spring-securtity设置用户名和密码的方式
一.通过配置文件设置用户名和密码
明文方式配置用户名和密码
二。通过配置类设置用户名和密码
package com.example.securitydemo.config; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder; @Configuration public class SecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { BCryptPasswordEncoder bCryptPasswordEncoder = new BCryptPasswordEncoder(); String mypassword = bCryptPasswordEncoder.encode("mypassword"); auth.inMemoryAuthentication().withUser("myname").password(mypassword).roles("admin"); } @Bean PasswordEncoder passwordEncoder(){ return new BCryptPasswordEncoder(); } }
三.自定义实现类
1.创建配置类,设置使用那个userDetailsService实现类
package com.example.securitydemo.config; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder; @Configuration public class SecurityConfigTest extends WebSecurityConfigurerAdapter { @Autowired protected UserDetailsService userDetailsService; @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder()); } @Bean PasswordEncoder passwordEncoder(){ return new BCryptPasswordEncoder(); } }
2.编写实现类,返回User对象,User对象有用户密码和操作权限
package com.example.securitydemo.service; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.AuthorityUtils; import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UsernameNotFoundException; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.stereotype.Service; import java.util.List; @Service("userDetailsService") public class MyUserDetailService implements UserDetailsService { @Override public UserDetails loadUserByUsername(String s) throws UsernameNotFoundException { List<GrantedAuthority> auths = AuthorityUtils.commaSeparatedStringToAuthorityList("role") return new User("newname",new BCryptPasswordEncoder().encode("123456"),auths); } }
3.查询数据库完成用户认证
第一步 引入相关依赖
<dependency>
<groupId>com.baomidou</groupId>
<artifactId>mybatis-plus-boot-starter</artifactId>
<version>3.0.5</version>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
</dependency>
第二步 创建数据库和数据库表
第三步 创建users表对应的实体类
package com.example.securitydemo.entity; import lombok.Data; @Data public class Users { private Integer id; private String username; private String password; }
第四步 整合mybatis-plus 创建接口 继承mybatis-plus的接口
package com.example.securitydemo.mapper; import com.baomidou.mybatisplus.core.mapper.BaseMapper; import com.example.securitydemo.entity.Users; public class UsersMapper extends BaseMapper<Users> { }
第五步 在MyUserDetailsService调用mapper里面的方法查询数据库进行用户认证
package com.example.securitydemo.service; import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper; import com.example.securitydemo.entity.Users; import com.example.securitydemo.mapper.UsersMapper; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.AuthorityUtils; import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UsernameNotFoundException; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.stereotype.Service; import java.util.List; @Service("myUserDetailsService") public class MyUserDetailService implements UserDetailsService { @Autowired private UsersMapper usersMapper; @Override public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { //调用usersMapper方法查询数据库,根据用户名查询 QueryWrapper<Users> wrapper = new QueryWrapper(); wrapper.eq("username",username); Users users = usersMapper.selectOne(wrapper); if(users == null){ throw new UsernameNotFoundException("用户名不存在"); } List<GrantedAuthority> auths = AuthorityUtils.commaSeparatedStringToAuthorityList("role"); return new User(users.getUsername(),new BCryptPasswordEncoder().encode(users.getPassword()),auths); } }
第六步 在启动类添加注解@MapperScan
@SpringBootApplication @MapperScan("com.example.securitydemo.mapper") public class SecuritydemoApplication { public static void main(String[] args) { SpringApplication.run(SecuritydemoApplication.class, args); } }
浙公网安备 33010602011771号