Spring Security-Web项目设置权限

Web 项目设置权限

设置登录的用户名和密码

第一种方式:通过配置文件

第二种方式:通过配置类

第三种方式:自定义编写实现类UserDetailsService接口

通过配置文件

在application.yaml 中 增加 用户名为 ly 密码为 abc

 spring:
   security:
     user:
       name: ly
       password: abc

重启, 发现 控制台没有默认密码了, 按照配置 输入用户名密码即可 显示

通过配置类

注释调 之前在 application.yaml 中配置的 security的用户名及密码

(如果 出现 There is no PasswordEncoder mapped for the id "null" 记得 注入 PasswordEncoder )

package com.config;
 ​
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
 ​
 @Configuration    //配置类
 public class SecurityConfig extends WebSecurityConfigurerAdapter {
     
     @Override
     protected void configure(AuthenticationManagerBuilder auth) throws Exception {
         BCryptPasswordEncoder bCryptPasswordEncoder = new BCryptPasswordEncoder();
         String password = bCryptPasswordEncoder.encode("123");
         auth.inMemoryAuthentication().withUser("abc").password(password).roles("admin");
     }
     //注入bean 否则报错 There is no PasswordEncoder mapped for the id "null"
     @Bean
     PasswordEncoder passwordEncoder(){
         return new BCryptPasswordEncoder();  
     }
 }

启动 运行, 用户名 abc 密码 123 即可看到页面

自定义编写实现类 (查询数据库)

第一步 创建配置类 设置使用哪个UserDetailsService实现类

第二步 编写 UserDetailsService实现类 返回User对象 有用户名及密码 及权限

创建配置类

 package com.config;
 ​
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
 ​
 @Configuration    //配置类
 public class SecurityConfig extends WebSecurityConfigurerAdapter {
 ​
     @Autowired
     UserDetailsService userDetailsService;
 ​
 ​
     @Override
     protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
     }
     @Bean
     PasswordEncoder passwordEncoder(){
         return new BCryptPasswordEncoder();
     }
 }

创建接口实现类

 package com.service;
 ​
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.core.userdetails.User;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.stereotype.Service;
 ​
 import java.util.List;
 ​
 @Service("userDetailsService")
 public class MyUserDetailsService implements UserDetailsService {
     @Override
     public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
 ​
         List list = AuthorityUtils.commaSeparatedStringToAuthorityList("admin");
         return new User("lisi",new BCryptPasswordEncoder().encode("lisi"),list);
     }
 }

启动项目 用户名 lisi 密码 lisi 即可看到页面