Spring Security use database authentication and user password encryption and decryption

Flow chart :

1. Connect a blog https://mp.csdn.net/console/editor/html/104576494 , ready environment.

2.spring-security.xml configuration:

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:security="http://www.springframework.org/schema/security"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans          
    http://www.springframework.org/schema/beans/spring-beans.xsd          
    http://www.springframework.org/schema/security          
    http://www.springframework.org/schema/security/spring-security.xsd">
    
    <!-- 配置不拦截的资源 -->
    <security:http pattern="/login.jsp" security="none"/>
    <security:http pattern="/failer.jsp" security="none"/>
    <security:http pattern="/css/**" security="none"/>
    <Security: HTTP pattern = "/ img / **" Security = "none" />
    <Security: HTTP pattern = "/ plugins / **" Security = "none" />
    
    ! <- 
        configure specific rules 
        auto- config = "true" do not log in to write a page of their own, the framework provides a default login page
        use-expressions = "false" whether SPEL expression (not learned)
    ->
    <Security: HTTP Auto-config = "true" use - = Expressions "false">
        <- configure specific rules interception pattern = "rule request path" access = "people to access the system, there must be ROLE_USER or ROLE_ADMIN role" ->!
        <Security: intercept url-pattern = "/ **" Access = "ROLE_USER, ROLE_ADMIN" />
        
        <- defined Jump specific page ->!
        <Security:  form-login  
            login-page="/login.jsp"
            login-processing-url="/login.do"//请求路径
            default-target-url="/index.jsp"
            authentication-failure-url="/failer.jsp"

           authentication-success-forward-url="/pages/main.jsp"

        />
        
        <! - closed cross-domain requests ->
        <Security: CSRF Disabled = "to true" />
        
        <! - as long as access to /logout.do exit, automatically jump to /login.jsp page ->
        <Security: Zimbabwe Logout the invalidate the session-= "to true" Zimbabwe Logout-URL = "/ logout.do" Zimbabwe Logout-Success-URL = "/ the login.jsp" />
        
    </ Security: HTTP>
    
    <- switch to database! user name and password ->
    <Security: authentication-Manager>
        <Security: authentication the user-Service-Provider-ref = " userService "> // userService is authenticators need to define it
              ! <- configure encryption, the user logged on when know ->
            <Security: Encoder REF-password = "PasswordEncoder" />
        </ Security: authentication-Provider>
    </ Security: authentication-Manager>
    
   <-! encryption type configuration, when a user is added when the user password encrypted ->
    <bean the above mentioned id = "PasswordEncoder" class = "org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder" />
    
    ! <- provides entry-way, user names and passwords stored in memory 
    <Security: authentication-Manager>
        < Security: authentication-Provider>
            <Security: User--Service>
                <Security: User name = "ADMIN" password = "{NOOP} ADMIN" Authorities = "users with the ROLE_USER" />
            </ Security: User--Service>
        </ Security: authentication -provider>
    </ Security: authentication-Manager>
    ->
    
 </ Beans>   
 3. IUserService define a succession UserDetailsService Interface:

Create a UserServiceImpl to achieve IUserService interfaces, covering loadUserByUsername method:

 @Service("userService")//这个名字必须与spring-security.xml中配置的认证器名字一样

 

public class UserServiceImpl implements IUserService {

    @Autowired
    private IUserDao userDao;
    @Autowired//当执行保存用户的时候对用户的密码进行加密
    private BCryptPasswordEncoder bCryptPasswordEncoder;

    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {

        UserInfo userInfo = null;
        try {
            userInfo = userDao.findByUsername(username);//调用到层根据用户查找用户信息，返回值为UserInfo对象
        } catch (Exception e) {
            e.printStackTrace();
        }
        //处理自己的用户对象封装成UserDetails
        //  User user=new User(userInfo.getUsername(),"{noop}"+userInfo.getPassword(),getAuthority(userInfo.getRoles()));//下面这个三元表达式代表该账户是否激活可用
        User user = new User(userInfo.getUsername(), userInfo.getPassword(), userInfo.getStatus() == 0 ? false : true, true, true, true, getAuthority(userInfo.getRoles()));
        return user;
    }

    //作用就是返回一个List集合，集合中装入的是角色描述
    public List<SimpleGrantedAuthority> getAuthority(List<Role> roles) {

        List<SimpleGrantedAuthority> list = new ArrayList<>();
        for (Role role : roles) {
            list.add(new SimpleGrantedAuthority("ROLE_" + role.getRoleName()));
        }
        return list;

    }
    /**
     * 用户的添加
     * @param userInfo
     */
    @Override
    public void save(UserInfo userInfo) throws Exception {
        //对密码进行加密处理
        userInfo.setPassword(bCryptPasswordEncoder.encode(userInfo.getPassword()));
        userDao.save(userInfo);
    }

  
}

 
 4.启动项目进行测试添加用户，新添加的用户是否可以登录成功。