SpringSecurity6从入门到实战之默认用户的生成流程
这次还是如标题所示,上一章我们的登录页面已经知道是如何生成了.那么,我们通过表单登录的user用户以及密码SpringSecurity是如何进行生成的呢?
默认用户生成
让我们把登录流程重新拉回到读取/META-INF/spring/ .imports文件
我们进入SecurityAutoConfiguration源码中查看上面加载的注解
package org.springframework.boot.autoconfigure.security.servlet; @AutoConfiguration @ConditionalOnClass({DefaultAuthenticationEventPublisher.class}) //加载配置类让SecurityProperties配置类生效 @EnableConfigurationProperties({SecurityProperties.class}) @Import({SpringBootWebSecurityConfiguration.class, SecurityDataConfiguration.class}) public class SecurityAutoConfiguration { public SecurityAutoConfiguration() { } @Bean @ConditionalOnMissingBean({AuthenticationEventPublisher.class}) public DefaultAuthenticationEventPublisher authenticationEventPublisher(ApplicationEventPublisher publisher) { return new DefaultAuthenticationEventPublisher(publisher); } }
一般以Properties命名结尾的都是对应的配置类,分别对应application.properties的内容,但是现在我们在application.properties中并没有配置任何内容.
SecurityProperties
public class SecurityProperties { public static final int BASIC_AUTH_ORDER = 2147483642; public static final int IGNORED_ORDER = Integer.MIN_VALUE; public static final int DEFAULT_FILTER_ORDER = -100; private final Filter filter = new Filter(); //这里就是默认创建的一个用户 private final User user = new User(); public SecurityProperties() { } public User getUser() { return this.user; } public Filter getFilter() { return this.filter; } public static class Filter { private int order = -100; private Set<DispatcherType> dispatcherTypes = EnumSet.allOf(DispatcherType.class); public Filter() { } public int getOrder() { return this.order; } public void setOrder(int order) { this.order = order; } public Set<DispatcherType> getDispatcherTypes() { return this.dispatcherTypes; } public void setDispatcherTypes(Set<DispatcherType> dispatcherTypes) { this.dispatcherTypes = dispatcherTypes; } } public static class User { private String name = "user"; private String password = UUID.randomUUID().toString(); private List<String> roles = new ArrayList(); private boolean passwordGenerated = true; public User() { } public String getName() { return this.name; } public void setName(String name) { this.name = name; } public String getPassword() { return this.password; } public void setPassword(String password) { if (StringUtils.hasLength(password)) { this.passwordGenerated = false; this.password = password; } } public List<String> getRoles() { return this.roles; } public void setRoles(List<String> roles) { this.roles = new ArrayList(roles); } public boolean isPasswordGenerated() { return this.passwordGenerated; } } }
可以看到了这里有一个定义了name为user的用户和一个随机生成的UUID作为密码,这里就是用户的默认生成