当前位置: 首页 > article >正文

怎么自定义spring security对用户信息进行校验及密码的加密校验

article 2024/11/15 14:10:00

先写一个spring security需要校验的字段类

其实UserDetails的子类的user已经有很多字段和功能,但是如果我们需要扩展的话就要重写UserDetails中的方法

package com.lzy.security;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.SpringSecurityCoreVersion;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.util.Assert;

import java.util.Collection;
import java.util.Collections;
import java.util.Set;

public class AccountUser implements UserDetails {
    //加上id
    private Long userId;
    private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;

    private static final Log logger = LogFactory.getLog(User.class);

    private String password;

    private final String username;

    private final Collection<?extends GrantedAuthority> authorities;

    private final boolean accountNonExpired;

    private final boolean accountNonLocked;

    private final boolean credentialsNonExpired;

    private final boolean enabled;

    public AccountUser(Long userId,String username, String password, Collection<? extends GrantedAuthority> authorities) {
        this(userId,username, password, true, true, true, true, authorities);
    }

    public AccountUser(Long userId,String username, String password, boolean enabled, boolean accountNonExpired,
                boolean credentialsNonExpired, boolean accountNonLocked,
                Collection<? extends GrantedAuthority> authorities) {
        Assert.isTrue(username != null && !"".equals(username) && password != null,
                "Cannot pass null or empty values to constructor");
        this.username = username;
        this.userId = userId;
        this.password = password;
        this.enabled = enabled;
        this.accountNonExpired = accountNonExpired;
        this.credentialsNonExpired = credentialsNonExpired;
        this.accountNonLocked = accountNonLocked;
        this.authorities = authorities;
    }
    @Override
    public Collection<? extends GrantedAuthority> getAuthorities() {
        return this.authorities;
    }

    @Override
    public String getPassword() {
        return this.password;
    }

    @Override
    public String getUsername() {
        return this.username;
    }

    @Override
    public boolean isAccountNonExpired() {
        return this.accountNonExpired;
    }

    @Override
    public boolean isAccountNonLocked() {

        return this.accountNonLocked;
    }

    @Override
    public boolean isCredentialsNonExpired() {
        return this.credentialsNonExpired;
    }

    @Override
    public boolean isEnabled() {
        return this.enabled;
    }
}

这里获取数据行对象,并且返回我们需要校验的字段

package com.lzy.security;

import com.lzy.entity.SysUser;
import com.lzy.service.ISysUserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;

import java.util.List;
@Service
public class UserDetailsServiceImpl implements UserDetailsService {
    @Autowired
    ISysUserService sysUserService;
    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
        //根据用户名查询用户信息
        SysUser sysUser = sysUserService.getByUsername(username);
        if (sysUser == null) {
            throw new UsernameNotFoundException("用户名不存在");
        }
        return new AccountUser(sysUser.getId(),sysUser.getUsername(),sysUser.getPassword(),getUserAuthority(sysUser.getId()));
    }

    public List<GrantedAuthority> getUserAuthority(Long userId) {
        //根据用户id查询用户权限
        return null;
    }
}

最后在spring security的配置文件中

注入

    @Autowired
    UserDetailsServiceImpl userDetailsServiceImpl;

重写他的方法

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsServiceImpl);
    }

最后,注释配置文件中的默认账号密码

  security:
    user:
      name: lzy
      password: 123456

密码的加密校验

先引入BCryptPasswordEncoder 

    @Bean
    BCryptPasswordEncoder passwordEncoder(){
        return new BCryptPasswordEncoder();
    }

再在显示配置中对他进行一个配置

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsServiceImpl).passwordEncoder(passwordEncoder());
    }


http://www.kler.cn/a/283204.html

相关文章:

  • 算法——长度最小的子数组(leetcode209)
  • 【设计模式】行为型模式(二):策略模式、命令模式
  • Linux 函数在多个地方被同时调用时,函数中的变量如何管理,确保互不影响
  • MybatisPlus入门(十)MybatisPlus-逻辑删除和多记录操作
  • NAT网络工作原理和NAT类型
  • 微擎框架php7.4使用phpexcel导出数据报错修复
  • 关于springboot的异常处理以及源码分析(二)
  • 【面试04】ARM架构问题
  • 从 MLOps 到 LMOps 的关键技术嬗变
  • 红黑树刨析(删除部分)
  • 阿里PAI-ChatLearn:大规模 Alignment高效训练框架正式开源
  • 【C++笔记】类和对象的深入理解(一)
  • MySQL:简述数据库的主从复制
  • 08:字符串
  • 用mintupgrade工具将Linux Mint 21.3升级到Linux Mint 22失败的解决办法
  • Python私教张大鹏FastAPI开源框架和项目第一次整理 20240830
  • chapter09-OOP高级部分——(抽象类模版设计模式)——day12
  • Android APK打包脚本
  • 非阻塞式定时器 apscheduler
  • 力扣8.28
  • 2024年八大在线流程图工具推荐,快来试试吧!
  • 基于asp.net的在线考试系统源码分享
  • Mysql8.x配置详解
  • 回归预测|基于CNN-LSTM-Attention结合Adaboost集成数据预测Matlab程序 多特征输入单输出
  • 喜羊羊做Python二级(模拟考试--易错点)
  • 算法练习: 矩阵置零