使用UserDetailsService实现登录逻辑

codesverve · Apr 30, 2020 · 711ad33 · 711ad33
1 parent 0c2abd8
commit 711ad33
Show file tree

Hide file tree

Showing 2 changed files with 56 additions and 10 deletions.
diff --git a/src/main/java/com/uetty/sample/springboot/security/SecurityConfigure.java b/src/main/java/com/uetty/sample/springboot/security/SecurityConfigure.java
@@ -1,14 +1,19 @@
 package com.uetty.sample.springboot.security;
 
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Configurable;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.boot.autoconfigure.AutoConfigureAfter;
+import org.springframework.context.annotation.Bean;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.core.userdetails.User;
 import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
 
 
 @EnableWebSecurity
@@ -17,7 +22,13 @@ public class SecurityConfigure extends WebSecurityConfigurerAdapter {
 
     @Configurable
     static class SecurityBeanConfigure {
-
+        /**
+         * 这里为security指定一个加密方式（这个加密目的仅是内存安全，数据库里最好还是要单独进行md5加密）
+         */
+        @Bean
+        public PasswordEncoder passwordEncoder() {
+            return new BCryptPasswordEncoder();
+        }
     }
 
     @Value("${server.apiUrlPrefix}/login")
@@ -27,6 +38,9 @@ static class SecurityBeanConfigure {
     @Value("${server.apiUrlPrefix}/logout")
     private String logoutPath;
 
+    @Autowired
+    UserDetailsService userDetailsService;
+
     @Override
     protected void configure(HttpSecurity http) throws Exception {
         http.csrf().disable();
@@ -59,14 +73,7 @@ protected void configure(HttpSecurity http) throws Exception {
 
     @Override
     protected void configure(AuthenticationManagerBuilder auth) throws Exception {
-        // 注意这里跟上面方法名相同，参数不同，不要混了
-        // 这个会将密码加密后再存在内存中
-        UserDetails build = User.withDefaultPasswordEncoder()
-                .username("vince")
-                .password("123456")
-                .roles("USER")
-                .build();
-        auth.inMemoryAuthentication()
-                .withUser("vince").roles("USER").password(build.getPassword());
+        // 设置自定义获取用户信息的业务类
+        auth.userDetailsService(userDetailsService);
     }
 }
diff --git a/src/main/java/com/uetty/sample/springboot/security/UserDetailsServiceImpl.java b/src/main/java/com/uetty/sample/springboot/security/UserDetailsServiceImpl.java
@@ -0,0 +1,39 @@
+package com.uetty.sample.springboot.security;
+
+import com.fasterxml.jackson.annotation.JsonIgnore;
+import com.uetty.sample.springboot.dao.UserDao;
+import com.uetty.sample.springboot.entity.User;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.stereotype.Component;
+import org.thymeleaf.expression.Lists;
+
+import java.util.ArrayList;
+
+@Component
+public class UserDetailsServiceImpl implements UserDetailsService {
+
+    @Autowired
+    UserDao userDao;
+    @Autowired
+    PasswordEncoder passwordEncoder;
+
+    @Override
+    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
+
+        User user = userDao.getByUsername(username);
+        if (user == null) {
+            throw new UsernameNotFoundException("username[" + username + "] not found");
+        }
+        ArrayList<GrantedAuthority> authorities = new ArrayList<>();
+        // 可以让自定义的user实现UserDetails接口，就不用再去new这个springframework的User
+        // 当自定义的user要注意不能让password等敏感信息泄漏给前端
+        // 可以再实现CredentialsContainer接口擦除敏感信息，或者在敏感信息上使用@JsonIgnore注解
+        return new org.springframework.security.core.userdetails.User(username,
+                passwordEncoder.encode(user.getPassword()), authorities);
+    }
+}