引入pom
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
创建一个实体类Account并实现UserDetails
package com.zhisen.uud.dao.entity;
import java.util.ArrayList;
import java.util.Collection;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
public class Account implements UserDetails{
private Integer id;
private String userName;
private String password;
Collection<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
@Override
public Collection<GrantedAuthority> getAuthorities() {
// TODO Auto-generated method stub
return this.authorities;
}
@Override
public String getPassword() {
// TODO Auto-generated method stub
return this.password;
}
@Override
public String getUsername() {
// TODO Auto-generated method stub
return this.userName;
}
@Override
public boolean isAccountNonExpired() {
// TODO Auto-generated method stub
return true;
}
@Override
public boolean isAccountNonLocked() {
// TODO Auto-generated method stub
return true;
}
@Override
public boolean isCredentialsNonExpired() {
// TODO Auto-generated method stub
return true;
}
@Override
public boolean isEnabled() {
// TODO Auto-generated method stub
return true;
}
public Integer getId() {
return id;
}
public void setId(Integer id) {
this.id = id;
}
public void setUserName(String userName) {
this.userName = userName;
}
public void setPassword(String password) {
this.password = password;
}
}
在第一个config类中注入一个bean(用于加密密码);
package com.zhisen.uud.config;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
@Configuration
public class AppConfig {
@Bean
public PasswordEncoder getPasswordEncoder(){
//传说两次加密同一个代码的出的结果不一样
return new BCryptPasswordEncoder();
}
}
创建一个实现类,并实现UserDetailsService接口
package com.zhisen.uud.service.impl;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Service;
import com.zhisen.uud.dao.entity.Account;
@Service
//只负责提供信息,不负责验证
public class UserDetailServiceImpl implements UserDetailsService{
@Autowired
PasswordEncoder passwordEncoder;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
//TODO:使用username参数到后台查询用户信息,使用username参数到数据库查询权限信息
Account account = new Account();
account.setId(0);
// admin 是数据库中正式存在的一个账号(登录名称)
account.setUserName("admin");
// 加密过程在后续连接数据库后应该取消
account.setPassword(this.passwordEncoder.encode("123456"));
// 该列表应该从数据库查询出来
List<String> permisons = new ArrayList<String>();
permisons.add("orede_search");
// 如果名称不存在,应该抛出异常 UsernameNotFoundException
for (String permisonsStr : permisons) {
GrantedAuthority grantedAuthority = new SimpleGrantedAuthority(permisonsStr);
account.getAuthorities().add(grantedAuthority);
}
return account;
}
}
创建第二个config类并继承WebSecurityConfigurerAdapter类:
package com.zhisen.uud.config;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter{
@Autowired
private UserDetailsService userDetailsService;
// 认证管理器,security,负责管理认证,能不能登录。
@Bean
public AuthenticationManager authenticationManager() throws Exception{
return super.authenticationManager();
}
// 初始化认证管理器
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
// TODO Auto-generated method stub
// 指定使用自己定的类来加载
auth.userDetailsService(userDetailsService);
}
}
在浏览器中输入ip地址加项目端口
能够登进去表示成功!
直接在地址上输入接口的地址(表示成功):
如果你是第一次登录,并且没有在service的实现类中设置其他的账号密码。则会在控制台中输出一长串密码,输入即可。
如果你没有登录,你直接输入接口内容,则会弹出到login页面。并且在你登录之后自动跳转。
以上就是SpringSecurity认证在Springboot下的简单使用,后续还会添加授权等内容,敬请期待。
制作整理不易,以上内容均为原创(参考了部分官方文档和老师整理的案例)。如要引用请附上本文链接,如有疑问可以在评论区畅所欲言,作者看到会第一时间回复,欢迎交流!