Spring Security
1.介绍
Spring Security是一个能够为基于Spring的企业应用系统提供声明式的安全访问控制解决方案的安全框架。由于它
是Spring生态系统中的一员,因此它伴随着整个Spring生态系统不断修正、升级,在spring boot项目中加入spring
security更是十分简单,使用Spring Security 减少了为企业系统安全控制编写大量重复代码的工作。
2.创建工程
-
创建mavan工程
-
引入依赖
<parent> <groupId>org.springframework.boot</groupId> <artifactId>spring‐boot‐starter‐parent</artifactId> <version>2.1.3.RELEASE</version> </parent> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency> -
配置
package com.example.demo.configuration; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; @EnableWebSecurity public class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http.csrf().disable(); // 配置登录页面 http.formLogin().loginPage("/login").permitAll(); // 配置登录成功后的默认页面 http.formLogin().defaultSuccessUrl("/"); // 登出授权 http.logout().permitAll(); // 授权配置 http.authorizeRequests().anyRequest().fullyAuthenticated(); } @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth.inMemoryAuthentication ().withUser ("root").password ("{noop}root").roles ("USER","ADMIN"); } }
Tips:
-
关闭csrf拦截
-
使用内存数据来进行用户认证管理
3. 集成数据库进行用户认证授权管理
-
导入依赖
<dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-data-jpa</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-jdbc</artifactId> </dependency> <dependency> <groupId>mysql</groupId> <artifactId>mysql-connector-java</artifactId> <scope>runtime</scope> </dependency>
-
创建实体类
package com.example.demo.entry; import lombok.Data; import org.springframework.data.jpa.repository.JpaRepository; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.core.userdetails.UserDetails; import javax.persistence.*; import java.util.ArrayList; import java.util.Collection; import java.util.List; @Entity @Table @Data public class SysUser implements UserDetails { @Id @GeneratedValue(strategy = GenerationType.IDENTITY) @Column(name = "id") private Integer id; @Column(name = "username") private String username; @Column(name = "password") private String password; @Override public Collection<? extends GrantedAuthority> getAuthorities() { List<SimpleGrantedAuthority> simpleGrantedAuthorities = new ArrayList<> (); simpleGrantedAuthorities.add (new SimpleGrantedAuthority ("ROLE_USER")); return simpleGrantedAuthorities; } @Override public boolean isAccountNonExpired() { return true; } @Override public boolean isAccountNonLocked() { return true; } @Override public boolean isCredentialsNonExpired() { return true; } @Override public boolean isEnabled() { return true; } } -
业务层
package com.example.demo.service; import com.example.demo.entry.SysUser; import com.example.demo.repositry.SysUserRepository; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UsernameNotFoundException; import org.springframework.stereotype.Service; @Service public class SysUserService implements UserDetailsService { @Autowired private SysUserRepository sysUserRepository; @Override public UserDetails loadUserByUsername(String s) throws UsernameNotFoundException { SysUser sysUserByUsername = sysUserRepository.findSysUserByUsername (s); return sysUserByUsername; } } -
配置
package com.example.demo.configuration; import com.example.demo.service.SysUserService; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.util.EncodingUtils; @Configuration @EnableWebSecurity public class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Autowired private SysUserService sysUserService; @Autowired BCryptPasswordEncoder bCryptPasswordEncoder; @Bean public BCryptPasswordEncoder getPasswordEncoder(){ return new BCryptPasswordEncoder (); } @Override protected void configure(HttpSecurity http) throws Exception { // 配置登录页面 http.formLogin().loginPage("/login").permitAll(); // 配置登录成功后的默认页面 http.formLogin().defaultSuccessUrl("/"); // 登出授权 http.logout().permitAll(); // 授权配置 http.authorizeRequests().anyRequest().fullyAuthenticated(); } @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { // auth.inMemoryAuthentication ().withUser ("root").password ("{noop}root").roles ("USER","ADMIN"); auth.userDetailsService (sysUserService).passwordEncoder (bCryptPasswordEncoder); } }
274
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
