# 使用基于内存的用户存储 因为我们的安全配置类扩展了 **WebSecurityConfigurerAdapter**,因此**配置用户存储的最简单方式就是重载 configure() 方法,并以 AuthenticationManagerBuilder 作为传入参数。** AuthenticationManagerBuilder 有多个方法可以用来配置 Spring Security 对认证的支持。通过 inMemoryAuthentication() 方法,我们可以启用、配置并任意填充基于内存的用户存储。
配置 Spring Security 使用内存用户存储 {% code overflow="wrap" lineNumbers="true" %} ```java package spittr.config; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity; @Configuration @EnableWebMvcSecurity public class SecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth .inMemoryAuthentication() .withUser("user").password("password").roles("USER"); .withUser("admin").password("password").roles("USER", "ADMIN"); } } ``` {% endcode %}
在上述程序清单中,SecurityConfig 重载了 configure() 方法,并使用两个用户来配置内存用户存储。 > 需要注意的是: > > * roles() 方法是 authorities() 方法的简写形式。 > * **roles() 方法所给定的值都会添加一个“ROLE\_”前缀**,并将其作为权限授予给用户。 配置用户详细信息的方法如下表:
方法描述
accountExpired(boolean)定义账号是否已经过期
accountLocked(boolean)定义账号是否已经锁定
and()用来连接配置
authorities(GrantedAuthority...)授予某个用户一项或多项权限
authorities(List<? extends GrantedAuthority>)授予某个用户一项或多项权限
authorities(String...)授予某个用户一项或多项权限
credentialsExpired(boolean)定义凭证是否已经过期
disabled(boolean)定义账号是否已被禁用
password(String)定义用户的密码
roles(String...)授予某个用户一项或多项角色
--- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://bohans.gitbook.io/ji-chu/spring/basic/spring-security/pei-zhi-yong-hu-cun-chu/shi-yong-ji-yu-nei-cun-de-yong-hu-cun-chu.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.