SpringSecurity6 | 默认用户生成
在Spring Security 6中,默认用户可以通过实现 UserDetailsService 接口来生成。以下是一个简单的示例,展示了如何使用内存中的用户数据生成默认用户:
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
// 配置HTTP安全策略
.authorizeRequests()
.anyRequest().authenticated()
.and()
.formLogin()
.and()
.httpBasic();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.withUser(User.withDefaultPasswordEncoder("user1"))
.password("password")
.roles("USER")
.and()
.withUser("user2")
.password(passwordEncoder -> passwordEncoder.encode("password"))
.roles("USER");
}
@Bean
public UserDetailsService userDetailsService() {
InMemoryUserDetailsManager manager = new InMemoryUserDetailsManager();
manager.createUser(User.withUsername("user1").password("{noop}password").roles("USER").build());
manager.createUser(User.withUsername("user2").password("{noop}password").roles("USER").build());
return manager;
}
}在这个配置中,我们定义了两个用户 user1 和 user2,密码都是 password,且都赋予了 USER 角色。我们还展示了如何使用 InMemoryUserDetailsManager 来创建用户。这种方式适合开发和测试环境,不应该在生产环境中使用,因为它将用户数据存储在内存中。在实际应用中,你可能需要连接到数据库或其他用户存储系统。
评论已关闭