import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UsernameNotFoundException; import org.springframework.security.crypto.password.NoOpPasswordEncoder; import org.springframework.security.web.authentication.www.DigestAuthenticationEntryPoint; import org.springframework.security.web.authentication.www.DigestAuthenticationFilter; import java.util.ArrayList; import java.util.List; @Configuration @EnableWebSecurity public class DigestSecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .anyRequest().authenticated() .and() .addFilter(digestAuthenticationFilter()) .exceptionHandling() .authenticationEntryPoint(digestAuthenticationEntryPoint()); } @Bean public DigestAuthenticationEntryPoint digestAuthenticationEntryPoint() { DigestAuthenticationEntryPoint point = new DigestAuthenticationEntryPoint(); point.setRealmName("terry"); point.setKey("terry123"); return point; } @Bean public DigestAuthenticationFilter digestAuthenticationFilter() { DigestAuthenticationFilter filter = new DigestAuthenticationFilter(); filter.setAuthenticationEntryPoint(digestAuthenticationEntryPoint()); filter.setUserDetailsService(userDetailsService()); return filter; } /** * 在Spring security 5 之后需要设置密码解析器， * 如果不设置会报错，一般情况下会用Md5.本文采用的无密码验证 * @return */ @Bean public static NoOpPasswordEncoder passwordEncoder() { return (NoOpPasswordEncoder) NoOpPasswordEncoder.getInstance(); } @Override @Bean public UserDetailsService userDetailsService() { return new UserDetailsService() { //用户摘要 @Override public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { //省略从数据库查询过程 String password = "terry123"; List<GrantedAuthority> authorities = new ArrayList<>(); authorities.add(new SimpleGrantedAuthority("auth")); return new User(username, password, true, true, true, true, authorities); } }; } }