官术网_书友最值得收藏!

Step 1—Spring Security configuration setup

We will now create the all-important Spring Security configuration class and make sure that the default filter chain for Spring Security is set up to secure all the resources:

@EnableWebSecurity
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private DataSource dataSource;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.jdbcAuthentication().dataSource(dataSource)
.usersByUsernameQuery("select username, password, enabled"
+ " from users where username = ?")
.authoritiesByUsernameQuery("select username, authority "
+ "from authorities where username = ?")
.passwordEncoder(new BCryptPasswordEncoder());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().anyRequest().hasAnyRole("ADMIN", "USER")
.and()
.httpBasic(); // Use Basic authentication
}
}

In Spring Security configuration, the first thing that we do is tell Spring Security that you will have to authenticate the user against a database by using a defined user query and checking the user's authority using the defined authority query.

We then set up the authentication mechanism to retrieve the user's credentials. Here we are using basic authentication as the mechanism to capture user credentials. Please note that the role names being used to check doesn't have the prefix ROLE_.

主站蜘蛛池模板: 桓仁| 安丘市| 晋宁县| 元阳县| 沙湾县| 古丈县| 陈巴尔虎旗| 吉首市| 大方县| 千阳县| 加查县| 边坝县| 青龙| 博乐市| 张家口市| 类乌齐县| 贵州省| 邵阳市| 抚顺县| 沙湾县| 武功县| 恩平市| 阳谷县| 宁安市| 巴青县| 阳泉市| 武功县| 株洲县| 永城市| 彰化市| 鄂托克前旗| 平安县| 社会| 进贤县| 安平县| 灵璧县| 孟州市| 潍坊市| 定远县| 桐柏县| 姚安县|