Spring Boot: How to specify the PasswordEncoder?
Currently I got the main class:
package com.recweb.springboot;
import org.springframework.boot.SpringApplication;
im
-
According to spring security 5.0 's new feature. They write this.
Spring Security’s PasswordEncoder interface is used to perform a one way transformation of a password to allow the password to be stored securely. Given PasswordEncoder is a one way transformation, it is not intended when the password transformation needs to be two way (i.e. storing credentials used to authenticate to a database). Typically PasswordEncoder is used for storing a password that needs to be compared to a user provided password at the time of authentication.
So i tried this Mutiple HttpSecurity. This s my security configuration. Hope it help you.
@Configuration @EnableWebSecurity public class SecurityConfig { private final EdminService edminService; public SecurityConfig ( final EdminService edminService ){ this.edminService=edminService; } @Bean public UserDetailsService userDetailsService() throw Exception { UserBuilder users= Users.withDefaultPasswordEncoder; InMemoryUserDetailsManager manager = new InMemoryUserDetailsManager(); ListedminList=this.edminService.findAll(); for(EdminEntity edmin: edminList){ manager.createUser(users.username(edmin.getEdminname()) .password(edmin.getEdminrpass()).roles("EDMIN_ROLE").build()); } return manager; } @Configuration @Order(1) public static class ApiWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter { protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .antMatchers("/home","/vendor/**","/image/**","/home/**").permitAll() .antMatchers("/admin/**").hasRole("EDMIN_ROLE") .anyRequest().authenticated() .and() .formLogin() .loginPage("/login") .permitAll() .defaultSuccessUrl("/home") .and() .logout() .logoutRequestMatcher(new AntPathRequestMatcher("/logout"));} } } Sorry for my english and thanks for read my answer.
加载中...
- 热议问题