spring nosql

在前面的文章中，我們從一個SQL數(shù)據(jù)庫提供用戶和權(quán)威檢索自定義查詢設(shè)置彈簧安全配置。

如今，許多現(xiàn)代應(yīng)用程序都使用NoSQL數(shù)據(jù)庫。 Spring安全性不是NoSQL數(shù)據(jù)庫的現(xiàn)成解決方案。

在這種情況下，我們需要通過實現(xiàn)自定義UserDetailsS??ervice提供解決方案。

在此示例中，我們將使用MongoDB數(shù)據(jù)庫。 我將使用docker映像，但是通過從官方網(wǎng)站下載來建立mongodb數(shù)據(jù)庫是一樣容易的。

這些是開始使用docker和mongodb的一些命令（如果不使用docker，請忽略它們）

#pull the mongo image docker pull mongo #create a mongo container docker run --name some-mongo -d mongo #get the docker container id docker ps #get the containers ip docker inspect --format '{{ .NetworkSettings.IPAddress }}' $CID #connection using the ip retrieved mongo $mongodb_container_ip

然后，我們將編寫一個簡單的初始化腳本，稱為createuser.js。 該腳本將創(chuàng)建一個包含用戶信息的文檔，例如用戶名密碼和授權(quán)。

use springsecurity db.users.insert({"name":"John","surname":"doe","email":"john@doe.com","password":"cleartextpass","authorities":["user","admin"]})

我們將使用mongo cli執(zhí)行它。

mongo 172.17.0.2:27017 < createuser.js

為了在mongodb中使用spring security，我們需要從users集合中檢索用戶信息。

第一步是將mongodb依賴項添加到我們的gradle文件中，包括mongodb驅(qū)動程序。 請注意，我們將使用名為“ customuserdetails”的配置文件。

group 'com.gkatzioura' version '1.0-SNAPSHOT'buildscript {repositories {mavenCentral()}dependencies {classpath("org.springframework.boot:spring-boot-gradle-plugin:1.4.0.RELEASE")} }apply plugin: 'java' apply plugin: 'idea' apply plugin: 'spring-boot'sourceCompatibility = 1.8repositories {mavenCentral() }dependencies {compile("org.springframework.boot:spring-boot-starter-web")compile("org.thymeleaf:thymeleaf-spring4")compile("org.springframework.boot:spring-boot-starter-security")compile("org.mongodb:mongo-java-driver:1.3")compile("org.slf4j:slf4j-api:1.6.6")compile("ch.qos.logback:logback-core:1.1.7")compile("ch.qos.logback:logback-classic:1.1.7")testCompile "junit:junit:4.11" }bootRun {systemProperty "spring.profiles.active", "customuserdetails" }

然后，我們將創(chuàng)建一個mongodb連接bean。

package com.gkatzioura.spring.security.config;import com.mongodb.Mongo; import com.mongodb.MongoClient; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Profile;/*** Created by gkatzioura on 9/27/16.*/ @Configuration @Profile("customuserdetails") public class MongoConfiguration {@Beanpublic MongoClient createConnection() {//You should put your mongo ip herereturn new MongoClient("172.17.0.2:27017");} }

然后，我們將創(chuàng)建一個自定義用戶詳細信息對象。

package com.gkatzioura.spring.security.model;import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.AuthorityUtils; import org.springframework.security.core.userdetails.UserDetails;import java.util.Collection; import java.util.List;/*** Created by gkatzioura on 9/27/16.*/ public class MongoUserDetails implements UserDetails{private String username;private String password;private List<GrantedAuthority> grantedAuthorities;public MongoUserDetails(String username,String password,String[] authorities) {this.username = username;this.password = password;this.grantedAuthorities = AuthorityUtils.createAuthorityList(authorities);}@Overridepublic Collection<? extends GrantedAuthority> getAuthorities() {return grantedAuthorities;}@Overridepublic String getPassword() {return password;}@Overridepublic String getUsername() {return username;}@Overridepublic boolean isAccountNonExpired() {return true;}@Overridepublic boolean isAccountNonLocked() {return true;}@Overridepublic boolean isCredentialsNonExpired() {return true;}@Overridepublic boolean isEnabled() {return true;} }

下一步，我們將添加一個自定義UserDetailsS??ervice，以通過mongodb數(shù)據(jù)庫檢索用戶詳細信息。

package com.gkatzioura.spring.security.service;import com.gkatzioura.spring.security.model.MongoUserDetails; import com.mongodb.MongoClient; import com.mongodb.client.MongoCollection; import com.mongodb.client.MongoDatabase; import com.mongodb.client.model.Filters; import org.bson.Document; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UsernameNotFoundException; import org.springframework.stereotype.Service;import java.util.List;/*** Created by gkatzioura on 9/27/16.*/ public class CustomerUserDetailsService implements UserDetailsService {@Autowiredprivate MongoClient mongoClient;@Overridepublic UserDetails loadUserByUsername(String email) throws UsernameNotFoundException {MongoDatabase database = mongoClient.getDatabase("springsecurity");MongoCollection<Document> collection = database.getCollection("users");Document document = collection.find(Filters.eq("email",email)).first();if(document!=null) {String name = document.getString("name");String surname = document.getString("surname");String password = document.getString("password");List<String> authorities = (List<String>) document.get("authorities");MongoUserDetails mongoUserDetails = new MongoUserDetails(email,password,authorities.toArray(new String[authorities.size()]));return mongoUserDetails;}return null;}}

最后一步是使用我們先前實現(xiàn)的自定義UserDetailsS??ervice提供spring安全配置。

package com.gkatzioura.spring.security.config;import com.gkatzioura.spring.security.service.CustomerUserDetailsService; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Profile; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.core.userdetails.UserDetailsService;/*** Created by gkatzioura on 9/27/16.*/ @EnableWebSecurity @Profile("customuserdetails") public class CustomUserDetailsSecurityConfig extends WebSecurityConfigurerAdapter {@Beanpublic UserDetailsService mongoUserDetails() {return new CustomerUserDetailsService();}@Overrideprotected void configure(AuthenticationManagerBuilder auth) throws Exception {UserDetailsService userDetailsService = mongoUserDetails();auth.userDetailsService(userDetailsService);}@Overrideprotected void configure(HttpSecurity http) throws Exception {http.authorizeRequests().antMatchers("/public").permitAll().anyRequest().authenticated().and().formLogin().permitAll().and().logout().permitAll();}}

運行應(yīng)用程序問題

gradle bootRun

您可以在github上找到源代碼

翻譯自: https://www.javacodegeeks.com/2016/09/spring-boot-spring-security-nosql.html

spring nosql

總結(jié)

以上是生活随笔為你收集整理的spring nosql_使用Spring Security和NoSQL的Spring Boot的全部內(nèi)容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網(wǎng)站內(nèi)容還不錯，歡迎將生活随笔推薦給好友。