Spring Security 配置类实现（2）

来源：互联网发布：网络综合布线公司编辑：程序博客网时间：2024/06/06 04:23

在配置类中实现Spring Security，主要是在继承了WebSecurityConfigurerAdapter的配置中，重写WebSecurityConfigurerAdapter的三个Configure方法：1、configure(AuthenticationManagerBuilder auth)--进行用户的认证2、configure(HttpSecurity http)--对请求的资源访问权限限定3、configure(WebSecurity web)--配置Spring Security的filter链对于Spring Security中用户认证，我使用三种方式演示：**方式1、**基于内存的用户认证，在configure(AuthenticationManagerBuilder auth)方法中作如下配置：

@Override    protected void configure(AuthenticationManagerBuilder auth) throws Exception {        auth            .inMemoryAuthentication()                .withUser("fox").password("123456").roles("ADMIN").and() //在roles()方法所给定的值都会添加一个前缀ROLE_                .withUser("nov").password("123456").roles("ADMIN","BOSS");    }

启动项目，在Spring Security的默认登录页面就可以登录成功了，进入index页面。

 **方式2**、基于数据库的认证 基于数据库认证，就是通过查询数据库数据，进行用户认证，在实际开发中可以根据自己的需求选择。 第一步：配置数据源--DataSource 第二步：重写configure(AuthenticationManagerBuilder auth)，配置数据源

    @Autowired    private DataSource dataSource;    ...............        @Override    protected void configure(AuthenticationManagerBuilder auth) throws Exception {        /*auth            .inMemoryAuthentication()                .withUser("fox").password("123456").roles("ADMIN").and() //在roles()方法所给定的值都会添加一个ROLE_                .withUser("nov").password("123456").roles("ADMIN","BOSS");*/        //usersByUsernameQuery中的True字段是用来判断账号是否有效的，因为没有这个字段，所以直接设置为true，##注意字段的别名##        String usersByUsernameQuery = "select user.u_name username , `user`.u_password password , true from user where `user`.u_name = ?";        String authorities = "SELECT user.u_name username ,role.r_name ROLE_USER "                + "FROM `user_role`, USER, role "                + "WHERE USER .u_name = ? AND `user`.id = user_role.user_id and user_role.role_id = role.id";        auth            .jdbcAuthentication()            .dataSource(dataSource)            .usersByUsernameQuery(usersByUsernameQuery)            .authoritiesByUsernameQuery(authorities);    }

如上所示，就配置完成基于数据库的配置。可以再次启动项目，访问index页面，输入存储于数据库的用户进行认证。 **方式3**、配置自定义的用户服务【强推】 实现自定义用户服务需要实现接口import org.springframework.security.core.userdetails.UserDetailsService;重写方法public UserDetails loadUserByUsername(String username)，在这个方法里面完成根据用户名查询用户的操作。 ①自定义MyUserDetailsService

public class MyUserDetailsService implements UserDetailsService{    //没有在spring的应用上下文注册，不能使用@AutoWired    private UserMapper mapper;    public MyUserDetailsService(UserMapper mapper) {        this.mapper = mapper;    }    @Override    public UserDetails loadUserByUsername(String username)            throws UsernameNotFoundException {        //MyUserDetails 是实现了接口UserDetails的对象，用来存储根据前台输入用户名查出来的用户信息        MyUserDetails userDetails = null ;        //根据用户名查找用户信息，这样可以将用户对象存储在任何地方了        User user = mapper.findUserByUsername(username);        if(user != null && !StringUtils.isEmpty(user.getId())){            List<Role> roles = mapper.queryRoleByUid(user.getId());            List<GrantedAuthority> list = new ArrayList<GrantedAuthority>();            for (Role role : roles) {                list.add(new SimpleGrantedAuthority(role.getrName()));            }            userDetails = new MyUserDetails(user.getuName(), user.getuPassword(), list, user.getId());            return userDetails;        }        throw new UsernameNotFoundException(" User: "+username+" not found ");    }}

②自定义的MyUserDetails

public class MyUserDetails implements UserDetails{    private static final long serialVersionUID = -5896459318065548072L;    private String username;    private String password;    private Collection<? extends GrantedAuthority> authorities;    private String uid;    public MyUserDetails() {}    public MyUserDetails(String username, String password,            Collection<? extends GrantedAuthority> authorities, String uid) {        super();        this.username = username;        this.password = password;        this.authorities = authorities;        this.setUid(uid);    }    @Override    public Collection<? extends GrantedAuthority> getAuthorities() {        // TODO Auto-generated method stub        return this.authorities;    }    @Override    public String getPassword() {        // TODO Auto-generated method stub        return this.password;    }    @Override    public String getUsername() {        // TODO Auto-generated method stub        return this.username;    }    @Override    public boolean isAccountNonExpired() {        // TODO Auto-generated method stub        return true;    }    @Override    public boolean isAccountNonLocked() {        // TODO Auto-generated method stub        return true;    }    @Override    public boolean isCredentialsNonExpired() {        // TODO Auto-generated method stub        return true;    }    @Override    public boolean isEnabled() {        // TODO Auto-generated method stub        return true;    }    public String getUid() {        return uid;    }    public void setUid(String uid) {        this.uid = uid;    }}

③修改configure(AuthenticationManagerBuilder auth)

        auth            .userDetailsService(new MyUserDetailsService(mapper));

如此，重启项目，再次访问index页面，进行验证即可

0 0