上篇讲了如何简单实现security功能,但只能使用框架指定的账号密码,不符合我们的应用场景。这篇讲一下如何使用数据库账号密码实现登录流程
首先,还是创建我们的项目
然后是数据库的设计
然后是用户controller层的代码 UserController.java
@RestController
@RequestMapping("user")
public class UserController {
@Autowired
UserService userService;
@RequestMapping("/list")
public List list() {
List list = userService.getList();
return list;
}
}
健康检查类controller层的代码 UserController.java
@RestController
@RequestMapping("ok")
public class OkController {
@RequestMapping("")
public String ok() {
System.out.println("security1 ok!");
return "security1 ok!";
}
}
security配置文件 WebSecurityConfig.java
@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
private static final String[] AUTH_WHITELIST = {
"/ok
private String username;
private String password;
private Set authorities;
private boolean accountNonExpired;
private boolean accountNonLocked;
private boolean credentialsNonExpired;
private boolean enabled;
@Override
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
@Override
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
@Override
public Set getAuthorities() {
return authorities;
}
public void setAuthorities(Set authorities) {
this.authorities = authorities;
}
@Override
public boolean isAccountNonExpired() {
return accountNonExpired;
}
public void setAccountNonExpired(boolean accountNonExpired) {
this.accountNonExpired = accountNonExpired;
}
@Override
public boolean isAccountNonLocked() {
return accountNonLocked;
}
public void setAccountNonLocked(boolean accountNonLocked) {
this.accountNonLocked = accountNonLocked;
}
@Override
public boolean isCredentialsNonExpired() {
return credentialsNonExpired;
}
public void setCredentialsNonExpired(boolean credentialsNonExpired) {
this.credentialsNonExpired = credentialsNonExpired;
}
@Override
public boolean isEnabled() {
return enabled;
}
public void setEnabled(boolean enabled) {
this.enabled = enabled;
}
}
然后是在配置文件中配置我们自己创建的这个类,以及指定加密方式
package com.mu.security2.security;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
MyUserDetailsService userDetailsService;
private static final String[] AUTH_WHITELIST = {
"/ok/**"
};
// 配置 URL 访问权限
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests() // 开启 HttpSecurity 配置
.antMatchers(AUTH_WHITELIST).permitAll().anyRequest().authenticated() // 用户访问其它URL都必须认证后访问(登录后访问)
.and().formLogin() // 开启表单登录
.and().csrf().disable(); // 关闭csrf
}
// 配置用户及其对应的角色
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService);
}
//指定密码的加密方式
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
}
我们启动来试一下
控制台没有打印密码,用我们数据库的账号密码来尝试登录
页面显示了Bad credentials,密码错误,看一下控制台
原因呢是因为框架会将前端传过来的密码进行加密,然后再与我们注入的账号密码进行比对。因此我们复制控制台打印的加密后的密码到数据库中(建议数据库存储加密后的密码,防止密码泄露问题)。
成功用账号zx密码123登陆啦
本篇记录就到此结束了,如果本篇文章对您有所帮助可以点个赞,不胜感激。如果内容有不对的地方或者有侵犯权益的地方也欢迎留言联系我。
源码地址
https://gitee.com/zhangxin2048/security
附参考博客
基础登录demo
基础介绍
