1.基本整合
添加SpringSecurity的依赖即可
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
重启访问即可跳转到对应的登录界面
系统启动的时候会帮我们创建一个随机的密码,账号是
user
2.自定义登录界面
2.1 准备一个登录的HTML页面
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>登录</title>
</head>
<body>
<h2>自定义登录页面</h2>
<form action="/login.do" method="post">
<table>
<tr>
<td>用户名:</td>
<td><input type="text" name="username"></td>
</tr>
<tr>
<td>密码:</td>
<td><input type="password" name="password"></td>
</tr>
<tr>
<td colspan="2">
<button type="submit">登录</button>
</td>
</tr>
</table>
</form>
</body>
</html>
2.2 自定义SpringSecurity的配置类
package com.dbl.gp_dbl_springboot_mybatis.config;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
/**
* descrription:
* <p>
* Create by DbL on 2020/11/16 0016 7:19
*/
@Configuration
@EnableWebSecurity // 方法SpringSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
/**
* 认证的配置
* @param auth
* @throws Exception
*/
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
// 配置自定义的账号密码
auth.inMemoryAuthentication()
.withUser("zhang")
.password("{noop}123")
.roles("USER");// 用户具有的角色
}
/**
* http请求的配置
* @param http
* @throws Exception
*/
@Override
protected void configure(HttpSecurity http) throws Exception {
http.formLogin()
.loginPage("/login.html") // 指定自定义的登录界面
.loginProcessingUrl("/login.do") // 必须和登录表单的 action一致
.and()
.authorizeRequests() // 定义哪些资源被保护
.antMatchers("/login.html")
.permitAll() // login.html可以匿名访问
.anyRequest()
.authenticated(); //出来登录页面其他都需要认证
http.csrf().disable();// 禁用跨越攻击
}
}
3. 数据库认证
3.1 创建一个service继承UserDetailService
package com.dbl.gp_dbl_springboot_mybatis.service;
import org.springframework.security.core.userdetails.UserDetailsService;
/**
* descrription:
* <p>
* Create by DbL on 2020/11/16 0016 7:25
*/
public interface UserService extends UserDetailsService {
}
3.2 service实现中重写loadUserByUsername方法
package com.dbl.gp_dbl_springboot_mybatis.service.impl;
import com.dbl.gp_dbl_springboot_mybatis.service.UserService;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import java.util.ArrayList;
import java.util.List;
/**
* descrription:
* <p>
* Create by DbL on 2020/11/16 0016 7:26
*/
@Service
public class UseruServiceImpl implements UserService {
@Override
public UserDetails loadUserByUsername(String s) throws UsernameNotFoundException {
// 模拟数据库操作 根据账号查询
String password = "456";
// 假设查询出来的用户的角色
List<SimpleGrantedAuthority> list = new ArrayList<>();
list.add(new SimpleGrantedAuthority("USER1"));
UserDetails userDetails = new User(s,"{noop}"+password,list);
return userDetails;
}
}
3.3 在SpringSecurity的配置类添加配置信息
package com.dbl.gp_dbl_springboot_mybatis.config;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
/**
* descrription:
* <p>
* Create by DbL on 2020/11/16 0016 7:19
*/
@Configuration
@EnableWebSecurity // 方法SpringSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private UserDetailsService userDetailsService;
/**
* 认证的配置
*
* @param auth
* @throws Exception
*/
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
// 配置自定义的账号密码
auth.inMemoryAuthentication()
.withUser("zhang")
.password("{noop}123")
.roles("USER");// 用户具有的角色
// 关联自定义的认证的Service
auth.userDetailsService(userDetailsService);
}
/**
* http请求的配置
*
* @param http
* @throws Exception
*/
@Override
protected void configure(HttpSecurity http) throws Exception {
http.formLogin()
.loginPage("/login.html") // 指定自定义的登录界面
.loginProcessingUrl("/login.do") // 必须和登录表单的 action一致
.and()
.authorizeRequests() // 定义哪些资源被保护
.antMatchers("/login.html")
.permitAll() // login.html可以匿名访问
.anyRequest()
.authenticated(); //出来登录页面其他都需要认证
http.csrf().disable();// 禁用跨越攻击
}
}
4. 加密认证
4.1 在配置类中指定解密器
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
// 配置自定义的账号密码
auth.inMemoryAuthentication()
.withUser("zhang")
.password("{noop}123")
.roles("USER");// 用户具有的角色
// 关联自定义的认证的Service
auth.userDetailsService(userDetailsService).passwordEncoder(new BCryptPasswordEncoder());
}
4.2 在service获取对应的加密的密文
@Override
public UserDetails loadUserByUsername(String s) throws UsernameNotFoundException {
// 模拟数据库操作 根据账号查询
String password = "$2a$10$9tzTU0L5cM7e25RPo.KGnOfzUzeulD0CzOoawooYSiUlrPABkCPXG";
// 假设查询出来的用户的角色
List<SimpleGrantedAuthority> list = new ArrayList<>();
list.add(new SimpleGrantedAuthority("USER1"));
UserDetails userDetails = new User(s,password,list);
return userDetails;
}