02 - spring security基于配置文件及内存的账号密码

2026/5/1 22:47:01 来源：https://blog.csdn.net/shuair/article/details/147197593 浏览: 次关键词：02 - spring security基于配置文件及内存的账号密码

spring security基于配置的账号密码

文档

00 - spring security框架使用
01 - spring security自定义登录页面

yml文件中配置账号密码

spring:security:user:name: adminpassword: 123456

yml文件中配置账号密码后，控制台将不再输出临时密码

基于内存的账号密码

调整配置类`WebSecurityConfig.java`

package xin.yangshuai.springsecurity03.config;import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.config.annotation.web.configurers.FormLoginConfigurer;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
import org.springframework.security.web.SecurityFilterChain;@Configuration
// @EnableWebSecurity
public class WebSecurityConfig {@Beanpublic UserDetailsService userDetailsService() {InMemoryUserDetailsManager manager = new InMemoryUserDetailsManager();// 此时配置文件中的用户名和密码将不可用manager.createUser(User.withDefaultPasswordEncoder().username("user").password("password").roles("USER").build());return manager;}@Beanpublic SecurityFilterChain filterChain(HttpSecurity http) throws Exception {// 开启授权保护http.authorizeRequests(new Customizer<ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry>() {@Overridepublic void customize(ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry expressionInterceptUrlRegistry) {expressionInterceptUrlRegistry// 对所有请求开启授权保护.anyRequest()// 已经认证的请求会被自动授权.authenticated();}});// 自定义登录页面http.formLogin(new Customizer<FormLoginConfigurer<HttpSecurity>>() {@Overridepublic void customize(FormLoginConfigurer<HttpSecurity> httpSecurityFormLoginConfigurer) {// 自定义登录页，并且设置无需授权允许访问httpSecurityFormLoginConfigurer.loginPage("/login").permitAll();// 配置自定义表单的用户名参数，默认值：usernamehttpSecurityFormLoginConfigurer.usernameParameter("myusername");// 配置自定义表单的密码参数，默认值：passwordhttpSecurityFormLoginConfigurer.passwordParameter("mypassword");// 校验失败时跳转的地址，默认值：/login?errorhttpSecurityFormLoginConfigurer.failureUrl("/login?error");}});return http.build();}
}