时间戳

首页 > 解决方案 > 如何在 Spring Security 中将 PasswordEncoder 添加到 JdbcUserDetailsManager 中?

java - 如何在 Spring Security 中将 PasswordEncoder 添加到 JdbcUserDetailsManager 中?

问题描述

我正在学习 Spring Security,我想在 JdbcUserDetailsManager 中添加 BCryptPasswordEncoder。

这是代码:

@Configuration
@EnableWebSecurity
public class DemoSecurityConfig extends WebSecurityConfigurerAdapter {

    @Bean
    public PasswordEncoder passwordEncoder() {

        return new BCryptPasswordEncoder();
    }

    @Bean
    @Autowired
    public UserDetailsManager userDetailsManager(DataSource securityDataSource) {

        JdbcUserDetailsManager jdbcUserDetailsManager = new JdbcUserDetailsManager();

        jdbcUserDetailsManager.setDataSource(securityDataSource);

        return jdbcUserDetailsManager; 
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {

        http.authorizeRequests()   
                .antMatchers("/").hasRole("EMPLOYEE")
                .antMatchers("/leaders/**").hasRole("MANAGER")
                .antMatchers("/systems/**").hasRole("ADMIN")
            .and()
            .formLogin() 
                .loginPage("/showMyLoginPage")  
                .loginProcessingUrl("/authenticateTheUser")  
                .permitAll()  
            .and()
            .logout().permitAll()  
            .and()
            .exceptionHandling().accessDeniedPage("/access-denied");
    }

}

我需要将 UserDetailsManager bean 注入其他类。谢谢!

标签: javaspring-securityuserdetailsservice

解决方案

你应该使用这个类来创建 UserDetails Bean

@Service("customUserDetailsService")
public class CustomUserDetailsService implements UserDetailsService{

static final Logger logger = LoggerFactory.getLogger(CustomUserDetailsService.class);

@Autowired
private com.fortsolution.schedmate.data.services.UserService userService;

@Transactional(readOnly=true)
public UserDetails loadUserByUsername(String ssoId)
        throws UsernameNotFoundException {
    System.out.println("fine here murtaza");
    int id = Integer.parseInt(ssoId);
    User user = userService.findById(id);
    logger.info("User : {}", user);
    if(user==null){
        logger.info("User not found");
        throw new UsernameNotFoundException("Username not found");
    }
    return new org.springframework.security.core.userdetails.User(""+user.getId(), user.getPassword(), 
             true, true, true, true, getGrantedAuthorities(user));
}


private List<GrantedAuthority> getGrantedAuthorities(User user){
    List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();

    for(UserProfile userProfile : user.getUserProfiles()){
        logger.info("UserProfile : {}", userProfile);
        authorities.add(new SimpleGrantedAuthority("ROLE_"+userProfile.getType()));

    }

    return authorities;
}

}

创建此类后,您将在您的

@Autowired
@Qualifier("customUserDetailsService")
UserDetailsService userDetailsService;

@Override
@Autowired // <-- This is crucial otherwise Spring Boot creates its own
protected void configure(AuthenticationManagerBuilder auth) throws Exception {

    auth.userDetailsService(userDetailsService);
    auth.authenticationProvider(authenticationProvider());

}


@Bean
public DaoAuthenticationProvider authenticationProvider() {
    DaoAuthenticationProvider authenticationProvider = new DaoAuthenticationProvider();
    authenticationProvider.setUserDetailsService(userDetailsService);
    authenticationProvider.setPasswordEncoder(passwordEncoder());
    return authenticationProvider;
}

推荐阅读