在这篇 Spring Security 教程中,我们将学习如何配置 Spring Security,以实现在内存认证的功能。
<dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency>
Spring Security 配置
接下来,我们使用内存认证的方式配置 Spring Security。我们创建名为 SpringSecurityConfig 类,并添加下面代码。import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.Customizer; import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.provisioning.InMemoryUserDetailsManager; import org.springframework.security.web.SecurityFilterChain; @Configuration public class SpringSecurityConfig { @Bean public static PasswordEncoder passwordEncoder(){ return new BCryptPasswordEncoder(); } @Bean SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { // 堆代码 duidaima.com http.csrf().disable() .authorizeHttpRequests((authorize) -> { authorize.anyRequest().authenticated(); }).httpBasic(Customizer.withDefaults()); return http.build(); } @Bean public UserDetailsService userDetailsService(){ UserDetails ramesh = User.builder() .username("ramesh") .password(passwordEncoder().encode("password")) .roles("USER") .build(); UserDetails admin = User.builder() .username("admin") .password(passwordEncoder().encode("admin")) .roles("ADMIN") .build(); return new InMemoryUserDetailsManager(ramesh, admin); } }在这里,我们使用了 httpBasic() 方法在 SecurityFilterChain bean 中定义了基本认证。
@Bean SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { http.csrf().disable() .authorizeHttpRequests((authorize) -> { authorize.anyRequest().authenticated(); }).httpBasic(Customizer.withDefaults()); return http.build(); }在下面的 InMemoryUserDetailsManager 的 Java 配置中,我们创建了两个用户并且将其存放在 InMemoryUserDetailsManager 类对象中。
@Bean public UserDetailsService userDetailsService(){ UserDetails ramesh = User.builder() .username("ramesh") .password(passwordEncoder().encode("password")) .roles("USER") .build(); UserDetails admin = User.builder() .username("admin") .password(passwordEncoder().encode("admin")) .roles("ADMIN") .build(); return new InMemoryUserDetailsManager(ramesh, admin); }
Spring Security 的 InMemoryUserDetailsManager 通过实现 UserDetailsService 接口,提供了基于用户名/密码的身份验证支持,这些验证信息存放在内存中。
@Bean public static PasswordEncoder passwordEncoder(){ return new BCryptPasswordEncoder(); }
.password(passwordEncoder().encode("password"))
import org.springframework.security.core.Authentication; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.RestController; @RestController public class WelComeController { @GetMapping("/greeting") public String greeting(Authentication authentication) { String userName = authentication.getName(); return "Spring Security In-memory Authentication Example - Welcome " + userName; } }使用 Postman 测试 REST API