springboot(2.0)配置spring security
github:jpa多数据源配置
项目名:springboot-security
注意事项
- spring security(5.0)去除了明文密码,统一需要对密码进行加密
- 注意filter对静态资源(css,img,js)不进行过滤
- spring security 的GrantedAuthority只能对role或permission进行授权,不能同时包含两种类型。所以需要重写接口PermissionEvaluator 对permission进行授权
配置流程
- 配置实体类(user )implements UserDetails并重写方法
- 实现implements UserDetailsService接口(重写loadUserByUsername(String s))获取数据库实例。
- 配置WebSecurityConfig(extends WebSecurityConfigurerAdapter)重写configure(AuthenticationManagerBuilder auth)验证方式。和protected void configure(HttpSecurity http)拦截器链
代码展示(主要代码具体请看github)
user实体类
@Entity
public class SysUser implements UserDetails {
@Id
@GeneratedValue
private Long id;
private String username;
private String password;
@ManyToMany(cascade = {CascadeType.REFRESH},fetch = FetchType.EAGER)
private List<SysRole> roles;
//授权role
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
List<GrantedAuthority> auths = new ArrayList<>();
List<SysRole> roles = this.getRoles();
for (SysRole role : roles) {
auths.add(new SimpleGrantedAuthority(role.getName()));
}
return auths;
}
@Override
public boolean isAccountNonExpired() {
return true;
}
@Override
public boolean isAccountNonLocked() {
return true;
}
@Override
public boolean isCredentialsNonExpired() {
return true;
}
@Override
public boolean isEnabled() {
return true;
}
MyUserDetailsService(获取数据库对象)
@Service
public class MyUserDetailsService implements UserDetailsService {
@Autowired
private SysUserRepository userRepository;
@Override
public UserDetails loadUserByUsername(String s) throws UsernameNotFoundException {
SysUser user = userRepository.findByUsername(s);
if (user == null) {
throw new UsernameNotFoundException("用户名不存在");
}
return user;
}
}
WebSecurityConfig(配置验证和http拦截链)
@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private MyUserDetailsService myUserDetailsService;
// 配置用户验证
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(myUserDetailsService).passwordEncoder(new BCryptPasswordEncoder());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
// 配置不拦截静态文件
.antMatchers("/css/**").permitAll()
.anyRequest().authenticated()
.and().formLogin().loginPage("/login").failureUrl("/login?error").permitAll()
.and()
.logout()
.permitAll();
}
}
页面展示
输入localhost:8080/login
账号:root 密码:root