Spring Security是一个能够为基于Spring的企业应用系统提供声明式的安全访问控制解决方案的安全框架。
Spring Security的特性:
对身份验证和授权的全面且可扩展的支持
防御会话固定、点击劫持,跨站请求伪造等攻击
支持Servlet API集成
支持与与Spring Web MVC集成
实现自定义用户名和密码登录
引入依赖
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
创建一个config配置类,继承WebSecurityConfigurerAdapter 重写configure方法
加一个注解@EnableWebSecurity
用@Bean注解在Spring IOC 容器中添加
从数据库获取账号密码登录
Config层
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private SecurityService securityService;
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
String encode = passwordEncoder.encode("123");
//自定义用户名和密码
//auth.inMemoryAuthentication().withUser("admin").password(encode).roles("admin");
auth.userDetailsService(securityService);
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
}
Controller层
@RestController
public class HelloController {
@RequestMapping("hello")
public String hello() {
return "Hello Security";
}
}
Dao层
public interface UserDao {
/**
* 根据账号查用户信息及其权限
* @param account
* @return
*/
Users getUserInfoByAccountId(String account);
}
实体层
public interface UserDao {
/**
* 根据账号查用户信息及其权限
* @param account
* @return
*/
Users getUserInfoByAccountId(String account);
}
Service层
@SpringBootApplication
@MapperScan("com.peng.peng323.dao")
public class Peng323Application {
public static void main(String[] args) {
SpringApplication.run(Peng323Application.class, args);
}
}
xml文件
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
<mapper namespace="com.peng.peng323.dao.UserDao">
<resultMap id="userMap" type="com.peng.peng323.domain.Users">
<result property="id" column="id"></result>
<result property="username" column="username"></result>
<result property="account" column="account"></result>
<result property="password" column="password"></result>
<collection property="anths" ofType="java.lang.String">
<result column="anth_code"></result>
</collection>
</resultMap>
<select id="getUserInfoByAccountId" resultMap="userMap">
SELECT
us.id,
us.username,
us.account,
us.password,
ta.anth_code
FROM
users us
left join t_user_anth tua on us.id = tua.user_id
left join t_anth ta on tua.anth_id = ta.id
WHERE
account = #{account}
</select>
</mapper>
yml文件
server:
port: 8082
spring:
datasource:
driver-class-name: com.mysql.cj.jdbc.Driver
url: jdbc:mysql://127.0.0.1:3306/test?useUnicode=true&characterEncoding=utf-8&serverTimezone=UTC
username: root
password: 123456
mybatis:
mapper-locations: classpath:mapper/*Dao.xml
logging:
level:
com.woniu.dao: debug
pattern:
console: '%d{yyyy-MM-dd HH:mm:ss.SSS} [%thread] %-5level %logger{50} - %msg%n'