Spring Security 使用基本流程
引入security模块
implementation ‘org.springframework.boot:spring-boot-starter-security’
编写账户自定义验证过程类:
//验证规则类
@Component
public class gtpUserDetailsService implements UserDetailsService{
// 根据在/login里输入的username查出账户信息
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
System.out.println(">>>>>>>>>>>>>>>this is user details body...");
Collection<GrantedAuthority> authorities = new ArrayList<>();
String usernametmp=new String();
if(username.equals("aa"))
authorities.add(new SimpleGrantedAuthority("ROLE_manage"));
// securtiy的权限前缀ROLE_ 别忘了,在这里是必须要加的,不然会出现403错误。
return new org.springframework.security.core.userdetails.User("aa", "698d51a19d8a121ce581499d7b701668", authorities);
}
}
编写配置类
//security配置类
@EnableWebSecurity
public class MySecurityConfig extends WebSecurityConfigurerAdapter{
@Autowired
private gtpUserDetailsService userDetailsServiceGTP;
// 配置各个资源访问权限,
//还可以自定义一些配置;比如登录页面,登录失败页面,启用rememberme…
@Override
protected void configure(HttpSecurity http) throws Exception {
// super.configure(http);
http.authorizeRequests().antMatchers("/").permitAll()
.antMatchers("/auth/**").hasRole(“manage”);
http.formLogin();
}
// 给工程配上自己制定的验证逻辑
@Autowired
protected void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
// super.configure(auth);
System.out.println(“current this configure auto…”);
//装配验证规则
//添加密码编码解码类
auth.userDetailsService(userDetailsServiceGTP).passwordEncoder(new PasswordEncoder() {
// 密码编码
@Override
public String encode(CharSequence rawPassword) {
MD5 md5=new MD5();
return md5.GetMD5(rawPassword.toString());
}
// 对照密码
@Override
public boolean matches(CharSequence rawPassword, String encodedPassword) {
MD5 md5=new MD5();
String tpwd = this.encode(rawPassword);
if(tpwd.equals(encodedPassword))
return true;
else
return false;
}
});
}
}
启动类
@SpringBootApplication
public class SecurityexampleApplication {
public static void main(String[] args) {
SpringApplication.run(SecurityexampleApplication.class, args);
}
}
项目源码和更详细信息:
https://gitee.com/whatitis/SpringSecurityExample