流程圖:

1.接上一篇博客https://mp.csdn.net/console/editor/html/104576494，準(zhǔn)備好環(huán)境。

2.spring-security.xml中的配置：

<?xml version='1.0' encoding='UTF-8'?><beans xmlns='http://www.springframework.org/schema/beans' xmlns:security='http://www.springframework.org/schema/security' xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' xsi:schemaLocation='http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd'> <!-- 配置不攔截的資源 --> <security:http pattern='/login.jsp' security='none'/> <security:http pattern='/failer.jsp' security='none'/> <security:http pattern='/css/**' security='none'/> <security:http pattern='/img/**' security='none'/> <security:http pattern='/plugins/**' security='none'/> <!-- 配置具體的規(guī)則 auto-config='true' 不用自己編寫登錄的頁面，框架提供默認(rèn)登錄頁面 use-expressions='false' 是否使用SPEL表達(dá)式（沒學(xué)習(xí)過） --> <security:http auto-config='true' use-expressions='false'> <!-- 配置具體的攔截的規(guī)則 pattern='請求路徑的規(guī)則' access='訪問系統(tǒng)的人，必須有ROLE_USER或者ROLE_ADMIN的角色' --> <security:intercept-url pattern='/**' access='ROLE_USER,ROLE_ADMIN'/><!-- 定義跳轉(zhuǎn)的具體的頁面 --> <security:form-login login-page='/login.jsp' login-processing-url='/login.do'//請求路徑 default-target-url='/index.jsp' authentication-failure-url='/failer.jsp' authentication-success-forward-url='/pages/main.jsp' /><!-- 關(guān)閉跨域請求 --> <security:csrf disabled='true'/><!-- 只要訪問到/logout.do就退出，自動跳轉(zhuǎn)到/login.jsp頁面 --> <security:logout invalidate-session='true' logout-url='/logout.do' logout-success-url='/login.jsp' /> </security:http> <!-- 切換成數(shù)據(jù)庫中的用戶名和密碼 --> <security:authentication-manager> <security:authentication-provider user-service-ref='userService'>//userService是認(rèn)證器需要定義出來 <!-- 配置加密的方式，用戶登錄的時候可以知道 --> <security:password-encoder ref='passwordEncoder'/> </security:authentication-provider> </security:authentication-manager> <!-- 配置加密類，當(dāng)添加用戶的時候，對用戶密碼進(jìn)行加密 --> <bean /> <!-- 提供了入門的方式，在內(nèi)存中存入用戶名和密碼 <security:authentication-manager> <security:authentication-provider> <security:user-service><security:user name='admin' password='{noop}admin' authorities='ROLE_USER'/> </security:user-service> </security:authentication-provider> </security:authentication-manager> --> </beans>

3.定義一個IUserService繼承UserDetailsService接口：

在創(chuàng)建一個UserServiceImpl去實(shí)現(xiàn)IUserService接口，覆蓋loadUserByUsername方法:

@Service('userService')//這個名字必須與spring-security.xml中配置的認(rèn)證器名字一樣

public class UserServiceImpl implements IUserService { @Autowired private IUserDao userDao; @Autowired//當(dāng)執(zhí)行保存用戶的時候?qū)τ脩舻拿艽a進(jìn)行加密 private BCryptPasswordEncoder bCryptPasswordEncoder; @Override public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { UserInfo userInfo = null; try { userInfo = userDao.findByUsername(username);//調(diào)用到層根據(jù)用戶查找用戶信息，返回值為UserInfo對象 } catch (Exception e) { e.printStackTrace(); } //處理自己的用戶對象封裝成UserDetails // User user=new User(userInfo.getUsername(),'{noop}'+userInfo.getPassword(),getAuthority(userInfo.getRoles()));//下面這個三元表達(dá)式代表該賬戶是否激活可用 User user = new User(userInfo.getUsername(), userInfo.getPassword(), userInfo.getStatus() == 0 ? false : true, true, true, true, getAuthority(userInfo.getRoles())); return user; } //作用就是返回一個List集合，集合中裝入的是角色描述 public List<SimpleGrantedAuthority> getAuthority(List<Role> roles) { List<SimpleGrantedAuthority> list = new ArrayList<>(); for (Role role : roles) { list.add(new SimpleGrantedAuthority('ROLE_' + role.getRoleName())); } return list; } /** * 用戶的添加 * @param userInfo */ @Override public void save(UserInfo userInfo) throws Exception { //對密碼進(jìn)行加密處理 userInfo.setPassword(bCryptPasswordEncoder.encode(userInfo.getPassword())); userDao.save(userInfo); }}

4.啟動項(xiàng)目進(jìn)行測試添加用戶，新添加的用戶是否可以登錄成功。

總結(jié)

到此這篇關(guān)于Spring Security使用數(shù)據(jù)庫認(rèn)證及用戶密碼加密和解密功能的文章就介紹到這了,更多相關(guān)Spring Security數(shù)據(jù)庫認(rèn)證內(nèi)容請搜索好吧啦網(wǎng)以前的文章或繼續(xù)瀏覽下面的相關(guān)文章希望大家以后多多支持好吧啦網(wǎng)！