Security

初始化security

<dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-security</artifactId><version>2.5.15</version></dependency>

可以理解为db的用户信息

• db的密码 放在父类
• db的用户名 放在父类

@ToString
public class MyUser implements UserDetails {private String username;private String password;private Set<String> permissions;public MyUser(String username, String password, Set<String> permissions) {this.username = username;this.password = password;this.permissions = permissions;}@Overridepublic Collection<? extends GrantedAuthority> getAuthorities() {return null;}@Overridepublic String getPassword() {return this.password;}@Overridepublic String getUsername() {return this.username;}@Overridepublic boolean isAccountNonExpired() {return true;}@Overridepublic boolean isAccountNonLocked() {return true;}@Overridepublic boolean isCredentialsNonExpired() {return true;}@Overridepublic boolean isEnabled() {return true;}
}

用户信息

• 这里的用户信息 放的是数据库存储的 dbPasword转化了一下

import com.google.common.collect.Sets;
import com.gouying.domain.MyUser;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.stereotype.Service;@Service
public class MyUserDetailsService implements UserDetailsService {@Overridepublic UserDetails loadUserByUsername(String userName) throws UsernameNotFoundException {System.out.println("dao 查询用户");// 校验用户System.out.println("校验用户 是否存在  是否删除 是否合法");//String username, String password, Collection<? extends GrantedAuthority> authoritiesString password = "admin";String dbPasword = new BCryptPasswordEncoder().encode(password);UserDetails userDetails = new MyUser(userName,dbPasword, Sets.newHashSet("ROLE_USER"));return userDetails;}
}

security配置类

• 除了登录 其他都拦截

@EnableWebSecurity(debug = true)
@Configuration
public class SecurityConfig {@Autowiredprivate MyUserDetailsService myUserDetailsService;@Beanpublic AuthenticationManager authenticationManager() {DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider();daoAuthenticationProvider.setUserDetailsService(myUserDetailsService);daoAuthenticationProvider.setPasswordEncoder(bCryptPasswordEncoder());return new ProviderManager(Lists.newArrayList(daoAuthenticationProvider));}@Beanpublic PasswordEncoder bCryptPasswordEncoder() {return new BCryptPasswordEncoder();}@Beanprotected SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Exception {return httpSecurity.authorizeRequests(authorize -> authorize.antMatchers("/login").permitAll()
//                        .antMatchers(HttpMethod.GET, "/", "/*.html", "/**/*.html", "/**/*.css", "/**/*.js", "/profile/**").permitAll().anyRequest().authenticated())// 默认用security的登录页.formLogin(Customizer.withDefaults()).build();}}

Controller

import com.gouying.domain.MyUser;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.web.bind.annotation.*;import javax.annotation.Resource;@RestController
public class LoginController {@Resourceprivate AuthenticationManager authenticationManager;@PostMapping("/login")public String login(@RequestBody MyUser user){try{UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(user.getUsername(), user.getPassword());Authentication authentication = authenticationManager.authenticate(authenticationToken);Object credentials = authentication.getCredentials();System.out.println(credentials.toString());MyUser user1 = (MyUser) authentication.getPrincipal();System.out.println(user1.toString());}catch (Exception e){e.printStackTrace();}return "success";}
}