Springboot+SpringSecurity设置默认密码的三种方式

方式一:配置文件

1)、yml格式:

security:
    # 配置默认的 InMemoryUserDetailsManager 的用户账号与密码。
    user:
      name: chenc # 账号
      password: 123456 # 密码

2)、properties格式:

spring.security.user.name=chenc
spring.security.user.password=123456

这时,登录:chenc 密码:123456

方式二:设置配置类

1)、编写一个类继承WebSecurityConfigurerAdapter抽象类
2)、重写configure(AuthenticationManagerBuilder auth) 方法设置用户名和密码

package work.chenc.springsecurity.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;

@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    /**
     * 实现AuthenticationManager 认证管理器
     * 注入配置文件
     * @param auth
     * @throws Exception
     */
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        // 设置密码加密方式
        BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
        // 对密码进行加密
        String password = passwordEncoder.encode("123");
        // inMemoryAuthentication-在内存中设置用户名和密码
        // roles("admin") - 角色权限
        auth.inMemoryAuthentication().withUser("marry").password(password).roles("admin");

    }

    // There is no PasswordEncoder mapped for the id "null"
    // 密码加密需要自己手动创建 PasswordEncoder 对象
    // PasswordEncoder是接口  BCryptPasswordEncoder 实现了PasswordEncoder接口
    @Bean
    PasswordEncoder password() {
        return  new BCryptPasswordEncoder();
    }
}

这时,登录:marry 密码:123

方式三:自定义实现类设置账号密码

1)、编写配置类

package work.chenc.springsecurity.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;


@Configuration
public class SecurityConfig1 extends WebSecurityConfigurerAdapter {

    // 注入UserDetailsService
    @Autowired
    private UserDetailsService userDetailsService;

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        /**
         * 将UserDetailsService接口注入auth的userDetailsService()方法中
         * passwordEncoder(password()) 对密码进行加密
         */
        auth.userDetailsService(userDetailsService).passwordEncoder(password());

    }

    @Bean
    PasswordEncoder password() {
        return new BCryptPasswordEncoder();
    }

}

2)、编写实现类实现UserDetailsService,重写loadUserByUsername()方法

package work.chenc.springsecurity.service;

import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.stereotype.Service;

import java.util.List;

@Service("userDetailsService")
public class MyUserDetailsService implements UserDetailsService {


    /**
     * @param username - 前台传入的参数
     * @return
     * @throws UsernameNotFoundException
     * 返回一个实现UserDetails接口的User对象
     *
     */
    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {

        // 假定创建有一个这样的权限组
        List<GrantedAuthority> auths = AuthorityUtils.commaSeparatedStringToAuthorityList("role");
        // 填入用户名 密码 以及权限组(权限组不能为null)
        return new User("Jerry", new BCryptPasswordEncoder().encode("123456"), auths);
    }
}

这时,登录:Jerry 密码:123456

©著作权归作者所有,转载或内容合作请联系作者
平台声明:文章内容(如有图片或视频亦包括在内)由作者上传并发布,文章内容仅代表作者本人观点,简书系信息发布平台,仅提供信息存储服务。

推荐阅读更多精彩内容