Java教程

3.2 学习SpringSecurity--设置用户名和密码

本文主要是介绍3.2 学习SpringSecurity--设置用户名和密码,对大家解决编程问题具有一定的参考价值,需要的程序猿们随着小编来一起学习吧!

接着3.1的文章,显然使用配置好的用户名和随机生成的密码是不好的,因此设置用户名和密码

Security提供了三种方式

方式一:

通过配置文件设置

server:
  tomcat:
    uri-encoding: UTF-8
  port: 8080
  servlet:
    context-path: /security

spring:
  security:
    user:
      name: ming
      password: ming

自行回去测试,项目放在github上,有兴趣文末有链接

方式二:

通过配置类,具体来说就是编写配置类实现WebSecurityConfiguration接口,重写configure方法

由于security默认是把密码加密的,所以别忘要对密码加密

package cn.sysu.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;

@Configuration
public class SecurityConfig1 extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        BCryptPasswordEncoder bCryptPasswordEncoder = new BCryptPasswordEncoder();
        String password = bCryptPasswordEncoder.encode("ming2");
        auth.inMemoryAuthentication().withUser("ming2").password(password).roles("admin");
    }

    @Bean
    public PasswordEncoder passwordEncoder(){
        return new BCryptPasswordEncoder();
    }
}

方式三(最常用):

自定义实现类,因为实际开发所有用户名和密码都保存在数据库中
两个重要的接口
UserDetailsService:用于查询数据库用户名和密码过程
PasswordEncoder:数据加密接口

基本步骤:

  1. 创建配置类,设置使用哪个UserDetailsService实现类
  2. 创建实现类,返回User对象(Spring Security自带了),该对象存储了用户基本信息(用户名和密码)及操作权限
package cn.sysu.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;

@Configuration
public class SecurityConfig2 extends WebSecurityConfigurerAdapter {

    @Autowired
    private UserDetailsService userDetailsService;

    @Autowired
    private PasswordEncoder passwordEncoder;

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder);
    }

    @Bean
    public PasswordEncoder passwordEncoder(){
        return new BCryptPasswordEncoder();
    }
}

package cn.sysu.service.impl;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Service;

import java.util.List;

@Service("UserDetailsService")
public class MyUserDetailsServiceImpl implements UserDetailsService {

    @Autowired
    private PasswordEncoder passwordEncoder;

    @Override
    public UserDetails loadUserByUsername(String s) throws UsernameNotFoundException {
        List<GrantedAuthority> auths = AuthorityUtils.commaSeparatedStringToAuthorityList("role");
        return new User("ming3",passwordEncoder.encode("ming3"),auths);
    }
}

Github仓库地址
https://github.com/mingweihua/learn_springsecurity

这篇关于3.2 学习SpringSecurity--设置用户名和密码的文章就介绍到这儿,希望我们推荐的文章对大家有所帮助,也希望大家多多支持为之网!