自定义验证

确保已创建 passwordEncoder 类：

@Bean
public PasswordEncoder passwordEncoder() {
	System.out.println(new BCryptPasswordEncoder().encode("123456"));
	return new BCryptPasswordEncoder();
}

UserDetailsService

将自定义的验证接入SpringSecurity框架需要自行实现UserDetailsService或是功能更完善的UserDetailsManager接口。

@Service
public class AuthorizeService implements UserDetailsService {
 
    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
        return null;
    }
}

接着我们需要再 UserDetails loadUserByUsername 方法中配置实现方法。

但需要先添加获取数据库数据的mapper和实体类：

public interface UserMapper {
    @Select("select * from user where username = #{username}")
    Account findUserByName(String username);
}

还有配置包扫描：

@EnableWebMvc
@Configuration
@ComponentScans({
        @ComponentScan("com.example.controller"),
        @ComponentScan("com.example.service")
})
@MapperScan("com.example.mapper")
public class WebConfiguration implements WebMvcConfigurer {
  	...
}

最后实现 UserDetailsService 即可：

@Service
public class AuthorizeService implements UserDetailsService {
 
    @Resource
    UserMapper mapper;
 
    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
        Account account = mapper.findUserByName(username);
        if(account == null)
            throw new UsernameNotFoundException("用户名或密码错误");
        return User
                .withUsername(username)
                .password(account.getPassword())
                .build();
    }
}

需要注意的是，Security会自动调用PasswordEncoder来将输入得到的密码进行hash加密，然后再与数据库进行比对。