created manually? Do I need to replace the .inMemoryAuthentication() with jdbcAuthentication() and if so what is the next step to be able to check login form inputs made by the user against the DB user with Spring? I believe everything can be done manually by retrieving a user from the DB and comparing with what the user inputed in the log in form, but I guess spring has a clever way of doing things?
UPDATE Ok so for people who may have this question in the future. I can connect to the DB and access the users with the help of a basic repository without having to modify the Authentication to jdbc. I can do this right in the first login page of the app which is really cool.
来源:https://stackoverflow.com/questions/62739748/spring-securityconfiguring-security-to-accept-and-use-manually-added-users-via