詳見:org.springframework.security.authentication.dao.DaoAuthenticationProvider org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider protected boolean hideUserNotFoundExceptions = true; /** * By default the <code>AbstractUserDetailsAuthenticationProvider</code> throws a * <code>BadCredentialsException</code> if a username is not found or the password is * incorrect. Setting this property to <code>false</code> will cause * <code>UsernameNotFoundException</code>s to be thrown instead for the former. Note * this is considered less secure than throwing <code>BadCredentialsException</code> * for both exceptions. * * @param hideUserNotFoundExceptions set to <code>false</code> if you wish * <code>UsernameNotFoundException</code>s to be thrown instead of the non-specific * <code>BadCredentialsException</code> (defaults to <code>true</code>) */
/**
* 安全配置主類
*/
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private DataSource dataSource;
@Autowired
private UserDetailsService userDetailsService;
@Autowired
private PasswordEncoder passwordEncoder;
@Bean
public ClientDetailsService clientDetails() {
return new JdbcClientDetailsService(dataSource);
}
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Bean
public DaoAuthenticationProvider daoAuthenticationProvider() {
DaoAuthenticationProvider bean = new DaoAuthenticationProvider();
bean.setHideUserNotFoundExceptions(false);
bean.setUserDetailsService(userDetailsService);
bean.setPasswordEncoder(passwordEncoder);
return bean;
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(daoAuthenticationProvider());、
}
}