spring boot security 设置超时时间

原创

mob64ca12d1a59e 2023-10-19 05:32:15 ©著作权

文章标签 ide 自定义 java 文章分类 spring boot 后端开发

©著作权归作者所有：来自51CTO博客作者mob64ca12d1a59e的原创作品，请联系作者获取转载授权，否则将追究法律责任

Spring Boot Security 设置超时时间

整件事情的流程

下面是实现 Spring Boot Security 设置超时时间的步骤：

步骤	动作	代码
1	创建一个新的 Spring Boot 项目	无
2	添加 Spring Security 依赖	`xml <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency>`
3	创建一个自定义的 UserDetails 实现类	无
4	创建一个自定义的 UserDetailsService 实现类	无
5	创建一个自定义的 AuthenticationProvider 实现类	无
6	配置 Spring Security	java @Configuration @EnableWebSecurity public class SecurityConfig extends WebSecurityConfigurerAdapter { @Autowired private UserDetailsService userDetailsService; @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth.authenticationProvider(authenticationProvider()); } @Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .anyRequest().authenticated() .and() .formLogin() .and() .logout() .permitAll(); } @Bean public AuthenticationProvider authenticationProvider() { DaoAuthenticationProvider authenticationProvider = new DaoAuthenticationProvider(); authenticationProvider.setUserDetailsService(userDetailsService); return authenticationProvider; } }
7	配置超时时间	java @Configuration @EnableWebSecurity public class SecurityConfig extends WebSecurityConfigurerAdapter { @Autowired private UserDetailsService userDetailsService; @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth.authenticationProvider(authenticationProvider()); } @Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .anyRequest().authenticated() .and() .formLogin() .and() .logout() .permitAll() .and() .sessionManagement() .maximumSessions(1) .maxSessionsPreventsLogin(true); } @Bean public AuthenticationProvider authenticationProvider() { DaoAuthenticationProvider authenticationProvider = new DaoAuthenticationProvider(); authenticationProvider.setUserDetailsService(userDetailsService); return authenticationProvider; } }

代码解释

1. 创建一个自定义的 UserDetails 实现类

public class CustomUserDetails implements UserDetails {
    // 自定义 User 实体类，可以根据需求添加字段和方法

    @Override
    public Collection<? extends GrantedAuthority> getAuthorities() {
        // 返回用户的权限列表，可以根据需求进行设置
        return null;
    }

    // 其他 UserDetails 的方法
}

2. 创建一个自定义的 UserDetailsService 实现类

@Service
public class CustomUserDetailsService implements UserDetailsService {

    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
        // 根据用户名从数据库或其他地方查询用户信息，并构建 CustomUserDetails 对象返回
        return null;
    }
}

3. 创建一个自定义的 AuthenticationProvider 实现类

@Component
public class CustomAuthenticationProvider implements AuthenticationProvider {

    @Autowired
    private UserDetailsService userDetailsService;

    @Override
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        // 根据 authentication 获取用户输入的用户名和密码，然后根据用户名查询用户信息
        String username = authentication.getName();
        String password = authentication.getCredentials().toString();
        UserDetails userDetails = userDetailsService.loadUserByUsername(username);

        // 自定义验证逻辑，比较密码是否匹配等
        if (password.equals(userDetails.getPassword())) {
            return new UsernamePasswordAuthenticationToken(username, password, userDetails.getAuthorities());
        } else {
            throw new BadCredentialsException("Invalid credentials");
        }
    }

    @Override
    public boolean supports(Class<?> authentication) {
        return authentication.equals(UsernamePasswordAuthenticationToken.class);
    }
}

4. 配置 Spring Security

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private UserDetailsService userDetailsService;

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.authenticationProvider(authenticationProvider());
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .authorizeRequests()
            .anyRequest().authenticated()
            .and()
            .formLogin()
            .and()
            .logout()
            .permitAll();
    }

    @Bean
    public AuthenticationProvider authenticationProvider() {
        DaoAuthenticationProvider authenticationProvider = new DaoAuthenticationProvider();
        authenticationProvider.setUserDetailsService(userDetailsService);
        return authenticationProvider;
    }
}

5. 配置超时时间

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private UserDetailsService userDetailsService;

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth