spring security 的核心功能主要包括:
认证 (你是谁)
授权 (你能干什么)
攻击防护 (防止伪造身份)
其核心就是一组过滤器链,项目启动后将会自动配置。最核心的就是 Basic Authentication Filter 用来认证用户的身份,一个在spring security中一种过滤器处理一种认证方式。
一、配置加入spring security
在pom文件中加入依赖
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
</dependency>
<dependency>
<groupId>com.baomidou</groupId>
<artifactId>mybatis-plus-boot-starter</artifactId>
<version>3.4.1</version>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
</dependency>
以上依赖,使用spring security 外还需要web lombok mysql mybatis 依赖,后续配置需要
二、配置spring security 的用户名和密码(默认的用户名是User 密码是idea启动时自动生成的)
方法一:在application.properties文件中配置
#spring.security.user.name=sxylkw
#spring.security.user.password=lkwsxy
方法二:在configuration配置类中进行配置
@Configuration
public class SecurityConfigursion extends WebSecurityConfigurerAdapter {
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();//spring security 默认的密码加密方式
String password = passwordEncoder.encode("123");//进行密码加密
auth.inMemoryAuthentication().withUser("sxy").password(password).roles();
}
@Bean //把这个对象加载进spring
public PasswordEncoder password(){
return new BCryptPasswordEncoder();
}
}
方法三:在数据库查找用户名和密码
1.配置类的写法
//配置类
@Configuration
public class SecurityConfigursion1 extends WebSecurityConfigurerAdapter {
@Autowired
private UserDetailsService userDetailsService;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(password());
}
@Bean
public PasswordEncoder password(){
return new BCryptPasswordEncoder();
}
}
2.service层
@Service("userDetailsService")
public class MyUserDetailsService implements UserDetailsService{
@Autowired
private UserMapper userMapper;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
QueryWrapper<Users> uses = new QueryWrapper<>();
uses.eq("username",username);
Users user = userMapper.selectOne(uses);
if(user == null){
throw new UsernameNotFoundException("用户名不存在");
}
List<GrantedAuthority> auth = AuthorityUtils.commaSeparatedStringToAuthorityList("roty");
return new User(user.getUsername(), new BCryptPasswordEncoder().encode(user.getPassworld()), auth);
}
}
3.mapper层
@Mapper
public interface UserMapper extends BaseMapper<Users> {//这是继承mybatis palus的类 类中有相应的sql方法
}
4.相应的数据库实现类
5.配置文件中添加sql 的连接配置
spring.datasource.url=jdbc:mysql://localhost:3307/cs?characterEncoding=utf8&serverTimezone=Asia/Shanghai&useSSL=false
spring.datasource.username=root
spring.datasource.password=root
6.在启动类加上 @mappersan 注解