SpringSecurity

最新推荐文章于 2024-08-29 18:44:48 发布
最新推荐文章于 2024-08-29 18:44:48 发布
阅读量98 收藏
点赞数 1
文章标签: java spring boot 开发语言
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/wahzc1314/article/details/128942398
版权

SpringSecurity

它是一个身份认证及权限控制的框架。shiro是它的对标框架,springsecurity已经开发很多年了,由于shiro的优势,它发展的不是很好,直到springboot出现,security的配置变的非常简单,现在微服务的项目都会优先选择security框架。security实现原理是通过Filter实现的。

代码分布截图

 注意:导包导的user要是自己的,不能导依赖里面自带的user包。

1、基础代码

Result

import lombok.Data;
​
import java.util.HashMap;
import java.util.Map;
​
import static com.wztsl.springboo.contants.ResultCode.ERROR;
import static com.wztsl.springboo.contants.ResultCode.SUCCESS;
​
/**
 * @author szsw
 * @date 2023/2/3 18:18:15
 */
@Data
public class Result {
​
    private Integer code;
​
    private String message;
​
    private Map<String, Object> map = new HashMap<>();
​
    private Result() {
    }
​
    public static Result ok() {
        Result r = new Result();
        r.setCode(SUCCESS.getCode());
        r.setMessage(SUCCESS.getMessage());
        return r;
    }
​
    public static Result error() {
        Result r = new Result();
        r.setCode(ERROR.getCode());
        r.setMessage(ERROR.getMessage());
        return r;
    }
​
    public Result put(String key, Object value) {
        map.put(key, value);
        return this;
    }
​
    public Object get(String key) {
        return map.get(key);
    }
​
}

ResultCode

/**
 * @author szsw
 * @date 2023/2/3 18:26:03
 */
public enum ResultCode {
​
    /**
     *
     */
    SUCCESS(0, "请求成功"),
    ERROR(1, "请求失败"),
    ;
​
    private int code;
    private String message;
​
    ResultCode(int code, String message) {
        this.code = code;
        this.message = message;
    }
​
    public int getCode() {
        return code;
    }
​
    public String getMessage() {
        return message;
    }
}

StringConstant

/**
 * @author szsw
 * @date 2023/2/3 19:42:55
 */
public class StringConstant {
​
    /**
     * session当前登录人信息
     */
    public static final String SESSION_USER = "SESSION_USER";
    public static final String AUTH_LIST = "AUTH_LIST";
    public static final String TOKEN = "token";
​
​
    private StringConstant() {
    }
}
​

AuthenticationEnum

/**
 * @author szsw
 * @date 2023/2/3 19:43:10
 */
public enum AuthenticationEnum {
}
​

2、工具代码

Md5

import lombok.extern.slf4j.Slf4j;
​
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
​
@Slf4j
@SuppressWarnings("java:S112")
public final class Md5 {
​
    private Md5() {
    }
​
    public static String encrypt(String strSrc) {
        try {
            char[] hexChars = {'0', '1', '2', '3', '4', '5', '6', '7', '8',
                    '9', 'a', 'b', 'c', 'd', 'e', 'f'};
            byte[] bytes = strSrc.getBytes();
            MessageDigest md = MessageDigest.getInstance("Md5");
            md.update(bytes);
            bytes = md.digest();
            int j = bytes.length;
            char[] chars = new char[j * 2];
            int k = 0;
            int i;
            for (i = 0; i < bytes.length; i++) {
                byte b = bytes[i];
                chars[k++] = hexChars[b >>> 4 & 0xf];
                chars[k++] = hexChars[b & 0xf];
            }
            return new String(chars);
        } catch (NoSuchAlgorithmException e) {
            log.info("MD5计算异常!", e);
            throw new RuntimeException("MD5加密出错!!+" + e);
        }
    }
​
}

ResponseUtil

import com.fasterxml.jackson.databind.ObjectMapper;
import com.wztsl.springboo.vo.Result;
import lombok.extern.slf4j.Slf4j;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
​
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
​
/**
 * 响应工具
 *
 * @author by szsw
 */
@Slf4j
public class ResponseUtil {
​
    private ResponseUtil() {
    }
​
    public static void out(HttpServletResponse response, Result r) {
        ObjectMapper mapper = new ObjectMapper();
        response.setStatus(HttpStatus.OK.value());
        response.setContentType(MediaType.APPLICATION_JSON_UTF8_VALUE);
        try {
            mapper.writeValue(response.getOutputStream(), r);
        } catch (IOException e) {
            log.info("响应IO异常!", e);
        }
    }
}
​

TokenManager

import io.jsonwebtoken.CompressionCodecs;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import org.springframework.stereotype.Component;
​
import java.util.Date;
​
/**
 * token管理
 *
 * @author by szsw
 */
@Component
public class TokenManager {
​
    private static final long TOKEN_EXPIRATION = 24 * 60 * 60 * 1000L;
​
    private String tokenSignKey = "123456";
​
    /**
     * 生成token
     *
     * @param username 用户名
     * @return 通过用户名生成的token
     */
    public String createToken(String username) {
        return Jwts.builder().setSubject(username)
                .setExpiration(new Date(System.currentTimeMillis() + TOKEN_EXPIRATION))
                .signWith(SignatureAlgorithm.HS512, tokenSignKey).compressWith(CompressionCodecs.GZIP).compact();
    }
​
    /**
     * 通过token获取用户名
     *
     * @param token 令牌
     * @return 令牌对应的用户名
     */
    public String getUserFromToken(String token) {
        return Jwts.parser().setSigningKey(tokenSignKey).parseClaimsJws(token).getBody().getSubject();
    }
​
    @SuppressWarnings("all")
    public void removeToken(String token) {
        //jwttoken无需删除,客户端扔掉即可。
    }
​
}

3、实体代码

User

import lombok.Data;
​
/**
 * @author szsw
 * @date 2023/2/3 20:11:37
 */
@Data
public class User {
​
    private String username;
    private String password;
​
}
​

SecurityUser

import lombok.Data;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.util.CollectionUtils;
import org.springframework.util.StringUtils;

import java.util.ArrayList;
import java.util.Collection;
import java.util.List;

/**
 * @author szsw
 * @date 2023/2/3 20:11:45
 */
@Data
public class SecurityUser implements UserDetails {

    private User user;
    private List<String> authList;

    public SecurityUser(User user) {
        this.user = user;
    }

    /**
     * 返回用户的权限
     *
     * @return the authorities, sorted by natural key (never <code>null</code>)
     */
    @Override
    public Collection<? extends GrantedAuthority> getAuthorities() {
        Collection<GrantedAuthority> authorities = new ArrayList<>();
        if (CollectionUtils.isEmpty(authList)) {
            return authorities;
        }
        for (String auths : authList) {
            if (StringUtils.isEmpty(auths)) {
                continue;
            }
            authorities.add(new SimpleGrantedAuthority(auths));
        }
        return authorities;
    }

    /**
     * Returns the password used to authenticate the user.
     *
     * @return the password
     */
    @Override
    public String getPassword() {
        return user.getPassword();
    }

    /**
     * Returns the username used to authenticate the user. Cannot return <code>null</code>.
     *
     * @return the username (never <code>null</code>)
     */
    @Override
    public String getUsername() {
        return user.getUsername();
    }

    /**
     * Indicates whether the user's account has expired. An expired account cannot be
     * authenticated.
     *
     * @return <code>true</code> if the user's account is valid (ie non-expired),
     * <code>false</code> if no longer valid (ie expired)
     */
    @Override
    public boolean isAccountNonExpired() {
        return true;
    }

    /**
     * Indicates whether the user is locked or unlocked. A locked user cannot be
     * authenticated.
     *
     * @return <code>true</code> if the user is not locked, <code>false</code> otherwise
     */
    @Override
    public boolean isAccountNonLocked() {
        return true;
    }

    /**
     * Indicates whether the user's credentials (password) has expired. Expired
     * credentials prevent authentication.
     *
     * @return <code>true</code> if the user's credentials are valid (ie non-expired),
     * <code>false</code> if no longer valid (ie expired)
     */
    @Override
    public boolean isCredentialsNonExpired() {
        return true;
    }

    /**
     * Indicates whether the user is enabled or disabled. A disabled user cannot be
     * authenticated.
     *
     * @return <code>true</code> if the user is enabled, <code>false</code> otherwise
     */
    @Override
    public boolean isEnabled() {
        return true;
    }
}

4、配置代码

TokenWebSecurityConfig

import com.wztsl.springboo.security.filter.TokenAuthenticationFilter;
import com.wztsl.springboo.security.filter.TokenLoginFilter;
import com.wztsl.springboo.security.filter.TokenLogoutHandler;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.UserDetailsService;

/**
 * Security配置类
 *
 * @author by szsw
 * @date 2020/10/27 16:39
 */
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class TokenWebSecurityConfig extends WebSecurityConfigurerAdapter {

    private UserDetailsService userDetailsService;
    private TokenManager tokenManager;
    private DefaultPasswordEncoder defaultPasswordEncoder;

    @Autowired
    public TokenWebSecurityConfig(UserDetailsService userDetailsService, DefaultPasswordEncoder defaultPasswordEncoder, TokenManager tokenManager) {
        this.userDetailsService = userDetailsService;
        this.defaultPasswordEncoder = defaultPasswordEncoder;
        this.tokenManager = tokenManager;
    }


    /**
     * 配置设置
     *
     * @param http httpSecurity配置对象
     * @throws Exception 异常
     */
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        /*
         * always – 如果session不存在总是需要创建;
         * ifRequired – 仅当需要时,创建session(默认配置);
         * never – 框架从不创建session,但如果已经存在,会使用该session ;
         * stateless – Spring Security不会创建session,或使用session;
         * 解决Feign调用时session丢失问题
         */
        http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.NEVER);
        /*
         * "migrateSession",即认证时,创建一个新http session,原session失效,属性从原session中拷贝过来
         * “none”,原session保持有效;
         * “newSession”,新创建session,且不从原session中拷贝任何属性。
         * 解决Feign调用时session丢失问题
         */
        http.sessionManagement().sessionFixation().none();
        http.exceptionHandling()
                .authenticationEntryPoint(new UnauthorizedEntryPoint())
                .and()
                .cors()
                .and()
                .csrf()
                .disable()
                .authorizeRequests()
                .anyRequest()
                .authenticated()
                .and()
                .logout()
                .logoutUrl("/center/logout")
                .addLogoutHandler(new TokenLogoutHandler(tokenManager))
                .and()
                .addFilter(new TokenLoginFilter(authenticationManager(), tokenManager))
                .addFilter(new TokenAuthenticationFilter(authenticationManager(), tokenManager))
                .httpBasic();

    }

    /**
     * 密码处理
     *
     * @param auth 权限管理创建者
     * @throws Exception 异常
     */
    @Override
    public void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService).passwordEncoder(defaultPasswordEncoder);
    }

    /**
     * 配置哪些请求不拦截
     *
     * @param web webSecurity配置对象
     * @throws Exception 异常
     */
    @Override
    public void configure(WebSecurity web) throws Exception {
        String[] matchers = {"/**/allowAuth/**", "/assets/**"};
        web.ignoring().antMatchers(matchers);
    }

}

DefaultPasswordEncoder

import com.wztsl.springboo.utils.Md5;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Component;

/**
 * @author szsw
 * @date 2023/2/3 19:46:52
 */
@Component
public class DefaultPasswordEncoder implements PasswordEncoder {
    /**
     * Encode the raw password. Generally, a good encoding algorithm applies a SHA-1 or
     * greater hash combined with an 8-byte or greater randomly generated salt.
     *
     * @param rawPassword 密码
     */
    @Override
    public String encode(CharSequence rawPassword) {
        return Md5.encrypt(rawPassword.toString());
    }

    /**
     * Verify the encoded password obtained from storage matches the submitted raw
     * password after it too is encoded. Returns true if the passwords match, false if
     * they do not. The stored password itself is never decoded.
     *
     * @param rawPassword     the raw password to encode and match
     * @param encodedPassword the encoded password from storage to compare with
     * @return true if the raw password, after encoding, matches the encoded password from
     * storage
     */
    @Override
    public boolean matches(CharSequence rawPassword, String encodedPassword) {
        if(rawPassword == null || encodedPassword == null){
            return false;
        }
        return encodedPassword.equals(Md5.encrypt(rawPassword.toString()));
    }
}

UnauthorizedEntryPoint

import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.AuthenticationEntryPoint;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

/**
 * @author szsw
 * @date 2023/2/3 19:47:06
 */
public class UnauthorizedEntryPoint implements AuthenticationEntryPoint {
    /**
     * Commences an authentication scheme.
     * <p>
     * <code>ExceptionTranslationFilter</code> will populate the <code>HttpSession</code>
     * attribute named
     * <code>AbstractAuthenticationProcessingFilter.SPRING_SECURITY_SAVED_REQUEST_KEY</code>
     * with the requested target URL before calling this method.
     * <p>
     * Implementations should modify the headers on the <code>ServletResponse</code> as
     * necessary to commence the authentication process.
     *
     * @param request       that resulted in an <code>AuthenticationException</code>
     * @param response      so that the user agent can begin authentication
     * @param authException that caused the invocation
     */
    @Override
    public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException, ServletException {

    }
}

5、Filter代码

TokenAuthenticationFilter

import com.wztsl.springboo.utils.ResponseUtil;
import com.wztsl.springboo.utils.StringUtils;
import com.wztsl.springboo.utils.TokenManager;
import com.wztsl.springboo.vo.Result;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.IOException;
import java.util.Collection;
import java.util.List;

import static com.wztsl.springboo.contants.StringConstant.*;

/**
 * @author szsw
 * @date 2023/2/3 19:47:36
 */
public class TokenAuthenticationFilter extends BasicAuthenticationFilter {

    private AuthenticationManager authenticationManager;
    private TokenManager tokenManager;

    public TokenAuthenticationFilter(AuthenticationManager authenticationManager, TokenManager tokenManager) {
        super(authenticationManager);
        this.authenticationManager = authenticationManager;
        this.tokenManager = tokenManager;
    }

    @Override
    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {
        String requestUri = request.getRequestURI();
        handing(request, response, chain, requestUri);
    }

    @SuppressWarnings("unchecked")
    private void handing(HttpServletRequest request, HttpServletResponse response, FilterChain chain, String requestUri) throws IOException, ServletException {
        HttpSession session = request.getSession();
        Object userObj = session.getAttribute(SESSION_USER);
        if (userObj != null) {
            UsernamePasswordAuthenticationToken auth = createUpat(request);
            if(auth == null){
                ResponseUtil.out(response, Result.error("没有权限!"));
            }
            SecurityContextHolder.getContext().setAuthentication(auth);
            List<SimpleGrantedAuthority> authorityList = (List<SimpleGrantedAuthority>) session.getAttribute(AUTH_LIST);
            boolean authFlag = authorityList.stream().anyMatch(t -> requestUri.contains(t.getAuthority()));
            if (authFlag) {
                chain.doFilter(request, response);
            }else{
                ResponseUtil.out(response, Result.error("没有权限!"));
            }
        } else {
            ResponseUtil.out(response, Result.error("请登录!"));
        }
    }

    @SuppressWarnings("unchecked")
    private UsernamePasswordAuthenticationToken createUpat(HttpServletRequest request) {
        String token = request.getHeader(TOKEN);
        if (StringUtils.isEmpty(token)) {
            return null;
        }
        String username = tokenManager.getUserFromToken(token);
        if (StringUtils.isEmpty(username)) {
            return null;
        }
        Object authList = request.getSession().getAttribute(AUTH_LIST);
        return new UsernamePasswordAuthenticationToken(username, token, (Collection<? extends GrantedAuthority>) authList);
    }


}

TokenLoginFilter

import com.fasterxml.jackson.databind.ObjectMapper;
import com.wztsl.springboo.utils.ResponseUtil;
import com.wztsl.springboo.utils.TokenManager;
import com.wztsl.springboo.vo.Result;
import com.wztsl.springboo.vo.SecurityUser;
import com.wztsl.springboo.vo.User;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.ArrayList;

import static com.wztsl.springboo.contants.StringConstant.AUTH_LIST;
import static com.wztsl.springboo.contants.StringConstant.SESSION_USER;

/**
 * @author szsw
 * @date 2023/2/3 19:47:46
 */
public class TokenLoginFilter extends UsernamePasswordAuthenticationFilter {

    private AuthenticationManager authenticationManager;
    private TokenManager tokenManager;

    public TokenLoginFilter(AuthenticationManager authenticationManager, TokenManager tokenManager) {
        this.authenticationManager = authenticationManager;
        this.tokenManager = tokenManager;
        this.setRequiresAuthenticationRequestMatcher(new AntPathRequestMatcher("/login"));
    }

    /**
     * 获取数据和返回响应的
     *
     * @param request  请求
     * @param response 响应
     * @return 认证
     * @throws AuthenticationException 认证过程中可能会由Spring抛出认证异常
     */
    @Override
    @SuppressWarnings("java:S112")
    public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {
        try {
            User user = new ObjectMapper().readValue(request.getInputStream(), User.class);
            UsernamePasswordAuthenticationToken authToken = new UsernamePasswordAuthenticationToken(user.getUsername(), user.getPassword(), new ArrayList<>());
            return authenticationManager.authenticate(authToken);
        } catch (IOException e) {
            throw new RuntimeException("认证失败!");
        }
    }

    /**
     * 认证成功
     *
     * @param request    请求
     * @param response   响应
     * @param chain      chain对象
     * @param authResult the object returned from the <tt>attemptAuthentication</tt>
     *                   method.
     * @throws IOException      认证过程中可能会由Spring抛出认证异常
     * @throws ServletException 认证过程中可能会由Spring抛出认证异常
     */
    @Override
    protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain chain, Authentication authResult) throws IOException, ServletException {
        SecurityUser securityUser = (SecurityUser) authResult.getPrincipal();
        String token = tokenManager.createToken(securityUser.getUsername());
        request.getSession().setAttribute(SESSION_USER, securityUser.getUser());
        request.getSession().setAttribute(AUTH_LIST, securityUser.getAuthorities());
        ResponseUtil.out(response, Result.ok().put("token", token));
    }

    /**
     * 认证失败
     *
     * @param request  请求
     * @param response 响应
     * @param e        认证异常
     */
    @Override
    protected void unsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response, AuthenticationException e) throws IOException, ServletException {
        ResponseUtil.out(response, Result.error("用户名或密码错误!"));
    }
}

TokenLogoutHandler

import com.wztsl.springboo.utils.TokenManager;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.logout.LogoutHandler;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/**
 * @author szsw
 * @date 2023/2/3 19:47:54
 */
public class TokenLogoutHandler implements LogoutHandler {

    private TokenManager tokenManager;

    public TokenLogoutHandler(TokenManager tokenManager) {
        this.tokenManager = tokenManager;
    }

    /**
     * Causes a logout to be completed. The method must complete successfully.
     *
     * @param request        the HTTP request
     * @param response       the HTTP response
     * @param authentication the current principal details
     */
    @Override
    public void logout(HttpServletRequest request, HttpServletResponse response, Authentication authentication) {

    }
}

6、service代码

UserDetailsServiceImpl

import com.wztsl.springboo.utils.Md5;
import com.wztsl.springboo.vo.SecurityUser;
import com.wztsl.springboo.vo.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;

import java.util.ArrayList;
import java.util.List;

/**
 * @author szsw
 * @date 2023/2/3 19:48:10
 */
@Service
public class UserDetailsServiceImpl implements UserDetailsService {
    /**
     * Locates the user based on the username. In the actual implementation, the search
     * may possibly be case sensitive, or case insensitive depending on how the
     * implementation instance is configured. In this case, the <code>UserDetails</code>
     * object that comes back may have a username that is of a different case than what
     * was actually requested..
     *
     * @param username the username identifying the user whose data is required.
     * @return a fully populated user record (never <code>null</code>)
     * @throws UsernameNotFoundException if the user could not be found or the user has no
     *                                   GrantedAuthority
     */
    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
        User user = new User();
        SecurityUser securityUser = new SecurityUser(user);
        if ("admin".equals(username)) {
            user.setPassword(Md5.encrypt("123456"));
            user.setUsername(username);
            List<String> authList = new ArrayList<>();
            authList.add("start/test");
            securityUser.setAuthList(authList);
        }
        return securityUser;
    }
}

7、maven依赖

<jwt.version>0.7.0</jwt.version>

<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
    <groupId>io.jsonwebtoken</groupId>
    <artifactId>jjwt</artifactId>
    <version>${jwt.version}</version>
</dependency>

8、resources

application

server:
  port: 8090
  servlet:
    context-path: /security
spring:
  thymeleaf:
    prefix: classpath:/templates/
    suffix: .html
mybatis:
  type-aliases-package: com.jr.pojo
  mapper-locations: classpath:mapper/*.xml

9、SpringBoot129Application

package com.jr;

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;

@SpringBootApplication
public class SpringBoot129Application {
    public static void main(String[] args) {
        SpringApplication.run(SpringBoot129Application.class,args);

    }
}
程序员小p
关注
  • 1
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
spring security原理和机制 | Spring Boot 35
学Java,找哪吒
06-25 5万+
一、SpringSecurity 框架简介 Spring 是非常流行和成功的 Java 应用开发框架,Spring Security 正是 Spring 家族中的 成员。Spring Security 基于 Spring 框架,提供了一套 Web 应用安全性的完整解决方 案。 正如你可能知道的关于安全方面的两个主要区域是“认证”和“授权”(或者访问控 制),一般来说,Web 应用的安全性包括用户认证(Authentication)和用户授权 (Authorization)两个部分,这两点也是 Spring
Spring Security
qq_45429856的博客
11-22 3797
Spring Security简介 Spring Security是一个高度自定义的安全框架。利用Spring IOC/DI和AOP功能,为系统提供了声明式安全访问控制功能,减少了为系统安全而编写大量重复代码的工作 spring security 的核心功能主要包括: 认证 (系统认证用户是否登录) 授权 (系统判断用户是否有权限去做某些事情) 攻击防护 (防止伪造身份) Spring Security项目搭建 一:导入依赖 <!--导入spring security依赖-->
Spring Security in Action
11-22
Spring Security 实践指南 Spring Security 是一个基于 Java 的安全框架,旨在提供身份验证、授权和访问控制等功能。下面是 Spring Security 的主要知识点: 一、身份验证(Authentication) 身份验证是指对用户...
springsecurity学习笔记
12-13
在"springsecurity学习笔记"中,你可能会涉及以下主题: - Spring Security的基本配置,包括web安全配置和全局安全配置。 - 如何自定义认证和授权流程,比如实现自定义的AuthenticationProvider和...
Spring Cloud Gateway 整合 Spring Security 统一登录认证鉴权
02-24
在压缩包文件`spring_gateway_security_webflux`中,可能包含了示例代码或配置文件,用于演示如何在Spring Cloud Gateway中集成Spring Security,实现统一登录认证鉴权。这些资源可以帮助开发者更快地理解和实践上述...
SpringSecurity笔记,编程不良人笔记
10-28
SpringSecurityJava领域中一款强大的安全框架,主要用于Web应用程序的安全管理。它提供了全面的身份验证、授权、会话管理以及安全相关的功能,可以帮助开发者构建安全的Web应用。在本笔记中,我们将深入探讨Spring...
最详细Spring Security学习资料(源码)
11-16
Spring Security是一个功能强大且高度可定制的身份验证和授权框架,专门用于保护Java应用程序的安全性。它构建在Spring Framework基础之上,提供了全面的安全解决方案,包括身份验证、授权、攻击防护等功能。 Spring...
启动Application 报错:no mapping for GET /(已解决)
qq_3512323979的博客
08-26 4626
no mapping for GET /因为我使用的是框架嘛,然后生成了一个SpringBoot项目后,resources下面就会有一个static的类,用于存放静态资源类,后面我把静态资源放在里面,但是启动启动类后,报错一直匹配不到。: 正常的话,我们使用SpringBoot框架,他会给我们提供许多便利,包括静态资源的自动服务,默认的话,他会去。报这个错可能还有其他原因,我的是因为这个,大家可以根据日志信息一步步检查,肯定可以解决的!类并覆盖其方法时,就会失去静态资源的自动服务
[C++规范] 访问类成员变量的方式:直接访问还是通过成员函数访问?
Loewen丶的小窝
08-26 4719
在面向对象编程(OOP)中,通过成员函数(如`ME_HardwareTypeEnum Type() const;` 和 `int Id() const;`)来访问类的私有或受保护成员(如`m_hardwareType` 和 `m_id`),而不是直接通过公共成员访问,是一种更好的做法。
linux上datax 安装以及使用
寂夜了无痕的博客
08-24 4815
linux上datax 安装以及使用
《深入理解 Java 中的适配器模式》
最新发布
面团到油条的成长日记
08-29 2949
在软件开发的广阔领域中,不同接口之间不匹配的问题时常像个棘手的难题困扰着开发者。而适配器模式就像是一位得力的助手,专门用来解决这类问题。它的关键作用在于把一个类的接口有效地转化为客户端所期望的另一种接口,让原本因接口不相符而不能一起工作的两个类可以共同协作,学习本文希望你能有所收获
操作系统原子操作
zzt_is_me的博客
08-28 2959
所谓的原子操作就是不可被拆分的操作,对于多线程对全局变量进行操作时,就再也不用再线程锁了,和pthread_mutex_t保护作用是一样的,也是线程安全的,有些编译器在使用时需要加-march=i686编译参数。2、type只能是整数相关的类型,浮点型和自定义类型无法使用。功能:把value赋值给*ptr,并返回*ptr的旧值。功能:以上操作返回的是*ptr与value计算后的值。使用原子操作实现一个线程安全的无锁队列。1、该功能并不通用,有些编译器不支持。功能:以上操作返回的是*ptr的旧值。
Java设计模式之建造者模式详细讲解和案例示范
weixin_39996520的博客
08-28 2501
建造者模式是一种创建型设计模式,允许用户通过一步步地构造复杂对象的方式来避免直接使用大量的构造函数或复杂的初始化过程。它通过将对象的创建过程分解为多个步骤,并允许这些步骤以链式调用的方式来执行,最终生成一个完全构建的对象。首先,我们定义一个Order类,该类包括了多个字段,如订单ID、客户信息、商品列表、配送地址等。// Getter方法省略...在这个例子中,类提供了构建Order对象所需的各个方法,每个方法返回实例,以便进行链式调用。
Spring WebFlux – CVE-2023-34034 – 撰写和概念验证
技术超强的网络安全平台
08-28 1852
Spring框架是一个广泛使用的基于Java的应用程序框架,为企业级Java应用的开发提供基础设施支持。是一个功能强大的身份验证和访问控制框架,也是保护基于 Spring 的应用程序的行业标准。它提供身份验证和授权,并且可以轻松扩展以满足自定义要求。Spring WebFlux是在 Spring 5 中引入的,作为传统框架的响应式编程替代方案。Spring WebFlux 的核心设计旨在处理异步、非阻塞和反应式编程范例。它提供了一种反应式编程模型,允许开发人员构建可扩展、响应迅速且具有弹性的应用程序。
基于jenkins部署maven项目
静水深流
08-26 2577
如上所示,构建后,我们处于项目的根目录之下,可以进行后续的操作,如启动target目录下的jar包、将jar包传输到需要部署的服务器上、打docker镜像bing上传等等,需要根据实际情况进行选择,而这些都可以在“Add post-build step”选项中进行选择。我们主要关注上述几个部分,在General部分,可以对项目进行一个简单的描述,源码管理部分,需要配置对应的源码url,如下图所示。如上所示,选择“构建一个maven项目”,如果没有改选项,则需要安装maven构建的插件,请参考之前的文章。
死锁及其产生条件
秋夫人
08-26 1311
死锁是指两个或多个线程(或进程)互相等待对方释放资源,导致所有相关线程都无法继续执行的情况。这是并发编程中的一个常见问题,可能会导致系统部分或完全停止响应。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值