版权声明:士,不可以不弘毅,任重而道远 https://blog.csdn.net/superbeyone/article/details/84623343
Spring Security自定义用户认证逻辑
1. 处理用户信息获取逻辑
- 接口
UserDetailsService
实现UserDetailService接口
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Component;
/**
* @Project: tdt-security
* @ClassName: MyUserDetailServiceImpl
* @Description: 实现UserDetailService接口
* @Author: Mr.superbeyone
* @Create: 2018-11-29 10:48
**/
@Component
public class MyUserDetailServiceImpl implements UserDetailsService {
private Logger logger = LoggerFactory.getLogger(getClass());
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
//根据用户名查找用户信息
logger.info("登录用户名:\t"+username);
//参数:用户名,密码,权限集合
return new User(username,"123456", AuthorityUtils.commaSeparatedStringToAuthorityList("admin"));
}
}
密码和权限应当是从数据库中查出来
- 访问请求
- 后台打印
2. 处理用户校验逻辑
- 接口
UserDetails
package org.springframework.security.core.userdetails;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import java.io.Serializable;
import java.util.Collection;
public interface UserDetails extends Serializable {
/**
* Returns the authorities granted to the user. Cannot return <code>null</code>.
*
* @return the authorities, sorted by natural key (never <code>null</code>)
*/
Collection<? extends GrantedAuthority> getAuthorities();//获取所有权限
/**
* Returns the password used to authenticate the user.
*
* @return the password
*/
String getPassword();//获取密码
/**
* Returns the username used to authenticate the user. Cannot return <code>null</code>
* .
*
* @return the username (never <code>null</code>)
*/
String getUsername();//获取用户名
/**
* Indicates whether the user's account has expired. An expired account cannot be
* authenticated.
*
* @return <code>true</code> if the user's account is valid (ie non-expired),
* <code>false</code> if no longer valid (ie expired)
*/
boolean isAccountNonExpired();//判断账户是否过期
/**
* Indicates whether the user is locked or unlocked. A locked user cannot be
* authenticated.
*
* @return <code>true</code> if the user is not locked, <code>false</code> otherwise
*/
boolean isAccountNonLocked();//判断账户是否被锁定(冻结)
/**
* Indicates whether the user's credentials (password) has expired. Expired
* credentials prevent authentication.
*
* @return <code>true</code> if the user's credentials are valid (ie non-expired),
* <code>false</code> if no longer valid (ie expired)
*/
boolean isCredentialsNonExpired();//判断密码是否过期
/**
* Indicates whether the user is enabled or disabled. A disabled user cannot be
* authenticated.
*
* @return <code>true</code> if the user is enabled, <code>false</code> otherwise
*/
boolean isEnabled();//账户是否被删除
}
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Component;
/**
* @Project: tdt-security
* @ClassName: MyUserDetailServiceImpl
* @Description: 实现UserDetailService接口
* @Author: Mr.superbeyone
* @Create: 2018-11-29 10:48
**/
@Component
public class MyUserDetailServiceImpl implements UserDetailsService {
private Logger logger = LoggerFactory.getLogger(getClass());
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
//根据用户名查找用户信息
logger.info("登录用户名:\t" + username);
return new User(username,"123456",true,true,true,true,AuthorityUtils.commaSeparatedStringToAuthorityList("admin"));
//参数:用户名,密码,权限集合
// return new User(username,"123456", AuthorityUtils.commaSeparatedStringToAuthorityList("admin"));
}
}
参数说明
可根据实际业务需要返回自己对该User对象的实现
3. 处理密码加密和解密
- 接口
PasswordEncoder
package org.springframework.security.crypto.password;
/**
* Service interface for encoding passwords.
*
* The preferred implementation is {@code BCryptPasswordEncoder}.
*
* @author Keith Donald
*/
public interface PasswordEncoder {
/**
* Encode the raw password. Generally, a good encoding algorithm applies a SHA-1 or
* greater hash combined with an 8-byte or greater randomly generated salt.
*/
String encode(CharSequence rawPassword);//对密码进行加密
/**
* Verify the encoded password obtained from storage matches the submitted raw
* password after it too is encoded. Returns true if the passwords match, false if
* they do not. The stored password itself is never decoded.
*
* @param rawPassword the raw password to encode and match
* @param encodedPassword the encoded password from storage to compare with
* @return true if the raw password, after encoding, matches the encoded password from
* storage
*/
boolean matches(CharSequence rawPassword, String encodedPassword);//判断接收的密码与数据库中的密码是否匹配
}
注意包名
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
/**
* @Project: tdt-security
* @ClassName: BrowserSecurityConfig
* @Description: 浏览器配置类
* @Author: Mr.superbeyone
* @Create: 2018-11-28 16:44
**/
@Configuration
public class BrowserSecurityConfig extends WebSecurityConfigurerAdapter {
@Bean
public PasswordEncoder BCryptPasswordEncoder(){
return new BCryptPasswordEncoder();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.formLogin() //想用默认的HttpBasic登录使用 http.httpBasic()
.and()
.authorizeRequests()//下面的配置都是授权配置
.anyRequest()//任何请求
.authenticated();//都需要身份认证
}
}
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Component;
/**
* @Project: tdt-security
* @ClassName: MyUserDetailServiceImpl
* @Description: 实现UserDetailService接口
* @Author: Mr.superbeyone
* @Create: 2018-11-29 10:48
**/
@Component
public class MyUserDetailServiceImpl implements UserDetailsService {
private Logger logger = LoggerFactory.getLogger(getClass());
@Autowired
PasswordEncoder passwordEncoder;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
//根据用户名查找用户信息
logger.info("登录用户名:\t" + username);
String password = passwordEncoder.encode("123456");//注册时的操作,实际只需要从数据库中查出用户密码就行了
logger.info("数据库密码是:\t" + password);
//参数:用户名,密码,权限集合
return new User(username, password, true, true, true, true,
AuthorityUtils.commaSeparatedStringToAuthorityList("admin"));
// return new User(username,"123456", AuthorityUtils.commaSeparatedStringToAuthorityList("admin"));
}
}
注:因为BCryptPasswordEncoder有随机salt,两次请求后加密的密码不一样