文章目录
Spring Security介绍
大部分系统,都需要认证和鉴权的功能。SpringBoot常用的安全框架spring security和shiro。
shiro相对来说简单易用,spring security功能更完善一点。
本文介绍spring security的集成方法,以及使用数据库维护权限数据,包括用户、权限
使用数据库维护用户数据
数据库表设计
这里简化一下,直接实现User和Role的映射,而省略了Role和资源的映射。
CREATE TABLE `Users` (
`UserId` int(11) NOT NULL AUTO_INCREMENT,
`UserName` varchar(45) NOT NULL,
`PassWord` varchar(100) NOT NULL,
`LockedFlag` tinyint(4) NOT NULL,
PRIMARY KEY (`UserId`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE `UserRole` (
`UserRoleId` int(11) NOT NULL AUTO_INCREMENT,
`UserId` int(11) NOT NULL,
`RoleId` int(11) NOT NULL,
PRIMARY KEY (`UserRoleId`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE `Role` (
`RoleId` int(11) NOT NULL AUTO_INCREMENT,
`RoleCode` varchar(45) NOT NULL,
`RoleDesc` varchar(200) DEFAULT NULL,
PRIMARY KEY (`RoleId`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
Mybatis代码
如果你看过前几章mybatis方面的内容,可以直接自己实现一下,跳过Mybatis这部分内容。
bean层
//RoleBean
package com.it_laowu.springbootstudy.springbootstudydemo.bean;
import java.io.Serializable;
import lombok.Data;
import lombok.experimental.Accessors;
@Data
@Accessors(chain = true)
@SuppressWarnings("serial")
public class RoleBean implements Serializable {
private int roleId;
private String roleCode;
private String roleDesc;
}
//UserBean
......省略package和import
@Data
@Accessors(chain = true)
@SuppressWarnings("serial")
public class UserBean implements Serializable {
private int userId;
private String userName;
private String passWord;
private String lockedFlag;
}
//UserRoleBean
......省略package和import
@Data
@Accessors(chain = true)
@SuppressWarnings("serial")
public class UserRoleBean implements Serializable {
private int userRoleId;
private int userId;
private int roleId;
}
Condition层
//RoleCondition
package com.it_laowu.springbootstudy.springbootstudydemo.bean.condition;
import com.it_laowu.springbootstudy.springbootstudydemo.bean.RoleBean;
import com.it_laowu.springbootstudy.springbootstudydemo.core.base.BaseCondition;
import lombok.Data;
import lombok.experimental.Accessors;
@Data
@Accessors(chain = true)
public class RoleCondition extends BaseCondition {
private int roleId;
private String roleCode;
private String roleDesc;
@Override
public Class<?> getChildClass() {
return RoleBean.class;
}
}
//UserCondition
......省略package和import
@Data
@Accessors(chain = true)
public class UserCondition extends BaseCondition {
private int userId;
private String userName;
private String passWord;
private String lockedFlag;
@Override
public Class<?> getChildClass() {
return UserBean.class;
}
}
//UserRoleCondition
......省略package和import
@Data
@Accessors(chain = true)
public class UserRoleCondition extends BaseCondition {
private int userRoleId;
private int userId;
private int roleId;
@Override
public Class<?> getChildClass() {
return UserRoleBean.class;
}
}
dao层
//RoleDao
package com.it_laowu.springbootstudy.springbootstudydemo.dao;
import java.util.List;
import com.it_laowu.springbootstudy.springbootstudydemo.bean.RoleBean;
import com.it_laowu.springbootstudy.springbootstudydemo.bean.condition.RoleCondition;
import com.it_laowu.springbootstudy.springbootstudydemo.core.base.IBaseDao;
import org.apache.ibatis.annotations.Param;
public interface RoleDao extends IBaseDao<RoleBean,RoleCondition> {
List<RoleBean> getUserRolesByUserId(@Param("keyId") int userId);
}
//UserDao
......省略package和import
public interface UserDao extends IBaseDao<UserBean,UserCondition> {
UserBean findByName(@Param("username") String username);
}
//UserRoleDao
......省略package和import
public interface UserRoleDao extends IBaseDao<UserRoleBean,UserRoleCondition> {
}
service层
//IRoleService
package com.it_laowu.springbootstudy.springbootstudydemo.service;
import com.it_laowu.springbootstudy.springbootstudydemo.bean.RoleBean;
import com.it_laowu.springbootstudy.springbootstudydemo.bean.condition.RoleCondition;
import com.it_laowu.springbootstudy.springbootstudydemo.core.base.IBaseService;
public interface IRoleService extends IBaseService<RoleBean,RoleCondition> {
List<RoleBean> getUserRolesByUserId(@Param("keyId") int userId);
}
//IUserRoleService
......省略package和import
public interface IUserRoleService extends IBaseService<UserRoleBean,UserRoleCondition> {
}
//IUserService
......省略package和import
public interface IUserService extends IBaseService<UserBean,UserCondition> {
UserBean findByName(@Param("username") String username);
}
ServiceImpl层
//RoleServiceImpl
package com.it_laowu.springbootstudy.springbootstudydemo.service.impl;
import java.util.List;
import com.it_laowu.springbootstudy.springbootstudydemo.bean.RoleBean;
import com.it_laowu.springbootstudy.springbootstudydemo.bean.condition.RoleCondition;
import com.it_laowu.springbootstudy.springbootstudydemo.core.base.IBaseDao;
import com.it_laowu.springbootstudy.springbootstudydemo.dao.RoleDao;
import com.it_laowu.springbootstudy.springbootstudydemo.service.IRoleService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
@Service