接着3.1的文章,显然使用配置好的用户名和随机生成的密码是不好的,因此设置用户名和密码
Security提供了三种方式
方式一:
通过配置文件设置
server:
tomcat:
uri-encoding: UTF-8
port: 8080
servlet:
context-path: /security
spring:
security:
user:
name: ming
password: ming
自行回去测试,项目放在github上,有兴趣文末有链接
方式二:
通过配置类,具体来说就是编写配置类实现WebSecurityConfiguration接口,重写configure方法
由于security默认是把密码加密的,所以别忘要对密码加密
package cn.sysu.config;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
@Configuration
public class SecurityConfig1 extends WebSecurityConfigurerAdapter {
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
BCryptPasswordEncoder bCryptPasswordEncoder = new BCryptPasswordEncoder();
String password = bCryptPasswordEncoder.encode("ming2");
auth.inMemoryAuthentication().withUser("ming2").password(password).roles("admin");
}
@Bean
public PasswordEncoder passwordEncoder(){
return new BCryptPasswordEncoder();
}
}
方式三(最常用):
自定义实现类,因为实际开发所有用户名和密码都保存在数据库中
两个重要的接口
UserDetailsService:用于查询数据库用户名和密码过程
PasswordEncoder:数据加密接口
基本步骤:
- 创建配置类,设置使用哪个UserDetailsService实现类
- 创建实现类,返回User对象(Spring Security自带了),该对象存储了用户基本信息(用户名和密码)及操作权限
package cn.sysu.config;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
@Configuration
public class SecurityConfig2 extends WebSecurityConfigurerAdapter {
@Autowired
private UserDetailsService userDetailsService;
@Autowired
private PasswordEncoder passwordEncoder;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder);
}
@Bean
public PasswordEncoder passwordEncoder(){
return new BCryptPasswordEncoder();
}
}
package cn.sysu.service.impl;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Service;
import java.util.List;
@Service("UserDetailsService")
public class MyUserDetailsServiceImpl implements UserDetailsService {
@Autowired
private PasswordEncoder passwordEncoder;
@Override
public UserDetails loadUserByUsername(String s) throws UsernameNotFoundException {
List<GrantedAuthority> auths = AuthorityUtils.commaSeparatedStringToAuthorityList("role");
return new User("ming3",passwordEncoder.encode("ming3"),auths);
}
}
Github仓库地址
https://github.com/mingweihua/learn_springsecurity