Spring Security自定义配置登录

这里采用自定义配置类方法，进行登录验证，springboot整合springSecurity

---

二、步骤

1、添加依赖

<!-- https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-starter-security -->
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency>

2、创建MyUserDetailsService 实现UserDetailsService接口

这个类的作用就是去获取用户信息,比如从数据库中获取。 这样的话,AuthenticationManager在认证用户身份信息的时候，就会从中获取用户信息,与从http中拿的用户身份做对比。

import com.gh.dao.PersonDao;
import com.gh.entity.Person;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Service;
import java.util.List;

@Service
public class MyUserDetailsService implements UserDetailsService {
    @Autowired
    PersonDao personDao;
    @Autowired
    PasswordEncoder passwordEncoder;
    /**
     *  得到用户设置详细信息的对象
     * @param name
     * @return
     * @throws UsernameNotFoundException
     */
    @Override
    public UserDetails loadUserByUsername(String name) throws UsernameNotFoundException {
        List<GrantedAuthority> authorities = AuthorityUtils.commaSeparatedStringToAuthorityList("");
        /**
         * 使用此用户名向数据库发起查询
         *  查询得到此用户的所有信息--密码
         *  把次用户封装成对象
         */
        Person person = personDao.selectPersonByName(name);//通过姓名查询到person,以便获取密码。
        
        if(person!=null){
        	 //创建user对象的时候传入查询得到的密码(import org.springframework.security.core.userdetails.User;)
        	 
            User user = new User(name, passwordEncoder.encode(person.getPassword()), authorities);
            return user;
        }
        return null;
    }
}

3、创建配置类，继承WebSecurityConfigurerAdapter类

WebSecurityConfigurerAdapter 类是个适配器, 在配置的时候,需要我们自己写个配置类去继承他,然后编写自己所特殊需要的配置

import com.gh.service.MyUserDetailsService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.password.PasswordEncoder;

@Configuration
public class SecurityConfigration extends WebSecurityConfigurerAdapter {
	//注入密码编码器
    @Autowired
    PasswordEncoder passwordEncoder;
     //注入用户认证信息
    @Autowired
    MyUserDetailsService myUserDetailsService;

	//重写configure方法
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
	//        auth.inMemoryAuthentication().withUser("zahngsan")
	//                .password(passwordEncoder.encode("123456"))
	//                .roles();这里是不使用MyUserDetailsService类的情况下，硬编码指定用户名及密码
        auth.userDetailsService(myUserDetailsService);
    }
}

4、测试运行

import org.mybatis.spring.annotation.MapperScan;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.context.annotation.Bean;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;

@SpringBootApplication
@MapperScan(basePackages = "com.gh")
public class SpandthyApplication {

	//创建将密码编译器对象并注入bean工厂
    @Bean
    public static PasswordEncoder passwordEncoder(){
        return new BCryptPasswordEncoder();
    }
    
    public static void main(String[] args) {
        SpringApplication.run(SpandthyApplication.class, args);
    }

}