Springsecuri设置登录账号密码
1:通过配置文件(properties或者yml)spring.security.user.name或者password
2:通过配置类设置@Configuration+extends WebSecurityConfigurerAdapter
auth.inMemoryAuthentication().withUser(“ysq”).password(new BCryptPasswordEncoder(“123456”)).roles(“admin”);
3:自定义编写实现类,继承WebSecurityConfigurerAdapter,auth.userDetailsService(UserDetailsService的实现类).passwordEncoder(new BCryptPasswordEncoder());
@Component
public class CustomSecurityDetails implements UserDetailsService {
private UserService userService;
// public CustomSecurityDetails(UserService userService) {
// this.userService = userService;
// }
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
// SysUser sysUser = userService.findByUserName(username);
//
// User.UserBuilder userBuilder = User.builder()
// .username(sysUser.getName())
// .password(sysUser.getPassword());
// List<String> roles = new ArrayList<String>();
List<GrantedAuthority> authors = AuthorityUtils.commaSeparatedStringToAuthorityList("role");
if (!"jxx".equals(username)) {
throw new UsernameNotFoundException("用户名或密码错误");
}
System.out.println(username);
return new User("jxx",new BCryptPasswordEncoder().encode("1234568"),authors);
}
DaoAuthenticationProvider 这个里面有个additionalAuthenticationChecks实现方法,里面根本没有验证账户,只验证的密码。所以在测试自定义编写实现类时加入了对用户名的判断。
以上只提供参考方法,实际开发肯定是要去数据库查询数据的。也就是在loadUserByUsername去数据库查询出数据再匹配。