spring boot security（一）

配置認證和授權

通過繼承WebSecurityConfigurerAdapter，可以重寫其認證和授權的邏輯。

@Configuration @EnableWebSecurity public class SecurityConfig extends WebSecurityConfigurerAdapter {/*@Autowiredprivate DataSource dataSource;*///一個UserDetailService@Autowiredprivate AppUserDetailService appUserDetailService;//一個密碼加密器@Autowiredprivate BCryptPasswordEncoder bCryptPasswordEncoder;//授權@Overrideprotected void configure(HttpSecurity http) throws Exception {//super.configure(http);//配置不需要登陸驗證//http.authorizeRequests().anyRequest().permitAll().and().logout().permitAll();//http.authorizeRequests().antMatchers("/").authenticated()‘/*http.authorizeRequests().antMatchers("/Home").permitAll() //全部能訪問.antMatchers("/").hasRole("asdfa"); //必須有角色xxxhttp.formLogin().loginPage("/tologin");http.csrf().disable();http.logout().logoutSuccessUrl("/");//記住我http.rememberMe();*///home必須認證了才能通過http.authorizeRequests().antMatchers("/home").authenticated();//關閉csrfhttp.csrf().disable();//登錄面跳轉http.formLogin().loginPage("/login").usernameParameter("username").passwordParameter("password").defaultSuccessUrl("/home") //登錄成功跳轉.successForwardUrl("/home");//登出跳轉http.logout().logoutSuccessUrl("/");//rememberMehttp.rememberMe().rememberMeParameter("rememberme");}//認證@Overrideprotected void configure(AuthenticationManagerBuilder auth) throws Exception {super.configure(auth);//從數據庫中讀取/*auth.jdbcAuthentication().dataSource(dataSource).usersByUsernameQuery("select * from admin where user = ?;").authoritiesByUsernameQuery("select * from admin where user = ?;").passwordEncoder(new BCryptPasswordEncoder());*///內存硬編碼/*auth.inMemoryAuthentication().passwordEncoder(new BCryptPasswordEncoder()).withUser("xxx").password("yyy").and().withUser("xxxf").password("yyd");*///自定義auth.userDetailsService(appUserDetailService).passwordEncoder(bCryptPasswordEncoder);} }

實現UserDetailsService接口

@Service public class AppUserDetailService implements UserDetailsService {@Resourceprivate AdminMapping adminMapping;@Autowiredprivate BCryptPasswordEncoder bCryptPasswordEncoder;@Overridepublic UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {System.out.println("進入認證代碼塊");Admin admin = adminMapping.selectByUsername(username);System.out.println("匹配到的用戶"+admin);if (admin == null){System.out.println("無用戶");return null;}else {//權限組List<GrantedAuthority> list = AuthorityUtils.createAuthorityList("ADMIN");User user = new User(admin.user ,bCryptPasswordEncoder.encode(admin.pwd),list);System.out.println("查找到用戶，傳遞給security進行認證");return user;}} }

注入bean

BCryptPasswordEncoder

@Configuration public class Myconfig {@Beanpublic BCryptPasswordEncoder bCryptPasswordEncoder(){return new BCryptPasswordEncoder();} }

Encoded password does not look like BCrypt

數據庫傳遞的密碼沒有經過BCrypt加密。

解決方法一：在封裝User時對密碼進行BCrypt加密。

//自定義 auth.userDetailsService(appUserDetailService).passwordEncoder(bCryptPasswordEncoder);//在userDetailsService中封裝的密碼進行encode User user = new User(admin.user ,bCryptPasswordEncoder.encode(admin.pwd),list);

There is no PasswordEncoder mapped for the id “null”

Spring security 5.0中新增了多種加密方式，在Spring security中為了確保密碼的安全性，默認是需要對密碼進行加密的。

官方文檔中有描述加密方式是{id}encodedPassword，其中id是加密的方式 {bcrypt}$2a$10$dXJ3SW6G7P50lGmMkkmwe.20cQQubK3.HZWzG3YB1tlRy.fqvM/BG {noop}password {pbkdf2}5d923b44a6d129f3ddf3e3c8d29412723dcbde72445e8ef6bf3b508fbf17fa4ed4d6b99ca763d8dc {scrypt}$e0801$8bWJaSu2IKSn9Z9kM+TPXfOc/9bdYSrN1oD9qfVThWEwdRTnO7re7Ei+fUZRJ68k9lTyuTeUp4of4g24hHnazw==$OAOec05+bXxvuu/1qZ6NUR+xQYvYv7BeL1QxwRpY5Pc= {sha256}97cde38028ad898ebc02e690819fa220e88c62e0699403e94fff291cfffaf8410849f27605abcbc0

總結

以上是生活随笔為你收集整理的spring boot security学习的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。