spring-security 的用户认证
- 内存中的用户
- JDBC中的用户
通用的用户
自定义实现UserDetailsService接口1234567891011121314151617181920212223//import org.springframework.security.core.userdetails.UserDetails;public UserDetails loadUserByUsername(final String name) {log.debug("Authenticating {}", name);String lowercaseName = name;//.toLowerCase();Optional<User> userFromDatabase = Optional.ofNullable(userMapper.findOneByUserNameAndStatus(lowercaseName,"1"));return userFromDatabase.map(user -> {if ("0".equals(user.getStatus())) {throw new UserNotActivatedException("User " + lowercaseName + " was not activated");}List<GrantedAuthority> grantedAuthorities = user.getAuthorities().stream().map(authority -> new SimpleGrantedAuthority(authority.getName())).collect(Collectors.toList());System.out.println(lowercaseName+user.getPassword()+grantedAuthorities);TokenUser tokenUser = new TokenUser(lowercaseName, user.getPassword(), grantedAuthorities);tokenUser.setUserId(user.getId());tokenUser.setUser(user);return tokenUser;// return new org.springframework.security.core.userdetails.User(lowercaseName,// user.getPassword(),// grantedAuthorities);}).orElseThrow(() -> new UsernameNotFoundException("User " + lowercaseName + " was not found in the " +"database"));}
认证过程
- 用户使用用户名和密码进行登录。
- Spring Security 将获取到的用户名和密码封装成一个实现了 Authentication 接口的 UsernamePasswordAuthenticationToken。
- 将上述产生的 token 对象传递给 AuthenticationManager 进行登录认证。
- AuthenticationManager 认证成功后将会返回一个封装了用户权限等信息的 Authentication 对象。
- 通过调用 SecurityContextHolder.getContext().setAuthentication(…) 将 AuthenticationManager 返回的 Authentication 对象赋予给当前的 SecurityContext。