1、依赖
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
2、自定义登陆页面
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>登录</title>
</head>
<body>
<h2>自定义登录页面</h2>
<form action="/login.do" method="post">
<table>
<tr>
<td>用户名:</td>
<td><input type="text" name="username"></td>
</tr>
<tr>
<td>密码:</td>
<td><input type="password" name="password"></td>
</tr>
<tr>
<td colspan="2">
<button type="submit">登录</button>
</td>
</tr>
</table>
</form>
</body>
</html>
3、springSecurity的配置类
package com.gupaoedu.config;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private UserDetailsService userDetailsService;
/**
* 认证的配置
*
* @param auth
* @throws Exception
*/
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
// 配置自定义的账号密码
/*auth.inMemoryAuthentication()
.withUser("zhang")
.password("{noop}123")
.roles("USER");// 用户具有的角色*/
// 关联自定义的认证的Service
auth.userDetailsService(userDetailsService).passwordEncoder(new BCryptPasswordEncoder());
}
/**
* http请求的配置
*
* @param http
* @throws Exception
*/
@Override
protected void configure(HttpSecurity http) throws Exception {
http.formLogin()
.loginPage("/login.html") // 指定自定义的登录界面
.loginProcessingUrl("/login.do") // 必须和登录表单的 action一致
.and()
.authorizeRequests() // 定义哪些资源被保护
.antMatchers("/login.html")
.permitAll() // login.html可以匿名访问
.anyRequest()
.authenticated(); //出来登录页面其他都需要认证
http.csrf().disable();// 禁用跨越攻击
}
public static void main(String[] args) {
BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
System.out.println(encoder.encode("123456"));
}
}
4、数据库认证
创建一个service继承UserDetailService
import com.gupaoedu.pojo.UserDto;
import org.springframework.security.core.userdetails.UserDetailsService;
import java.util.List;
public interface IUserservice extends UserDetailsService {
public List<UserDto> query(UserDto user);
}
import com.gupaoedu.mapper.UserMapper;
import com.gupaoedu.pojo.UserDto;
import com.gupaoedu.service.IUserservice;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Component;
import java.util.ArrayList;
import java.util.List;
@Component
public class UserserviceImpl implements IUserservice {
@Autowired
private UserMapper mapper;
@Override
public List<UserDto> query(UserDto userDto) {
return mapper.query(userDto);
}
@Override
public UserDetails loadUserByUsername(String s) throws UsernameNotFoundException {
System.out.println("当前登录的账号:"+s);
UserDto userDto = new UserDto();
userDto.setUsername(s);
List<UserDto> userDtoList = mapper.query(userDto);
String password = userDtoList.get(0).getPassword();
// 假设查询出来的用户的角色
List<SimpleGrantedAuthority> list = new ArrayList<>();
list.add(new SimpleGrantedAuthority("USER1"));
UserDetails userDetails = new User(s,password,list);
return userDetails;
}
}
扫一扫
1755
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
