package com.tszr.security; import com.tszr.entity.Authority; import com.tszr.entity.MyUser; import com.tszr.repository.MyUserRepository; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UsernameNotFoundException; import org.springframework.stereotype.Service; import java.util.ArrayList; import java.util.List; @Service public class MyUserSecurityService implements UserDetailsService { @Autowired private MyUserRepository myUserRepository; /** * 通過重寫loadUserByUsername方法查詢對應的用戶 * UserDetails是Spring Security的一個核心接口 * UserDetails定義了可以獲取用戶名、密碼、權限等與認證相關信息的方法 */ @Override public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { //根據用戶名(頁面接收的用戶名)查詢當前用戶 MyUser myUser = myUserRepository.findByUsername(username); if(myUser == null) { throw new UsernameNotFoundException("用戶名不存在"); } //GrantedAuthority代表賦予當前用戶的權限(認證權限) List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>(); //獲得當前用戶權限集合 List<Authority> roles = myUser.getAuthorityList(); //將當前用戶的權限保存為用戶的認證權限 for (Authority authority : roles) { GrantedAuthority sg = new SimpleGrantedAuthority(authority.getName()); authorities.add(sg); } //org.springframework.security.core.userdetails.User是Spring Security的內部實現, //專門用於保存用戶名、密碼、權限等與認證相關的信息 User su = new User(myUser.getUsername(), myUser.getPassword(), authorities); return su; } }