SpringBoot添加密码安全配置以及Jwt配置
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import com.example.demo.security.jwt.JwtAuthenticationEntryPoint;
import com.example.demo.security.jwt.JwtAuthenticationFilter;
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
// 配置用户详情服务及密码加密方式
auth.inMemoryAuthentication()
.withUser("user")
.password(passwordEncoder().encode("password"))
.roles("USER");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
// ... 其他配置 ...
.csrf().disable() // 禁用CSRF保护
.exceptionHandling().authenticationEntryPoint(new JwtAuthenticationEntryPoint())
.and()
.addFilterBefore(new JwtAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
}
}
这个代码实例展示了如何在Spring Boot应用中配置密码加密和JWT认证的基本步骤。首先,我们定义了一个PasswordEncoder
的Bean,并在其中使用了BCrypt加密方式。然后,我们覆盖了configure(AuthenticationManagerBuilder auth)
方法来配置内存中的用户详情服务,并使用了我们定义的密码加密方式。最后,在configure(HttpSecurity http)
方法中,我们禁用了CSRF保护并添加了JWT认证入口点和JwtAuthenticationFilter。
评论已关闭