springsecurity自定义userService和认证逻辑(在springboot中)

看了一下感觉这东西还挺难的，得写点什么来总结一下。

1.要启用springsecurity很简单只需要在pom.xml中添加相关依赖就行了

<dependency>
<groupId>org.springframework.boot</groudId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>

2.准备User类和Role类，这里直接用JPA

@Entity(name = "t_user")
public class User implements UserDetails {
   
       
               
    @Id
    @GeneratedValue(strategy = GenerationType.IDENTITY)
    private Long id;

    private String username;

    private String password;

    private boolean accountNonExpired;

    private boolean accountNonLocked;

    private boolean credentialsNonExpired;

    private boolean enabled;

    @ManyToMany(fetch = FetchType.EAGER,cascade = CascadeType.PERSIST)
    private List<Role> roles;



    @Override
    public Collection<? extends GrantedAuthority> getAuthorities() {
   
   
        List<SimpleGrantedAuthority> authorities = new ArrayList<>();
        for(Role role:getRoles()){
   
   
            authorities.add(new SimpleGrantedAuthority(role.getName()));
        }

        return authorities;
        
    }

    @Override
    public String getPassword() {
   
   
        return password;
    }

    @Override
    public String getUsername() {
   
   
        return username;
    }

    @Override
    public boolean isAccountNonExpired() {
   
   
        return accountNonExpired;
    }

    @Override
    public boolean isAccountNonLocked() {
   
   
        return accountNonLocked;
    }

    @Override
    public boolean isCredentialsNonExpired() {
   
   
        return credentialsNonExpired;
    }

    @Override
    public boolean isEnabled() {
   
   
        return enabled;
    }

    //下面是基本的getter和setter

    public Long getId() {
   
   
        return id;
    }

    public void setId(Long id) {
   
   
        this.id = id;
    }

    public void setUsername(String username) {
   
   
        this.username = username;
    }

    public void setPassword(String password) {
   
   
        this.password = password;
    }

    public void setAccountNonExpired(boolean accountNonExpired) {
   
   
        this.accountNonExpired = accountNonExpired;
    }

    public void setAccountNonLocked(boolean accountNonLocked) {
   
   
        this.accountNonLocked = accountNonLocked;
    }

    public void setCredentialsNonExpired(boolean credentialsNonExpired) {
   
   
        this.credentialsNonExpired = credentialsNonExpired;
    }

    public void setEnabled(boolean enabled) {
   
   
        this.enabled = enabled;
    }

    public List<Role> getRoles() {
   
   
        return roles;
    }

    public void setRoles(List<Role> roles) {
   
   
        this.roles = roles;
    }
}

用户实体类主要需要实现 UserDetails 接口，并实现接口中的方法。

这里的字段基本都好理解，几个特殊的我来稍微说一下：

accountNonExpired、accountNonLocked、credentialsNonExpired、enabled 这四个属性分别用来描述用户的状态，表示账户是否没有过期、账户是否没有被锁定、密码是否没有过期、以及账户是否可用。
roles 属性表示用户的角色，User 和 Role 是多对多关系，用一个 @ManyToMany 注解来描述。
getAuthorities 方法返回用户的角色信息，我们在这个方法中把自己的 Role 稍微转化一下即可。
3.定义UserDao和UserService

public interface UserDao extends JpaRepository<User,Long> {
   
   

    User findUserByUsername(String username);
}

@Service
public class UserService implements UserDetailsService {
   
   
    @Autowired
    UserDao userDao;

    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
   
   
        User user = userDao.findUserByUsername(username);
        if(user==null){
   
   
            throw new UsernameNotFoundException("用户不存在");
        }
        return user;
    }
}

4.前端定义了一组页面，分别划归3个不同得权限
在首页中写了个table并放上三类页面的超链接

<!DOCTYPE html>
<html lang="en" xmlns:th="http://www.thymeleaf.org"
                xmlns:sec="http://www.thymeleaf.org/thymeleaf-extras-springsecurity5">
<head>
    <meta charset="UTF-8">
    <title>securitytest</title>
</head>