【开源项目】Spring Security三大权限框架案例讲解01—项目初始化

GitHub

UncleCatMySelf/myself-security

前言

大致简介项目主要逐步迭代讲解Spring Security + Spring Social + Spring Security OAuth + REST服务开发，通过实际的案例开发来讲解，项目注解详细适合作为教程案例，同时对代码的演进还有重构也会有对应的推文讲解！

什么是登录与账户安全！？

大多数初级的程序员可能理解的比较简单，即普通的表单登录，数据查询等等，但是真正的企业登录权限系统是如何的呢？现在大多数主流的权限系统一般都是使用Spring Security了，而我们的主题也是它，让我们来深入了解这个权限框架吧！

项目搭建

首先是项目的目录，项目采用Maven多模块模式开发。

1、Myself-security：主模块(pom)
2、Myself-security-core：核心业务逻辑(jar)
3、Myself-security-browser：浏览器安全特定代码(jar)
4、Myself-security-app：app相关特定代码(jar)
5、Myself-security-demo：样例程序(jar)

相关Pom文件

让我们来了解项目的主模块的pom文件，这个的packaging要选择为pom形式，我们选择引入Spring IO来控制版本，还有配置Maven插件，具体如下

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>

    <groupId>com.myself.security</groupId>
    <artifactId>myself-security</artifactId>
    <version>1.0-SNAPSHOT</version>
    <packaging>pom</packaging>

    <!-- 配置版本参数 -->
    <properties>
        <myself.security.version>1.0-SNAPSHOT</myself.security.version>
    </properties>

    <!-- 帮助我们管理Maven依赖的版本，由spring IO 来指定版本 -->
    <dependencyManagement>
        <dependencies>
            <dependency>
                <groupId>io.spring.platform</groupId>
                <artifactId>platform-bom</artifactId>
                <version>Cairo-SR4</version>
                <type>pom</type>
                <scope>import</scope>
            </dependency>
            <dependency>
                <groupId>org.springframework.cloud</groupId>
                <artifactId>spring-cloud-dependencies</artifactId>
                <version>Finchley.SR1</version>
                <type>pom</type>
                <scope>import</scope>
            </dependency>
        </dependencies>
    </dependencyManagement>

    <!-- 配置Maven插件 -->
    <build>
        <plugins>
            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-compiler-plugin</artifactId>
                <version>3.7.0</version>
                <configuration>
                    <source>1.8</source>
                    <target>1.8</target>
                    <encoding>UTF-8</encoding>
                </configuration>
            </plugin>
        </plugins>
    </build>

    <!-- 子模块引入 -->
    <modules>
        <module>../myselfsecuritycore</module>
        <module>../myselfsecuritydemo</module>
        <module>../myselfsecuritybrowser</module>
        <module>../myselfsecurityapp</module>
    </modules>

</project>

接下来是core的核心组件，这一块的代码较多，我中间部分就省略了，具体可以去GitHub查看

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <!-- 父模块信息 -->
    <parent>
        <artifactId>myself-security</artifactId>
        <groupId>com.myself.security</groupId>
        <version>1.0-SNAPSHOT</version>
        <relativePath>../myselfsecurity</relativePath>
    </parent>
    <modelVersion>4.0.0</modelVersion>

    <artifactId>myself-security-core</artifactId>

    <dependencies>
        <!-- 引入所有与Spring Security相关的jar包 -->
        <dependency>
            <groupId>org.springframework.cloud</groupId>
            <artifactId>spring-cloud-starter-oauth2</artifactId>
        </dependency>
        <dependency>
            <groupId>...</groupId>
            <artifactId>...</artifactId>
        </dependency>
    </dependencies>

</project>

而app模块是针对App的权限，这一块只要引入core组件即可

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <!-- 父模块信息 -->
    <parent>
        <artifactId>myself-security</artifactId>
        <groupId>com.myself.security</groupId>
        <version>1.0-SNAPSHOT</version>
        <relativePath>../myselfsecurity</relativePath>
    </parent>
    <modelVersion>4.0.0</modelVersion>

    <artifactId>myself-security-app</artifactId>

    <!-- 引入core核心代码组件 -->
    <dependencies>
        <dependency>
            <groupId>com.myself.security</groupId>
            <artifactId>myself-security-core</artifactId>
            <version>${myself.security.version}</version>
        </dependency>
    </dependencies>

</project>

对于browser浏览器模块，则需要加Session集群管理，由于app是使用token，而浏览器则是session

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <!-- 父模块信息 -->
    <parent>
        <artifactId>myself-security</artifactId>
        <groupId>com.myself.security</groupId>
        <version>1.0-SNAPSHOT</version>
        <relativePath>../myselfsecurity</relativePath>
    </parent>
    <modelVersion>4.0.0</modelVersion>

    <artifactId>myself-security-browser</artifactId>

    <dependencies>
        <!-- 引入core核心代码组件 -->
        <dependency>
            <groupId>com.myself.security</groupId>
            <artifactId>myself-security-core</artifactId>
            <version>${myself.security.version}</version>
        </dependency>
        <!-- 集群环境下的session管理 -->
        <!-- 部分组件的版本还未在Spring IO更新，这里要自己引入 -->
        <dependency>
            <groupId>org.springframework.session</groupId>
            <artifactId>spring-session</artifactId>
            <version>1.3.3.RELEASE</version>
        </dependency>
    </dependencies>

</project>

demo组件是我们的代码测试区，还有功能实现测试，我们暂时先引用browser模块。

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <!-- 父模块信息 -->
    <parent>
        <artifactId>myself-security</artifactId>
        <groupId>com.myself.security</groupId>
        <version>1.0-SNAPSHOT</version>
        <relativePath>../myselfsecurity</relativePath>
    </parent>
    <modelVersion>4.0.0</modelVersion>

    <artifactId>myself-security-demo</artifactId>

    <dependencies>
        <!-- 引入browser代码组件 -->
        <dependency>
            <groupId>com.myself.security</groupId>
            <artifactId>myself-security-browser</artifactId>
            <version>${myself.security.version}</version>
        </dependency>
        <!-- 用于接口测试 -->
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
        </dependency>
    </dependencies>

    <!-- 用于打包 -->
    <build>
        <plugins>
            <plugin>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-maven-plugin</artifactId>
                <version>2.0.5.RELEASE</version>
                <executions>
                    <execution>
                        <goals>
                            <goal>repackage</goal>
                        </goals>
                    </execution>
                </executions>
            </plugin>
        </plugins>
        <finalName>demo</finalName>
    </build>

</project>

启动类

接下来我们要编写启动类，我使用了Swagger插件，还有初始化时我们先移除Security的登录验证，当然yml配置文件也要先关了Session管理

package com.myself;

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;
import springfox.documentation.swagger2.annotations.EnableSwagger2;

/**
 * @author  MySelf
 * @create  2018/9/15
 * @desc Demo SpringBoot 启动类
 **/
@SpringBootApplication
@RestController
@EnableSwagger2
@EnableAutoConfiguration(exclude = {
        org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration.class
})
public class DemoApplication {

    /**
     * 启动类
     * @param args {@link String}
     */
    public static void main(String[] args) {
        SpringApplication.run(DemoApplication.class,args);
    }

    /**
     * 初始化创建接口服务
     * @return {@link String}
     */
    @GetMapping("/hello")
    public String hello(){
        return "Hello Spring Security";
    }

}

结尾

好了，运行项目，我们就可以看到初始化成功的项目啦！

---

如果本文对你有帮助，欢迎关注个人技术公众号，谢谢。