springboot整合spring-security个人总结

springboot整合spring-security查看文档加上查看案例和自己不断的摸索总结如下:

1.首先需要写一个 WebSecurityConfig 继承 WebSecurityConfigurerAdapter 重写里面的部分方法

1.重写configure(HttpSecurity http)方法

@Override
    protected void configure(HttpSecurity http) throws Exception {

        http
                // 设置login路径是所有人都可以访问
                .authorizeRequests()
                .antMatchers("/login")
                .permitAll()
                .anyRequest()
                .authenticated()
                .and()
                // 设置登陆页的路径和登陆成功访问的页面
                .formLogin()
                .loginPage("/html/login.html")
                .loginProcessingUrl("/login") // 访问登陆的url
//我自己写的时候是自定义的登录页,没加这个时登陆时一直报405错误,不知道是为什么
                .defaultSuccessUrl("/html/index.html") // 登陆成功访问的页面路径
                .permitAll()
                .and()
                // 设置登出的路径
                .logout()
                .logoutUrl("/login/logout")
        ;
        // 这个是看文档加的一个防攻击,具体可以看文档 
//https://springcloud.cc/spring-security-zhcn.html#jc-authentication
        http.csrf().disable();
    }

2.重写 configure(WebSecurity web) 方法

 

    @Override
    public void configure(WebSecurity web) throws Exception {
        //忽略静态资源
        web.ignoring().antMatchers("/js/**", "/css/**", "/img/**");

    }

3.注入一个Bean,这个类是自定义的一个身份验证内

    @Bean
    public UserAuthenticationProvider userAuthenticationProvider() {
        return new UserAuthenticationProvider();
    }

2.编写自定义身份验证类,UserAuthenticationProvider 继承 AuthenticationProvider

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.util.DigestUtils;

import java.io.UnsupportedEncodingException;

/**
 * @program: yc-luck-draw-web
 * @description: 自定义身份验证
 * @author: whd
 * @create: 2018-07-30 11:18
 **/
public class UserAuthenticationProvider implements AuthenticationProvider {

    @Autowired
    public UserDetailsService userDetailsService;

    @Override
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        // 接收username和password
        String name = authentication.getName();
        String password = (String) authentication.getCredentials();
        //调用认证服务进行认证
        UserDetails userDetails = userDetailsService.loadUserByUsername(name);
        try {
            //MD5加密
            password = DigestUtils.md5DigestAsHex(password.getBytes("utf-8"));
        } catch (UnsupportedEncodingException e) {
            e.printStackTrace();
        }
        if (userDetails != null && userDetails.getPassword().equals(password)) {
            // 验证成功,已经登陆
            return new UsernamePasswordAuthenticationToken(name, password,userDetails.getAuthorities());
        }
        return null;
    }

    @Override
    public boolean supports(Class aClass) {
        return true;
    }
}

3.编写认证服务类 UserDetailsServiceImpl实现UserDetailsService,实现里面的方法

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;

import java.util.ArrayList;
import java.util.List;

/**
 * @program: yc-luck-draw-web
 * @description: 认证服务类
 * @author: whd
 * @create: 2018-07-30 11:35
 **/
public class UserDetailsServiceImpl implements UserDetailsService {
    @Autowired
    public UserService userService;

    @Override
    public UserDetails loadUserByUsername(String s) throws UsernameNotFoundException {
        //权限列表可以在user中获取,这里没有建角色权限表,所以直接返回一个空集合
        List grantAuths = new ArrayList();
        User user = new User();
        user.setUsername(s);
        // 根据用户名查询用户信息
        User userData = userService.selectOne(user);
        if (userData != null) {
            return new org.springframework.security.core.userdetails.User(s, userData.getPassword(), grantAuths);
        }
        return null;
    }
}

4.然后就可以试试登陆了

你可能感兴趣的:(springboot整合spring-security个人总结)