Security自定义全局AuthenticationManager-阿里云开发者社区

link之家

链接快照平台

输入网页链接，自动生成快照
标签化管理网页链接

相关文章推荐

有胆有识的牛肉面 · Websocket 加密数据加密 ...· 5 天前 ·

温柔的金针菇 · 如何在Kotlin中创建一个空数组？_问答- ...· 2 天前 ·

讲道义的鞭炮 · SAP ...· 2 天前 ·

粗眉毛的丝瓜 · 【Maven】依赖范围、依赖传递、依赖排除、 ...· 昨天 ·

谈吐大方的汽水 · 一次HTTPS访问慢的案例分析-阿里云开发者社区· 13 小时前 ·

低调的打火机 · pred=scaler.inverse_tr ...· 1 月前 ·

任性的蚂蚁 · MySQL分组查询与聚合函数的使用方法（三） ...· 3 月前 ·

乐观的针织衫 · Python bytearray() 函数 ...· 4 月前 ·

有情有义的葡萄酒 · Oracle通过函数进行进制转化_Linux ...· 1 年前 ·

近视的金鱼 · cover-view ...· 1 年前 ·

本文内容由阿里云实名注册用户自发贡献，版权归原作者所有，阿里云开发者社区不拥有其著作权，亦不承担相应法律责任。具体规则请查看《阿里云开发者社区用户服务协议》和《阿里云开发者社区知识产权保护指引》。如果您发现本社区中有涉嫌抄袭的内容，填写侵权投诉表单进行举报，一经查实，本社区将立刻删除涉嫌侵权内容。 @Autowired public void authManager(AuthenticationManagerBuilder builder){ System.out.println("默认=="+builder); @Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests() .anyRequest().authenticated() .and().formLogin(); public class SecurityConfig extends WebSecurityConfigurerAdapter { @Bean public UserDetailsService userDetailsService(){ InMemoryUserDetailsManager userDetailsManager = new InMemoryUserDetailsManager(); userDetailsManager.createUser(User.withUsername("root").password("root").roles("admin").build()); return userDetailsManager; /*工厂中的AuthenticationManager会自动配置上面的userDetailsService 所以无需自定义 @Autowired public void authManager(AuthenticationManagerBuilder builder) throws Exception { builder.userDetailsService(userDetailsService()); @Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests() .anyRequest().authenticated() .and().formLogin(); public class SecurityConfig extends WebSecurityConfigurerAdapter { @Bean public UserDetailsService userDetailsService(){ InMemoryUserDetailsManager userDetailsManager = new InMemoryUserDetailsManager(); userDetailsManager.createUser(User.withUsername("root").password("root").roles("admin").build()); return userDetailsManager; //自定义 @Override protected void configure(AuthenticationManagerBuilder builder) throws Exception { //自定义AuthenticationManager后需要手动配置上面的userDetailsService builder.userDetailsService(userDetailsService());//改的是DaoAuthenticationProvider //也可通过builder.authenticationProvider()自定authenticationProvider @Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests() .anyRequest().authenticated() .and().formLogin(); public class SecurityConfig extends WebSecurityConfigurerAdapter { @Bean public UserDetailsService userDetailsService(){ InMemoryUserDetailsManager userDetailsManager = new InMemoryUserDetailsManager(); userDetailsManager.createUser(User.withUsername("root").password("root").roles("admin").build()); return userDetailsManager; //自定义 @Override protected void configure(AuthenticationManagerBuilder builder) throws Exception { //手动配置上面的userDetailsService builder.userDetailsService(userDetailsService());//改的是DaoAuthenticationProvider //也可通过builder.authenticationProvider()自定authenticationProvider //将上面自定义的AuthenticationManager在工厂中暴露，可以在任何位置注入 @Override @Bean public AuthenticationManager authenticationManagerBean() throws Exception { return super.authenticationManagerBean(); @Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests() .anyRequest().authenticated() .and().formLogin(); private String password; private Boolean enabled; private Boolean accountNonLocked;//账号是否被锁 private Boolean accountNonExpired;//账号是否过期 private Boolean credentialsNonExpired;//密码是否过期 private List<Role> roles = new ArrayList<>();//当前用户所有角色 //权限信息 @Override public Collection<? extends GrantedAuthority> getAuthorities() { Set<SimpleGrantedAuthority> authorities = new HashSet<>(); //数据库角色转成权限信息 roles.forEach(role -> { SimpleGrantedAuthority simpleGrantedAuthority = new SimpleGrantedAuthority(role.getName()); authorities.add(simpleGrantedAuthority); return authorities; @Override public String getPassword() { return password; @Override public String getUsername() { return username; @Override public boolean isAccountNonExpired() { return accountNonExpired; @Override public boolean isAccountNonLocked() { return accountNonLocked; @Override public boolean isCredentialsNonExpired() { return credentialsNonExpired; @Override public boolean isEnabled() { return enabled; public Integer getId() { return id; public List<Role> getRoles() { return roles; public void setId(Integer id) { this.id = id; public void setUsername(String username) { this.username = username; public void setPassword(String password) { this.password = password; public void setEnabled(Boolean enabled) { this.enabled = enabled; public void setAccountNonLocked(Boolean accountNonLocked) { this.accountNonLocked = accountNonLocked; public void setAccountNonExpired(Boolean accountNonExpired) { this.accountNonExpired = accountNonExpired; public void setCredentialsNonExpired(Boolean credentialsNonExpired) { this.credentialsNonExpired = credentialsNonExpired; public void setRoles(List<Role> roles) { this.roles = roles; public class MyUserDetailsService implements UserDetailsService { @Autowired UserDao userDao; @Override public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { //根据用户名查询 User user = userDao.loadUserByUsername(username); if(ObjectUtils.isEmpty(user)){ throw new UsernameNotFoundException("用户名不正确"); //根据用户查询具有的角色 List<Role> roles = userDao.getRolesByUid(user.getId()); //设置权限后续直接可通过getAuthorities获取到权限信息 user.setRoles(roles); return user;

@Configuration
public class MySecurityConfig extends WebSecurityConfigurerAdapter {
    //注入自定义的数据源
    @Autowired
    private MyUserDetailsService myUserDetailsService;
    //自定义AuthenticationManager
    @Override
    protected void configure(AuthenticationManagerBuilder builder) throws Exception {
        builder.userDetailsService(myUserDetailsService);
    //暴露自定义的AuthenticationManager
    @Override
    @Bean
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                //=================资源拦截=============
                .mvcMatchers("/user/login").permitAll()//permitAll（）表示放行资源 无需认证就可访问 必须放在所有认证前
                .anyRequest().authenticated()//anyRequest()所有请求 .authenticated()表示所有请求需要认证才能访问
                .and().formLogin() //formLogin()表示表单认证
                //=================登录界面配置=================
                .loginPage("/login.html")//自定义访问登录页面地址
                .loginProcessingUrl("/doLogin")//自定义登录请求的url
                .usernameParameter("name")//自定义用户名、密码变量名
                .passwordParameter("pass")
                //=================认证配置=================
                .successForwardUrl("/index")//认证成功始终跳转的路径.defaultSuccessUrl("/hello") redirect 重定向跳转 但是优先跳转到请求的路径 ，可以传入第二个参数true总是重定向到hello
                .failureForwardUrl("/user/toLoginPage")//认证失败 跳转 错误信息在request中,.failureUrl("/login.html")认证失败 redirect跳转 错误信息在session中
                //=================注销相关配置==========================
                .and().logout()//开启注销，默认是配置的
                .logoutUrl("/user/logout")//注销地址，默认是logout 并且请求方式只能是get
                .invalidateHttpSession(true)//清除session信息，默认true
                .clearAuthentication(true)//清除认证信息，默认true
                .logoutSuccessUrl("/user/toLoginPage")//退出，默认是登录页面地址
                .and().csrf().disable();