怎么自定义spring security对用户信息进行校验及密码的加密校验
先写一个spring security需要校验的字段类
其实UserDetails的子类的user已经有很多字段和功能,但是如果我们需要扩展的话就要重写UserDetails中的方法
package com.lzy.security;import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.SpringSecurityCoreVersion;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.util.Assert;import java.util.Collection;
import java.util.Collections;
import java.util.Set;public class AccountUser implements UserDetails {//加上idprivate Long userId;private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;private static final Log logger = LogFactory.getLog(User.class);private String password;private final String username;private final Collection<?extends GrantedAuthority> authorities;private final boolean accountNonExpired;private final boolean accountNonLocked;private final boolean credentialsNonExpired;private final boolean enabled;public AccountUser(Long userId,String username, String password, Collection<? extends GrantedAuthority> authorities) {this(userId,username, password, true, true, true, true, authorities);}public AccountUser(Long userId,String username, String password, boolean enabled, boolean accountNonExpired,boolean credentialsNonExpired, boolean accountNonLocked,Collection<? extends GrantedAuthority> authorities) {Assert.isTrue(username != null && !"".equals(username) && password != null,"Cannot pass null or empty values to constructor");this.username = username;this.userId = userId;this.password = password;this.enabled = enabled;this.accountNonExpired = accountNonExpired;this.credentialsNonExpired = credentialsNonExpired;this.accountNonLocked = accountNonLocked;this.authorities = authorities;}@Overridepublic Collection<? extends GrantedAuthority> getAuthorities() {return this.authorities;}@Overridepublic String getPassword() {return this.password;}@Overridepublic String getUsername() {return this.username;}@Overridepublic boolean isAccountNonExpired() {return this.accountNonExpired;}@Overridepublic boolean isAccountNonLocked() {return this.accountNonLocked;}@Overridepublic boolean isCredentialsNonExpired() {return this.credentialsNonExpired;}@Overridepublic boolean isEnabled() {return this.enabled;}
}
这里获取数据行对象,并且返回我们需要校验的字段
package com.lzy.security;import com.lzy.entity.SysUser;
import com.lzy.service.ISysUserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;import java.util.List;
@Service
public class UserDetailsServiceImpl implements UserDetailsService {@AutowiredISysUserService sysUserService;@Overridepublic UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {//根据用户名查询用户信息SysUser sysUser = sysUserService.getByUsername(username);if (sysUser == null) {throw new UsernameNotFoundException("用户名不存在");}return new AccountUser(sysUser.getId(),sysUser.getUsername(),sysUser.getPassword(),getUserAuthority(sysUser.getId()));}public List<GrantedAuthority> getUserAuthority(Long userId) {//根据用户id查询用户权限return null;}
}
最后在spring security的配置文件中
注入
@AutowiredUserDetailsServiceImpl userDetailsServiceImpl;重写他的方法
@Overrideprotected void configure(AuthenticationManagerBuilder auth) throws Exception {auth.userDetailsService(userDetailsServiceImpl);}最后,注释配置文件中的默认账号密码
security:user:name: lzypassword: 123456密码的加密校验
先引入BCryptPasswordEncoder
@BeanBCryptPasswordEncoder passwordEncoder(){return new BCryptPasswordEncoder();}
再在显示配置中对他进行一个配置
@Overrideprotected void configure(AuthenticationManagerBuilder auth) throws Exception {auth.userDetailsService(userDetailsServiceImpl).passwordEncoder(passwordEncoder());}