Spring Security 两个重要的接口

  1. UserDetailsService
  2. PasswordEncoder

Spring Security 两个重要的接口

  • UserDetailsService 用户数据详情服务
  • PasswordEncoder 用户密码加密器

UserDetailsService

实际开发中,用户数据是存储在数据库中的,我们需要通过实现 UserDetailsService 接口来从数据库中加载用户数据

public interface UserDetailsService {
    /**
     * Locates the user based on the username. In the actual implementation, the search
     * may possibly be case sensitive, or case insensitive depending on how the
     * implementation instance is configured. In this case, the <code>UserDetails</code>
     * object that comes back may have a username that is of a different case than what
     * was actually requested..
     * @param username the username identifying the user whose data is required.
     * @return a fully populated user record (never <code>null</code>)
     * @throws UsernameNotFoundException if the user could not be found or the user has no
     * GrantedAuthority
     */
    UserDetails loadUserByUsername(String username) throws UsernameNotFoundException;

}

我们需要创建 UserDetailsServiceImpl 来实现 UserDetailsService 接口

@Service
public class UserDetailsServiceImpl implements UserDetailsService {

    @Autowired
    private UserService userService;

    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException
        // 调用我们业务系统的用户服务
        SysUser sysUser = userService.getUserByName(username);
        if (null == sysUser) {
            throw  new UsernameNotFoundException("用户名不存在!");
        }
        // 开始转换成 security 的对象
        List<SimpleGrantedAuthority> authorities = new ArrayList<>();
        for (SysRole role : sysUser.getRoleList()) {
            for (SysPermission permission : role.getPermissionList()) {
                authorities.add(new SimpleGrantedAuthority(permission.getCode()));
            }
        }
        return new User(sysUser.getUsername(), sysUser.getPassword(), authorities);
    }

}

PasswordEncoder

这个很好理解,就是用户密码的加密存储策略实现类

public interface PasswordEncoder {

    // 加密。注册、修改密码等情况下,加密后保存到数据库
    String encode(CharSequence rawPassword);

    // 对比。登录的时候
    boolean matches(CharSequence rawPassword, String encodedPassword);

    // 是否需要再次进行编码, 默认不需要
    default boolean upgradeEncoding(String encodedPassword) {
        return false;
    }

}

BCryptPasswordEncoder 是 Spring Security 官方推荐的密码解析器。BCryptPasswordEncoder 是对 bcrypt 强散列方法的具体实现。是基于 Hash 算法实现的单向加密。可以通过 strength 控制加密强度,默认 10

@Bean
public PasswordEncoder passwordEncoder() {
    return new BCryptPasswordEncoder(10);
}

在用户注册时,调用 encode 方法进行加密

@Service
public class RegService {

    @Autowired
    PasswordEncoder passwordEncoder;

    public ... reg(...) {
        String encodePasswod = passwordEncoder.encode(password);
    }

}

留个小问题:若是希望用户密码登录在提交时采用加密方式,如何应对?


转载请注明来源。 欢迎对文章中的引用来源进行考证,欢迎指出任何有错误或不够清晰的表达。 可以在下面评论区评论,也可以邮件至 sharlot2050@foxmail.com。

文章标题:Spring Security 两个重要的接口

字数:509

本文作者:夏来风

发布时间:2021-06-05, 23:00:00

原始链接:http://www.demo1024.com/blog/spring-security-two-important-interface/

版权声明: "署名-非商用-相同方式共享 4.0" 转载请保留原文链接及作者。