Login using spring security is working fine for multiple users. Now I've to login to the application using password, which should be encrypted in the database.
HomeController : Here I'm retrieving username, password from FORM.
spring-security.xml : Here I'm retrieving username, password from DB.
Now somewhere I've to compare these passwords for matching and then I've to make the person to login.
Please give me an Idea, how we can do this using spring security. ??
I believe you don't do the credential matching yourself when using Spring Security. That's the responsibility of AuthenticationManager you have configured.
You can specify the encoder to use while matching credentials like:-
<!-- This is the authentication manager -->
<authentication-manager>
<authentication-provider user-service-ref="yourUserService">
<password-encoder hash="sha"/>
</authentication-provider>
</authentication-manager>
All you need to care is storing encoded password in your user details table.
Take a look at docs
SPOILER
If you are using Spring Security, you don't need to have a controller to collect user credentials. Spring Security filters takes care of that.
For example:-
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd">
<security:global-method-security secured-annotations="enabled" />
<security:http auto-config="true">
<!-- Restrict URLs based on role -->
<security:intercept-url pattern="/login*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/logoutSuccess*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/css/main.css" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/resources/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/**" access="ROLE_USER" />
<!-- Override default login and logout pages -->
<security:form-login login-page="/login.html" // this is where your custome login page lives.
login-processing-url="/loginProcess" //this is where you POST your login form
default-target-url="/index.jsp"
authentication-failure-url="/login.html?login_error=1" />
<security:logout logout-url="/logout" logout-success-url="/logoutSuccess.html" />
</security:http>
<security:authentication-manager>
<security:authentication-provider >
<security:jdbc-user-service data-source-ref="dataSource" />
</security:authentication-provider>
</security:authentication-manager>
</beans>
I suggest you to go through a reference docs and simple blog/tutorial (there are plenty).
Even more, give Spring Boot Security a shot.
이 기사는 인터넷에서 수집됩니다. 재 인쇄 할 때 출처를 알려주십시오.
침해가 발생한 경우 연락 주시기 바랍니다[email protected] 삭제
몇 마디 만하겠습니다