提示:文章写完后,目录可以自动生成,如何生成可参考右边的帮助文档
前言
springboot+mybatisplus整合springsecurity
默认springboot+mybatisplus已经整合好
数据库表,我们使用标准权限系统表5张,分别为:
sys_user 用户表
sys_role 角色表
sys_menu 权限菜单表
sys_user_role 用户角色关联表
sys_role_menu 角色权限关联表
提示:以下是本篇文章正文内容,下面案例可供参考
一、引jar和 application.yml配置:
<!--springboot整合security包-->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
#配置整合druid
spring:
datasource:
druid:
url: jdbc:mysql://localhost:3306/db_permission_system_security?useUnicode=true&characterEncoding=utf-8
username: root
password: root
initial-size: 5
max-active: 20
min-idle: 10
max-wait: 10
#配置间隔多久才进行一次检测,检测需要关闭的空闲连接,单位是毫秒
time-between-eviction-runs-millis: 60000
web:
resources:
#配置静态资源位置
static-locations: classpath:/static/,classpath:/templates/,
#配置日志输出
mybatis-plus:
configuration:
log-impl: org.apache.ibatis.logging.stdout.StdOutImpl
#开启扫描
mapper-locations: mapper/*.xml
#配置访问端口号
server:
port: 18888
二、 编写和用户角色权限相关的查询
package com.aaa.sbmp.mapper;
import com.aaa.sbmp.entity.Menu;
import com.aaa.sbmp.entity.Role;
import com.aaa.sbmp.entity.User;
import com.baomidou.mybatisplus.core.mapper.BaseMapper;
import java.util.List;
/**
* @ fileName:UserMapper
* @ description:
* @ author:zhz
* @ createTime:2022/1/14 9:53
* @ version:1.0.0
*/
public interface UserMapper extends BaseMapper<User> {
/**
* 根据用户名称查询该用户对应的角色
* @param userName
* @return
*/
List<Role> queryRoleListByUserName(String userName);
/**
* 根据用户名称查询该用户对应的权限
* @param userName
* @return
*/
List<Menu> queryMenuListByUserName(String userName);
}
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
<mapper namespace="com.aaa.sbmp.mapper.UserMapper">
<!--根据用户名称查询该用户对应的角色-->
<select id="queryRoleListByUserName" resultType="com.aaa.sbmp.entity.Role">
select role_Id roleId,role_Name roleName,role_Key roleKey from sys_role r where exists(
select 1 from sys_user_role ur where ur.user_id=(
select user_id from sys_user u where u.user_name=#{userName} and status=0 and del_flag=0
) and ur.role_id=r.role_id
) and status=0 and del_flag=0
</select>
<!--根据用户名称查询该用户对应的权限-->
<select id="queryMenuListByUserName" resultType="com.aaa.sbmp.entity.Menu">
select menu_Id menuId,menu_Name menuName,perms from sys_menu m where m.visible=0 and exists(
select menu_id from sys_role_menu rm where exists (
select role_id from sys_user_role ur where ur.user_id=
( select user_id from sys_user u where u.user_name=#{userName} and status=0 and del_flag=0)
and rm.role_id=ur.role_id
) and m.menu_id=rm.menu_id
)
</select>
</mapper>
封装到工具控制层
/**
* 通用的获取登录用户信息方法
* @return
*/
protected User currentLoadUser(){
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
return (User)authentication.getPrincipal();
}
三、编写Security配置
package com.aaa.sbmp.config;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import javax.annotation.Resource;
/**
* @ fileName:SecurityConfig
* @ description:
* @ author:zhz
* @ createTime:2022/2/15 10:58
* @ version:1.0.0
*/
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Resource
private UserDetailsService userDetailsService;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
}
@Bean
public BCryptPasswordEncoder passwordEncoder(){
return new BCryptPasswordEncoder();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
//配置登录页面信息
http.formLogin() //总体form方式
.loginPage("/html/login.html") //配置登录页面路径
.loginProcessingUrl("/user/login")登录页面中form配置的请求地址
.failureUrl("/html/login.html?error") //登录失败路径配置
.defaultSuccessUrl("/html/index.html").permitAll() //默认登录成功的请求地址,认证前没有其他请求的验证
.and().authorizeRequests() //拦截所有的授权请求
.antMatchers("/user/login","/","/css/**","/js/**").permitAll()//配置需要放行的路径
.anyRequest().authenticated()//除了上面配置的,其他请求都需要认证
.and().csrf().disable(); //关闭csrf功能 如果不关闭,你的form表单无法提交,必须配置
//配置未授权跳转页面
http.exceptionHandling().accessDeniedPage("/html/unauthorized.html");
//注销配置 如果使用默认/logout可以不用配置
http.logout().logoutUrl("/logout") //用户注销请求地址
.logoutSuccessUrl("/html/login.html").permitAll(); //注销成功跳转地址
}
}
四、服务层
package com.aaa.sbmp.service.impl;
import cn.hutool.core.collection.CollUtil;
import cn.hutool.core.util.StrUtil;
import com.aaa.sbmp.entity.Menu;
import com.aaa.sbmp.entity.Role;
import com.aaa.sbmp.entity.User;
import com.aaa.sbmp.service.IUserService;
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import lombok.extern.log4j.Log4j2;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.stereotype.Service;
import javax.annotation.Resource;
import java.util.ArrayList;
import java.util.List;
/**
* @ fileName:UserDetailsServiceImpl
* @ description:
* @ author:zhz
* @ createTime:2022/2/15 11:01
* @ version:1.0.0
*/
@Service
@Log4j2
public class UserDetailsServiceImpl implements UserDetailsService {
@Resource
private IUserService iUserService;
@Override
public UserDetails loadUserByUsername(String userName) throws UsernameNotFoundException {
//定义角色权限集合
List<GrantedAuthority> grantedAuthorityList =new ArrayList<>();
//获取角色列表
List<Role> roleList = iUserService.queryRoleListByUserName(userName);
for (Role role : roleList) {
log.info("角色:"+role.getRoleKey());
grantedAuthorityList.add(new SimpleGrantedAuthority(role.getRoleKey()));
}
//获取权限列表
List<Menu> menuList = iUserService.queryMenuListByUserName(userName);
for (Menu menu : menuList) {
String perms = menu.getPerms();
if(StrUtil.isNotEmpty(perms)) {
log.info("权限:" + perms);
grantedAuthorityList.add(new SimpleGrantedAuthority(perms));
}
}
//获取数据库用户信息
QueryWrapper<User> queryWrapper =new QueryWrapper<>();
queryWrapper.eq("user_name",userName);
List<User> userList = iUserService.list(queryWrapper);
User user = null;
//判断
if(CollUtil.isNotEmpty(userList)){
user = userList.get(0);
}
return new org.springframework.security.core.userdetails.User(user.getUserName(),
//new BCryptPasswordEncoder().encode(user.getPassword()),//如果数据库是明文密码,这样写
user.getPassword(),//加密密码
grantedAuthorityList);
}
}
package com.aaa.sbmp.service;
import com.aaa.sbmp.entity.Menu;
import com.aaa.sbmp.entity.Role;
import com.aaa.sbmp.entity.User;
import com.baomidou.mybatisplus.extension.service.IService;
import java.util.List;
/**
* @ fileName:IUserService
* @ description:
* @ author:zhz
* @ createTime:2022/2/15 10:52
* @ version:1.0.0
*/
public interface IUserService extends IService<User> {
/**
* 根据用户名称查询该用户对应的角色1
* @param userName
* @return
*/
List<Role> queryRoleListByUserName(String userName);
/**
* 根据用户名称查询该用户对应的权限
* @param userName
* @return
*/
List<Menu> queryMenuListByUserName(String userName);
}
五、前台页面
index。html
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>成功首页</title>
</head>
<body>
成功后的首页 <a href="/logout">用户注销</a>
</body>
</html>
login。html
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>员工登录</title>
<script>
function load(){
var url = location.href;
//判断url中是否含有?
if(url.indexOf("?")!=-1){
// 原始js jquery
//原始JS赋值 <a>url</a> .innerText .text()
// input .value= .val()
// div .innerHTML .html
document.getElementById("errorInfo").innerHTML="用户名或者密码错误!!";
}
}
</script>
</head>
<body onload="load()">
<center>
<h3>登录页面</h3>
<form action="/user/login" method="post">
<div id="errorInfo" style="color: red"></div>
<table border="1" >
<!--用户名和密码的name一定是 username password 大小写也有区分-->
<tr><td>用户名</td><td><input type="text" name="username" value="admin"> </td></tr>
<tr><td>密码</td><td><input type="text" name="password" value="tiger"> </td></tr>
<tr><td colspan="2" align="center"><input type="submit" value="登录"></td></tr>
</table>
</form>
</center>
</body>
</html>
unauthorized.html
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>错误页面</title>
</head>
<body>
访问了未授权的地址。。。。。。。。。。。
</body>
</html>
六、在启动类添加配置及方法权限注释配置
@EnableGlobalMethodSecurity(prePostEnabled = true)
控制层测试方法
/**
* 测试查询(讲解QueryWrapper用法)
* @param dept
* @return
*/
@PreAuthorize("hasRole('管理员')")
@GetMapping("queryList")
public List<Dept> queryList(Dept dept){
return iDeptService.queryList(dept);
}
测试登录用户名密码错误 测试角色权限相关功能
8882
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
