一、SpringBoot整合SpringSecurity:
1.新建SpringBoot工程,引入SpringSecurity依赖
<dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-security</artifactId></dependency>
2.编写一个测试Controller
@RestController@RequestMapping("/test")public class HelloController {@GetMapping("hello")public String hello() {return "hello";}}
3.修改访问端口(默认8080)
4.启动SpringBoot工程,访问http://localhost:8001/test/hello
如上自动跳转到登录页面,输入账号user,密码在控制台输出,如下所示
5.查看是否登录成功(如下所示即为登录成功)
二、自定义账号密码的三种方式
1、方式一:通过配置文件
spring.security.user.name=adminspring.security.user.password=111111
如上所示,修改配置文件后,重新启动服务及修改为上面的登录账号和密码
2.方式二:通过配置类
2.1.新建一个配置类,继承 WebSecurityConfigurerAdapter,并重写configure()方法
package com.atguigu.securitydemo.config;import org.springframework.context.annotation.Bean;import org.springframework.context.annotation.Configuration;import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;import org.springframework.security.crypto.password.PasswordEncoder;/*** @author cy* @create -08-16 15:33*/@Configurationpublic class SecurityConfig extends WebSecurityConfigurerAdapter {@Overrideprotected void configure(AuthenticationManagerBuilder auth) throws Exception {BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();String password = passwordEncoder.encode("123");auth.inMemoryAuthentication().withUser("lucy").password(password).roles("admin");}@BeanPasswordEncoder password() {return new BCryptPasswordEncoder();}}
3.方式三:自定义编写配置类(常用)
第一步:编写配置类,设置使用那个userDetailsService实现类
package com.atguigu.securitydemo.config;import org.springframework.beans.factory.annotation.Autowired;import org.springframework.context.annotation.Bean;import org.springframework.context.annotation.Configuration;import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;import org.springframework.security.core.userdetails.UserDetailsService;import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;import org.springframework.security.crypto.password.PasswordEncoder;/*** @author cy* @create -08-16 15:33*/@Configurationpublic class SecurityConfigTest extends WebSecurityConfigurerAdapter {@Autowiredprivate UserDetailsService userDetailsService;@Overrideprotected void configure(AuthenticationManagerBuilder auth) throws Exception {auth.userDetailsService(userDetailsService).passwordEncoder(password());}@BeanPasswordEncoder password() {return new BCryptPasswordEncoder();}}
第二步:编写实现类,返回User对象,User对象有用户名密码和操作权限
注意:@Service("userDetailsService")里的userDetailsService要和SecurityConfigTest类中注入的private UserDetailsService userDetailsService保持一致。
package com.atguigu.securitydemo.service;import org.springframework.security.core.GrantedAuthority;import org.springframework.security.core.authority.AuthorityUtils;import org.springframework.security.core.userdetails.User;import org.springframework.security.core.userdetails.UserDetails;import org.springframework.security.core.userdetails.UserDetailsService;import org.springframework.security.core.userdetails.UsernameNotFoundException;import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;import org.springframework.stereotype.Service;import java.util.List;/*** @author cy* @create -08-16 15:51*/@Service("userDetailsService")public class MyUserDetailService implements UserDetailsService {@Overridepublic UserDetails loadUserByUsername(String s) throws UsernameNotFoundException {List<GrantedAuthority> auths = maSeparatedStringToAuthorityList("role");return new User("mary",new BCryptPasswordEncoder().encode("123"),auths);}}
暂时这样写,实际需要通过查询数据库,完善用户信息。因为User实现了UserDetails接口,所以返回值直接new一个User对象。
三、Demo地址
securitydemo: SpringSecurityDemo
