添加具有弹簧安全性的自定义登录控制器

在spring-security-core jar中，有一个接口UserDetailsService，它有一个方法

UserDetails loadUserByUsername(String username) throws UsernameNotFoundException;

您可以实现此接口并创建自己的逻辑代码，例如

@Service("userDetailsService")
public class UserDetailsServiceImpl implements UserDetailsService {

@Transactional(readOnly = true)
public UserDetails loadUserByUsername(String username) {
    User user = userService.findUserByUsername(username);
    if (user != null) {
        String password = user.getPassword();
        boolean enabled = user.getActive();
        boolean accountNonExpired = user.getActive();
        boolean credentialsNonExpired = user.getActive();
        boolean accountNonLocked = user.getActive();

        Collection<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
        for (Role r : user.getRoles()) {
            authorities.add(new SimpleGrantedAuthority(r.getAuthority()));
        }
        org.springframework.security.core.userdetails.User securedUser = new org.springframework.security.core.userdetails.User(
                username, password, enabled, accountNonExpired,
                credentialsNonExpired, accountNonLocked, authorities);
        return securedUser;
    } else {
        throw new UsernameNotFoundException(
                "Unable to find user with username provided!!");
    }
}

然后使用创建 DaoAuthenticationProvider 的对象

<bean id="daoAuthenticationProvider"
    class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
    <property name="userDetailsService" ref="userDetailsService"></property>
</bean>

最后，将此 DaoAuthenticationProvider 提供给 ProviderManager

<bean class="org.springframework.security.authentication.ProviderManager">
    <constructor-arg>
        <list>
            <ref bean="daoAuthenticationProvider" />
        </list>
    </constructor-arg>
</bean>

<security:authentication-manager>
    <security:authentication-provider
        user-service-ref="userDetailsService">
        <security:password-encoder hash="plaintext"></security:password-encoder>
    </security:authentication-provider>
</security:authentication-manager>

添加网页.xml详细信息

<listener>
    <listener-class>
        org.springframework.web.context.ContextLoaderListener
    </listener-class>
</listener>

<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>classpath:spring-config/spring-*.xml</param-value>
</context-param>


<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>

<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
 </filter-mapping>

为此，您可以通过从 org.springframework 实现 AuthenticationProvider 来使用自己的 CustomAuthenticationProvider。安全。身份验证并覆盖公共身份验证身份验证（身份验证身份验证）方法。

下面给出了代码示例

public class CustomAuthenticationProvider implements AuthenticationProvider {

@Override
public Authentication authenticate(Authentication authentication)
        throws AuthenticationException {
    String username = authentication.getName();
    String password = (String) authentication.getCredentials();
    List<GrantedAuthority> grantedAuths = new ArrayList<>();


       //validate and do your additionl logic and set the role type after your validation. in this code i am simply adding admin role type
        grantedAuths.add(new SimpleGrantedAuthority("ROLE_ADMIN" ));



    return new UsernamePasswordAuthenticationToken(username, password, grantedAuths);
}

@Override
public boolean supports(Class<?> arg0) {
    return true;
}

} 

所以默认的登录处理程序，即/login（POST）将由此处理。