Home >Java >javaTutorial >How to use the authentication and authorization framework in Java to implement user authentication and permission management?
How to use the authentication and authorization framework in Java to implement user authentication and permission management?
Introduction:
In most applications, user authentication and permission management are very important functions. There are many authentication and authorization frameworks in Java available to developers, such as Spring Security, Shiro, etc. This article will focus on how to use the Spring Security framework to implement user authentication and permission management.
1. Introduction to Spring Security
Spring Security is a powerful security framework. It is a plug-in based on the Spring framework and can be used to add authentication and authorization functions. Spring Security provides many functions, such as user authentication, role management, permission management, etc.
2. Authentication
Authentication is the process of verifying user identity. In Spring Security, user authentication can be achieved by configuring an authentication provider.
52b82e06fe430ab7919c3a04d90647be
element. <authentication-manager> <authentication-provider user-service-ref="userDetailsService"/> </authentication-manager>
UserDetailsService
interface to implement this class. @Service public class CustomUserDetailsService implements UserDetailsService { @Autowired private UserRepository userRepository; @Override public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { User user = userRepository.findByUsername(username); if (user == null) { throw new UsernameNotFoundException("User not found with username: " + username); } return new org.springframework.security.core.userdetails.User(user.getUsername(), user.getPassword(), getAuthorities(user.getRoles())); } private Collection<? extends GrantedAuthority> getAuthorities(Collection<Role> roles) { return roles.stream().map(role -> new SimpleGrantedAuthority(role.getName())).collect(Collectors.toList()); } }
users
and roles
, can be created. CREATE TABLE users ( id BIGINT AUTO_INCREMENT PRIMARY KEY, username VARCHAR(50) NOT NULL, password VARCHAR(100) NOT NULL ); CREATE TABLE roles ( id BIGINT AUTO_INCREMENT PRIMARY KEY, name VARCHAR(50) NOT NULL ); CREATE TABLE user_roles ( user_id BIGINT, role_id BIGINT, FOREIGN KEY (user_id) REFERENCES users(id), FOREIGN KEY (role_id) REFERENCES roles(id), PRIMARY KEY (user_id, role_id) );
@Configuration @EnableWebSecurity public class SecurityConfig extends WebSecurityConfigurerAdapter { @Autowired private UserDetailsService userDetailsService; @Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .antMatchers("/").permitAll() .antMatchers("/admin/**").hasRole("ADMIN") .anyRequest().authenticated() .and() .formLogin() .loginPage("/login") .permitAll() .and() .logout() .permitAll(); } @Autowired public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder()); } @Bean public PasswordEncoder passwordEncoder() { return new BCryptPasswordEncoder(); } }
3. Authorization
After successful user authentication, you can use Spring Security for permission management.
@Configuration @EnableWebSecurity public class SecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .antMatchers("/admin/**").access("hasRole('ADMIN')") .anyRequest().authenticated(); } }
@RestController @RequestMapping("/api") public class ApiController { @PreAuthorize("hasRole('USER')") @GetMapping("/users") public List<User> getUsers() { // code here } @PreAuthorize("hasRole('ADMIN')") @PostMapping("/user") public User createUser(@RequestBody User user) { // code here } }
Conclusion:
Using Spring Security, user authentication and permission management can be easily achieved. This article introduces how to use the Spring Security framework to configure authentication and authorization providers, authenticate users by customizing user details service classes and database models, and manage permissions by configuring URL rules and annotations. I hope this article will help you understand and use the authentication and authorization framework in Java.
Reference:
The above is the detailed content of How to use the authentication and authorization framework in Java to implement user authentication and permission management?. For more information, please follow other related articles on the PHP Chinese website!