Spring Boot整合Spring Security（八）基于数据库的用户认证_springboot springsecurity 用户密码验证数据库

阅前提示

此文章基于Spring Security 6.0

配置数据源

因为是使用了数据库进行身份认证，那么数据肯定是放在数据库里的我知道这是句废话，但这句废话不得不讲，别问，问就是带不动。这时候需要将数据库驱动的依赖引入到项目中来。

<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-data-jdbc</artifactId>
</dependency>

<dependency>
    <groupId>mysql</groupId>
    <artifactId>mysql-connector-java</artifactId>
    <scope>runtime</scope>
</dependency>
1
2
3
4
5
6
7
8
9
10

配置数据库连接

spring:
  datasource:
    username: root
    password: root
    url: jdbc:mysql://localhost:3306/spring-security-demo
    driver-class-name: com.mysql.cj.jdbc.Driver
1
2
3
4
5
6

这个东西配置完了以后呢，就能获得dataSource这个bean了

创建数据库表

默认的数据库表创建文件在org/springframework/security/core/userdetails/jdbc/users.ddl
首先在这里使用MySQL进行演示

create table users(
	username varchar(50) not null primary key,
	password varchar(500) not null,
	enabled boolean not null
);

create table authorities (
	username varchar(50) not null,
	authority varchar(50) not null,
	constraint fk_authorities_users foreign key(username) references users(username)
);
create unique index ix_auth_username on authorities (username,authority);
1
2
3
4
5
6
7
8
9
10
11
12

下面是Oracle数据库表的创建方法

CREATE TABLE USERS (
    USERNAME NVARCHAR2(128) PRIMARY KEY,
    PASSWORD NVARCHAR2(128) NOT NULL,
    ENABLED CHAR(1) CHECK (ENABLED IN ('Y','N') ) NOT NULL
);


CREATE TABLE AUTHORITIES (
    USERNAME NVARCHAR2(128) NOT NULL,
    AUTHORITY NVARCHAR2(128) NOT NULL
);
ALTER TABLE AUTHORITIES ADD CONSTRAINT AUTHORITIES_UNIQUE UNIQUE (USERNAME, AUTHORITY);
ALTER TABLE AUTHORITIES ADD CONSTRAINT AUTHORITIES_FK1 FOREIGN KEY (USERNAME) REFERENCES USERS (USERNAME) ENABLE;
1
2
3
4
5
6
7
8
9
10
11
12
13

配置JdbcUserDetailsManager

在之前的基于内存的用户认证篇章中讲过UserDetailsService及UserDetailsManager了，这里就不多讲了，JdbcUserDetailsManager跟InMemoryUserDetailsManager一样都是实现了UserDetailsManager接口的类，该怎么增删查改就怎么增删查改，只不过最终体现到了数据库罢了

@Configuration
@EnableWebSecurity
public class WebSecurityConfig {
	@Autowired
    private DataSource dataSource;
    @Bean
    public UserDetailsService userDetailsService(){
        UserDetails user = User.builder()
                .username("user")
                .password("{bcrypt}$2a$10$GRLdNijSQMUvl/au9ofL.eDwmoohzzS7.rmNSJZ.0FxO/BTk76klW")
                .roles("USER")
                .build();
        UserDetails admin = User.builder()
                .username("admin")
                .password("{bcrypt}$2a$10$GRLdNijSQMUvl/au9ofL.eDwmoohzzS7.rmNSJZ.0FxO/BTk76klW")
                .roles("USER", "ADMIN")
                .build();
        JdbcUserDetailsManager users = new JdbcUserDetailsManager(dataSource);
        users.createUser(user);
        users.createUser(admin);
        return users;
    }
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23

在初始化项目的时候插入两条用户数据
启动完后，查看数据库

这是users表

这是authorities表