使用Spring Security进行自动登录验证可以分为以下几个步骤:
1、添加Spring Security依赖
在pom.xml文件中添加以下依赖:
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>5.4.2</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>5.4.2</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
<version>5.4.2</version>
</dependency>
2、配置WebSecurityConfigurerAdapter
创建一个类继承WebSecurityConfigurerAdapter,重写configure方法,示例代码如下:
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private MyUserDetailsService userDetailsService;
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/login**").permitAll()
.antMatchers("/dashboard/**").hasRole("USER")
.and()
.formLogin()
.loginPage("/login.html")
.defaultSuccessUrl("/dashboard.html")
.failureUrl("/login.html?error=true")
.and()
.logout()
.logoutSuccessUrl("/login.html");
http.csrf().disable();
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService);
}
}
3、创建UserDetails实现类
创建一个实现UserDetails的类,包含用户名、密码、权限等信息,示例代码如下:
public class MyUserDetails implements UserDetails {
private String username;
private String password;
private List<GrantedAuthority> authorities;
public MyUserDetails(String username, String password, List<GrantedAuthority> authorities) {
this.username = username;
this.password = password;
this.authorities = authorities;
}
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
return authorities;
}
@Override
public String getPassword() {
return password;
}
@Override
public String getUsername() {
return username;
}
@Override
public boolean isAccountNonExpired() {
return true;
}
@Override
public boolean isAccountNonLocked() {
return true;
}
@Override
public boolean isCredentialsNonExpired() {
return true;
}
@Override
public boolean isEnabled() {
return true;
}
}
4、创建UserDetailsService实现类
创建一个实现UserDetailsService的类,示例代码如下:
@Service
public class MyUserDetailsService implements UserDetailsService {
@Autowired
private UserRepository userRepository;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
User user = userRepository.findByUsername(username);
if (user == null) {
throw new UsernameNotFoundException("User not found");
}
List<GrantedAuthority> grantedAuthorities = new ArrayList<>();
for (Role role : user.getRoles()) {
grantedAuthorities.add(new SimpleGrantedAuthority(role.getName()));
}
return new MyUserDetails(user.getUsername(), user.getPassword(), grantedAuthorities);
}
}
5、创建登录页面和成功页面
创建一个登录页面login.html和一个成功页面dashboard.html,示例代码如下:
login.html:
<!DOCTYPE html>
<html>
<head>
<title>Login Page</title>
</head>
<body>
<h1>Login Page</h1>
<c:if test="${param.error != null}">
<p>Invalid username or password.</p>
</c:if>
<form action="/login" method="post">
<div>
<label>Username</label>
<input type="text" name="username"/>
</div>
<div>
<label>Password</label>
<input type="password" name="password"/>
</div>
<div>
<button type="submit">Login</button>
</div>
</form>
</body>
</html>
dashboard.html:
<!DOCTYPE html>
<html>
<head>
<title>Dashboard</title>
</head>
<body>
<h1>Welcome to Dashboard</h1>
<p>This is the dashboard page.</p>
</body>
</html>
以上就是使用Spring Security进行自动登录验证的完整攻略,示例中涉及到两条示例,分别为创建UserDetails实现类和创建登录页面和成功页面。
本站文章如无特殊说明,均为本站原创,如若转载,请注明出处:详解使用Spring Security进行自动登录验证 - Python技术站