前言
文章只实战不讲理论源码,springSecurity 的认证授权实际就是过滤器。在实践编写代码中使用的接口方法点进去,自行阅读源码。
目前第一版的实现源码:gitee 源码地址
pom.xml 需要的依赖
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.5.4</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<groupId>cn.com.rich</groupId>
<artifactId>security-rbac</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>security-rbac</name>
<description>security-rbac认证授权</description>
<properties>
<java.version>1.8</java.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<!-- 整合thymeleaf-->
<dependency>
<groupId>org.thymeleaf.extras</groupId>
<artifactId>thymeleaf-extras-springsecurity5</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<!-- SpringBoot集成thymeleaf模板 -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<scope>runtime</scope>
</dependency>
<!-- druid-->
<dependency>
<groupId>com.alibaba</groupId>
<artifactId>druid-spring-boot-starter</artifactId>
<version>1.1.13</version>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>com.baomidou</groupId>
<artifactId>mybatis-plus-boot-starter</artifactId>
<version>3.3.1</version>
<exclusions>
<exclusion>
<groupId>com.baomidou</groupId>
<artifactId>mybatis-plus-generator</artifactId>
</exclusion>
</exclusions>
</dependency>
</dependencies>
<build>
<!-- 配置将哪些资源文件(静态文件/模板文件/mapper文件)加载到tomcat输出目录里 -->
<resources>
<resource>
<directory>src/main/resources</directory><!--资源文件的路径-->
<includes>
<include>**/*.*</include>
</includes>
<!-- <filtering>false</filtering>-->
</resource>
</resources>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<configuration>
<excludes>
<exclude>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
</exclude>
</excludes>
</configuration>
</plugin>
</plugins>
</build>
</project>
application.yml
application.yml 分两个,主要是模拟以后分环境的配置
application.yml
server:
port: 8099
spring:
# 环境 dev|test|prod
profiles:
active: dev
application-dev.yml
spring:
jackson:
time-zone: GMT+8
date-format: yyyy-MM-dd HH:mm:ss
datasource:
type: com.alibaba.druid.pool.DruidDataSource
druid:
driver-class-name: com.mysql.cj.jdbc.Driver
url: jdbc:mysql://192.168.116.154:3306/security-rbac?useUnicode=true&characterEncoding=UTF-8&serverTimezone=Asia/Shanghai
username: root
password: root
initial-size: 10
max-active: 100
min-idle: 10
max-wait: 60000
pool-prepared-statements: true
max-pool-prepared-statement-per-connection-size: 20
time-between-eviction-runs-millis: 60000
min-evictable-idle-time-millis: 300000
thymeleaf:
cache: false
mode: HTML
encoding: UTF-8
prefix: classpath:/templates/
suffix: .html
servlet:
content-type: text/html
mvc:
servlet:
load-on-startup: 1 # 初始化dispatcherServlet,默认-1未开启,0及以上为开启
mybatis-plus:
mapper-locations: classpath*:/mapper/**/*.xml
#实体扫描,多个package用逗号或者分号分隔
typeAliasesPackage: cn.com.rich.entity
global-config:
#数据库相关配置
db-config:
#主键类型 AUTO:"数据库ID自增", INPUT:"用户输入ID", ID_WORKER:"全局唯一ID (数字类型唯一ID)", UUID:"全局唯一ID UUID";
id-type: ID_WORKER
logic-delete-value: -1
logic-not-delete-value: 0
banner: false
#原生配置
configuration:
map-underscore-to-camel-case: true # 开启驼峰
cache-enabled: false
call-setters-on-nulls: true
jdbc-type-for-null: 'null'
准备工作
sql
CREATE TABLE `teacher_msg` (
`id` bigint(20) NOT NULL AUTO_INCREMENT,
`teacher_id` varchar(50) DEFAULT NULL,
`teacher_name` varchar(50) DEFAULT NULL,
`sex` varchar(2) DEFAULT NULL,
`birthday` datetime DEFAULT NULL,
`title` varchar(100) DEFAULT NULL,
`teach_major` varchar(100) DEFAULT NULL,
`is_full` varchar(2) DEFAULT NULL,
`app_time` datetime DEFAULT NULL,
`phone` varchar(30) DEFAULT NULL,
`password` varchar(100) DEFAULT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
SecurityRbacApplication .java
package cn.com.rich;
import org.mybatis.spring.annotation.MapperScan;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
@SpringBootApplication
@MapperScan("cn.com.rich.mapper")
public class SecurityRbacApplication {
public static void main(String[] args) {
SpringApplication.run(SecurityRbacApplication.class, args);
}
}
LoginController.java
package cn.com.rich.controller;
import cn.com.rich.service.UserDetailServiceImpl;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.servlet.ModelAndView;
import javax.servlet.http.HttpSession;
@Controller
public class LoginController {
@Autowired
@Qualifier("userDetailService")
private UserDetailServiceImpl userDetailService;
@RequestMapping({
"/","/login"})
public ModelAndView login(){
return new ModelAndView("login");
}
@RequestMapping("/index")
public ModelAndView index(HttpSession session) {
session.setAttribute("stu",userDetailService.getStu());
return new ModelAndView("student/stuIndex");
}
@RequestMapping(value = "/failure")
public String failure(Model model){
model.addAttribute("error","用户名不存在或密码错误");