我想在保持大多数框架代码的同时使用具有弹簧安全性的我自己的数据库架构。我想使用postgres,其中我的users表位于其架构中:profiles.users。 我的安全配置:
@Configuration
public class SecurityConfigDev extends WebSecurityConfigurerAdapter {
@Autowired
private UserDetailsService userDetailsService;
@Autowired
private DataSource dataSource;
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
// authentication
@Override
protected void configure(AuthenticationmanagerBuilder authBuilder) throws Exception {
authBuilder
.jdbcAuthentication()
.dataSource(dataSource)
.usersByusernameQuery("select username,password from profiles.users where username=?")
.withUser(User
.withusername("username")
.password(passwordEncoder().encode("username"))
.roles("USER")
)
.and()
.userDetailsService(userDetailsService)
.passwordEncoder(passwordEncoder());
}
...
}
我编写了自己的UserService,该UserService实现了UserDetailsService,后者处理与用户相关的业务逻辑,并从db获取数据并正确注入。
问题是框架使用来自JdbcUserDetailsManager的硬编码查询,我必须对其进行更改(我可以轻松地扩展此类,覆盖静态方法并注入它),因此在这种情况下,我想我只是将JdbcUserDetailsManager扩展为UserDetails?
JdbcUserDetailsManager:
// UserDetailsManager SQL
public static final String DEF_CREATE_USER_SQL = "insert into users (username,password,enabled) values (?,?,?)";
public static final String DEF_DELETE_USER_SQL = "delete from users where username = ?";
public static final String DEF_UPDATE_USER_SQL = "update users set password = ?,enabled = ? where username = ?";
public static final String DEF_INSERT_AUTHORITY_SQL = "insert into authorities (username,authority) values (?,?)";
public static final String DEF_DELETE_USER_AUTHORITIES_SQL = "delete from authorities where username = ?";
...etc...
这是“正确”的方法吗?看来,目前我有两个实现userDetailsService的bean,并且由于将UserService注入了authBuilder中,为什么为什么在缺少方法的情况下会出现一些编译时错误?
P.S:我还有UserRepository,它可以处理实际的jdbc查询并将其注入UserService