| 知乎专栏 |
MongoDB 为 Security 用户认证提供数据存储。
package mis.domain;
import org.springframework.data.annotation.Id;
import org.springframework.data.mongodb.core.index.Indexed;
public class Administrator {
@Id
private String id;
@Indexed(unique = true)
private String username;
private String password;
private String authority;
public Administrator() {
// TODO Auto-generated constructor stub
}
public Administrator(String username, String password) {
this.username = username;
this.password = password;
}
public String getId() {
return id;
}
public void setId(String id) {
this.id = id;
}
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
public String getAuthority() {
return authority;
}
public void setAuthority(String authority) {
this.authority = authority;
}
@Override
public String toString() {
return "User [id=" + id + ", username=" + username + ", password=" + password + ", authority=" + authority + "]";
}
}
package mis.repository;
import org.springframework.data.mongodb.repository.MongoRepository;
import mis.domain.Administrator;
public interface AdministratorRepository extends MongoRepository<Administrator, String> {
public Administrator findByUsername(String username);
}
@EnableWebSecurity
public class SecurityConfig {
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http
// 配置授权请求规则
.authorizeRequests()
// 任何请求都需要认证
.anyRequest()
.authenticated()
// 使用and()方法连接多个配置
.and()
// 开启HTTP基本认证功能
.httpBasic();
return http.build();
}
}
Springboot 2.x
package mis.config;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.authentication.configurers.GlobalAuthenticationConfigurerAdapter;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import mis.domain.Administrator;
import mis.repository.AdministratorRepository;
@Configuration
class GlobalAuthenticationConfigurer extends GlobalAuthenticationConfigurerAdapter {
@Autowired
AdministratorRepository administratorRepository;
@Override
public void init(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService());
}
@Bean
UserDetailsService userDetailsService() {
return new UserDetailsService() {
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
Administrator administrator = administratorRepository.findByUsername(username);
if (administrator != null) {
return new User(administrator.getUsername(), administrator.getPassword(), AuthorityUtils.createAuthorityList(administrator.getAuthority()));
} else {
throw new UsernameNotFoundException("could not find the administrator '" + username + "'");
}
}
};
}
}
@Configuration
@EnableWebSecurity
public class WebSecurityConfigurer extends WebSecurityConfigurerAdapter {
public WebSecurityConfigurer() {
// TODO Auto-generated constructor stub
}
@Override
protected void configure(HttpSecurity http) throws Exception {
// http.authorizeRequests().anyRequest().fullyAuthenticated().and().httpBasic().and().csrf().disable();
// http.authorizeRequests().antMatchers("/", "/index.html", "/css/**",
// "/js/**","/static/**","/setup.html").permitAll().anyRequest().authenticated().and().formLogin().loginPage("/login.html").permitAll().and().logout().permitAll().and().httpBasic();
// http.authorizeRequests().antMatchers("/**"
// ).permitAll().and().httpBasic();
http.authorizeRequests().antMatchers("/ping", "/v1/*/ping", "/v1/public/**").permitAll().anyRequest().authenticated().and().rememberMe().and().httpBasic().and().csrf().disable();
}
}