spring boot+spring security +mybatis

最新推荐文章于 2024-08-02 23:54:15 发布
最新推荐文章于 2024-08-02 23:54:15 发布
阅读量1.7k 收藏 4
点赞数
文章标签: spring security spring boot mybatis
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/qq_41593903/article/details/81140589
版权

流程不写了 自己spring官网学去 我也是没人嘻嘻嘻嘻~~~

话不多说直接发代码

工程目录

application.properties

spring.datasource.url=jdbc:mysql://localhost:3306/test_db?useUnicode=true&characterEncoding=utf-8
spring.datasource.username=root
spring.datasource.password=
spring.datasource.type=com.alibaba.druid.pool.DruidDataSource
logging.level.org.springframework.security=INFO
spring.thymeleaf.cache=false
#打印sql,方便调试
mybatis.configuration.log-impl=org.apache.ibatis.logging.stdout.StdOutImpl

 

domain

package com.securitydemo.security.domain;

public class Msg {
	private String title;
	private String content;
	private String etraInfo;
	
	public Msg(String title, String content, String etraInfo) {
		super();
		this.title = title;
		this.content = content;
		this.etraInfo = etraInfo;
	}
	public String getTitle() {
		return title;
	}
	public void setTitle(String title) {
		this.title = title;
	}
	public String getContent() {
		return content;
	}
	public void setContent(String content) {
		this.content = content;
	}
	public String getEtraInfo() {
		return etraInfo;
	}
	public void setEtraInfo(String etraInfo) {
		this.etraInfo = etraInfo;
	}
	
}

 

package com.securitydemo.security.domain;

import javax.persistence.Entity;
import javax.persistence.GeneratedValue;
import javax.persistence.Id;

public class SysRole {

    private Long id;
    private Long userId;
    private String name;

    public Long getId() {
        return id;
    }

    public void setId(Long id) {
        this.id = id;
    }

    public String getName() {
        return name;
    }

    public void setName(String name) {
        this.name = name;
    }

    public void setUserId(Long userId) {
        this.userId = userId;
    }

    public Long getUserId() {

        return userId;
    }
}

 

 

package com.securitydemo.security.domain;

import java.util.ArrayList;
import java.util.Collection;
import java.util.List;

import javax.persistence.CascadeType;
import javax.persistence.Entity;
import javax.persistence.FetchType;
import javax.persistence.GeneratedValue;
import javax.persistence.Id;
import javax.persistence.ManyToMany;

import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;


public class SysUser implements UserDetails { //1

    private static final long serialVersionUID = 1L;

    private Long id;
    private String username;
    private String password;
   
    private List<SysRole> roles;

    /**
     * 重写getAuthorities()方法
     * 将用户角色作为权限
     *
     * @return
     */

    @Override
    public Collection<? extends GrantedAuthority> getAuthorities() {
        List<GrantedAuthority> auths = new ArrayList<GrantedAuthority>();
        List<SysRole> roles = this.getRoles();
        for (SysRole role : roles) {
            auths.add(new SimpleGrantedAuthority(role.getName()));
        }
        return auths;
    }

    @Override
    public boolean isAccountNonExpired() {
        return true;
    }

    @Override
    public boolean isAccountNonLocked() {
        return true;
    }

    @Override
    public boolean isCredentialsNonExpired() {
        return true;
    }

    @Override
    public boolean isEnabled() {
        return true;
    }

    public Long getId() {
        return id;
    }

    public void setId(Long id) {
        this.id = id;
    }

    public String getUsername() {
        return username;
    }

    public void setUsername(String username) {
        this.username = username;
    }

    public String getPassword() {
        return password;
    }

    public void setPassword(String password) {
        this.password = password;
    }

    public List<SysRole> getRoles() {
        return roles;
    }

    public void setRoles(List<SysRole> roles) {
        this.roles = roles;
    }


}

service 层 获取用户信息和角色信息

package com.securitydemo.security.service;

import com.securitydemo.security.domain.SysRole;
import org.apache.ibatis.annotations.Mapper;
import org.apache.ibatis.annotations.Select;

import java.util.List;

/**
 * @author Micky
 * @Title: UserRoleMapper
 * @ProjectName security
 * @Description:
 * @date 2018/7/20下午6:16
 */
@Mapper
public interface UserRoleMapper {
    @Select("select * from  sys_role where userId=#{id}")
    List<SysRole> getRoleByUser(Long id);
}

package com.securitydemo.security.service;

import com.securitydemo.security.domain.SysUser;
import org.apache.ibatis.annotations.Mapper;
import org.apache.ibatis.annotations.Select;
import org.springframework.stereotype.Component;

/**
 * @author Micky
 * @Title: SysUserMapper
 * @ProjectName security
 * @Description:
 * @date 2018/7/20下午4:36
 */
@Mapper
@Component
public interface SysUserMapper {
    @Select("select * from sys_user where username=#{username}")
    SysUser findByUsername(String username);
}

自定义实现UserDetailsService 接口

package com.securitydemo.security.security;

import com.securitydemo.security.domain.SysRole;
import com.securitydemo.security.domain.SysUser;
import com.securitydemo.security.service.SysUserMapper;
import com.securitydemo.security.service.UserRoleMapper;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;

import java.util.ArrayList;
import java.util.List;

/**
 * @author Micky
 * @Title: CustomUserService
 * @ProjectName security
 * @Description: 实现自定义UserDetailsService接口
 * @date 2018/7/20下午3:26
 */
public class CustomUserService implements UserDetailsService {
    @Autowired
    private SysUserMapper sysUserRepository;
    @Autowired
    private UserRoleMapper userRoleService;

    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
        SysUser user = sysUserRepository.findByUsername(username);
        if(user == null){
            throw new UsernameNotFoundException("用户名不存在");
        }
        List<SimpleGrantedAuthority> authorities = new ArrayList<>();
        //用于添加用户的权限。只要把用户权限添加到authorities 就万事大吉。
        List<SysRole> roles = userRoleService.getRoleByUser(user.getId());
        for(SysRole role:roles)
        {
            authorities.add(new SimpleGrantedAuthority(role.getName()));
            System.out.println(role.getName());
        }
        return new org.springframework.security.core.userdetails.User(user.getUsername(),
                user.getPassword(), authorities);
    }

配置confing

package com.securitydemo.security.cofing;

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;

/**
 * @author Micky
 * @Title: WebMvcConfig
 * @ProjectName security
 * @Description:
 * @date 2018/7/20下午4:02
 */
@EnableWebSecurity
@Configuration
public class WebMvcConfig extends WebMvcConfigurerAdapter {
    /**
     * 访问login 跳转到login.html页面
     *
     * @param registry
     */
    @Override
    public void addViewControllers(ViewControllerRegistry registry) {
        registry.addViewController("/login").setViewName("login");
    }
}

package com.securitydemo.security.cofing;

import com.securitydemo.security.security.CustomUserService;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;

/**
 * @author Micky
 * @Title: WebSecurityConfig
 * @ProjectName security
 * @Description:
 * @date 2018/7/20下午4:07
 */
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    /**
     * 注册CustomUserService的bean
     *
     * @return
     */
    @Bean
    UserDetailsService customUserService() { //2
        return new CustomUserService();
    }

    /**
     * 添加我们自定义的user UserDetails
     *
     * @param auth
     * @throws Exception
     */
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(customUserService()); //3

    }

    /**
     * @param http
     * @throws Exception
     */

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                .anyRequest().authenticated() //4  所有请求必须要登录后才能认证
                .and()
                .formLogin()
                .loginPage("/login")
                .failureUrl("/login?error")//登录失败访问的页面
                .permitAll() //5 定制登录页面行为登录页面可以任意访问
                .and()
                .logout().permitAll() //6 注销可以任意访问
                .and().formLogin();
        http.csrf().disable();


    }

    @Override
    public void configure(WebSecurity web) throws Exception {
        super.configure(web);
        web.ignoring().antMatchers("/css/**", "/css/**", "/images/**");//静态资源访问
    }
}

 

controller层

package com.securitydemo.security.controller;

import com.securitydemo.security.domain.Msg;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;

/**
 * @author Micky
 * @Title: HomeController
 * @ProjectName security
 * @Description:
 * @date 2018/7/20下午4:22
 */
@Controller
public class HomeController {
    @RequestMapping("/")
    public String index(Model model) {
        Msg msg = new Msg("测试标题", "测试内容", "额外信息,只对管理员显示");
        model.addAttribute("msg", msg);
        return "home";
    }
}

 

前端页面  thymeleaf为我们提供了spring security 的标签支持

通过  sec:authentication="name" 获取当前用户名

sec:authorize="hasRole('ROLE_USER')" 意味着只能是ROLE_USER才可以显示标签内容

sec:authorize="hasRole('ROLE_ADMIN')意味着只能是ROLE_ADMIN才可以显示标签内容

注销路径默认是/logout 必须要post 提交

<!DOCTYPE html>
<html xmlns:th="http://www.thymeleaf.org">
<head>
<meta content="text/html;charset=UTF-8"/>
<title>登录页面</title>
<link rel="stylesheet" th:href="@{css/bootstrap.min.css}"/>
<style type="text/css">
	body {
  padding-top: 50px;
}
.starter-template {
  padding: 40px 15px;
  text-align: center;
}
</style>
</head>
<body>
	
	 <nav class="navbar navbar-inverse navbar-fixed-top">
      <div class="container">
        <div class="navbar-header">
          <a class="navbar-brand" href="#">Spring Security演示</a>
        </div>
        <div id="navbar" class="collapse navbar-collapse">
          <ul class="nav navbar-nav">
           <li><a th:href="@{/}"> 首页 </a></li>
           
          </ul>
        </div><!--/.nav-collapse -->
      </div>
    </nav>
     <div class="container">

      <div class="starter-template">
       <p th:if="${param.logout}" class="bg-warning">已成功注销</p><!-- 1 -->
			<p th:if="${param.error}" class="bg-danger">有错误,请重试</p> <!-- 2 -->
			<h2>使用账号密码登录</h2>
			<form name="form" th:action="@{/login}" action="/login" method="POST"> <!-- 3 -->
				<div class="form-group">
					<label for="username">账号</label>
					<input type="text" class="form-control" name="username" value="" placeholder="账号" />
				</div>
				<div class="form-group">
					<label for="password">密码</label>
					<input type="password" class="form-control" name="password" placeholder="密码" />
				</div>
				<input type="submit" id="login" value="Login" class="btn btn-primary" />
			</form>
      </div>

    </div>
		
</body>
</html>
<!DOCTYPE html>
<html xmlns:th="http://www.thymeleaf.org" 
	  xmlns:sec="http://www.thymeleaf.org/thymeleaf-extras-springsecurity4"><!-- 1 -->
<head>
<meta content="text/html;charset=UTF-8"/>
<title sec:authentication="name"></title> <!-- 2 -->
<link rel="stylesheet" th:href="@{css/bootstrap.min.css}" />
<style type="text/css">
body {
  padding-top: 50px;
}
.starter-template {
  padding: 40px 15px;
  text-align: center;
}
</style>
</head>
<body>
	 <nav class="navbar navbar-inverse navbar-fixed-top">
      <div class="container">
        <div class="navbar-header">
          <a class="navbar-brand" href="#">Spring Security演示</a>
        </div>
        <div id="navbar" class="collapse navbar-collapse">
          <ul class="nav navbar-nav">
           <li><a th:href="@{/}"> 首页 </a></li>
           
          </ul>
        </div><!--/.nav-collapse -->
      </div>
    </nav>
    
    
     <div class="container">

      <div class="starter-template">
      	<h1 th:text="${msg.title}"></h1>
		
		<p class="bg-primary" th:text="${msg.content}"></p>
		
		<div sec:authorize="hasRole('ROLE_ADMIN')"> <!-- 3 -->
		 	<p class="bg-info" th:text="${msg.etraInfo}"></p>
		</div>	
		
		<div sec:authorize="hasRole('ROLE_USER')"> <!-- 4-->
		 	<p class="bg-info">无更多信息显示</p>
		</div>	
		
        <form th:action="@{/logout}" method="post">
            <input type="submit" class="btn btn-primary" value="注销"/><!-- 5 -->
        </form>
      </div>

    </div>
    
	
</body>
</html>

运行

 

 

 

 

 

 

 

 

 

 

 

 

Micky同学
关注
springboot+spring security + mybatis 从数据库动态地配置访问权限(小案例)
怪老四的博客
03-18 1107
自定义的访问决策管理需要实现AccessDecisionManager,supports方法需要返回 true,提供支持。decide方法中,authentication代表登录用户的认证信息, configAttributes是从MyFilter中返回的根据请求路径查询的角色信息。此方法的目的就是为了决策,请求路径需要的角色信息,是否和登录用户所具备的角色信息是否匹配;如果不匹配抛出非法请求,否则return;放行。
全注解 spring boot +spring security + mybatis+druid+thymeleaf+mysql+bootstrap
12-20
标题中的"全注解 spring boot +spring security + mybatis+druid+thymeleaf+mysql+bootstrap"是一个集成开发环境的配置,涉及到的主要技术有Spring BootSpring SecurityMyBatis、Druid、Thymeleaf、MySQL以及...
springBoot+security+mybatis 实现用户权限的数据库动态管理
05-03
NULL 博文链接:https://veiking.iteye.com/blog/2429172
spring boot+ spring security
qq_31603875的博客
09-21 218
创建spring boot 工程,加入spring security依赖: <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </depe...
Spring Boot】配置 Spring Security
最新发布
书山有路,学海无涯。记录成长,追逐梦想
08-02 2265
Spring Security 提供了声明式的安全访问控制解决方案(仅支持基于 Spring 的应用程序),对访问权限进行认证和授权,它基于 Spring AOP 和 Servlet 过滤器,提供了安全性方面的全面解决方案。
2021-04-02学习笔记: springboot+springsecurity+mybatis
okludawei的博客
04-02 330
文章目录 一、导入依赖 二、创建数据库 三、准备页面 四、配置application.properties 五、创建实体、Dao、Service和Controller 5.1 实体 5.2 Dao 5.3 Service 5.4 Controller 六、配置SpringSecurity 6.1 UserDetailsService 6.2 WebSecurityConfig 七、运行程序 一、导入依赖 导入 spring-boot-starter-security 依赖,在 SpringBoot 2.0
springboot+mybatis+spring security
m0_37556124的博客
07-05 1864
1、不啰嗦,直接上干货 首先新建项目springboot-security导入需要的maven坐标 <parent> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-parent</artifactId> <version>1.3.0.RE
Spring Boot+Spring Security+MyBatis+Vue+Mysql物业管理系统源码
06-28
Spring Boot+Spring Security+MyBatis+Vue+Mysql物业管理系统详解》 在现代的物业管理领域,利用先进的技术手段来提升效率、优化服务已成为趋势。本系统采用一系列主流技术框架构建,包括Spring BootSpring ...
Spring Boot+Spring Security+MyBatis+Vue+Mysql前后端分离WMS管理系统源码
06-28
本项目“Spring Boot+Spring Security+MyBatis+Vue+Mysql前后端分离WMS管理系统源码”正是以此为基础,构建了一个完整的仓储管理系统(WMS)。下面我们将详细解析其核心组件和技术栈。 **Spring Boot** Spring Boot...
全注解 spring boot +spring security + mybatis+druid+thymeleaf+jsp+mysql+bootstrap
12-25
全注解 spring boot +spring security + mybatis+druid+thymeleaf+jsp+mysql+bootstrap 支持thymeleaf和jsp并存 全注解 spring boot spring security thymeleaf+jsp同时使用 mybatis druid mysql bootstrap 访问 ...
通用权限管理系统+springboot+mybatis plus+spring security+jwt+redis+mysql
05-30
后端使用SpringBoot框架进行业务逻辑开发,利用Spring Security实现权限控制。数据库采用MySQL进行数据存储,使用MyBatis进行数据访问。 权限控制模块设计包括用户、角色和权限三个主要模块。用户模块用于管理用户...
SpringBoot整合SpringSecurity+MyBatis
qq_44715376的博客
10-27 486
SpringBoot整合SpringSecurity 进行的登录拦截,用户权限操作
SpringBoot系列—mybatis和spirng security
jeofey的专栏
06-28 2256
Spring 结合mybatis,以及Spring Security实现用户认证(Authentication)和授权(Authorization)功能.Spring Security是专门针对基于Spring项目的 安全框架,充分利用依赖注入和AOP来实现安全功能。Spring Boot针对Spring Security 的自动配置主要是靠SecurityAutoConfigation和Sec
spring security
qq_40286424的博客
08-23 151
使用spring bootspring security进行用户权限验证 1.创建spring boot项目 选择如下项: 创建TestController.java类和test.html页面 指定初次访问的页面 TestController.java package com.hjl.controller; import org.springframework.stereotype.Cont...
Spring Security
m0_46305875的博客
07-17 94
Spring Security 概念:Spring Security 是一个功能强大且高度可定制的身份验证和访问控制框架。它是保护基于 Spring 的应用程序的事实上的标准。Spring Security 是一个专注于为 Java 应用程序提供身份验证和授权的框架。与所有 Spring 项目一样,Spring Security 的真正强大之处在于它可以轻松扩展以满足自定义要求 特征 对身份验证和授权的全面且可扩展的支持 防止会话固定、点击劫持、跨站点请求伪造等攻击 Servlet API 集成 与
Spring Boot+Mybatis+Vue在线考试系统源码解析
资源摘要信息:"Spirng Boot+Mybatis+Vue在线考试系统源码.zip" 本项目是一个基于Spring BootMybatis、MySQL数据库和前端Vue.js框架的在线考试系统源码。该系统采用了前后端分离的设计模式,后端主要负责数据处理...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值