728x90
@EnableWebSecurity
@RequiredArgsConstructor
public class SecurityConfiguration extends WebSecurityConfigurerAdapter
{
private final DataSource dataSource;
private final UserDetailsService userDetailsService;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception
{
auth.userDetailsService(userDetailsService);
}
@Override
protected void configure(HttpSecurity http) throws Exception
{
http.authorizeRequests()
.antMatchers("/admin").hasRole("ADMIN")
.antMatchers("/user").hasAnyRole("ADMIN","USER")
.antMatchers("/").permitAll()
.and()
.formLogin();
}
@Bean
public PasswordEncoder getPasswordEncoder()
{
return NoOpPasswordEncoder.getInstance();
}
}we are now providing UserDetailsService for our authentication
@Service
@RequiredArgsConstructor
public class MyUserDetailsService implements UserDetailsService
{
private final UserRepository userRepository;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException
{
User user = userRepository.findByUserName(username).
orElseThrow(() -> new UsernameNotFoundException("Not found: +" + username));
MyUserDetails myUserDetails = new MyUserDetails(user);
return myUserDetails;
}
}we implents UserDetailsService and override loadUserByUsername to inject in our configure method.
we get User from Jpa repository and transform to MyUserDetails which implements UserDetail interface.
public class MyUserDetails implements UserDetails
{
private String userName;
private String password;
private boolean active;
private List<GrantedAuthority> authorities;
public MyUserDetails()
{
}
public MyUserDetails(User user)
{
this.userName = user.getUserName();
this.password = user.getPassword();
this.active = user.isActive();
this.authorities = Arrays.stream(user.getRoles().split(","))
.map(SimpleGrantedAuthority::new)
.collect(Collectors.toList());
}
@Override
public Collection<? extends GrantedAuthority> getAuthorities()
{
// return Arrays.asList(new SimpleGrantedAuthority("ROLE_USER"));
return authorities;
}
@Override
public String getPassword()
{
return password;
}
@Override
public String getUsername()
{
return userName;
}
@Override
public boolean isAccountNonExpired()
{
return true;
}
@Override
public boolean isAccountNonLocked()
{
return true;
}
@Override
public boolean isCredentialsNonExpired()
{
return true;
}
@Override
public boolean isEnabled()
{
return true;
}
}
728x90
'WEB > Security' 카테고리의 다른 글
| [java brains] JWT+ Spring Security (0) | 2021.04.18 |
|---|---|
| [java brains] JWT (0) | 2021.04.15 |
| [java brains] how Spring Security Authentication works (0) | 2021.04.12 |
| [java brains] Filters , Configure (0) | 2021.04.12 |
| [java brains] Spring security basic (0) | 2021.04.01 |