spring-boot:使用spring security实现用户登录注册(一)

项目地址:https://github.com/lizhibin205/simple_web_v2

一、数据库表

CREATE TABLE `users` (
   `id` bigint(20) unsigned NOT NULL AUTO_INCREMENT COMMENT '用户ID',
   `name` varchar(45) COLLATE utf8mb4_unicode_ci NOT NULL DEFAULT '' COMMENT '用户名',
   `password` varchar(64) COLLATE utf8mb4_unicode_ci NOT NULL DEFAULT '' COMMENT '用户密码',
   `create_time` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ,
   `update_time` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
   PRIMARY KEY (`id`),
   UNIQUE KEY `uniq_name` (`name`)
 ) ENGINE=InnoDB AUTO_INCREMENT=1 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci

注意的是,password之后使用BCryptPasswordEncoder加密,因此password字符长度必须大于60

 

二、configuration配置

这里主要配置3点:

1)基于url进行规制验证,没有登录的用户无法访问指定的url,并跳转到登录页

2)配置密码加密器

3)配置一个UserDetailsService 

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
	@Override
	protected void configure(HttpSecurity http) throws Exception {
        //配置URL安全规则
		http
			.authorizeRequests()
				.antMatchers("/api/healthCheck/**").permitAll()
				.anyRequest().authenticated()
				.and()
			.formLogin()
				.loginPage("/login")
				.permitAll()
				.and()
			.logout()
				.permitAll();
	}

    @Bean
	public PasswordEncoder passwordEncoder(){
    	return new BCryptPasswordEncoder();
	}

    @Bean
    @Override
    public UserDetailsService userDetailsService() {
    	//固定的账号密码是不安全的,spring不建议生产环境这样使用
        //UserDetails user =
        //     User.withDefaultPasswordEncoder()
        //       .username("user")
        //        .password("password")
        //        .roles("USER")
        //        .build();
        //return new InMemoryUserDetailsManager(user);
    	return new BytreesUserDetailService();
    }
}

三、编写自己的UserDetailsService 

逻辑在于从数据库中根据用户名查询用户,实现loadUserByUsername方法

public class BytreesUserDetailService implements UserDetailsService  {
	@Autowired
	private UsersRepository userRepository;
	
	public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
		Optional<Users> users = userRepository.findByName(username);
		if (!users.isPresent()) {
			throw new UsernameNotFoundException("user not exists.");
		}
		List<GrantedAuthority> authList = new ArrayList<GrantedAuthority>();       
		authList.add(new SimpleGrantedAuthority("ROLE_USER"));         
		UserDetails userDetail = new User(users.get().getName(), users.get().getPassword(), authList);
		return userDetail;
	}
}

 

版权声明:本文为loophome原创文章,遵循CC 4.0 BY-SA版权协议,转载请附上原文出处链接和本声明。