本文详细介绍了如何在Spring Security中实现用户信息获取、校验逻辑及密码的加密与解密过程。通过自定义UserDetailsService,实现用户登录时从数据库获取用户信息并进行密码校验。同时,使用BCryptPasswordEncoder进行密码加密,确保用户信息安全。
一:任务
1.任务
处理用户信息获取逻辑
处理用户校验逻辑
处理密码加密与解密
二: 获取用户信息
1.说明
这个获取用户信息的意思是什么呢?
就是在登录界面,输入用户名,然后后台可以接收到,并且,可以自己到数据库去查找用户的信息了。
security接受用户的接口如下:
2.程序
这里没有写查询程序,这里这里已经是spring中的一个bean了,可以导入dao了
1 package com.cao.security.browser; 2 3 import org.slf4j.Logger; 4 import org.slf4j.LoggerFactory; 5 import org.springframework.security.core.authority.AuthorityUtils; 6 import org.springframework.security.core.userdetails.User; 7 import org.springframework.security.core.userdetails.UserDetails; 8 import org.springframework.security.core.userdetails.UserDetailsService; 9 import org.springframework.security.core.userdetails.UsernameNotFoundException; 10 import org.springframework.stereotype.Component; 11 @Component 12 public class MyUserDetailsService implements UserDetailsService { 13 private Logger logger=LoggerFactory.getLogger(getClass()); 14 15 @Override 16 public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { 17 logger.info("userName:"+username); 18 //根据用户名,可以查找用户信息,做一些操作 19 //User(username, password, authorities),这个User实现了UserDetails 20 return new User(username, "123456", AuthorityUtils.commaSeparatedStringToAuthorityList("admin")); 21 } 22 23 }
3.登录
控制台:
三:处理用户校验逻辑
1.校验
密码是否正确,密码是否过期,账户是否被锁定 等的校验
UserDetails:封装了用户登录所需要的所有信息
2.程序
1 package com.cao.security.browser; 2 3 import org.slf4j.Logger; 4 import org.slf4j.LoggerFactory; 5 import org.springframework.security.core.authority.AuthorityUtils; 6 import org.springframework.security.core.userdetails.User; 7 import org.springframework.security.core.userdetails.UserDetails; 8 import org.springframework.security.core.userdetails.UserDetailsService; 9 import org.springframework.security.core.userdetails.UsernameNotFoundException; 10 import org.springframework.stereotype.Component; 11 @Component 12 public class MyUserDetailsService implements UserDetailsService { 13 private Logger logger=LoggerFactory.getLogger(getClass()); 14 15 @Override 16 public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { 17 logger.info("userName:"+username); 18 //根据用户名,可以查找用户信息,做一些操作 19 /** 20 * 简单的返回用户 21 * User(username, password, authorities),这个User实现了UserDetails 22 return new User(username, "123456", AuthorityUtils.commaSeparatedStringToAuthorityList("admin")); 23 */ 24 /** 25 * 这里涉及到更多的校验,需要使用更加复杂的User 26 * new User(username, password, enabled, accountNonExpired, credentialsNonExpired, accountNonLocked, authorities) 27 */ 28 return new User(username, "123456", true, true, true, false, AuthorityUtils.commaSeparatedStringToAuthorityList("admin")); 29 30 31 } 32 33 }
3.校验
四:加密与解密
1.说明
使用的类是PasswordEnCoder
encode:用于加密,建议在用户注册的时候,调用一次,对密码进行加密。
matches:用于检查加密的密码与用户的密码是否匹配,是spring调用的
matches(CharSequence rawPassword, String encodedPassword):rawPassword是原始的密码,encodedPassword是加密的密码
2.程序
使用的加密类
1 package com.cao.security.browser; 2 3 import org.springframework.context.annotation.Bean; 4 import org.springframework.context.annotation.Configuration; 5 import org.springframework.security.config.annotation.web.builders.HttpSecurity; 6 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; 7 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; 8 import org.springframework.security.crypto.password.PasswordEncoder; 9 /** 10 * 覆盖掉security原有的配置 11 * @author dell 12 * 13 */ 14 @Configuration 15 public class BrowserSecurityConfig extends WebSecurityConfigurerAdapter{ 16 @Override 17 protected void configure(HttpSecurity http) throws Exception { 18 //表单登陆的一个安全认证环境 19 http.formLogin() 20 // http.httpBasic() 21 .and() 22 .authorizeRequests() //请求授权 23 .anyRequest() //任何请求 24 .authenticated(); //都需要认证 25 26 } 27 28 @Bean 29 public PasswordEncoder passwordEncoder() { 30 return new BCryptPasswordEncoder(); 31 } 32 }
处理加密与解密
1 package com.cao.security.browser; 2 3 import org.slf4j.Logger; 4 import org.slf4j.LoggerFactory; 5 import org.springframework.beans.factory.annotation.Autowired; 6 import org.springframework.security.core.authority.AuthorityUtils; 7 import org.springframework.security.core.userdetails.User; 8 import org.springframework.security.core.userdetails.UserDetails; 9 import org.springframework.security.core.userdetails.UserDetailsService; 10 import org.springframework.security.core.userdetails.UsernameNotFoundException; 11 import org.springframework.security.crypto.password.PasswordEncoder; 12 import org.springframework.stereotype.Component; 13 @Component 14 public class MyUserDetailsService implements UserDetailsService { 15 private Logger logger=LoggerFactory.getLogger(getClass()); 16 17 //做一次加密 18 @Autowired 19 private PasswordEncoder passwordEncoder; 20 21 @Override 22 public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { 23 logger.info("登录用户userName:"+username); 24 //根据用户名,可以查找用户信息,做一些操作 25 /** 26 * 简单的返回用户 27 * User(username, password, authorities),这个User实现了UserDetails 28 return new User(username, "123456", AuthorityUtils.commaSeparatedStringToAuthorityList("admin")); 29 */ 30 /** 31 * 这里涉及到更多的校验,需要使用更加复杂的User 32 * new User(username, password, enabled, accountNonExpired, credentialsNonExpired, accountNonLocked, authorities) 33 */ 34 String password=passwordEncoder.encode("123456"); 35 logger.info("模拟的数据库密码password:"+password); 36 return new User(username, password, true, true, true, true, AuthorityUtils.commaSeparatedStringToAuthorityList("admin")); 37 38 } 39 40 }
3.效果
说明:每次用户登录的时候,密码被加密后都不一样,但是解密后仍会是一个密码。
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
