登录的用户名怎么验证是数据库的

利用 UserDetailsService 和PasswordEncoder 来验证。

UserDetails 是由 UserDetailsService 返回的，由 DaoAuthenticationProvider 来验证 UserDetails，然后返回一个 Authentication

这个 Authentication 持有一个 principal

这个 principal 就是 UserDetailsService 返回的 UserDetails

DaoAuthenticationProvider 是 AuthenticationProvider 接口的一种实现，

DaoAuthenticationProvider 用 UserDetailsService 来获取用于比对的、真实正确的用户名、密码等信息。

Spring Security 对 UserDetailsService 接口默认提供了 in-memory 和 JDBC 两种实现

为了自定义认证，要暴露出一个自己实现的 UserDetailsService Bean

密码加密由 PasswordEncoder 处理，可以暴露一个 PasswordEncoder Bean 来定制

DaoAuthenticationProvider 是 AuthenticationProvider 接口的一种实现，利用 UserDetailsService 和 PasswordEncoder 来认证一对用户名密码

//这是我以前写的核对数据库实现登陆的方法，你只看jdbc部分就好，我还特地给你加了点注释\x0d\x0aString sql = "select username,password from account"\x0d\x0aString user = request.getParameter("user")\x0d\x0aString pass = request.getParameter("password")\x0d\x0aint j = 0\x0d\x0aConnection conn = null\x0d\x0aPreparedStatement ps = null\x0d\x0aResultSet rs = null\x0d\x0atry {\x0d\x0aconn = JDBCTools1.getConnection()\x0d\x0aps = conn.prepareStatement(sql)\x0d\x0ars = ps.executeQuery()\x0d\x0a//从表中查询获取所有账户的用户名&密码的ResultSet 对象\x0d\x0awhile(rs.next()){\x0d\x0aint i = 0\x0d\x0a\x0d\x0aString username[] = new String[10]//用户名数组\x0d\x0aString password[] = new String[10]//密码数组\x0d\x0ausername[i] = rs.getString(1)\x0d\x0apassword[i] = rs.getString(2)\x0d\x0aif(user.equals(username[i])&&pass.equals(password[i])){//比对\x0d\x0aresponse.getWriter().print("you are welcome!")\x0d\x0aj++\x0d\x0a}else if(user.equals(username[i])&&!pass.equals(password[i])){\x0d\x0aresponse.getWriter().println("the realy password is :"+ username[i] +","+password[i]+"\r\n")\x0d\x0aresponse.getWriter().println("and you password is :"+user +","+pass+" :so the username or password may not right")\x0d\x0aj++\x0d\x0a}else{\x0d\x0acontinue\x0d\x0a}\x0d\x0ai++\x0d\x0a}\x0d\x0aif(j == 0){\x0d\x0aresponse.getWriter().println("Your username may not be properly")\x0d\x0a}\x0d\x0a} catch (Exception e) {\x0d\x0ae.printStackTrace()\x0d\x0a}finally{\x0d\x0aJDBCTools1.release(rs, ps, conn)\x0d\x0a}\x0d\x0a//这是我JDBCTools的getConnection方法\x0d\x0agetConnection{\x0d\x0aString driverClass = oracle.jdbc.driver.OracleDriver\x0d\x0aString jdbcUrl = jdbc:oracle:thin:@localhost:1521:orcl\x0d\x0a//你的数据库的用户名密码\x0d\x0aString user = null\x0d\x0aString password = null\x0d\x0a// 通过反射创建Driver对象\x0d\x0aClass.forName(driverClass)\x0d\x0areturn DriverManager.getConnection(jdbcUrl, user, password)}\x0d\x0a//这是我JDBCTools的release方法\x0d\x0apublic static void release(ResultSet rs, Statement statement,\x0d\x0aConnection conn) {\x0d\x0aif (rs != null) {\x0d\x0atry {\x0d\x0ars.close()\x0d\x0a} catch (SQLException e) {\x0d\x0ae.printStackTrace()\x0d\x0a}\x0d\x0a}\x0d\x0a\x0d\x0aif (statement != null) {\x0d\x0atry {\x0d\x0astatement.close()\x0d\x0a} catch (Exception e2) {\x0d\x0ae2.printStackTrace()\x0d\x0a}\x0d\x0a}\x0d\x0a\x0d\x0aif (conn != null) {\x0d\x0atry {\x0d\x0aconn.close()\x0d\x0a} catch (Exception e2) {\x0d\x0ae2.printStackTrace()\x0d\x0a}\x0d\x0a}\x0d\x0a}

---