spring boot加载SpringSercuerity

java技术文章

2018-10-12

47

0

本人最近也在学习spring boot,在原来的项目中因为使用到了权限管理,就想移植过来,查找了好多资料,终于使用最简单的方式加载xml配置形式的SpringSercuerity组件。

一、引入spring boot security maven包

<dependency>
	<groupId>org.springframework.security</groupId>
	<artifactId>spring-security-core</artifactId>
</dependency>
<dependency>
	<groupId>org.springframework.security</groupId>
	<artifactId>spring-security-web</artifactId>
</dependency>
<dependency>
	<groupId>org.springframework.security</groupId>
	<artifactId>spring-security-config</artifactId>
</dependency>

二、spring boot自动配置加载sercurity

新建一个类,名称为:SpringSercuerityConfig,继承自WebSecurityConfigurerAdapter

代码如下:

/**
 * Project Name:mco.spring
 * File Name:SpringSercuerityConfig.java
 * Package Name:com.mco.spring.configure.model
 * Date:2018年9月22日下午1:16:08
 * Copyright (c) 2018, 649445087@qq.com All Rights Reserved.
 *
*/

package com.mco.spring.configure.model;

import javax.annotation.Resource;

import org.springframework.boot.autoconfigure.security.SecurityProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.BeanIds;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.crypto.scrypt.SCryptPasswordEncoder;

import com.mco.spring.service.LoginAbstractService;


/**
 * ClassName:SpringSercuerityConfig 

 * Function: p 

 * Reason:	 TODO ADD REASON. 

 * Date:     2018年9月22日 下午1:16:08 

 * @author   LUOFUJIA
 * @version  
 * @jdk version JDK 1.8
 * @see 	 
 */
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled=true)
@Order(SecurityProperties.BASIC_AUTH_ORDER)
public class SpringSercuerityConfig extends WebSecurityConfigurerAdapter {

    
    private  DaoAuthenticationProvider daoProvider;
    
    @Resource(name="loginService")
    private  LoginAbstractService loginService;
    
//    @Autowired
//    private UserDetailsService userDetailsService;

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }
    
   
    @Bean(name = BeanIds.AUTHENTICATION_MANAGER)
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    protected DaoAuthenticationProvider getDaoAuthenticationProvider() {
        daoProvider = new DaoAuthenticationProvider();
        daoProvider.setPasswordEncoder(new SCryptPasswordEncoder());
        daoProvider.setUserDetailsService(loginService);
        return daoProvider;
    }

    
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        
//        this.authenticationManager = new AuthenticationManager() {
//            @Override
//            public Authentication authenticate(Authentication authentication) throws AuthenticationException {
//                return SpringSercuerityConfig.this.builder.getOrBuild()
//                    .authenticate(authentication);
//            }
//        };
    }
    
    
    @Override
    public void configure(AuthenticationManagerBuilder builder) throws Exception {
        builder.authenticationProvider(getDaoAuthenticationProvider());
       
    }
    
}

DaoAuthenticationProvider:

是用来加载如下两个类:

SCryptPasswordEncoder:加密算法类

loginService:继承自UserDetailsService的类

如下代码是在配置文件中实例化PasswordEncoder和AuthenticationManager类,这样在项目中我们就可以通过注入方式获取实例。

@Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }
    
   
    @Bean(name = BeanIds.AUTHENTICATION_MANAGER)
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

如果想要获取当前类注入类的实例,只能在下面方法中来获取,比如如下方法中就可以获取loginService的实例

@Override
    public void configure(AuthenticationManagerBuilder builder) throws Exception {
        builder.authenticationProvider(getDaoAuthenticationProvider());
       
    }

但是如果是使用如下方法,是获取不了注入的loginService的实例,只能自己new一个实例:

 @Override
    protected void configure(HttpSecurity http) throws Exception {
        
//        this.authenticationManager = new AuthenticationManager() {
//            @Override
//            public Authentication authenticate(Authentication authentication) throws AuthenticationException {
//                return SpringSercuerityConfig.this.builder.getOrBuild()
//                    .authenticate(authentication);
//            }
//        };
    }

好了,上面配置类就实现了spring sercuerity的配置,对应的xml配置效果如下:

<!-- 加载密码加密器 -->
	<bean id="passwordEncryptor" class="org.jasypt.util.password.BasicPasswordEncryptor" />
	<!-- 加载密码编码器 -->
	<bean id="passwordEncoder" class="org.jasypt.spring.security3.PasswordEncoder">
		<property name="passwordEncryptor" ref="passwordEncryptor" />
	</bean>
	<!-- 加载身份验证管理器 -->
	<security:authentication-manager alias="authenticationManager">
		<security:authentication-provider
			user-service-ref="loginService">
			<security:password-encoder ref="passwordEncoder" />
		</security:authentication-provider>
	</security:authentication-manager>
	<!-- 加载登录服务 -->
	<bean id="loginService" class="com.poo.basic.security.service.LoginService"
		lazy-init="true"></bean>
	<!-- 设置Spring Security的annotation生效 -->
	<security:global-method-security
		secured-annotations="enabled" />

欢迎访问:www.hongfu951.com博客,查看更多文章

发表评论

全部评论:0条

鸿福951

努力打造一个好用的webui

热评文章

推荐文章