【发布时间】:2019-11-22 16:39:40
【问题描述】:
我已经设置了WebSecurityConfigurerAdapter,以便它将所有内容重定向到 /login URL,但是现在我对如何授予身份验证感到困惑?我有一个User.java、UserRepository.java 和一个UserService.java
我已经阅读了多篇关于如何使用 Spring Boot 进行基本身份验证的文章。他们唯一的共同点是他们使用 WebSecurityConfigurerAdapter 将用户重定向到登录页面。似乎有多种方法可以实现登录,我只想使用基本的UserController -> UserService -> UserRepo 方式来检索用户及其数据。这是我目前的代码。
网络安全配置
package com.flashcards.flashcard;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.permitAll()
.and()
.logout()
.permitAll();
}
}
User.java
package com.flashcards.flashcard;
import lombok.Data;
import java.util.List;
import javax.persistence.Entity;
import javax.persistence.GeneratedValue;
import javax.persistence.Id;
import javax.persistence.OneToMany;
@Data
@Entity
class User{
private @Id @GeneratedValue long id;
private String userName;
private String password;
private String passwordConfirm;
@OneToMany
private List<FlashCard> flashCards;
User(String user, String pass, String passwordConfirm){
this.userName = user;
this.password = pass;
this.passwordConfirm = passwordConfirm;
}
void appendCard(FlashCard card){
flashCards.add(card);
}
}
UserServiceImpl.java
package com.flashcards.flashcard;
public class UserServiceImpl implements UserService{
public User getUser(String name, String p){}
public void updateUser(){}
public void deleteUser(){}
}
LoadDatabase.java, 为 Web 应用程序初始化数据。
package com.flashcards.flashcard;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.CommandLineRunner;
import org.springframework.stereotype.Component;
@Component
public class LoadDatabase implements CommandLineRunner {
private final FlashCardRepository flashcardRepository;
private final UserRepository userRepository;
@Autowired
public LoadDatabase(FlashCardRepository flashcardRepository, UserRepository userRepository) {
this.flashcardRepository = flashcardRepository;
this.userRepository = userRepository;
}
@Override
public void run(String... strings) throws Exception {
this.userRepository.save(new User("user", "password", "password"));
}
}
【问题讨论】:
-
tbh 如果您真的想了解 Spring Security 中的身份验证和授权,我真的非常推荐技术概述文档。这将使您对 Spring 安全类及其作用有一个非常好的理解。 docs.spring.io/spring-security/site/docs/current/reference/…
标签: spring hibernate spring-boot spring-security