spring boot 整合 spring security 参见上一篇文章.
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(custProvider);
}
其中custProvider是AuthenticationProvider接口的一个实现类实例
实现AuthenticationProvider接口
@Component
public class CustAuthenticationProvider implements AuthenticationProvider {
@Autowired
private CustUserDetailsService userService;
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
String username = authentication.getName();
String password = (String) authentication.getCredentials();
CustUserDetails userDetials = (CustUserDetails) userService.loadUserByUsername(username);
Collection<? extends GrantedAuthority> authorities = userDetials.getAuthorities();
return new UsernamePasswordAuthenticationToken(userDetials, password, authorities);
}
@Override
public boolean supports(Class<?> arg0) {
return true;
}
}
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
其中CustUserDetailsService是UserDetailsService接口的实现类;CustUserDetails是UserDetails接口的实现类
实现UserDetailsService接口
@Component
public class SnailUserDetailsService implements UserDetailsService {
@Override
public UserDetails loadUserByUsername(String userName) throws UsernameNotFoundException {
return new CustUserDetails();
}
}
重写loadUserByUsername方法,实现依据用户名称从数据库中查找用户的罗辑,并返回UserDetails对象,这里为了简单我就直接创建了一个
实现UserDetails接口
public class CustUserDetails implements UserDetails {
private static final long serialVersionUID = -1922135614793714181L;
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
boolean flag = false;
if (flag) {
return AuthorityUtils.commaSeparatedStringToAuthorityList("");
}
StringBuilder commaBuilder = new StringBuilder();
commaBuilder.append("SUPPER MANAGER");
commaBuilder.append(",");
commaBuilder.append("hello");
commaBuilder.append(",");
commaBuilder.append("view");
return AuthorityUtils.commaSeparatedStringToAuthorityList(commaBuilder.toString());
}
@Override
public String getPassword() {
return "123456";
}
@Override
public String getUsername() {
return "administrator";
}
@Override
public boolean isAccountNonExpired() {
return true;
}
@Override
public boolean isAccountNonLocked() {
return true;
}
@Override
public boolean isCredentialsNonExpired() {
return true;
}
@Override
public boolean isEnabled() {
return true;
}
}
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
主要是实现getAuthorities方法根据用户将用户所有的权限查询出来并返回Collection