banner
RustyNail

RustyNail

coder. 【blog】https://rustynail.me 【nostr】wss://ts.relays.world/ wss://relays.world/nostr
HomeArchives

Integrate spring Security into SpringBoot project

41
AI Translation
This post is translated from Chinese into English through AI.View Original
AI-generated summary
Spring Security is a library used for authentication and resource authorization management. It can be integrated into a Spring Boot project. The WebSecurityConfiguration class extends WebSecurityConfigurerAdapter and overrides the configure method to set the user details source and password encoding mechanism. The configure method can also be used to control access to requests by setting permissions and providing functionalities like CSRF protection, antMatchers, form login, and logout. An example configuration is provided to demonstrate how to set up authentication and authorization for different URLs.

spring security is a library for authentication and resource authorization management. Just record it simply, the process of integrating spring security into the spring boot project.

WebSecurityConfiguration#

It is mainly a WebSecurityConfiguration

@Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth
        		.userDetailsService(getUserDetailsService())
                .passwordEncoder(new PasswordEncoder() {
                    @Override
                    public String encode(CharSequence rawPassword) {
                        return rawPassword.toString();
                    }

                    @Override
                    public boolean matches(CharSequence rawPassword, String encodedPassword) {
                        return rawPassword.toString().equals(encodedPassword);
                    }
                });
    }
  • Inherit WebSecurityConfigurerAdapter and then override the configure method,

you can set the source of the user: userDetailsService(UserDetailsService uds), UserDetailsService determines how the user comes.

For example: query from the database by username

@Bean
    public UserDetailsService getUserDetailsService(){
        return username -> {
            SysUser user = userRepository.getSysUserByUsername(username);
            if (user != null){
                return user;
            }else {
                throw new UsernameNotFoundException("no such user name.");
            }
        };
   }
  • You can set the password verification mechanism
.passwordEncoder(new PasswordEncoder() {
      @Override
    public String encode(CharSequence rawPassword) {
     	return rawPassword.toString();
  	}

    @Override
    public boolean matches(CharSequence rawPassword, String encodedPassword) {
      return rawPassword.toString().equals(encodedPassword);
	}
});

You can set the encryption and matching method of the password

Control access to requests#

Provide functions such as csrf, etc.,

  • csrf
  • antMatchers
  • formLogin
  • logout

And so on, these can be further set

  • disable() such as csrf
  • permitAll() no permission required
  • authenticated() permission required

And so on.

Example:

@Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .csrf()
                .and()
                .authorizeRequests()
                .antMatchers("/api/*")
                    .authenticated()
                .antMatchers("/")
                    .authenticated()
                .and()
                .formLogin()
                    .loginPage("/login/page")
                    .defaultSuccessUrl("/out")
                    .loginProcessingUrl("/login")
                    .failureUrl("/e")
                    .permitAll()
                .and()
                .logout()
                    .logoutUrl("/logout")
                    .logoutSuccessUrl("/out")
                .permitAll();

        CsrfFilter csrfFilter = new CsrfFilter();
        http.addFilterAfter(csrfFilter,CsrfFilter.class);

    }
Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.