Spring Security + Hibernate Annotation Example

最新推荐文章于 2024-09-10 22:48:37 发布
最新推荐文章于 2024-09-10 22:48:37 发布
阅读量1.1k 收藏
点赞数
文章标签: hibernate spring spring security

In this tutorial, previous Spring Security + Hibernate4 XML example will be reused, and convert it to a annotation-based example.

Technologies used :

  • Spring 3.2.8.RELEASE
  • Spring Security 3.2.3.RELEASE
  • Hibernate 4.2.11.Final
  • MySQL Server 5.6
  • Tomcat 7 (Servlet 3.x container)

Quick Note :

  • Create a session factory with LocalSessionFactoryBuilder
  • Inject session factory into a UserDao
  • Integrate UserDao into a custom UserDetailsService, to load users from the database.

1. Project Directory

A final project directory structure.
spring-security-hibernate-annotation-directory

2. User Model + Mapping File

Model classes and its’ annotation-based mapping file.

User.java

package com.mkyong.users.model;

import java.util.HashSet;
import java.util.Set;
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.FetchType;
import javax.persistence.Id;
import javax.persistence.OneToMany;
import javax.persistence.Table;

@Entity
@Table(name = "users", catalog = "test")
public class User {

    private String username;
    private String password;
    private boolean enabled;
    private Set<UserRole> userRole = new HashSet<UserRole>(0);

    public User() {
    }

    public User(String username, String password, boolean enabled) {
        this.username = username;
        this.password = password;
        this.enabled = enabled;
    }

    public User(String username, String password, 
        boolean enabled, Set<UserRole> userRole) {
        this.username = username;
        this.password = password;
        this.enabled = enabled;
        this.userRole = userRole;
    }

    @Id
    @Column(name = "username", unique = true, 
        nullable = false, length = 45)
    public String getUsername() {
        return this.username;
    }

    public void setUsername(String username) {
        this.username = username;
    }

    @Column(name = "password", 
        nullable = false, length = 60)
    public String getPassword() {
        return this.password;
    }

    public void setPassword(String password) {
        this.password = password;
    }

    @Column(name = "enabled", nullable = false)
    public boolean isEnabled() {
        return this.enabled;
    }

    public void setEnabled(boolean enabled) {
        this.enabled = enabled;
    }

    @OneToMany(fetch = FetchType.LAZY, mappedBy = "user")
    public Set<UserRole> getUserRole() {
        return this.userRole;
    }

    public void setUserRole(Set<UserRole> userRole) {
        this.userRole = userRole;
    }

}

UserRole.java

package com.mkyong.users.model;

import static javax.persistence.GenerationType.IDENTITY;
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.FetchType;
import javax.persistence.GeneratedValue;
import javax.persistence.Id;
import javax.persistence.JoinColumn;
import javax.persistence.ManyToOne;
import javax.persistence.Table;
import javax.persistence.UniqueConstraint;

@Entity
@Table(name = "user_roles", catalog = "test", 
    uniqueConstraints = @UniqueConstraint(
        columnNames = { "role", "username" }))
public class UserRole{

    private Integer userRoleId;
    private User user;
    private String role;

    public UserRole() {
    }

    public UserRole(User user, String role) {
        this.user = user;
        this.role = role;
    }

    @Id
    @GeneratedValue(strategy = IDENTITY)
    @Column(name = "user_role_id", 
        unique = true, nullable = false)
    public Integer getUserRoleId() {
        return this.userRoleId;
    }

    public void setUserRoleId(Integer userRoleId) {
        this.userRoleId = userRoleId;
    }

    @ManyToOne(fetch = FetchType.LAZY)
    @JoinColumn(name = "username", nullable = false)
    public User getUser() {
        return this.user;
    }

    public void setUser(User user) {
        this.user = user;
    }

    @Column(name = "role", nullable = false, length = 45)
    public String getRole() {
        return this.role;
    }

    public void setRole(String role) {
        this.role = role;
    }

}

3. DAO Class

DAO classes, to load data from the database, via Hibernate.

UserDao.java

package com.mkyong.users.dao;

import com.mkyong.users.model.User;

public interface UserDao {

    User findByUserName(String username);

}

UserDaoImpl.java

package com.mkyong.users.dao;

import java.util.ArrayList;
import java.util.List;

import org.hibernate.SessionFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Repository;

import com.mkyong.users.model.User;

@Repository
public class UserDaoImpl implements UserDao {

    @Autowired
    private SessionFactory sessionFactory;

    @SuppressWarnings("unchecked")
    public User findByUserName(String username) {

        List<User> users = new ArrayList<User>();

        users = sessionFactory.getCurrentSession()
            .createQuery("from User where username=?")
            .setParameter(0, username)
            .list();

        if (users.size() > 0) {
            return users.get(0);
        } else {
            return null;
        }

    }

}

4. UserDetailsService

Uses @Transactional to declare a transactional method.

MyUserDetailsService.java

package com.mkyong.users.service;

import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;

import com.mkyong.users.dao.UserDao;
import com.mkyong.users.model.UserRole;

@Service("userDetailsService")
public class MyUserDetailsService implements UserDetailsService {

    //get user from the database, via Hibernate
    @Autowired
    private UserDao userDao;

    @Transactional(readOnly=true)
    @Override
    public UserDetails loadUserByUsername(final String username) 
        throws UsernameNotFoundException {

        com.mkyong.users.model.User user = userDao.findByUserName(username);
        List<GrantedAuthority> authorities = 
                                      buildUserAuthority(user.getUserRole());

        return buildUserForAuthentication(user, authorities);

    }

    // Converts com.mkyong.users.model.User user to
    // org.springframework.security.core.userdetails.User
    private User buildUserForAuthentication(com.mkyong.users.model.User user, 
        List<GrantedAuthority> authorities) {
        return new User(user.getUsername(), user.getPassword(), 
            user.isEnabled(), true, true, true, authorities);
    }

    private List<GrantedAuthority> buildUserAuthority(Set<UserRole> userRoles) {

        Set<GrantedAuthority> setAuths = new HashSet<GrantedAuthority>();

        // Build user's authorities
        for (UserRole userRole : userRoles) {
            setAuths.add(new SimpleGrantedAuthority(userRole.getRole()));
        }

        List<GrantedAuthority> Result = new ArrayList<GrantedAuthority>(setAuths);

        return Result;
    }

}

5. Spring Security Annotation

Declares and binds everything with annotations, read the comments, it should be self-explanatory.

SecurityConfig.java

package com.mkyong.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    @Qualifier("userDetailsService")
    UserDetailsService userDetailsService;

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {

        http.authorizeRequests().antMatchers("/admin/**")
        .access("hasRole('ROLE_ADMIN')").and().formLogin()
        .loginPage("/login").failureUrl("/login?error")
        .usernameParameter("username")
        .passwordParameter("password")
        .and().logout().logoutSuccessUrl("/login?logout")
        .and().csrf()
        .and().exceptionHandling().accessDeniedPage("/403");
    }

    @Bean
    public PasswordEncoder passwordEncoder(){
        PasswordEncoder encoder = new BCryptPasswordEncoder();
        return encoder;
    }

}

Uses LocalSessionFactoryBuilder to create a session factory.

AppConfig.java

package com.mkyong.config;

import java.util.Properties;
import org.apache.commons.dbcp.BasicDataSource;
import org.hibernate.SessionFactory;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Import;
import org.springframework.orm.hibernate4.HibernateTransactionManager;
import org.springframework.orm.hibernate4.LocalSessionFactoryBuilder;
import org.springframework.transaction.annotation.EnableTransactionManagement;
import org.springframework.web.servlet.config.annotation.EnableWebMvc;
import org.springframework.web.servlet.view.InternalResourceViewResolver;
import org.springframework.web.servlet.view.JstlView;

@EnableWebMvc
@Configuration
@ComponentScan({ "com.mkyong.*" })
@EnableTransactionManagement
@Import({ SecurityConfig.class })
public class AppConfig {

        @Bean
        public SessionFactory sessionFactory() {
                LocalSessionFactoryBuilder builder = 
            new LocalSessionFactoryBuilder(dataSource());
                builder.scanPackages("com.mkyong.users.model")
                      .addProperties(getHibernateProperties());

                return builder.buildSessionFactory();
        }

    private Properties getHibernateProperties() {
                Properties prop = new Properties();
                prop.put("hibernate.format_sql", "true");
                prop.put("hibernate.show_sql", "true");
                prop.put("hibernate.dialect", 
                    "org.hibernate.dialect.MySQL5Dialect");
                return prop;
        }

    @Bean(name = "dataSource")
    public BasicDataSource dataSource() {

        BasicDataSource ds = new BasicDataSource();
            ds.setDriverClassName("com.mysql.jdbc.Driver");
        ds.setUrl("jdbc:mysql://localhost:3306/test");
        ds.setUsername("root");
        return ds;
    }

    //Create a transaction manager
    @Bean
        public HibernateTransactionManager txManager() {
                return new HibernateTransactionManager(sessionFactory());
        }

    @Bean
    public InternalResourceViewResolver viewResolver() {
        InternalResourceViewResolver viewResolver 
                             = new InternalResourceViewResolver();
        viewResolver.setViewClass(JstlView.class);
        viewResolver.setPrefix("/WEB-INF/pages/");
        viewResolver.setSuffix(".jsp");
        return viewResolver;
    }

}

Done.

6. Project Demo

The following video demo is for the Spring Security database login tutorial. Since this tutorial is generating the same output, so the video demo is reused.

6.1 Access a password protected page : http://localhost:8080/spring-security-hibernate-annotation/admin , a login page is displayed.

spring-security-hibernate-annotation1

6.2 Enter user “mkyong” and password “123456”.

spring-security-hibernate-annotation2

6.3 Try access /admin page with user “alex” and password “123456”, a 403 page will be displayed.

spring-security-hibernate-annotation3

ccssddnnbbookkee
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
Web项目集成SpringBoot+spring security+thymeleaf+hibernate
u013264752的博客
07-10 908
集成spring security实现登录权限资源控制 项目结构,标准的springboot项目结构 配置pom文件引入相关jar <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http:...
SpringBoot+SpringSecurity+MybatisPlus+JWT
weixin_43695820的博客
01-13 1137
SpringBoot+SpringSecurity+MybatisPlus+JWT
Spring Boot】Spring Boot Security REST + JPA + Hibernate + MySQL 示例 | 接口安全验证
猫巳的博客
10-13 592
文章目录演示工具版本项目结构Spring Boot 默认的验证方式Maven 文件application.propertiesMySQL 表和 JAVA 实体创建 DAO 用于用户认证实现 UserDetailsService实现 BasicAuthenticationEntryPointSecurity 配置创建 DAO 用于 CRUD 操作创建带安全验证 CURD 操作的 Service创建 Controller 用于 CURD 操作使用 SpringApplication 创建主类使用 RestTem
Spring Security +Spring Session Redis+JJWT
fxtxz2的专栏
02-08 2148
Spring Security+Spring Session Redis+JJWT实现集中引用式会话
spring boot+spring security+jwt+vue整合前后端分离token权限认证项目详细过程代码 含AES加密
m0_47576928的博客
07-21 1349
准备前提条件:已搭好一个spring boot后台项目及vue前台项目 目录 一、后台 1、依赖 2、继承WebSecurityConfigurerAdapter适配器 3、自定义用户名密码校验 MyAuthenticationProvider 4、登录成功处理逻辑 CustomizeAuthenticationSuccessHandler 5、登录失败处理逻辑 CustomizeAuthenticationFailureHandler 6、匿名用户访问无权限资源时的异常处理 Customi
Spring5+Hibernate5.1+Struts2.5的环境搭建(IDEA)
一间草堂的博客
04-25 867
一、POM文件 <?xml version="1.0" encoding="UTF-8"?> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apa...
SpringBoot+SpringSecurity+thymeleaf 代码实现
一枝梅比花娇
10-11 1694
SpringBoot+SpringSecurity+thymeleaf 代码实现最近这两天在学习spring security 学的心累的不要不要的,终于在今天让我成功的写了一个成功案例,开心。并且在学习的过程中找到了一个springsecurity4官方文档的中文版,写的非常棒(个人感觉) 传送门:没错我就是传送门放代码之前说下环境: 1.开发工具 idea 2.项目集成工具 gradle 2
Spring boot+Spring Security 4配置整合实例
热门推荐
code__code的专栏
12-26 9万+
本例所覆盖的内容: 1. 使用Spring Security管理用户身份认证、登录退出 2. 用户密码加密及验证 3. 采用数据库的方式实现Spring Security的remember-me功能 4. 获取登录用户信息。 5.使用Spring Security管理url和权限   本例所使用的框架: 1. Spring boot 2. Spring MVC 3. Sprin
第2章 Spring Security 的环境设置与基础配置(2024 最新版)
江帅帅
02-29 847
在深入 Spring Boot 的世界之前,让我们先了解一些基础知识,这就像是在开始一场激动人心的旅行前查看地图一样。自动配置: Spring Boot 的自动配置机制旨在根据添加的依赖自动配置你的应用程序。这就像有一个智能助手,根据你的需求自动为你准备一切。起步依赖(Starters): 这些特殊的依赖项是预设的模板,它们为你提供了一切必需的依赖组合,帮助你快速启动一个特定类型的项目。比如, 就包含了构建 web 应用所需的所有基础设施。内嵌服务器: Spring Boot 应用通常会内嵌一个 Tomca
Web安全:SQL注入实战测试.(扫描 + 测试)
网络安全领域___专研者.
08-25 958
SQL注入就是 有些恶意用户在提交查询请求的过程中 将SQL语句插入到请求内容中,同时程序的本身对用户输入的内容过于相信,没有对用户插入的SQL语句进行任何的过滤,从而直接被SQL语句直接被服务端执行,导致数据库的原有信息泄露,篡改,甚至被删除等风险。
【安全漏洞】SpringBoot + SpringSecurity CORS跨域资源共享配置
weixin_42925623的博客
09-05 1485
今天我们就来了解一下这个CROS漏洞,并记录一下在整合了springSecurity这一套安全框架下的springboot系统中如何在后端过滤器中通过正确注册WebMvcConfigurer bean来配置CORS的全局设置,实现对非白名单访问源的拦截。
SpringMVC学习笔记
fjdjdj1的博客
09-10 1410
Spring Web MVC是基于Servlet API构建的原始Web框架,从一开始就包含在Spring Framework中。正式名称“Spring Web MVC”来自其源模块的名称(),但它通常被称为“Spring MVC”。在控制层框架历经Strust、WebWork、Strust2等诸多产品的历代更迭之后,目前业界普遍选择了SpringMVC作为Java EE项目表述层开发的首选方案。Spring 家族原生产品,与IOC容器等基础设施无缝对接表述层各细分领域需要解决的问题全方位覆盖,提供。
Lombok失效:报错 找不到符号 Springboot项目
qq_42704130的博客
09-10 258
错误原因,Springboot项目为Lombok提供了版本管理的支持,所以引入Lombok依赖的时候,无需手动指定版本,手动指定了可能会导致依赖冲突。去掉手动指定的版本,问题解决。
SpringBoot总结
2302_77073236的博客
09-06 235
都做成图了,方便理解和掌握全局关系。
Spring AMQP给消息添加头信息
yong472727322的博客
09-10 116
【代码】Spring AMQP给消息添加头信息。
基于SpringBoot的多媒体信息共享平台开发
qq_45800365的博客
09-06 218
基于SpringBoot的多媒体信息共享平台开发,java项目。eclipse和idea都能打开运行。推荐环境配置:eclipse/idea jdk1.8 maven mysql前端技术:vue,Ajax,Json后端技术:SpringBoot,MyBatis本系统共分为两个角色:管理员和用户。主要功能有:后台:系统首页个人中心用户管理作品分类管理作品信息管理私聊信息管理系统管理前台:首页作品信息公告信息后台管理个人中心。
Spring 源码解读:实现@Conditional的条件化配置
最新发布
qq_40254606的博客
09-10 553
条件化配置是Spring框架中的一个强大特性,允许我们根据运行时的特定条件来决定是否加载Bean。本文将通过手动实现一个简单的`@Conditional`注解,探讨其原理和实现方式,并与Spring中的`@Conditional`进行对比,帮助读者理解其工作机制和实际应用场景。
spring】微服务架构中的VO命名
突围
09-05 224
matchreqvo
整合三大框架:Spring2.5.3+Hibernate3.2+Struts2.0.11实战
- 使用`<tx:annotation-driven>`或`<tx:advice>`标签启用Spring的声明式事务管理。 2. **配置Hibernate**: - 配置Hibernate的`hibernate.cfg.xml`文件,包括数据库连接信息、缓存策略、实体类映射等。 - 创建...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值