默认方式:
当我们没有自定义用户名和密码而使用到了Spring Security这个框架时,会默认的为我们生成一个同户名和密码:用户名为user,密码在Spring启动时的日志里面找
方式一:在配置文件中配置
你可以在application.properties中配置用户名和密码,也可以在application.yml中进行配置,推荐使用application.yml,这里使用application.properties,但所做的配置相同
spring.security.user.name=monster
spring.security.user.password=123456
方式二:在配置类中配置
编写一个配置类,继承
WebSecurityConfigurerAdapter
,重写configure
方法,当我们给密码加密时会用到PasswordEncoder接口实现类的对象,所以我们使用@Bean进行注入
package com.monster.security.config;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
/**
* @author Monster
* @version v1.0
* @time 03-25-2021 13:44:38
* @description:
*/
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
PasswordEncoder encoder = getPasswordEncoder();
String password = encoder.encode("123456"); // 加密处理
System.out.println("encode = " + password);
auth.inMemoryAuthentication().withUser("admin").password(password).roles("admin");
}
@Bean
public PasswordEncoder getPasswordEncoder() {
return new BCryptPasswordEncoder();
}
}
方式三:自定义实现类配置(最常用的方式)
首先,我们创建一个配置类,设置使用哪个UserDetailsService接口的实现类
然后,编写实现类,返回User对象,User对象中有用户名、密码和访问权限。
package com.monster.security.config;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
/**
* @author Monster
* @version v1.0
* @time 03-25-2021 13:44:38
* @description:
*/
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
private UserDetailsService userDetailsService;
@Autowired
public SecurityConfig(UserDetailsService userDetailsService) {
this.userDetailsService = userDetailsService;
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
}
}
package com.monster.security.service;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.stereotype.Service;
import java.util.List;
/**
* @author Monster
* @version v1.0
* @time 03-25-2021 14:39:04
* @description:
*/
@Service("userDetailsService")
public class MyUserDetailsService implements UserDetailsService {
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
List<GrantedAuthority> authorities = AuthorityUtils.createAuthorityList("admin");
return new User("knight", new BCryptPasswordEncoder().encode("knight"), authorities);
}
}