第四章 登录(上)
前言
这章的主要内容是通过SpringSecurity来实现一个简单的登录功能!
官网文档
一、引入依赖
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
启动项目,访问地址http://127.0.0.1:8888/upms,看到如下界面则表示成功
二、关联数据库
要实现动态的用户名密码,则需要实现UserDetailsService里面的loadUserByUsername方法。
新建一个UserDetailsServiceImpl的类,代码如下:
package com.ailot.cloud.upms.api.service.impl;
import cn.hutool.core.util.ArrayUtil;
import cn.hutool.core.util.ObjectUtil;
import cn.hutool.core.util.StrUtil;
import com.ailot.cloud.upms.api.service.SysUserService;
import com.ailot.cloud.upms.common.entity.SysUser;
import com.baomidou.mybatisplus.core.toolkit.Wrappers;
import lombok.AllArgsConstructor;
import org.springframework.context.annotation.Bean;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Service;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashSet;
import java.util.Set;
@Service
@AllArgsConstructor
public class UserDetailsServiceImpl implements UserDetailsService {
private final SysUserService sysUserService;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
SysUser sysUser = sysUserService.getOne(Wrappers.<SysUser>lambdaQuery().eq(SysUser::getUsername, username));
if (ObjectUtil.isEmpty(sysUser)){
throw new UsernameNotFoundException("用户不存在");
}
UserDetails userDetails = AssembleUserDetails(sysUser);
return userDetails;
}
/**
* 组装userDetails
* @param sysUser
* @return
*/
private UserDetails AssembleUserDetails(SysUser sysUser) {
// 初始一个空的权限,后期这个权限会从数据库里面查出来
Collection<? extends GrantedAuthority> authorities
= AuthorityUtils.createAuthorityList(new String[0]);
return new User(sysUser.getUsername(), sysUser.getPassword(),authorities);
}
/**
* 指定加解密算法
* @return
*/
@Bean
PasswordEncoder passwordEncoder(){
return new BCryptPasswordEncoder();
}
}
将数据库里面的明文密码1替换为通过BCryptPasswordEncoder加密后的密文,我们来写个测试用例来获取密文,代码如下:
package com.ailot.cloud.upms.api;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.test.context.junit4.SpringRunner;
@RunWith(SpringRunner.class)
@SpringBootTest
public class PasswordEncoder {
@Test
public void password() {
BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
System.out.println(encoder.encode("1"));
}
}
运行后得到密文(每次运行后的密文是不一样的),如图:
数据库数据如下:
新建一个登录成功后的回调方法,返回true
package com.ailot.cloud.upms.api.controller;
import com.ailot.cloud.upms.common.entity.SysUser;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
@RestController
@RequestMapping("/")
public class IndexController {
@GetMapping
public Boolean index() {
return true;
}
}
启动项目,输入用户名:test 密码:1
执行登录操作,可以发现能够正常跳转,并在浏览器打印了true
当前版本tag:1.0.2
代码仓库
三、 体验地址
后台数据库只给了部分权限,报错属于正常!
想学的老铁给点点关注吧!!!
我是阿咕噜,一个从互联网慢慢上岸的程序员,如果喜欢我的文章,记得帮忙点个赞哟,谢谢!