SpringSecurity6从入门到实战之默认用户的生成流程
这次还是如标题所示,上一章我们的登录页面已经知道是如何生成了.那么,我们通过表单登录的user用户以及密码SpringSecurity是如何进行生成的呢?
默认用户生成
让我们把登录流程重新拉回到读取/META-INF/spring/ .imports文件
我们进入SecurityAutoConfiguration源码中查看上面加载的注解
package org.springframework.boot.autoconfigure.security.servlet;
@AutoConfiguration
@ConditionalOnClass({DefaultAuthenticationEventPublisher.class})
//加载配置类让SecurityProperties配置类生效
@EnableConfigurationProperties({SecurityProperties.class})
@Import({SpringBootWebSecurityConfiguration.class, SecurityDataConfiguration.class})
public class SecurityAutoConfiguration {
public SecurityAutoConfiguration() {
}
@Bean
@ConditionalOnMissingBean({AuthenticationEventPublisher.class})
public DefaultAuthenticationEventPublisher authenticationEventPublisher(ApplicationEventPublisher publisher) {
return new DefaultAuthenticationEventPublisher(publisher);
}
}
一般以Properties命名结尾的都是对应的配置类,分别对应application.properties的内容,但是现在我们在application.properties中并没有配置任何内容.
SecurityProperties
public class SecurityProperties {
public static final int BASIC_AUTH_ORDER = 2147483642;
public static final int IGNORED_ORDER = Integer.MIN_VALUE;
public static final int DEFAULT_FILTER_ORDER = -100;
private final Filter filter = new Filter();
//这里就是默认创建的一个用户
private final User user = new User();
public SecurityProperties() {
}
public User getUser() {
return this.user;
}
public Filter getFilter() {
return this.filter;
}
public static class Filter {
private int order = -100;
private Set<DispatcherType> dispatcherTypes = EnumSet.allOf(DispatcherType.class);
public Filter() {
}
public int getOrder() {
return this.order;
}
public void setOrder(int order) {
this.order = order;
}
public Set<DispatcherType> getDispatcherTypes() {
return this.dispatcherTypes;
}
public void setDispatcherTypes(Set<DispatcherType> dispatcherTypes) {
this.dispatcherTypes = dispatcherTypes;
}
}
public static class User {
private String name = "user";
private String password = UUID.randomUUID().toString();
private List<String> roles = new ArrayList();
private boolean passwordGenerated = true;
public User() {
}
public String getName() {
return this.name;
}
public void setName(String name) {
this.name = name;
}
public String getPassword() {
return this.password;
}
public void setPassword(String password) {
if (StringUtils.hasLength(password)) {
this.passwordGenerated = false;
this.password = password;
}
}
public List<String> getRoles() {
return this.roles;
}
public void setRoles(List<String> roles) {
this.roles = new ArrayList(roles);
}
public boolean isPasswordGenerated() {
return this.passwordGenerated;
}
}
}
可以看到了这里有一个定义了name为user的用户和一个随机生成的UUID作为密码,这里就是用户的默认生成