Spring Security 新版本配置
新版SpringSecurity配置
WebSecurityConfigurerAdapter 已经被废弃了,所以赶紧去看别人是如何写的,但是看到最后都没有看到特别好的博客,我就自己写了一下,可能写的不太好,希望大家可以积极讨论!
1、导入依赖
<dependency><groupId>org.springframework.bootgroupId><artifactId>spring-boot-starter-securityartifactId>dependency>
2、配置文件
package com.sky.config;import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;/*** @author 尹稳健~* @version 1.0*/
@Configuration
public class SecurityConfig {/*** 加密方式** @return*/@Beanpublic BCryptPasswordEncoder bCryptPasswordEncoder() {return new BCryptPasswordEncoder();}/*** 认证管理器,登录的时候参数会传给 authenticationManager** @return* @throws Exception*/@Beanpublic AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration) throws Exception {return authenticationConfiguration.getAuthenticationManager();}/*** 直接在过滤器链里面配置httpSecurity** @param http* @return* @throws Exception*/@Beanpublic SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {return http//关闭csrf.csrf().disable()//不通过Session获取SecurityContext.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()// 允许跨域.cors().and()// 配置路劲是否需要认证.authorizeRequests()// 对于登录接口 允许匿名访问.antMatchers("/user/login").permitAll()// 配置权限.antMatchers("/hello2").hasAuthority("/hello2")// 除上面外的所有请求全部需要鉴权认证.anyRequest().authenticated().and().build();}}3、编写service
@Service
public class LoginServiceImpl implements LoginService {@Autowiredprivate AuthenticationManager authenticationManager;@Autowiredprivate RedisCache redisCache;@Overridepublic ResponseResult login(User user) {// AuthenticationManager的authenticate 进行用户认证UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(user.getUserName(),user.getPassword());Authentication authenticate = authenticationManager.authenticate(authenticationToken);// 如果认证没通过,提示if (Objects.isNull(authenticate)){throw new RuntimeException("用户名或密码错误!");}// 认证通过返回jwtLoginUser loginUser = (LoginUser) authenticate.getPrincipal();System.out.println(loginUser);Long userId = loginUser.getUser().getId();String jwt = JwtUtil.createJWT(userId.toString());Map<String, Object> map = new HashMap<>();map.put("token",jwt);// 将jwt存入redis中redisCache.setCacheObject("login:"+userId,loginUser,5, TimeUnit.MINUTES);return new ResponseResult(200,"登录成功!",map);}
}
4、重写UserDetailsService
package com.sky.service.impl;import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
import com.sky.domain.LoginUser;
import com.sky.domain.User;
import com.sky.mapper.MenuMapper;
import com.sky.mapper.UserMapper;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;import java.util.List;/*** @author 尹稳健~* @version 1.0*/
@Service
public class UserServiceImpl implements UserDetailsService {@Autowiredprivate UserMapper userMapper;@Autowiredprivate MenuMapper menuMapper;@Overridepublic UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {// 查询用户信息LambdaQueryWrapper<User> queryWrapper = new LambdaQueryWrapper<>();queryWrapper.eq(User::getUserName,username);User user = userMapper.selectOne(queryWrapper);// 如果没有查询到用户if (user == null){throw new RuntimeException("用户名错误或者密码错误");}return new LoginUser(user);}
}
本文来自互联网用户投稿,文章观点仅代表作者本人,不代表本站立场,不承担相关法律责任。如若转载,请注明出处。 如若内容造成侵权/违法违规/事实不符,请点击【内容举报】进行投诉反馈!