Java 如何使用Spring Security创建身份验证系统?
我阅读了Spring安全文档来学习如何为我的web应用程序创建一个基本的身份验证系统,但我不知道应该选择什么体系结构。 链接: 目前,我正在使用WebSecurityConfigureAdapter类和以下代码:Java 如何使用Spring Security创建身份验证系统?,java,spring,security,authentication,authorization,Java,Spring,Security,Authentication,Authorization,我阅读了Spring安全文档来学习如何为我的web应用程序创建一个基本的身份验证系统,但我不知道应该选择什么体系结构。 链接: 目前,我正在使用WebSecurityConfigureAdapter类和以下代码: import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.c
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/css/**", "/index", "/user/**").permitAll()
//.antMatchers("/user/**").hasRole("USER")
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login").failureUrl("/login-error")
.and()
.logout()
.permitAll();
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("user").password(passwordEncoder().encode("password")).roles("USER");
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
}
但在文件中,他们推荐了3种替代方案
1) WebMVCConfiguer:
2) AuthenticationManager:
3) 使用为Web应用程序设计的其他类(?)
所以,现在我脑子里乱七八糟的,我根本不知道如何创建我的身份验证系统。
我应该选择什么建筑
除了了解我的项目外,以下是我的其他课程:
用户服务
import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import app.shellx.dao.AuthorityRepository;
import app.shellx.dao.RoleRepository;
import app.shellx.dao.UserRepository;
import app.shellx.model.Authority;
import app.shellx.model.Role;
import app.shellx.model.User;
@Service
public class UserService implements UserDetailsService {
@Autowired
private UserRepository userRepository;
@Autowired
private RoleService roleService;
@Transactional(readOnly=true)
public User loadUserByUsername(final String username) throws UsernameNotFoundException {
User user = userRepository.findByUsername(username);
//List<GrantedAuthority> authorities = buildUserAuthority(user.getAuthorities());
//if you're implementing UserDetails you wouldn't need to call this method and instead return the User as it is
//return buildUserForAuthentication(user, authorities);
return user;
}
/*public User login() {
try {
Authentication request = new UsernamePasswordAuthenticationToken(name, password);
Authentication result = am.authenticate(request);
SecurityContextHolder.getContext().setAuthentication(result);
break;
} catch(AuthenticationException e) {
System.out.println("Authentication failed: " + e.getMessage());
}
}
System.out.println("Successfully authenticated. Security context contains: " +
SecurityContextHolder.getContext().getAuthentication());
}
}*/
/* // Converts user to spring.springframework.security.core.userdetails.User
private User buildUserForAuthentication(User user, List<GrantedAuthority> authorities) {
return new User(user.getUsername(), user.getEmail(), user.getPassword(), authorities, user.isAccountNonExpired(), user.getAvatar());
}
private List<GrantedAuthority> buildUserAuthority(Set<Authority> userRoles) {
Set<GrantedAuthority> setAuths = new HashSet<GrantedAuthority>();
// add user's authorities
for (Authority userRole : userRoles) {
setAuths.add(new SimpleGrantedAuthority(userRole.getRole()));
}
List<GrantedAuthority> Result = new ArrayList()<GrantedAuthority>(setAuths);
return Result;
}*/
public void add(User user, String role) {
user.setRole(roleService.findByRole(role));
this.userRepository.save(user);
/*role.setAuthorities(authorities);
this.roleRepository.save(role);
for (Authority auth : authorities) {
auth.setRoles(role);
this.authorityRepository.save(auth);
}*/
}
public void update(User user) {
this.userRepository.save(user);
}
public String getCurrentUser() {
Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal();
String username;
if (principal instanceof UserDetails) {
username = ((User)principal).getUsername();
} else {
username = principal.toString();
}
return username;
}
}
import java.util.ArrayList;
导入java.util.HashSet;
导入java.util.List;
导入java.util.Set;
导入org.springframework.beans.factory.annotation.Autowired;
导入org.springframework.security.core.GrantedAuthority;
导入org.springframework.security.core.context.SecurityContextHolder;
导入org.springframework.security.core.userdetails.userdetails;
导入org.springframework.security.core.userdetails.userdetails服务;
导入org.springframework.security.core.userdetails.UsernameNotFoundException;
导入org.springframework.stereotype.Service;
导入org.springframework.transaction.annotation.Transactional;
导入app.shellx.dao.AuthorityRepository;
导入app.shellx.dao.RoleRepository;
导入app.shellx.dao.UserRepository;
导入app.shellx.model.Authority;
导入app.shellx.model.Role;
导入app.shellx.model.User;
@服务
公共类UserService实现UserDetailsService{
@自动连线
私有用户存储库用户存储库;
@自动连线
私人角色服务角色服务;
@事务(只读=真)
公共用户loadUserByUsername(最终字符串用户名)引发UsernameNotFoundException{
User=userRepository.findByUsername(用户名);
//List authorities=buildUserAuthority(user.getAuthories());
//如果要实现UserDetails,则不需要调用此方法,而是按原样返回用户
//返回buildUserForAuthentication(用户、权限);
返回用户;
}
/*公共用户登录(){
试一试{
身份验证请求=新用户名PasswordAuthenticationToken(名称、密码);
认证结果=am.认证(请求);
SecurityContextHolder.getContext().setAuthentication(结果);
打破
}捕获(身份验证异常e){
System.out.println(“身份验证失败:+e.getMessage());
}
}
System.out.println(“已成功验证。安全上下文包含:”+
SecurityContextHolder.getContext().getAuthentication());
}
}*/
/*//将用户转换为spring.springframework.security.core.userdetails.user
私人用户buildUserForAuthentication(用户、列表权限){
返回新用户(User.getUsername(),User.getEmail(),User.getPassword(),authorities,User.isAccountNoExpired(),User.getAvatar());
}
私有列表buildUserAuthority(设置用户角色){
Set setAuths=new HashSet();
//添加用户权限
for(授权用户角色:用户角色){
添加(新的SimpleGrantedAuthority(userRole.getRole());
}
列表结果=新建ArrayList()(setAuths);
返回结果;
}*/
公共void添加(用户、字符串角色){
user.setRole(roleService.findByRole(role));
this.userRepository.save(用户);
/*角色.主管当局(主管当局);
this.roleRepository.save(角色);
适用于(授权人:授权人){
auth.setRoles(角色);
this.authorityRepository.save(auth);
}*/
}
公共无效更新(用户){
this.userRepository.save(用户);
}
公共字符串getCurrentUser(){
对象主体=SecurityContextHolder.getContext().getAuthentication().getPrincipal();
字符串用户名;
if(UserDetails的主体实例){
username=((用户)主体).getUsername();
}否则{
username=principal.toString();
}
返回用户名;
}
}
使用者
import java.time.LocalDate;
导入java.util.Collection;
导入java.util.HashSet;
导入java.util.Set;
导入javax.persistence.CascadeType;
导入javax.persistence.Column;
导入javax.persistence.Entity;
导入javax.persistence.FetchType;
导入javax.persistence.GeneratedValue;
导入javax.persistence.GenerationType;
导入javax.persistence.Id;
导入javax.persistence.JoinTable;
导入javax.persistence.JoinColumn;
导入javax.persistence.ManyToMany;
导入javax.persistence.manytone;
导入javax.persistence.OneToMany;
导入javax.persistence.SequenceGenerator;
导入javax.persistence.Table;
导入org.springframework.security.core.GrantedAuthority;
导入org.springframework.security.core.userdetails.userdetails;
@实体
@表(name=“users”)
公共类用户实现UserDetails{
私有静态最终长serialVersionUID=1L;
@身份证
@GeneratedValue(策略=GenerationType.AUTO)
@列(name=“id”)
私人长id;
@列(name=“users\u username”,null=false,unique=true)
私有字符串用户名;
@列(name=“users\u email”,nullable=false,unique=true)
私人字符串电子邮件;
@列(name=“users\u password”)
私有字符串密码;
@列(name=“users\u enabled”)
启用私有布尔值;
@列(name=“users\u avatar”)
私有字符串化身;
@列(name=“users\u date”)
私有本地日期;
@manytone(fetch=FetchType.LAZY,cascade=CascadeType.ALL)
//@JoinTable(name=“authorities”,joinColumns=@JoinColumn(name=“users\u username”),inverseJoinColumns=@JoinColumn
import java.time.LocalDate;
import java.util.Collection;
import java.util.HashSet;
import java.util.Set;
import javax.persistence.CascadeType;
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.FetchType;
import javax.persistence.GeneratedValue;
import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.JoinTable;
import javax.persistence.JoinColumn;
import javax.persistence.ManyToMany;
import javax.persistence.ManyToOne;
import javax.persistence.OneToMany;
import javax.persistence.SequenceGenerator;
import javax.persistence.Table;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
@Entity
@Table(name="users")
public class User implements UserDetails {
private static final long serialVersionUID = 1L;
@Id
@GeneratedValue(strategy=GenerationType.AUTO)
@Column(name = "id")
private long id;
@Column(name = "users_username", nullable = false, unique = true)
private String username;
@Column(name = "users_email", nullable = false, unique = true)
private String email;
@Column(name = "users_password")
private String password;
@Column(name = "users_enabled")
private boolean enabled;
@Column(name = "users_avatar")
private String avatar;
@Column(name = "users_date")
private LocalDate date;
@ManyToOne(fetch = FetchType.LAZY, cascade = CascadeType.ALL)
//@JoinTable(name = "authorities", joinColumns = @JoinColumn(name = "users_username"), inverseJoinColumns = @JoinColumn(name = "roles_username"))
private Role role;
public User() {
}
public User(String username, String email, String password, boolean enabled, String avatar) {
this.username = username;
this.email = email;
this.password = password;
this.enabled = enabled;
this.avatar = avatar;
}
public User(String username, String email, String password, Role role, boolean enabled, String avatar) {
this.username = username;
this.email = email;
this.password = password;
this.role = role;
this.enabled = enabled;
this.avatar = avatar;
}
public Collection<? extends GrantedAuthority> getAuthorities() {
Set<Authority> authorities = new HashSet<Authority>();
authorities = role.getAuthorities();
return authorities;
}
public void setName(String username) {
this.username = username;
}
public String getUsername() {
return username;
}
public boolean isEnabled() {
return enabled;
}
public boolean isAccountNonExpired() {
return false;
}
public void setEnabled(boolean enabled) {
this.enabled = enabled;
}
public boolean isAccountNonLocked() {
// TODO Auto-generated method stub
return false;
}
public boolean isCredentialsNonExpired() {
// TODO Auto-generated method stub
return false;
}
public String getEmail() {
return email;
}
public void setEmail(String email) {
this.email = email;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
public String getAvatar() {
return avatar;
}
public void setAvatar(String avatar) {
this.avatar = avatar;
}
public Role getRole() {
return role;
}
public void setRole(Role role) {
this.role = role;
}
public String getRoleRole() {
return role.getRole();
}
}