环境
springboot2.1.8
spring security 5
详细
pom.xml
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.1.8.RELEASE</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<groupId>com.hhy</groupId>
<artifactId>springboot-00-securitysql</artifactId>
<version>0.0.1-SNAPSHOT</version>
<packaging>war</packaging>
<name>springboot-00-securitysql</name>
<description>Demo project for Spring Boot</description>
<properties>
<java.version>1.8</java.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-devtools</artifactId>
<scope>runtime</scope>
<optional>true</optional>
</dependency>
<!-- <dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-tomcat</artifactId>
<scope>provided</scope>
</dependency>-->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-test</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>
目录
- 如上图所示在蓝色那一条就是我创建的自定义加密方法
- 然后你自己创建一个类MyPasswordEncoder
- MyPasswordEncoder
package com.hhy.security.config;
import org.apache.commons.logging.Log;
import org.springframework.security.crypto.bcrypt.BCrypt;
import org.springframework.security.crypto.password.PasswordEncoder;
/**
* @author hhy
* @date 2019/9/15 - 10:52
*/
public class MyPasswordEncoder implements PasswordEncoder {
@Override
public String encode(CharSequence charSequence) {
System.out.println(charSequence);
String result = BCrypt.hashpw(charSequence.toString(), BCrypt.gensalt());
System.out.println(result);
return result;
}
@Override
public boolean matches(CharSequence charSequence, String encodedPassword) {
System.out.println("用了验证"+encodedPassword);
if (encodedPassword != null && encodedPassword.length() != 0) {
return BCrypt.checkpw(charSequence.toString(), encodedPassword);
} else {
System.out.println("Empty encoded password");
return false;
}
}
}
3.其中encode方法是传入密码加密,matches是传入密码不加密直接Hash处理对比和数据库密码。charSequence是看不见的,但是它确实传进来了userNotFoundPassword
详细https://blog.csdn.net/J_bean/article/details/78031544
4.创建好自义定密码加密后去自己的
5. Spring…Config是spring security配置
6.
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private MyUserService myUserService;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.userDetailsService(myUserService)
.passwordEncoder(new MyPasswordEncoder());//例如放这里
auth.jdbcAuthentication()
.usersByUsernameQuery("")
.authoritiesByUsernameQuery("")
.passwordEncoder(new MyPasswordEncoder()); //例如放这里
}
7.把自义定加密方法放在上图new MyPasswordEncoder()
出现的地方就是你配置spring security的地方
你也可以用已存在的方法替换,例如new BCryptPasswordEncoder()
https://blog.csdn.net/yueloveme/article/details/83067936借来的图,他这里也讲了加密你也可以去看看
说实话就是自己创建一个类然后implements PasswordEncoder 然后覆盖那2个方法自己写加密,然后用在Spring…Config里