首先,你需要在pom.xml文件中添加以下依赖项来引入Spring Boot和Spring Security:
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-jpa</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
接下来,你需要创建一个实体类来表示用户信息,并使用JPA来持久化用户数据。
@Entity
@Table(name = "users")
public class User implements UserDetails {
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
private Long id;
@Column(unique = true)
private String username;
private String password;
// getter and setter methods
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
return Collections.singleton(new SimpleGrantedAuthority("ROLE_USER"));
}
@Override
public String getPassword() {
return password;
}
@Override
public String getUsername() {
return username;
}
// other methods from UserDetails interface
}
然后,你需要创建一个实现了UserDetailsService接口的类来处理用户认证。
@Service
public class CustomUserDetailsService implements UserDetailsService {
@Autowired
private UserRepository userRepository;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
User user = userRepository.findByUsername(username);
if (user == null) {
throw new UsernameNotFoundException("User not found");
}
return user;
}
}
接下来,你需要创建一个控制器类来处理用户注册和登录的请求。
@RestController
public class AuthController {
@Autowired
private AuthenticationManager authenticationManager;
@Autowired
private CustomUserDetailsService userDetailsService;
@PostMapping("/register")
public ResponseEntity<?> registerUser(@RequestBody User user) {
// 在这里你可以添加验证逻辑,如检查用户名是否已存在等
userDetailsService.save(user);
return ResponseEntity.ok("User registered successfully");
}
@PostMapping("/login")
public ResponseEntity<?> authenticateUser(@RequestBody LoginForm loginForm) {
Authentication authentication = authenticationManager.authenticate(
new UsernamePasswordAuthenticationToken(loginForm.getUsername(), loginForm.getPassword()));
SecurityContextHolder.getContext().setAuthentication(authentication);
return ResponseEntity.ok("User authenticated successfully");
}
}
最后,你需要配置Spring Security来限制访问和处理认证请求。
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private CustomUserDetailsService userDetailsService;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.authorizeRequests()
.antMatchers("/register").permitAll()
.anyRequest().authenticated()
.and()
.httpBasic();
}
}
以上就是整合Spring Security实现用户登录注册和鉴权的示例代码。你可以根据实际需求进行适当的调整和扩展。