SpringSecurity的Web认证的三种方式
1.通过配置文件设置
spring:
security:
user:
name: user
password: 123456
2.通过配置类设置
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
PasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
String password = passwordEncoder.encode("123");
auth.inMemoryAuthentication().withUser("dtccode").password(password).roles("admin");
}
@Bean
PasswordEncoder passwordEncoder(){
return new BCryptPasswordEncoder();
}
}
3.通过自定义实现类设置—(一般都用这种方式)
@Configuration
public class MySecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private UserDetailsService userDetailsService;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
}
@Bean
PasswordEncoder passwordEncoder(){
return new BCryptPasswordEncoder();
}
}
@Service("userDetailsService")
public class MyUserDetailsService implements UserDetailsService {
@Autowired
private UserMapper userMapper;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
QueryWrapper<UserEntity> wrapper = new QueryWrapper();
wrapper.eq("username",username);
UserEntity userEntity = userMapper.selectOne(wrapper);
if(userEntity == null){
System.out.println("--------为什么不抛异常?BUG?--------");
throw new UsernameNotFoundException("没有此用户!");
}
List<GrantedAuthority> auths =
AuthorityUtils.commaSeparatedStringToAuthorityList("admin,root,guest");
return new User(userEntity.getUsername(),new BCryptPasswordEncoder().encode(userEntity.getPassword()),auths);
}
}