后端进阶之路——总结Spring Security与数据库集成实践
在这个系列的第五部分,我们将会对Spring Security与数据库进行深度整合。我们将会使用Spring Security的方法来创建自定义的认证和授权逻辑,并且将其与数据库进行整合。
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
� private UserDetailsService userDetailsService;
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService)
.passwordEncoder(passwordEncoder());
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.authorizeRequests()
.antMatchers("/", "/home", "/login").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.permitAll()
.and()
.logout()
.permitAll();
}
}在这个配置类中,我们首先使用@EnableWebSecurity注解启用Spring Security。然后,我们通过configureGlobal方法配置了认证管理器,使用自定义的UserDetailsService实现来加载用户详情,并且设置了BCrypt密码编码器。在configure方法中,我们定义了安全策略,包括允许哪些URLS不需要认证,以及如何处理登录和注销请求。
@Service
public class CustomUserDetailsService implements UserDetailsService {
@Autowired
private UserRepository userRepository;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
User user = userRepository.findByUsername(username)
.orElseThrow(() -> new UsernameNotFoundException("User not found"));
return new org.springframework.security.core.userdetails.User(
user.getUsername(),
user.getPassword(),
getAuthorities(user.getRoles())
);
}
private Collection<? extends GrantedAuthority> getAuthorities(List<Role> roles) {
return roles.st
评论已关闭