SpringBoot integration SpringSecurity of memory-based authentication (a)
In the first tutorial, we simply understand a bit SpringSecurity use gestures, adding a dependency in application.yml
plus a few lines of configuration files, you can achieve a basic login authentication;
The default configuration can only set one account, so if you need multiple accounts how can it support?
This article will introduce a memory-based authentication
I. Certified Memory
Memory-based authentication information stored way, this post will introduce two common use gestures
0.5 Project Configuration
Environment configuration and the same front, the content can refer Bowen: 191 223-SpringBoot integration of the origin of articles SpringSecurity (zero)
1. WebSecurityConfigurerAdapter
Here is the main means of SpringSecurity
the adapter to the configuration process, the following is a simple case
@Configuration
public class SecurityAdapterConfig extends WebSecurityConfigurerAdapter {
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
// 测试时,可以直接用下面的方式
// User.UserBuilder builder = User.withDefaultPasswordEncoder();
User.UserBuilder builder = User.builder().passwordEncoder(passwordEncoder()::encode);
auth.inMemoryAuthentication().withUser(builder.username("hui1").password("123456").roles("guest").build());
auth.inMemoryAuthentication().withUser(builder.username("hui2").password("123456").roles("guest").build());
}
}
The main logic in configure
this method, but note that we set up additional encryption password, and when we do not set this time, when you actually log will find that even if you enter the correct user name and password, will prompt fail (Gangster welcome you measured it)
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
Second, when creating the user should be noted that, in addition to set up a user name and password outside, returned to the user plus a role, this will introduce its role in the follow-up article RBAC (role-based authority) in
2. UserDetailsService
Here are another way, when the authentication information stored in the back of the db, will be used; SpringSecurity in the implementation of, the information corresponding to the user query through the bean UserDetailService user name; we just need to implement a self-us the definition of Bean to replace the default, since you can achieve our goals
Our configuration class as follows
@Configuration
public class SecurityAutoConfig {
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
/**
* 基于内存的认证方式
*
* @param passwordEncoder
* @return
*/
@Bean
public UserDetailsService userDetailsService(PasswordEncoder passwordEncoder) {
User.UserBuilder users = User.builder().passwordEncoder(passwordEncoder::encode);
InMemoryUserDetailsManager manager = new InMemoryUserDetailsManager();
manager.createUser(users.username("1hui").password("123456").roles("guest").build());
manager.createUser(users.username("2hui").password("666666").roles("manager").build());
manager.createUser(users.username("3hui").password("root").roles("admin").build());
return manager;
}
}
3. Test
The above two methods can achieve authentication information stored in memory, then we enter the actual link, the first to write a http Interface
@RestController
public class IndexRest {
public String getUser() {
// 获取用户信息
Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal();
String userName;
if (principal instanceof UserDetails) {
userName = ((UserDetails) principal).getUsername();
} else {
userName = principal.toString();
}
return userName;
}
/**
* @return
*/
@GetMapping(path = {"/"})
public String index() {
return "hello this is index! welcome " + getUser();
}
}
In the actual test sample, the above two are ok case, the following process is mainly based on the presentation given by way of a second
II. Other
0. series Bowen & Source Project
Hirofumi
Source
- Project: https://github.com/liuyueyi/spring-boot-demo
- Source: - https://github.com/liuyueyi/spring-boot-demo/tree/master/spring-security/001-authentication-mem-config - https://github.com/liuyueyi/spring-boot-demo / tree / master / spring-security / 001-authentication-mem-userdetail
1. A gray Blog
Believe everything the book is not as good, above, is purely one of the words, due to limited personal capacity, it is inevitable omissions and mistakes, such as find a bug or have better suggestions are welcome criticism and generous gratitude
Here a gray personal blog, recording all study and work in the blog, welcome to go around
- A gray Blog personal blog https://blog.hhui.top
- A gray Blog-Spring thematic blog http://spring.hhui.top