03-spring boot 2.6.2 spring security 基于配置类设计用户名和密码
更多关注:JeeGit 5.0 企业级快速开发平台
通过这种方式配置之后,上一集的配置类则无效了。
这里面涉及向内存中追加用户并配置密码策略。
我采用的是直接配置密码策略,有些人也会采用其他的密码策略。
NoOpPasswordEncoder 过时废弃的无密码策略 写方一package com.godzt.jeegit.web.config;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
@Configuration
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter{
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
// TODO Auto-generated method stub
// super.configure(auth);
auth.inMemoryAuthentication().passwordEncoder(NoOpPasswordEncoder.getInstance()).withUser("admin").password("admin").roles("admin");
auth.inMemoryAuthentication().passwordEncoder(NoOpPasswordEncoder.getInstance()).withUser("jeegit").password("admin").roles("admin");
}
}
默认缺省的BCryptPasswordEncoder 策略
这个 大家要知道,密码加密 解密的算法有很多中,具体想看自己到底有多少种密码加密策略,可以利用ctrl+t ,查看 PasswordEncoder 接口的实现类。
package com.godzt.jeegit.web.config;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
@Configuration
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter{
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
// TODO Auto-generated method stub
// super.configure(auth);
BCryptPasswordEncoder bCryptPasswordEncoder=new BCryptPasswordEncoder();
auth.inMemoryAuthentication().withUser("admin").password(bCryptPasswordEncoder.encode("admin")).roles("admin");
auth.inMemoryAuthentication().withUser("jeegit").password(bCryptPasswordEncoder.encode("admin")).roles("admin");
}
@Bean
PasswordEncoder password() {
return new BCryptPasswordEncoder();
}
}
更多关注:JeeGit 5.0 企业级快速开发平台
