【SpringBoot】整合SpringSecurity框架

一、整合Springsecurity二、自定义登录验证信息

2.1 自定义登陆页面2.2 自定义登录认证

【SpringBoot】整合SpringSecurity框架一、整合Springsecurity

引入依赖


    org.springframework.security
    spring-security-test
    test

重启项目

会自动跳转到SpringSecurity提供的登陆页面

登陆的用户名是：user

登陆的密码在启动项目的过程中，已经在日志中输出

二、自定义登录验证信息 2.1 自定义登陆页面

新建自定义的登录html

创建SpringSecurity的配置类

package com.example.config;

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;


@Configuration
@EnableWebSecurity//放开SpringSecurity
public class SpringSecurityConfig  extends WebSecurityConfigurerAdapter {

    
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.formLogin()
                .loginPage("/login.html") // 指定自定义的登录界面
                .loginProcessingUrl("/login.do") // 必须和登录表单的 action一致
                .and()
                .authorizeRequests() // 定义哪些资源被保护
                .antMatchers("/login.html")
                .permitAll() // login.html可以匿名访问
                .anyRequest()
                .authenticated(); //出来登录页面其他都需要认证
        http.csrf().disable();// 禁用跨越攻击
    }
}

注意点

表单的登录action必须和配置类中的loginProcessingUrl一致此时的账号密码还是系统生成的

2.2 自定义登录认证

修改配置类

package com.example.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;


@Configuration
@EnableWebSecurity//放开SpringSecurity
public class SpringSecurityConfig  extends WebSecurityConfigurerAdapter {

    @Autowired
    private UserDetailsService userDetailsService;

    
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        // 配置自定义的账号密码
        // auth.inMemoryAuthentication()
        //         .withUser("zhang")
        //         .password("{noop}123")//加{noop}代表不使用密码验证
        //         .roles("USER");// 用户具有的角色
        //获得BCryptPasswordEncoder加密编码
        BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
        //加密操作
        //encoder.encode("123");
        //对密码不加密的话，在自定义的配置类中加上{noop}
        //auth.userDetailsService(userDetailsService);
        auth.userDetailsService(userDetailsService).passwordEncoder(encoder);
    }

    
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.formLogin()
                .loginPage("/login.html") // 指定自定义的登录界面
                .loginProcessingUrl("/login.do") // 必须和登录表单的 action一致
                .and()
                .authorizeRequests() // 定义哪些资源被保护
                .antMatchers("/login.html")
                .permitAll() // login.html可以匿名访问
                .anyRequest()
                .authenticated(); //出来登录页面其他都需要认证
        http.csrf().disable();// 禁用跨越攻击
    }
}

取得UserDetailService对象

自定义接口，实现UserDetailService接口

package com.example.service;

import org.springframework.security.core.userdetails.UserDetailsService;

public interface IUserDetailService extends UserDetailsService {

}

自定义接口实现类

package com.example.service.impl;

import org.springframework.security.core.userdetails.User;
import com.example.service.IUserDetailService;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UsernameNotFoundException;

import java.util.ArrayList;
import java.util.List;

public class UserDetailServiceImpl implements IUserDetailService {

    
    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
        // 模拟数据库操作 根据账号查询
        String password = "456";
        // 假设查询出来的用户的角色
        List list = new ArrayList<>();
        list.add(new SimpleGrantedAuthority("USER1"));
        
        UserDetails userDetails = new User(username,password,list);
        return userDetails;
    }
}

注意点

密码可以通过用户名去数据库查询权限可以通过用户名去数据库查询

【SpringBoot】整合SpringSecurity框架

自定义登录页面

Java相关栏目本月热门文章