官术网_书友最值得收藏!

Step 1—Spring Security configuration setup

We will now create the all-important Spring Security configuration class and make sure that the default filter chain for Spring Security is set up to secure all the resources:

@EnableWebSecurity
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private DataSource dataSource;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.jdbcAuthentication().dataSource(dataSource)
.usersByUsernameQuery("select username, password, enabled"
+ " from users where username = ?")
.authoritiesByUsernameQuery("select username, authority "
+ "from authorities where username = ?")
.passwordEncoder(new BCryptPasswordEncoder());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().anyRequest().hasAnyRole("ADMIN", "USER")
.and()
.httpBasic(); // Use Basic authentication
}
}

In Spring Security configuration, the first thing that we do is tell Spring Security that you will have to authenticate the user against a database by using a defined user query and checking the user's authority using the defined authority query.

We then set up the authentication mechanism to retrieve the user's credentials. Here we are using basic authentication as the mechanism to capture user credentials. Please note that the role names being used to check doesn't have the prefix ROLE_.

主站蜘蛛池模板: 神木县| 兴安县| 富裕县| 通山县| 射阳县| 莒南县| 通许县| 阳朔县| 红河县| 通州市| 陵川县| 孝昌县| 肇东市| 马尔康县| 日照市| 哈尔滨市| 丹凤县| 大安市| 榆社县| 丰台区| 灌云县| 瑞丽市| 津南区| 台中市| 旬邑县| 海南省| 日喀则市| 惠州市| 睢宁县| 石景山区| 苗栗市| 定安县| 宽甸| 漯河市| 洪洞县| 德庆县| 定西市| 迁安市| 红原县| 南郑县| 新绛县|