Spring-Security使用-01

已于 2022-04-29 16:01:14 修改
阅读量1.2k 收藏
点赞数
分类专栏: spring渣渣 Java菜鸟 文章标签: spring java spring boot
于 2022-04-28 20:01:49 首次发布
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/qq_41878423/article/details/124478937
版权

Spring-Security使用

环境搭建

  • pom.xml
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>
    <groupId>com.chauncy</groupId>
    <artifactId>spring-security-demom</artifactId>
    <version>0.0.1-SNAPSHOT</version>
    <name>spring-security-demom</name>
    <description>Demo project for Spring Boot</description>

    <properties>
        <java.version>1.8</java.version>
        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
        <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
        <spring-boot.version>2.3.7.RELEASE</spring-boot.version>
    </properties>

    <dependencies>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>
        <dependency>
            <groupId>com.baomidou</groupId>
            <artifactId>mybatis-plus-boot-starter</artifactId>
            <version>3.4.2</version>
        </dependency>

        <dependency>
            <groupId>mysql</groupId>
            <artifactId>mysql-connector-java</artifactId>
            <scope>runtime</scope>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
            <scope>test</scope>
            <exclusions>
                <exclusion>
                    <groupId>org.junit.vintage</groupId>
                    <artifactId>junit-vintage-engine</artifactId>
                </exclusion>
            </exclusions>
        </dependency>
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-test</artifactId>
            <scope>test</scope>
        </dependency>
    </dependencies>

    <dependencyManagement>
        <dependencies>
            <dependency>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-dependencies</artifactId>
                <version>${spring-boot.version}</version>
                <type>pom</type>
                <scope>import</scope>
            </dependency>
        </dependencies>
    </dependencyManagement>

    <build>
        <plugins>
            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-compiler-plugin</artifactId>
                <version>3.8.1</version>
                <configuration>
                    <source>1.8</source>
                    <target>1.8</target>
                    <encoding>UTF-8</encoding>
                </configuration>
            </plugin>
            <plugin>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-maven-plugin</artifactId>
                <version>2.3.7.RELEASE</version>
                <configuration>
                    <mainClass>com.chauncy.SpringSecurityDemomApplication</mainClass>
                </configuration>
                <executions>
                    <execution>
                        <id>repackage</id>
                        <goals>
                            <goal>repackage</goal>
                        </goals>
                    </execution>
                </executions>
            </plugin>
        </plugins>
    </build>
</project>
  • 启动配置
# 应用名称
spring.application.name=spring-security-demom

# 应用服务 WEB 访问端口
server.port=8080

# 数据库驱动:
spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver
# 数据源名称
spring.datasource.name=defaultDataSource
# 数据库连接地址
spring.datasource.url=jdbc:mysql://192.168.7.17:3306/chauncy?serverTimezone=Asia/Shanghai&characterEncoding=utf8&useSSL=false&zeroDateTimeBehavior=convertToNull&allowPublicKeyRetrieval=true
# 数据库用户名&密码:
spring.datasource.username=meifute
spring.datasource.password=meifute

基础认证

Security 配置类

package com.chauncy.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;

/**
 * User: jinxingguang
 * Date: 2022/4/28
 * Project: spring-security-demo-chauncy
 */
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication()
                //.passwordEncoder(new CustomPasswordEncoder())
                .passwordEncoder(new BCryptPasswordEncoder())
                // {bcrypt}123
                .withUser("user").password(new BCryptPasswordEncoder().encode("123")).authorities("USER")
                .and()
                .withUser("admin").password(new BCryptPasswordEncoder().encode("123")).authorities("ADMIN", "USER")
                .and()
                .withUser("chauncy").password(new BCryptPasswordEncoder().encode("123")).authorities("OK");
        // 在数据库中存取密码的修改方式
        //auth.userDetailsService(接口).passwordEncoder(new BCryptPasswordEncoder())
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.csrf().disable()
                .formLogin().failureUrl("/error").failureForwardUrl("/login")
                .and().httpBasic()
                .and().authorizeRequests()
                .antMatchers("/img/**").permitAll()
                .antMatchers("/admin/**").hasAuthority("ADMIN")
                .antMatchers("/**").hasAnyAuthority("USER", "ADMIN")
                .anyRequest().authenticated() /*允许认证过的访问*/
                .and().rememberMe().tokenValiditySeconds(600).key("caikey");
    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        /*
        * String idForEncode = "bcrypt";
        Map encoders = new HashMap<>();
        encoders.put(idForEncode, new BCryptPasswordEncoder());
        encoders.put("noop", NoOpPasswordEncoder.getInstance());
        encoders.put("pbkdf2", new Pbkdf2PasswordEncoder());
        encoders.put("scrypt", new SCryptPasswordEncoder());
        encoders.put("sha256", new StandardPasswordEncoder());

        PasswordEncoder passwordEncoder =
        new DelegatingPasswordEncoder(idForEncode, encoders);
        * */
        return new BCryptPasswordEncoder();
    }

    public static class CustomPasswordEncoder implements PasswordEncoder {
        @Override
        public String encode(CharSequence charSequence) {
            return charSequence.toString();
        }

        @Override
        public boolean matches(CharSequence charSequence, String s) {
            return s.equals(charSequence.toString());
        }
    }
}

controller

package com.chauncy.controller;

import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;

import javax.servlet.http.HttpServletRequest;

/**
 * User: jinxingguang
 * Date: 2022/4/28
 * Project: spring-security-demo-chauncy
 */
@RestController
//@RequestMapping("/admin")
public class MainController {

    @GetMapping("/admin/api/hello")
    public String hello(HttpServletRequest request){
        System.out.println("request.getRemoteUser()用户: " + request.getRemoteUser());
        UserDetails ud = (UserDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
        System.out.println("SecurityContextHolder用户: " + ud.getUsername());
        System.out.println(ud.getPassword());
        for (GrantedAuthority authority : ud.getAuthorities()) {
            System.out.println("角色: " + authority);
        }
        return "hello";
    }

    @GetMapping("/api/hello")
    //@PreAuthorize("true or false")
    public String ww(HttpServletRequest request){
        System.out.println("request.getRemoteUser()用户: " + request.getRemoteUser());
        UserDetails ud = (UserDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
        System.out.println("SecurityContextHolder用户: " + ud.getUsername());
        System.out.println(ud.getPassword());
        for (GrantedAuthority authority : ud.getAuthorities()) {
            System.out.println("角色: " + authority);
        }
        return "world";
    }

    @GetMapping("/error")
    //@PreAuthorize("可以是方法调用,返回Boolean")
    public String error(){
        return "ERROR: 请重新登录!!!";
    }
}

使用数据库进行认证

  • 创建数据表
CREATE TABLE `user_sec` (
  `id` bigint(20) NOT NULL,
  `username` varchar(20) NOT NULL,
  `password` varchar(66) NOT NULL,
  `roles` varchar(255) DEFAULT NULL,
  `enabled` tinyint(1) NOT NULL,
  PRIMARY KEY (`id`) USING BTREE,
  UNIQUE KEY `indx_user` (`username`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4
  • security 配置类
package com.chauncy.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;

/**
 * User: jinxingguang
 * Date: 2022/4/28
 * Project: spring-security-demo-chauncy
 */
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Qualifier("userDetailsServiceImpl")
    @Autowired
    UserDetailsService userDetailsService;

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        //auth.inMemoryAuthentication()
        //        //.passwordEncoder(new CustomPasswordEncoder())
        //        .passwordEncoder(new BCryptPasswordEncoder())
        //        // {bcrypt}123
        //        .withUser("user").password(new BCryptPasswordEncoder().encode("123")).roles("USER")
        //        .and()
        //        .withUser("admin").password(new BCryptPasswordEncoder().encode("123")).roles("ADMIN", "USER")
        //        .and()
        //        .withUser("chauncy").password(new BCryptPasswordEncoder().encode("123")).roles("OK");

        // 在数据库中存取密码的修改方式
        DaoAuthenticationProvider daoAuthProvider = new DaoAuthenticationProvider();
        daoAuthProvider.setPasswordEncoder(passwordEncoder());
        // userDetailsService 是查询数据库的接口
        daoAuthProvider.setUserDetailsService(userDetailsService);
        auth.authenticationProvider(daoAuthProvider);
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.csrf().disable()
                .formLogin().failureUrl("/error").failureForwardUrl("/login")
                .and().httpBasic()
                .and().authorizeRequests()
                .antMatchers("/img/**").permitAll()
                //.antMatchers("/user/**").permitAll()
                .antMatchers("/admin/**").hasRole("ADMIN")
                .antMatchers("/**").hasAnyRole("USER", "ADMIN")
                //.antMatchers("/**").permitAll()
                .anyRequest().authenticated() /*允许认证过的访问*/
                .and().rememberMe().tokenValiditySeconds(600).key("caikey");
    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        /*
        * String idForEncode = "bcrypt";
        Map encoders = new HashMap<>();
        encoders.put(idForEncode, new BCryptPasswordEncoder());
        encoders.put("noop", NoOpPasswordEncoder.getInstance());
        encoders.put("pbkdf2", new Pbkdf2PasswordEncoder());
        encoders.put("scrypt", new SCryptPasswordEncoder());
        encoders.put("sha256", new StandardPasswordEncoder());

        PasswordEncoder passwordEncoder =
        new DelegatingPasswordEncoder(idForEncode, encoders);
        * */
        return new BCryptPasswordEncoder();
    }

    public static class CustomPasswordEncoder implements PasswordEncoder {
        @Override
        public String encode(CharSequence charSequence) {
            return charSequence.toString();
        }

        @Override
        public boolean matches(CharSequence charSequence, String s) {
            return s.equals(charSequence.toString());
        }
    }
}
  • 返回UserDetails对象
package com.chauncy.service.impl;

import com.chauncy.entity.UserSec;
import com.chauncy.service.mapper.UserSecMapper;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Component;

@Component
public class UserDetailsServiceImpl implements UserDetailsService {
  @Autowired
  private UserSecMapper mapper;
 
  @Override
  public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
      // 查询数据库 包含用户名 密码 还有权限
      UserSec user = mapper.selectByUsername(username);
      return new User(username, user.getPassword(), AuthorityUtils.createAuthorityList(user.getRoles()));
  }
}
星瀚光晨
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
spring-cloud-security
weixin_39370859的博客
04-12 4474
基于webflux的spring security,即spring-cloud-security
如何全面升级spring-boot-2.x及Spring-security-oauth2
Cmainlove的专栏
06-17 2432
解决CVE-2022-22978和CVE-2022-22965漏洞,全面升级spring-boot-2.x及Spring-security-oauth2
SpringSecurity
Ekertree的博客
05-26 570
文章目录Spring Security1.SpringSecurity 框架简介1.2 框架对比2.SpringSecurity 入门案例2.1 创建springboot项目2.2 编写controller2.3运行这个项目3.SpringSecurity 基本原理3.1UserDetailsService 接口讲解3.2 PasswordEncoder 接口讲解4.SpringSecurity Web 权限方案4.1设置登录系统的账号、密码4.2实现数据库认证来完成用户登录4.3 基于角色或权限进行访问控
Spring Security
tiantiantbtb的博客
06-08 748
知识点素材来源来自"遇见狂神说"官网:Spring Security和Shiro类似,也是用来做认证和授权的框架官网解释:Spring Security 是一个功能强大且高度可定制的身份验证和访问控制框架。它是保护基于 Spring 的应用程序的事实标准。Spring Security 是一个专注于为 Java 应用程序提供身份验证和授权的框架。像所有 Spring 项目一样,Spring Security 的真正强大之处在于它可以轻松扩展以满足自定义需求先搭建个项目演示:引入的依赖:Sring web,热
SpringSecurity 概述 - 环境准备 - 功能
铠の魂博客
07-18 402
SpringSecurity版本5.7.1SpringSecurity是一个提供身份验证、授权和防止常见攻击的框架。凭借着对基于Servlet或Reactive(反应式)的应用程序的一流支持,它是保护基于Spring的应用程序的标准。关于功能的完整说明,请查看文档的【功能】部分。基于Servlet,也就是我们经常使用SpringMVC基于Reactive,是和SpringMVC并行的反应式Web框架SpringWebFlux。............
spring-boot-starter-security的简单使用
python15397的博客
04-03 1万+
spring-boot-starter-security的简单使用
spring-cloud-starter-security和spring-cloud-starter-oauth2
热门推荐
qq_30359369的博客
12-02 2万+
之前学过spring-security,最近又在学习spring-cloud-starter-security和spring-cloud-starter-oauth2, 脑子里顿时冒出一个问题: 之前学的spring-security和最近学的spring-cloud-starter-security有什么关系, spring-cloud-starter-security和spring-clou......
spring-boot-starter-security与应用安全
吴声子夜歌的博客
11-21 1万+
应用安全属于安全防护体系中的重要一环,但也是最薄弱的一环,究其原因,或许是应用的核心职责是完成业务和产品的功能需求,而安全确实非功能性需求,在资源有限的情况下,企业一定是更加注重将有限的资源投入到“开疆扩土”上去,否则,穷家破瓦的,也真没有什么值得安全防护的。 大部分应用开发者对应用安全知之甚少,而且安全一般属于一个企业或者业界秘而不宣的信息,所以,在没有一个专职的安全团队负责推动整个安全防护体系...
spring-security-crypto加密模块
HSJ0170的博客
06-28 4978
<dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-crypto</artifactId> <version>5.1.2.RELEASE</version>...
spring-security 默认登录页面(一)
modelmd的博客
02-01 1611
Spring Security是一个强大且高度可定制的身份验证和访问控制框架。天然与Spring整合,易扩展,引入jar包就可以用了,在boot自动装载下,不需要任何配置就可以控制资源访问。那么默认登录页是如何生产的呢?
spring-security-crypto-5.5.2-API文档-中文版.zip
06-04
赠送jar包:spring-security-crypto-5.5.2.jar; 赠送原API文档:spring-security-crypto-5.5.2-javadoc.jar; 赠送源代码:spring-security-crypto-5.5.2-sources.jar; 赠送Maven依赖信息文件:spring-security-...
spring-security-core-5.3.9.RELEASE-API文档-中文版.zip
07-14
赠送jar包:spring-security-core-5.3.9.RELEASE.jar; 赠送原API文档:spring-security-core-5.3.9.RELEASE-javadoc.jar; 赠送源代码:spring-security-core-5.3.9.RELEASE-sources.jar; 赠送Maven依赖信息文件:...
spring-security-jwt-1.0.10.RELEASE-API文档-中文版.zip
05-09
赠送jar包:spring-security-jwt-1.0.10.RELEASE.jar; 赠送原API文档:spring-security-jwt-1.0.10.RELEASE-javadoc.jar; 赠送源代码:spring-security-jwt-1.0.10.RELEASE-sources.jar; 赠送Maven依赖信息文件:...
spring-security-oauth2-2.3.5.RELEASE-API文档-中文版.zip
05-09
赠送jar包:spring-security-oauth2-2.3.5.RELEASE.jar; 赠送原API文档:spring-security-oauth2-2.3.5.RELEASE-javadoc.jar; 赠送源代码:spring-security-oauth2-2.3.5.RELEASE-sources.jar; 赠送Maven依赖信息...
spring-security-core-5.2.0.RELEASE-API文档-中文版.zip
07-13
赠送jar包:spring-security-core-5.2.0.RELEASE.jar; 赠送原API文档:spring-security-core-5.2.0.RELEASE-javadoc.jar; 赠送源代码:spring-security-core-5.2.0.RELEASE-sources.jar; 赠送Maven依赖信息文件:...
【redis】Spring之RedisTemplate配置与使用
05-30 327
转载:Spring之RedisTemplate配置与使用用过redis,但直接使用Jedis进行相应的交互操作,现在正好来看一下RedisTemplate是怎么实现的,以及使用起来是否更加便利。
SpringBoot集成腾讯COS流程
最新发布
weixin_67727883的博客
05-30 265
SpringBoot集成腾讯COS流程
SpringMVC 数据映射VC
weixin_45939821的博客
05-29 612
从 view 层发送请求到Controller,在Controller中获取参数: 在不输入值时会报400,参数错误 在不输入值时num默认为null 没有找到对应标签名称叫nums的,输入任何值时都报400 设置required默认值为false,即使表单没有nums也不会报错 设置defaultValues,参数num的默认值为1 可以直接给对象的属性赋值
SpringBootJava 代码配置(二)
xiaotu的博客
05-29 1178
因此,如果使用 HikariCP 只用声明你要用它就行,而声明要使用 Druid,你需要自己指定所使用的版本。上面的 DruidDataSource ,我们为其属性赋值时,它的四个属性都是简单类型属性,因此十分容易处理。但是,在 Spring 的容器中,Java Bean 可能会存在引用。在上面的 Druid 的配置中,数据库连接的四大属性值是在代码中『写死』的。而在 Java 代码配置中,通过 @Bean 方法的入参来表达 Bean 之间的引用关系。,所以,我们可以直接将自定义的配置项写在。
spring-cloud-starter-security和spring-cloud-security的关系
05-31
- `spring-cloud-starter-security` 是 Spring Cloud 中的一个 Starter 模块,它依赖于 Spring Security 和 Spring Boot Starter Security,提供了一些默认的安全配置,方便用户快速使用 Spring Security 进行安全...

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值