SpringSecurity设置登录账号密码的三种方式

SuperChay

5131人浏览 · 2022-08-16 16:15:19

SuperChay · 2022-08-16 16:15:19 发布

一、SpringBoot整合SpringSecurity：

1.新建SpringBoot工程，引入SpringSecurity依赖

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency>

2.编写一个测试Controller

@RestController
@RequestMapping("/test")
public class HelloController {

    @GetMapping("hello")
    public String hello() {
        return "hello";
    }
}

3.修改访问端口（默认8080）

4.启动SpringBoot工程，访问http://localhost:8001/test/hello

如上自动跳转到登录页面，输入账号user,密码在控制台输出，如下所示

5.查看是否登录成功（如下所示即为登录成功）

二、自定义账号密码的三种方式

1、方式一：通过配置文件

spring.security.user.name=admin
spring.security.user.password=111111

如上所示，修改配置文件后，重新启动服务及修改为上面的登录账号和密码

2.方式二：通过配置类

2.1.新建一个配置类,继承 WebSecurityConfigurerAdapter，并重写configure()方法

package com.atguigu.securitydemo.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;

/**
 * @author cy
 * @create 2022-08-16 15:33
 */
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
        String password = passwordEncoder.encode("123");
        auth.inMemoryAuthentication().withUser("lucy").password(password).roles("admin");
    }

    @Bean
    PasswordEncoder password() {
        return new BCryptPasswordEncoder();
    }
}

3.方式三：自定义编写配置类（常用）

第一步：编写配置类，设置使用那个userDetailsService实现类

package com.atguigu.securitydemo.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;

/**
 * @author cy
 * @create 2022-08-16 15:33
 */
@Configuration
public class SecurityConfigTest extends WebSecurityConfigurerAdapter {

    @Autowired
    private UserDetailsService userDetailsService;

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService).passwordEncoder(password());
    }

    @Bean
    PasswordEncoder password() {
        return new BCryptPasswordEncoder();
    }
}

第二步：编写实现类，返回User对象，User对象有用户名密码和操作权限

注意：@Service("userDetailsService")里的userDetailsService要和SecurityConfigTest类中注入的private UserDetailsService userDetailsService保持一致。

package com.atguigu.securitydemo.service;

import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.stereotype.Service;

import java.util.List;

/**
 * @author cy
 * @create 2022-08-16 15:51
 */
@Service("userDetailsService")
public class MyUserDetailService implements UserDetailsService {

    @Override
    public UserDetails loadUserByUsername(String s) throws UsernameNotFoundException {
        List<GrantedAuthority> auths = AuthorityUtils.commaSeparatedStringToAuthorityList("role");
        return new User("mary",new BCryptPasswordEncoder().encode("123"),auths);
    }
}

暂时这样写，实际需要通过查询数据库，完善用户信息。因为User实现了UserDetails接口，所以返回值直接new一个User对象。

三、Demo地址

securitydemo: SpringSecurityDemo