springsecurity从数据库中读取用户及权限

1.数据库表中设置一个权限字段

CREATE TABLE `springsecuritydemo2`.`user` (
  `id` INT NOT NULL AUTO_INCREMENT,
  `username` VARCHAR(45) NOT NULL,
  `password` VARCHAR(90) NOT NULL,
  `sex` VARCHAR(45) NOT NULL,
  `authority` VARCHAR(45) NOT NULL,
  PRIMARY KEY (`id`));

2.向新增数据
这里明文密码是123456，我们直接向数据库存入加密后的密码

INSERT INTO `springsecuritydemo2`.`user` (`id`, `username`, `password`, `sex`, `authority`) VALUES ('1', 'user', '$2a$10$O0LmLvs6sPVR4oy7StpgzuIaZY2jnToS/u38EsWxfKofIBY6W5POm', '男', 'user');
INSERT INTO `springsecuritydemo2`.`user` (`id`, `username`, `password`, `sex`, `authority`) VALUES ('2', 'admin', '$2a$10$O0LmLvs6sPVR4oy7StpgzuIaZY2jnToS/u38EsWxfKofIBY6W5POm', '男', 'user,admin');

3.令user类实现UserDetails接口

@Component
public class UserBean implements UserDetails {

    private int id;
    private String username;
    private String password;
    private String sex;
    private String authority;

    @Override
    public Collection<? extends GrantedAuthority> getAuthorities() {
        String[] authorities = authority.split(",");	//由于数据库中authority字段里面是用","来分隔每个权限
        List<SimpleGrantedAuthority> simpleGrantedAuthorities = new ArrayList<>();
        for (String role : authorities){
            simpleGrantedAuthorities.add(new SimpleGrantedAuthority(role));
        }
        return simpleGrantedAuthorities;
    }

    @Override
    public String getPassword() {
        return password;
    }

    @Override
    public String getUsername() {
        return username;
    }

    @Override
    public boolean isAccountNonExpired() {
        return true;
    }

    @Override
    public boolean isAccountNonLocked() {
        return true;
    }

    @Override
    public boolean isCredentialsNonExpired() {
        return true;
    }

    @Override
    public boolean isEnabled() {
        return true;
    }
}

4.新建mapper文件，用于从数据库中根据username查user

@Mapper
@Component
public interface UserMapper {

    @Select("select * from user where username = #{username}")
    UserBean getUserByUsername(@Param("username") String username);
}

5.编写service逻辑,实现UserDetailsService接口

@Service
public class DBUserDetailsService implements UserDetailsService {

    @Autowired
    private UserMapper userMapper;
    
    @Override
    public UserDetails loadUserByUsername(String s) throws UsernameNotFoundException {
        return userMapper.getUserByUsername(s); //这里没有写密码验证等操作，直接根据username返回UserDetails(User)
    }
}

6.配置类，继承WebSecurityConfigurerAdapter

@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    DBUserDetailsService dbUserDetailsService;

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        //添加自定义的验证器,把步骤5中的service类注入进来，设置加密格式
        auth.userDetailsService(dbUserDetailsService).passwordEncoder(new BCryptPasswordEncoder());
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception { //springsecurity通用配置
        http.csrf().disable();  //关闭CSRF验证
        http.authorizeRequests()
                .antMatchers("/user").hasAuthority("user")  //访问/user接口需要[user]权限
                .antMatchers("/admin").hasAuthority("admin")；//访问/admin接口需要[admin]权限
                
    }
}