spring引导、hikaricp和jdbcauhthentication

2guxujil  于 2021-06-20  发布在  Mysql
关注(0)|答案(0)|浏览(213)

我正试图通过springboot、hikaricp作为数据源和jdbcauhthentication来建立基于mysql数据库的基本身份验证,但我认为有些东西我还不太了解。
以下是相关代码:
pom.xml文件

<parent>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-parent</artifactId>
    <version>2.0.4.RELEASE</version>
</parent>

<properties>
    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
    <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
    <java.version>1.8</java.version>
</properties>

<dependencies>

<!-- Spring Boot dependencies -->   
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-web</artifactId>
    </dependency>

    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-test</artifactId>
        <scope>test</scope>
    </dependency>

    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-devtools</artifactId>
        <scope>runtime</scope>
    </dependency>

    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-security</artifactId>
    </dependency>

    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-thymeleaf</artifactId>
    </dependency>

    <dependency>
        <groupId>org.thymeleaf.extras</groupId>
        <artifactId>thymeleaf-extras-springsecurity4</artifactId>
    </dependency>

<!-- Persistence dependencies -->
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-data-jpa</artifactId>
    </dependency>

    <dependency>
        <groupId>org.hibernate</groupId>
        <artifactId>hibernate-core</artifactId>
    </dependency>

    <dependency>
        <groupId>mysql</groupId>
        <artifactId>mysql-connector-java</artifactId>
        <scope>runtime</scope>
    </dependency>

<!-- Tools dependencies --> 
    <dependency>
        <groupId>org.projectlombok</groupId>
        <artifactId>lombok</artifactId>
        <version>1.18.2</version><!--$NO-MVN-MAN-VER$-->
        <scope>provided</scope>
    </dependency>

</dependencies>

<build>
    <plugins>
        <plugin>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-maven-plugin</artifactId>
        </plugin>
    </plugins>
</build>

应用程序属性

spring.datasource.driver-class-name=com.mysql.jdbc.Driver
spring.datasource.url = jdbc:mysql://localhost:3306/lostdb?useSSL=false&serverTimezone=UTC
spring.datasource.username = lostuser
spring.datasource.password = lostuser

## Hibernate Properties

spring.jpa.properties.hibernate.dialect = 
org.hibernate.dialect.MySQL5InnoDBDialect

# Hibernate ddl auto (create, create-drop, validate, update)

spring.jpa.hibernate.ddl-auto = update

# Show SQL queries

spring.jpa.show-sql=true
spring.jpa.properties.hibernate.use_sql_comments=true
spring.jpa.properties.hibernate.format_sql=true

logging.level.org.hibernate.SQL=DEBUG
logging.level.org.hibernate.type.descriptor.sql.BasicBinder=TRACE

# Hikari CP

spring.datasource.hikari.connection-timeout=60000
spring.datasource.hikari.minimum-idle=5
spring.datasource.hikari.maximum-pool-size=5
spring.datasource.hikari.idle-timeout=300000
spring.datasource.hikari.max-lifetime=1200000
spring.datasource.hikari.auto-commit=true

我的web安全配置

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

@Autowired
private DataSource dataSource;

@Override
protected void configure(HttpSecurity http) throws Exception {
    http
        .authorizeRequests()  
            //Permit these requests without authentication
            .antMatchers("/", "/login", "/signup").permitAll()
            //Any other request must be authenticated
            .anyRequest().authenticated()
            .and()
        .formLogin()
            .loginPage("/login")
            .loginProcessingUrl("/userAuthentication")
            .permitAll()
            .and()
        .logout()
            .permitAll();
}

@Autowired
public void configureGloal(AuthenticationManagerBuilder auth) throws Exception {         
     auth.jdbcAuthentication().dataSource(dataSource).
     usersByUsernameQuery("select username,password,enabled from users where username=?").
     authoritiesByUsernameQuery("select username, authority from authorities where username=?");;
 }

}

登录页面

<body>
<div th:replace="fragments/navbar.html"></div>        
    <div class="container">
        <div class="starter-template">
            <div class="alert alert-danger" role="alert" th:if="${param.error}">
                Invalid username and password.
            </div>
            <div class="alert alert-success" th:if="${param.logout}">
                You have been logged out.
            </div>
            <br>
            <form th:action="@{/userAuthentication}" method="POST">
                <div class="form-group"><label> User Name : <input type="text" name="username" class="form-control"/> </label></div>
                <div class="form-group"><label> Password: <input type="password" name="password" class="form-control"/> </label></div>
                <div><input type="submit" value="Log In" class="btn btn-primary"/></div>
            </form> 
        </div>
    </div>

</body>

索引.html

<body>
<div th:replace="fragments/navbar.html"></div>
<div class="container">
    <div class="starter-template">
        <br>
        <h4>
        Logged user: <span sec:authentication="name"></span>
        <br><br>            
        </h4>

        <p>
        <a href='${/admin}'>Admin access</a>

        </p>

        <form th:action="@{/logout}" method="POST">
            <div><input type="submit" value="Log Out" class="btn btn-primary"/></div>
        </form> 
    </div>
</div>
</body>

数据库创建脚本:

DROP DATABASE IF EXISTS `lostdb`;
CREATE DATABASE IF NOT EXISTS `lostdb`;
use `lostdb`;

DROP TABLE IF EXISTS `users`;
CREATE TABLE `users` (
  `username` varchar(50) NOT NULL,
  `first_name` varchar(50) DEFAULT NULL,
  `last_name` varchar(50) DEFAULT NULL,
  `email` varchar(50) NOT NULL,
  `password` varchar(50) NOT NULL,
  `phone_number` varchar(50) DEFAULT NULL,
  `enabled` tinyint(1) NOT NULL, 
   PRIMARY KEY (`username`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1;

DROP TABLE IF EXISTS `authorities`;

CREATE TABLE `authorities` (
  `username` varchar(45) NOT NULL,
  `authority` varchar(50) NOT NULL,  
  UNIQUE KEY `authorities_idx_1` (`username`,`authority`),
  CONSTRAINT `authorities_ibfk_1` FOREIGN KEY (`username`) REFERENCES 
 `users` (`username`)  
) ENGINE=InnoDB DEFAULT CHARSET=latin1;

LOCK TABLES `users` WRITE, `authorities` WRITE;

Some "INSERT INTO" to have some data in there...
UNLOCK TABLES;

连接到数据库可能正在工作,因为我在控制台中没有收到任何错误(除了控制台中的“编码的密码看起来不像bcrypt”警告之外,如果我在websecurityconfig类的查询中错误地键入了表名,我收到一条消息说它不存在),但我从来没有重定向到主页与用户名显示在问候语消息。登录尝试将导致登录页面的“无效用户名和密码”错误消息,如果我手动转到索引页面,我会得到“name”参数的“anonymoususer”值。
框架如何将数据库中的值与用户输入的数据进行比较,以及如何将用户作为一个实体进行检索,这是我所不了解的。
你知道吗?
非常感谢你!

Javamysqlspringjdbchikaricp

暂无答案!

目前还没有任何答案,快来回答吧!

我来回答

相关问题

    查看更多
    微信公众号

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备13028337号-1 大数据知识库 https://www.saoniuhuo.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com