springsecurity有三種認證方式
第一種方式:通過配置文件設置登錄名和密碼
在application.yml文件中寫入
spring:
security:
user:
name: admin
password: 123
第二種方式:通過配置類實現
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
//this.disableLocalConfigureAuthenticationBldr = true;
BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
String password = passwordEncoder.encode("123");
auth.inMemoryAuthentication().withUser("lucy").password(password).roles("admin");
}
@Bean
PasswordEncoder password(){
return new BCryptPasswordEncoder();
}
}
第三種方式:通過自定義編寫實現類
實際使用中,我們采用的是第三種方式,因為要使用數據庫數據對比賬號和密碼,
第一步:創建配置類,設置使用哪個userDetailsService實現類
@Configuration
public class SecurityConfig1 extends WebSecurityConfigurerAdapter {
@Autowired
private UserDetailsService userDetailsService;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(password());
}
@Bean
PasswordEncoder password(){
return new BCryptPasswordEncoder();
}
}
第二步:編寫實現類,返回User對象,User對象有用戶名密碼和操作權限
@Service("userDetailsService")
public class MyDetailsService implements UserDetailsService {
@Override
public UserDetails loadUserByUsername(String s) throws UsernameNotFoundException {
List<GrantedAuthority> auths = AuthorityUtils.commaSeparatedStringToAuthorityList("role");
return new User("mary",new BCryptPasswordEncoder().encode("1234"),auths);
}
}