Shulou(Shulou.com)06/03 Report--

This article will explain in detail how to use SpringSecurity to dynamically load user role permissions to achieve login and authentication functions. The editor thinks it is very practical, so I share it with you as a reference. I hope you can get something after reading this article.

I. the basic knowledge of dynamic data login verification

In the previous article, we have introduced the formLogin login authentication mode of Spring Security, the authority control management model of RBAC, and parsed the login authentication logic source code of Spring Security, and so on. All our user, role, and permission information is written in the configuration file, but in the actual business system, this information is usually stored in the database table of the RBAC permission model. Let's review the core concepts:

The permission model of RBAC can obtain one or more roles assigned to the user from the user, and multiple permissions of the role can be obtained from the user's role. The role information and permission information of a user can be obtained through the association query. In the article on source code parsing, we know that if we don't want users, roles, and permissions to be written in the configuration. We should implement the interface between UserDetails and UserDetailsService to dynamically load this information from the database or other storage.

The above is a summary of some core basic knowledge, if you are not very clear about this knowledge, it is recommended that you read on to this article. If it is still difficult to understand after reading this article, it is recommended that you read the previous article.

II. Interface between UserDetails and UserDetailsService

The UserDetailsService interface has a method called loadUserByUsername, which we implement to dynamically load user, role, and permission information. Function see the meaning of the name: load the user through the user name. The return value of this method is UserDetails. UserDetails is the user information, that is, the user name, password, and permissions that the user has.

Let's take a look at the methods of the UserDetails interface.

Public interface UserDetails extends Serializable {/ / get the user's permission set Collection

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.