您的位置: 首页  >  技术问答  >  Spring Boot基本身份验证

Spring Boot基本身份验证

分类: 技术问答 2022-03-02 19:31:23

Spring Boot基本身份验证

问题描述:

我正在使用Spring Boot安全性来帮助我进行身份验证...

I'm using spring boot security to help me to make authentication...

<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-security</artifactId>
</dependency>



@Configuration
@EnableWebSecurity
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
        .cors().and().csrf().disable().authorizeRequests()
        .anyRequest().authenticated().and().httpBasic();
    }
}

我有一个休息服务(在我的控制器上)登录,即发送电子邮件和密码的发帖请求,我想使用此服务进行身份验证...

I have a rest service to make login (on my controller) thats a post request that i send email and password and i like to use this service to make the authentication...

但是我是spring-boot/java的新手.有人可以帮助我做正确的事情吗?

But i'm new on spring-boot / java... Can some one help me to make that right way?

谢谢.

在SpringSecurityConfig.java中更改添加方法,如下所示 

    @Configuration
    @EnableWebSecurity
    public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
    @Autowired
    private UserAuthenticationService userAuthenticationService;

    @Autowired
    private CustomAuthenticationProvider authenticationProvider;

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth.authenticationProvider(this.authenticationProvider).userDetailsService(this.userAuthenticationService);
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
        .cors().and().csrf().disable().authorizeRequests()
        .anyRequest().authenticated().and().httpBasic();
    }}

创建CustomAuthenticationProvider. 

    @Component
public class CustomAuthenticationProvider implements AuthenticationProvider {

    @Autowired
    private UserAuthenticationService userAuthenticationService;

    @Override
    public boolean supports(Class<?> authentication) {
        return (UsernamePasswordAuthenticationToken.class.isAssignableFrom(authentication));
    }

    @Override
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        String emailId = authentication.getName();
        String password = (String) authentication.getCredentials();
        UserDetails user = this.userAuthenticationService.loadUserByUsername(emailId);
        if (user == null) {
            throw new UsernameNotFoundException("Username not found.");
        }
        //Your password encoder here
        if (!password.equals(user.getPassword())) {
            throw new UsernameNotFoundException("Wrong password.");
        }
        Collection<? extends GrantedAuthority> authorities = user.getAuthorities();
        return new UsernamePasswordAuthenticationToken(user, password, authorities);
    }}

创建自定义UserService 

    @Service
public class UserAuthenticationService implements UserDetailsService {
    @Autowired
    private UserRepository userRepository;

    @Override
    public UserDetails loadUserByUsername(String email) throws UsernameNotFoundException {
        User user = userRepository.findByEmailAddressWithRole(email);
        if (user == null) {
            throw new UsernameNotFoundException("Username not found for " + email);
        }
        List<GrantedAuthority> grantedAuthorities = new ArrayList<GrantedAuthority>();
        for (Role roles : user.getRoles()) {
            grantedAuthorities.add(new SimpleGrantedAuthority(roles.getRoleName()));
        }
        return new UserAuthenticationWrapperDto(user.getId(), user.getEmailAddress(), user.getPassword(),
                user.getUserType(), user.getCompany().getId(), grantedAuthorities,user.getName());
    }}

相关推荐