>编辑:
我发现的最简单方法:
@SuppressWarnings("deprecation")
@Configuration
@EnableWebMvcSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
DataSource dataSource;
@Autowired
public void configAuthentication(AuthenticationManagerBuilder auth) throws Exception {
auth.jdbcAuthentication().dataSource(dataSource)
.usersByUsernameQuery(
"SELECT username, password, abilitazione FROM public.utenti WHERE username=?")
.passwordEncoder(passwordEncoder())
.authoritiesByUsernameQuery(
"SELECT username, ruolo FROM public.ruoli_utente WHERE username=?");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
//omitted for brevity
}
@Bean
public PasswordEncoder passwordEncoder(){
PasswordEncoder encoder = new BCryptPasswordEncoder();
return encoder;
}
在我的 DAO 类中,我添加了这样的用户:
public void addElement(Utente u) {
String password = u.getPassword();
BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
String hashedPassword = passwordEncoder.encode(password);
u.setPassword(hashedPassword);
jdbcTemplate.update("INSERT INTO public.utenti(username, password, abilitazione, email, nome, cognome) VALUES (?, ?, ?, ?, ?, ?)",
new Object[] {u.getUsername(), u.getPassword(), u.getAbilitazione(), u.getEmail(), u.getNome(), u.getCognome()});
}
我想以一种超级简单的方式加密和解密密码,如果它不是超级安全也没关系,它只是为了我的目的而必须是安全的。因此,在数据库中我添加了加密密码。当用户进行身份验证时,即使我对其进行解码,它也无法识别密码。我是这样做的:
@Configuration
@EnableWebMvcSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
DataSource dataSource;
@Autowired
public void configAuthentication(AuthenticationManagerBuilder auth) throws Exception {
auth.jdbcAuthentication().dataSource(dataSource)
.usersByUsernameQuery(
"SELECT username, decode(password,'base64'), abilitazione FROM public.utenti WHERE username=?")
.authoritiesByUsernameQuery(
"SELECT username, ruolo FROM public.ruoli_utente WHERE username=?");
}
}
它可以以类似的方式工作(直接在userByUsernameQuery方法中解码),或者我必须声明一些bean进行解码?
我就是这样做的,看起来很干净,对变化持开放态度。
在应用程序类中:
@Bean
public ApplicationSecurity applicationSecurity() {
return new ApplicationSecurity();
}
您的应用程序安全类
public class ApplicationSecurity extends WebSecurityConfigurerAdapter {
@Autowired
private UserDetailSecurityService userDetailSecurityService;
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable().authorizeRequests().antMatchers("/ace/**",
"/app/**",
"/jquery/**",
"/bootstrap/**",
"/font-awesome/**",
"/jstree/**",
"/img/**").permitAll().anyRequest()
.fullyAuthenticated();
http.csrf().disable().formLogin().loginPage("/login").failureUrl("/login?error=1").permitAll().defaultSuccessUrl("/configurator").and().logout().permitAll();
http.headers().frameOptions().disable().addHeaderWriter(new StaticHeadersWriter("X-FRAME-OPTIONS", "SAMEORIGIN"));
}
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailSecurityService).passwordEncoder(passwordEncoder());
}
@Bean
public PasswordEncoder passwordEncoder(){
return new MD5PasswordEncoder();
}
}
以及类 MDPasswordEncoder,或者你想使用的任何实现:
public class MD5PasswordEncoder implements PasswordEncoder {
@Override
public String encode(CharSequence charSequence) {
String encPass = "";
try {
MessageDigest md = MessageDigest.getInstance("MD5");
byte[] digest = md.digest(charSequence.toString().getBytes());
byte[] b64 = Base64.encodeBase64(digest);
encPass = new String(b64);
encPass = encPass.replaceAll("=", "");
}catch(Exception ex){
logger.error("An exception trying to encode a password", ex);
}
return encPass;
}
@Override
public boolean matches(CharSequence charSequence, String s) {
return encode(charSequence).equals(s);
}
}
public interface UserDetailsService {
UserDetails loadUserByUsername(String var1) throws UsernameNotFoundException;
}
@Service
public class UserDetailSecurityService implements UserDetailsService{
//Here your user service implementation
@Autowired
UserService userService;
//yuou need to oeverride this method name
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
// you need to create a method in your service to find users by name
return userService.findByUsername(username);
}
}
在这种情况下,如果您需要更改为新的编码器方法,则只需要使用适当的系统实现一个新类即可完成