SpringSecurity自定义登录
01 前期准备(与使用默认登录页类似)
- 引入依赖
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<!--mysql驱动-->
<dependency>
<groupId>com.mysql</groupId>
<artifactId>mysql-connector-j</artifactId>
<scope>runtime</scope>
</dependency>
<!--模块化插件配置类-->
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<!--mybatisplus依赖-->
<dependency>
<groupId>com.baomidou</groupId>
<artifactId>mybatis-plus-boot-starter</artifactId>
<version>3.5.1</version>
</dependency>
<!--spring-security依赖-->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
- 配置系统文件
spring:
datasource:
driver-class-name: com.mysql.cj.jdbc.Driver
url: jdbc:mysql://localhost:3306/(需要连接的数据库)?userSSL=false;serverTimezone=Asia/Shanghai
username: (账号)
password: (密码)
mvc:
pathmatch:
matching-strategy: ant_path_matcher
mybatis-plus:
config-locations: classpath:mapper/*.xml
configuration:
log-impl: org.apache.ibatis.logging.stdout.StdOutImpl
- 配置扫描包
@SpringBootApplication
@MapperScan("com.example.demo.mapper")
public class DemoApplication {
public static void main(String[] args) {
SpringApplication.run(DemoApplication.class, args);
}
}
02 自定义登录
-
既然选择自定义登录,那么就要重新原本提供的默认登录接口(在使用jwt之前,无论是默认还是修改后的登录使用的都是cookie——session的方式)
-
这里使用mybatis-plus查询数据,其他方式如jdbc,mybatis也都是可以的,顺便说一句plus真好用
1.测试类
@Data
@NoArgsConstructor
@AllArgsConstructor
public class MsUser {
//账号密码对应的数据类
private Long userId;
private String username;
private String password;
private String createBy;
private java.sql.Timestamp createTime;
private String updateBy;
private java.sql.Timestamp updateTime;
private String remark;
}
2.重写UserDetailsServiceImpl类
@Service
public class UserDetailsServiceImpl implements UserDetailsService {
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
return null;
}
}
- 返回值是UserDetails类,这是个接口,我们也要重写
3.继承UserDetails接口,设置类方法
- 继承接口后要做三件事,第一个是设置数据对应的实体类
- 第二件是设置getPassword()和getUsername()方法的返回值
- 第三件是把所有返回的false改成true
- SpringSecurity后续会自动验证输入的账号密码是否正确
@Data
@NoArgsConstructor
@AllArgsConstructor
public class LoginUser implements UserDetails {
private MsUser msUser;//实体类设置
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
return null;
}
@Override
public String getPassword() {
return msUser.getPassword();//返回实体类中的对应密码的属性
}
@Override
public String getUsername() {
return msUser.getUsername();//返回实体类中对应的账号名的属性
}
@Override
public boolean isAccountNonExpired() {
return true;
}
@Override
public boolean isAccountNonLocked() {
return true;
}
@Override
public boolean isCredentialsNonExpired() {
return true;
}
@Override
public boolean isEnabled() {
return true;
}
}
4.重写loadUserByUsername方法
@Service
public class UserDetailsServiceImpl implements UserDetailsService {
@Autowired
private MsUserServiceImp msUserServiceImp;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
//使用mybatis-plus,获取到账号密码数据
LambdaQueryWrapper<MsUser> qw=new LambdaQueryWrapper<>();
qw.eq(MsUser::getUsername,username);
MsUser user = msUserServiceImp.getOne(qw);
//将得到的账号密码数据放入继承了UserDetails接口的类中
LoginUser loginUser = new LoginUser();
loginUser.setMsUser(user);
return loginUser;
}
}
03 注意
- 在数据库里的密码要编码或者在最前面加上{noop}
- springsecurity是默认密码编码的!