詳見:org.springframework.security.authentication.dao.DaoAuthenticationProvider org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
protected boolean hideUserNotFoundExceptions = true;
/**
* By default the <code>AbstractUserDetailsAuthenticationProvider</code> throws a
* <code>BadCredentialsException</code> if a username is not found or the password is
* incorrect. Setting this property to <code>false</code> will cause
* <code>UsernameNotFoundException</code>s to be thrown instead for the former. Note
* this is considered less secure than throwing <code>BadCredentialsException</code>
* for both exceptions.
*
* @param hideUserNotFoundExceptions set to <code>false</code> if you wish
* <code>UsernameNotFoundException</code>s to be thrown instead of the non-specific
* <code>BadCredentialsException</code> (defaults to <code>true</code>)
*/
/**
* 安全配置主類
*/
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private DataSource dataSource;
@Autowired
private UserDetailsService userDetailsService;
@Autowired
private PasswordEncoder passwordEncoder;
@Bean
public ClientDetailsService clientDetails() {
return new JdbcClientDetailsService(dataSource);
}
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Bean
public DaoAuthenticationProvider daoAuthenticationProvider() {
DaoAuthenticationProvider bean = new DaoAuthenticationProvider();
bean.setHideUserNotFoundExceptions(false);
bean.setUserDetailsService(userDetailsService);
bean.setPasswordEncoder(passwordEncoder);
return bean;
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(daoAuthenticationProvider());、
}
}
