SpringSecurity-重写默认配置

本文主要是介绍SpringSecurity-重写默认配置，希望对大家解决编程问题提供一定的参考价值，需要的开发者们随着小编来一起学习吧！

重写UserDetailService组件

1.注入Bean的方式

/*** @author: coffee* @date: 2024/6/22 21:22* @description: 重写springsecurity默认组件：注入Bean的方式*/@Configuration
public class ProjectConfig {/*** 重写userDetailsService组件*/@Beanpublic UserDetailsService userDetailsService () {// InMemoryUserDetailsManager实现并不适用生成环境，此处进作为demo使用InMemoryUserDetailsManager userDetailsService = new InMemoryUserDetailsManager();// 使用指定用户名、密码和权限列表构建用户UserDetails user = User.withUsername("john").password("12345").authorities("read").build();// 添加该用户以便让UserDetailsService对其进行管理userDetailsService.createUser(user);return userDetailsService;}/*** 重写UserDetailsService组件也必须重写PasswordEncoder组件，否则会报：*    java.lang.IllegalArgumentException: There is no PasswordEncoder mapped for the id "null"*/@Beanpublic PasswordEncoder passwordEncoder () {// NoOpPasswordEncoder实例会将密码视为普通文本，他不会对密码进行加密或者hash处理return NoOpPasswordEncoder.getInstance();}
}

2.扩展WebSecurityConfigurerAdapter

/*** @author: coffee* @date: 2024/6/22 21:46* @description:*/
@Configuration
public class ProjectConfig2 extends WebSecurityConfigurerAdapter {/*** 重写端点授权配置，就需要扩展WebSecurityConfigurerAdapter类，可以使用HttpSecurity对象的不同方法更改配置*/@Overrideprotected void configure (HttpSecurity httpSecurity) throws Exception {httpSecurity.httpBasic();// 所有请求都需要身份验证// httpSecurity.authorizeRequests().anyRequest().authenticated();// permitAll()方法修改授权配置，无需凭据(用户名密码)也可以直接调用接口。   curl http://localhost:8080/hellohttpSecurity.authorizeRequests().anyRequest().permitAll();}/*** 重写springsecurity默认组件：继承WebSecurityConfigurerAdapter的方式*/@Overrideprotected void configure (AuthenticationManagerBuilder auth) throws Exception {// InMemoryUserDetailsManager实现并不适用生成环境，此处进作为demo使用InMemoryUserDetailsManager userDetailsService = new InMemoryUserDetailsManager();// 使用指定用户名、密码和权限列表构建用户UserDetails user = User.withUsername("john").password("12345").authorities("read").build();// 添加该用户以便让UserDetailsService对其进行管理userDetailsService.createUser(user);// AuthenticationManagerBuilder调用userDetailsService()方法来注册UserDetailsService实例// AuthenticationManagerBuilder调用passwordEncoder()方法来注册NoOpPasswordEncoder实例auth.userDetailsService(userDetailsService).passwordEncoder(NoOpPasswordEncoder.getInstance());}
}

重写端点授权配置

/*** @author: coffee* @date: 2024/6/22 21:46* @description:*/
@Configuration
public class ProjectConfig2 extends WebSecurityConfigurerAdapter {/*** 重写端点授权配置，就需要扩展WebSecurityConfigurerAdapter类，可以使用HttpSecurity对象的不同方法更改配置*/@Overrideprotected void configure (HttpSecurity httpSecurity) throws Exception {httpSecurity.httpBasic();// 所有请求都需要身份验证// httpSecurity.authorizeRequests().anyRequest().authenticated();// permitAll()方法修改授权配置，无需凭据(用户名密码)也可以直接调用接口。   curl http://localhost:8080/hellohttpSecurity.authorizeRequests().anyRequest().permitAll();}
}

重写AuthenticationProvider实现

/*** @author: coffee* @date: 2024/6/22 22:15* @description: ...*/
@Component
public class CustomAuthenticationProvider implements AuthenticationProvider {@Overridepublic Authentication authenticate(Authentication authentication) throws AuthenticationException {String userName = authentication.getName();String password = String.valueOf(authentication.getCredentials());// 重写身份验证提供者，用if else 替换 UserDetailsService和PasswordEncoderif ("john".equals(userName) && "12345".equals(password)) {return new UsernamePasswordAuthenticationToken(userName, password, Arrays.asList());} else {throw new AuthenticationCredentialsNotFoundException("ERROR");}}@Overridepublic boolean supports(Class<?> authentication) {return UsernamePasswordAuthenticationToken.class.isAssignableFrom(authentication);}
}

/*** @author: coffee* @date: 2024/6/22 21:46* @description:*/
@Configuration
public class ProjectConfig2 extends WebSecurityConfigurerAdapter {@Autowiredprivate CustomAuthenticationProvider customAuthenticationProvider;/*** 重写端点授权配置，就需要扩展WebSecurityConfigurerAdapter类，可以使用HttpSecurity对象的不同方法更改配置*/@Overrideprotected void configure (HttpSecurity httpSecurity) throws Exception {httpSecurity.httpBasic();// 所有请求都需要身份验证httpSecurity.authorizeRequests().anyRequest().authenticated();}/*** 重写身份验证提供者*/@Overrideprotected void configure (AuthenticationManagerBuilder auth) throws Exception {auth.authenticationProvider(customAuthenticationProvider);}
}

这篇关于SpringSecurity-重写默认配置的文章就介绍到这儿，希望我们推荐的文章对编程师们有所帮助！

---