# spring-security-demo

**Repository Path**: caoyanwei/spring-security-demo

## Basic Information

- **Project Name**: spring-security-demo
- **Description**: spring-security示例项目
- **Primary Language**: Unknown
- **License**: Not specified
- **Default Branch**: master
- **Homepage**: None
- **GVP Project**: No

## Statistics

- **Stars**: 0
- **Forks**: 2
- **Created**: 2021-08-19
- **Last Updated**: 2021-08-19

## Categories & Tags

**Categories**: Uncategorized

**Tags**: None

## README

# spring-security-demo

spring-security 源码研究

## 1.spring-security-demo01 默认情况配置
## 2. spring-security-demo02 配置文件配置用户名和密码
```properties
spring.security.user.name=user
spring.security.user.password=pass
spring.security.user.roles=ADMIN,USER
```
注: `spring.security.user.roles`不能以`ROLE_`开头,多个角色使用逗号(`,`)分隔

## 3. spring-security-demo03 配置类覆盖默认配置
    
```java
@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication().withUser("user").password(passwordEncoder().encode("pass")).roles("ADMIN","USER").and()
                .withUser(
                        new User("test", passwordEncoder().encode("pass"), AuthorityUtils.commaSeparatedStringToAuthorityList("TEST,USER"))
                );
    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        return PasswordEncoderFactories.createDelegatingPasswordEncoder();
    }
}
```
## 4. spring-security-demo04 实现`UserDetailsService`
    
    `WebSecurityConfig`注入自定义实现的`UserDetailsService`
```java
@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private UserDetailsService userDetailsService;
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService);
    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        return PasswordEncoderFactories.createDelegatingPasswordEncoder();
    }
}
```
    
实现的`UserDetailsService`
    
```java
@Service("userDetailsService")
public class MyUserDetailsService implements UserDetailsService {

    @Autowired
    private PasswordEncoder passwordEncoder;
    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
        List<GrantedAuthority> authorities = AuthorityUtils.commaSeparatedStringToAuthorityList("ADMIN,USER");
        return new User(username, passwordEncoder.encode("123456"),authorities);
    }
}
```
   
## 5. spring-security-demo05 自定义实现`UserDetailsService`,使用`mytatis-plus`

## 6. spring-security-demo06 自定义实现登录页

## 7. spring-security-demo07 实现rbac

- hasRole("TEST")
- hasAnyRole("ADMIN")
- hasAuthority("read")
- hasAnyAuthority("read,write")

注: 用户的角色包含`ROLE_`前缀,判断不需要前缀

## 8. spring-security-demo08 自定义403页面

## 9. spring-security-demo09 注解

## 10. spring-security-demo10 logout

## 11. spring-security-demo11 rememberMe

## 12. spring-security-demo12 csrf

## 13. spring-security-demo13 自定义 accessDecisionManager 方式验证规则

## 14. spring-security-demo14 自定义 MetadataSource 方式,自定义规则

13和14的区别在于,voter在于对规则进行自定义验证,MetadataSource用于定义访问的权限

两者结合使用,使用voter验证MetadataSource定义的访问规则

## 15. spring-security-demo15 access表达式

## 16. spring-security-demo15 整合13和14