1. pom.xml
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.1.3.RELEASE</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<groupId>com.example</groupId>
<artifactId>security-spring-boot</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>security-spring-boot</name>
<description>Demo project for Spring Boot</description>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<maven.compiler.source>1.8</maven.compiler.source>
<maven.compiler.target>1.8</maven.compiler.target>
</properties>
<dependencies>
<!-- 以下是>spring boot依赖-->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<!-- 以下是>spring security依赖-->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<!-- 以下是jsp依赖-->
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
<scope>provided</scope>
</dependency>
<!--jsp页面使用jstl标签 -->
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>jstl</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-tomcat</artifactId>
<scope>provided</scope>
</dependency>
<!--用于编译jsp -->
<dependency>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-jasper</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<version>1.18.0</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>5.1.47</version>
</dependency>
<dependency>
<groupId>org.springframework.data</groupId>
<artifactId>spring-data-jdbc</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-jdbc</artifactId>
</dependency>
</dependencies>
<build>
<finalName>security-springboot</finalName>
<pluginManagement>
<plugins>
<plugin>
<groupId>org.apache.tomcat.maven</groupId>
<artifactId>tomcat7-maven-plugin</artifactId>
<version>2.2</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<configuration>
<source>1.8</source>
<target>1.8</target>
</configuration>
</plugin>
<plugin>
<artifactId>maven-resources-plugin</artifactId>
<configuration>
<encoding>utf-8</encoding>
<useDefaultDelimiters>true</useDefaultDelimiters>
<resources>
<resource>
<directory>src/main/resources</directory>
<filtering>true</filtering>
<includes>
<include>**/*</include>
</includes>
</resource>
<resource>
<directory>src/main/java</directory>
<includes>
<include>**/*.xml</include>
</includes>
</resource>
</resources>
</configuration>
</plugin>
</plugins>
</pluginManagement>
</build>
</project>
2. 配置文件config
@Configuration
public class WebConfig implements WebMvcConfigurer {
//默认Url根路径跳转到/login,此url为spring security提供
@Override
public void addViewControllers(ViewControllerRegistry registry) {
registry.addViewController("/").setViewName("redirect:/login");
}
}
@Configuration
@Slf4j
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Bean //对密码做加密处理
public PasswordEncoder passwordEncoder(){
return new BCryptPasswordEncoder();
}
// //定义信息服务(查询用户信息)
// @Bean
// public UserDetailsService loadUserByUsername( ){
// InMemoryUserDetailsManager manager = new InMemoryUserDetailsManager();
// manager.createUser(User.withUsername("tina").password("$2a$10$d.NV7X0v0VoQNmwi1neGI.05o5If54jiqWzBeYYBLSaQNlBI7nyFW").authorities("p1").build());
// manager.createUser(User.withUsername("zhangsan").password("$2a$10$d.NV7X0v0VoQNmwi1neGI.05o5If54jiqWzBeYYBLSaQNlBI7nyFW").authorities("p2").build());
// manager.createUser(User.withUsername("lisi").password("$2a$10$d.NV7X0v0VoQNmwi1neGI.05o5If54jiqWzBeYYBLSaQNlBI7nyFW").authorities("p3").build());
// return manager;
// }
//安全拦截机制(最重要)
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()//屏蔽CSRF控制,即spring security不再限制CSRF
.authorizeRequests()
.antMatchers("/r/r1").hasAuthority("p1")
.antMatchers("/r/r2").hasAuthority("p2")
.antMatchers("/r/r3").hasAuthority("p3")
.antMatchers("/r/**").authenticated()//所有/r/**的请求必须认证通过
.anyRequest().permitAll()//除了/r/**,其它的请求可以访问
.and()
.formLogin()//允许表单登录
.successForwardUrl("/login-success")//自定义登录成功的页面地址
.and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)//如果需要的话就创建一个session
.and()
.logout()
.logoutUrl("/logout")
.logoutSuccessUrl("/");
}
}
3. service
@Service
@Slf4j
public class SpringDataUserDetailsServiceImpl implements UserDetailsService {
@Autowired
private UserModelDao userModelDao ;
/**
* 从数据库查询数据
* @param username
* @return
* @throws UsernameNotFoundException
*/
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
log.info("当前访问的用户是{}",username);
//2. 查询数据库,获取用户的相关信息和用户权限相关的信息
UserModel allByUsername = userModelDao.findAllByUsername(username);
if(Objects.isNull(allByUsername)){
throw new RuntimeException("当前用户不存在");
}
List<Permission> permissionList= userModelDao.findRoleByUserId(allByUsername.getId());
ArrayList<String> authorities = new ArrayList<>();
permissionList.forEach(item ->{
authorities.add(item.getCode());
});
String[] strings = new String[authorities.size()];
String[] strings1 = authorities.toArray(strings);
UserDetails userDetails = User.withUsername(allByUsername.getUsername()).password(allByUsername.getPassword()).authorities(strings1).build();
return userDetails;
}
}
4. controller
@RestController
public class LoginController {
//获取当前用户的信息
private String getUserName(){
String username = null;
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
Object principal = authentication.getPrincipal();
if(principal == null){
username = "匿名";
}
if(principal instanceof UserDetails){
UserDetails userDetails = (UserDetails)principal;
username = userDetails.getUsername() ;
}else{
username = principal.toString();
}
return username ;
}
@RequestMapping(value = "/login-success",produces = {"text/plain;charset=UTF-8"})
public String loginSuccess(){
return " 登录成功";
}
/**
* 测试资源1
* @return
*/
@GetMapping(value = "/r/r1",produces = {"text/plain;charset=UTF-8"})
public String r1(){
return " 访问资源1";
}
/**
* 测试资源2
* @return
*/
@GetMapping(value = "/r/r2",produces = {"text/plain;charset=UTF-8"})
public String r2(){
return " 访问资源2";
}
}
5 . 启动类
@SpringBootApplication
public class SecuritySpringBootApplication {
public static void main(String[] args) {
SpringApplication.run(SecuritySpringBootApplication.class, args);
}
}
6 . 实体类
@Data
public class Permission implements Serializable {
private String id;
private String code;
private String description;
private String url;
}
@Data
@AllArgsConstructor
public class UserModel {
public static final String SEESION_USER_KEY = "_user";
//用户身份
private String id;
private String username;
private String password;
private String fullname;
private String mobile;
}
网友评论