项目源码:
git@github.com:wangsying/springboot-springsecurity-example.git
https://github.com/wangsying/springboot-springsecurity-example.git
对于初次接触springboot的程序员,可能对于Springboot的安全验证比较陌生,希望能够通过本示例快速掌握Spring security的配置和相关代码的编写。
Springboot-springsecurity-example 是一个springboot中应用springsecurity的例子,同时本示例自定义了用户名、密码、验证码的登录验证规则。
Spring security重要的几个代码在security目录下,其中代码编写顺序如下:
1、用户信息
创建一个继承自org.springframework.security.core.userdetails.UserDetails的类,该类实现了用户基本信息和登录验证相关的几个方法。
SUserDetails继承自UserInfo是Java数据库开源框架Jooq连接数据库自动生成的pojo,即User表对应的Java对象。
import com.siyuo2o.glass.db.album.tables.pojos.UserInfo;
import org.springframework.security.core.GrantedAuthority;
import java.util.Collection;
public class SUserDetails extends UserInfo implements org.springframework.security.core.userdetails.UserDetails {
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
return null;
}
@Override
public boolean isAccountNonExpired() {
return true;
}
@Override
public boolean isAccountNonLocked() {
return true;
}
@Override
public boolean isCredentialsNonExpired() {
return true;
}
@Override
public boolean isEnabled() {
return true;
}
}
2、数据连接
创建一个继承自org.springframework.security.core.userdetails.UserDetailsService的类,实现数据库中获取用户信息的功能代码。
import org.jooq.DSLContext;
import org.jooq.Record;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Component;
@Component
public class SUserDetailsServiceImpl implements UserDetailsService {
private static final Logger log = LoggerFactory.getLogger(SUserDetailsServiceImpl.class);
@Autowired
DSLContext dsl;
com.siyuo2o.glass.db.album.tables.UserInfo userTable = com.siyuo2o.glass.db.album.tables.UserInfo.USER_INFO.as("u");
@Override
public SUserDetails loadUserByUsername(String s) throws UsernameNotFoundException {
// 从数据库中获取用户信息,这里连接数据库和SQL操作用的Jooq框架
Record result = dsl.select().from(userTable).where(userTable.USERNAME.eq(s)).fetchAny();
if(result == null){
return null;
}
return result.into(SUserDetails.class);
}
}
3、web数据获取
创建一个继承自org.springframework.security.web.authentication.WebAuthenticationDetails的类,实现web验证相关的验证详情,其实就是通过此类来获取用户登录提交的表单信息。
import com.google.code.kaptcha.Constants;
import org.springframework.security.web.authentication.WebAuthenticationDetails;
import javax.servlet.http.HttpServletRequest;
public class SWebAuthenticationDetails extends WebAuthenticationDetails {
private final String captc