我正在尝试向我的Spring Boot后端添加基本身份验证。到目前为止,我所拥有的是一个有角度的前端登录页面和一些基本的身份验证设置。现在,它允许一个用户帐户,其用户为:“ user”,密码为:“ password”。我希望能够拥有一个数据库来存储用户详细信息,并且每次有人尝试登录后端时都可以在数据库中查找这些详细信息。我的计划是使用DynamoDB,如何从websecurityconfig类中执行此操作?
后端
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("user")
.password("password")
.roles("USER");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.authorizeRequests()
.antMatchers("/login")
.permitAll().anyRequest()
.authenticated()
.and()
.httpBasic();
}
}
控制器
public class LoginController {
@RequestMapping(value ="/login", method = RequestMethod.POST, headers = { "Content-type=application/json",
"Access-Control-Allow-Origin=*" }, consumes = "application/json")
public boolean login(@RequestBody UserModel user) {
System.out.println(user.getUsername());
System.out.println(user.getPassword());
return user.getUsername().equals("user") && user.getPassword().equals("password");
}
@RequestMapping("/user")
public Principal user(HttpServletRequest request) {
String authToken = request.getHeader("Authorization")
.substring("Basic".length()).trim();
return () -> new String(Base64.getDecoder()
.decode(authToken)).split(":")[0];
}
}