1.相关的依赖:
权限验证相关的依赖(spring-security-config,spring-security-taglibs)
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.spring.springsecurity</groupId>
<artifactId>spring_springsecurity</artifactId>
<packaging>war</packaging>
<version>0.0.1-SNAPSHOT</version>
<name>spring_springsecurity Maven Webapp</name>
<url>http://maven.apache.org</url>
<dependencies>
<!--
spring 相关依赖
-->
<!-- 持久层依赖 -->
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-orm</artifactId>
<version>5.2.9.RELEASE</version>
</dependency>
<!-- spring的基础依赖 -->
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-context</artifactId>
<version>5.2.9.RELEASE</version>
</dependency>
<!-- 数据库连接驱动包 -->
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>5.1.38</version>
</dependency>
<!-- AOP-->
<!-- https://mvnrepository.com/artifact/org.aspectj/aspectjweaver -->
<dependency>
<groupId>org.aspectj</groupId>
<artifactId>aspectjweaver</artifactId>
<version>1.9.5</version>
<scope>runtime</scope>
</dependency>
<!-- https://mvnrepository.com/artifact/javax.annotation/jsr250-api -->
<dependency>
<groupId>javax.annotation</groupId>
<artifactId>jsr250-api</artifactId>
<version>1.0</version>
</dependency>
<!-- MyBaties相关依赖 -->
<!-- https://mvnrepository.com/artifact/org.mybatis/mybatis -->
<dependency>
<groupId>org.mybatis</groupId>
<artifactId>mybatis</artifactId>
<version>3.5.3</version>
</dependency>
<!-- spring整合MyBaties相关依赖 -->
<!-- https://mvnrepository.com/artifact/org.mybatis/mybatis-spring -->
<dependency>
<groupId>org.mybatis</groupId>
<artifactId>mybatis-spring</artifactId>
<version>1.3.2</version>
</dependency>
<!-- 数据连接池-->
<dependency>
<groupId>com.alibaba</groupId>
<artifactId>druid</artifactId>
<version>1.1.21</version>
</dependency>
<!--
springmvc 相关依赖
-->
<!-- https://mvnrepository.com/artifact/org.springframework/spring-webmvc -->
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
<version>5.2.9.RELEASE</version>
</dependency>
<!-- https://mvnrepository.com/artifact/org.springframework/spring-web -->
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-web</artifactId>
<version>5.2.9.RELEASE</version>
</dependency>
<!-- https://mvnrepository.com/artifact/javax.servlet/javax.servlet-api -->
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
<version>3.1.0</version>
<scope>provided</scope>
</dependency>
<!-- jstl支持依赖 -->
<dependency>
<groupId>javax.servlet.jsp.jstl</groupId>
<artifactId>jstl-api</artifactId>
<version>1.2</version>
<exclusions>
<exclusion>
<groupId>javax.servlet</groupId>
<artifactId>servlet-api</artifactId>
</exclusion>
<exclusion>
<groupId>javax.servlet.jsp</groupId>
<artifactId>jsp-api</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.glassfish.web</groupId>
<artifactId>jstl-impl</artifactId>
<version>1.2</version>
<exclusions>
<exclusion>
<groupId>javax.servlet</groupId>
<artifactId>servlet-api</artifactId>
</exclusion>
<exclusion>
<groupId>javax.servlet.jsp</groupId>
<artifactId>jsp-api</artifactId>
</exclusion>
<exclusion>
<groupId>javax.servlet.jsp.jstl</groupId>
<artifactId>jstl-api</artifactId>
</exclusion>
</exclusions>
</dependency>
<!-- https://mvnrepository.com/artifact/junit/junit -->
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.12</version>
<scope>test</scope>
</dependency>
<!-- 文件上传依赖 -->
<!-- https://mvnrepository.com/artifact/commons-fileupload/commons-fileupload -->
<dependency>
<groupId>commons-fileupload</groupId>
<artifactId>commons-fileupload</artifactId>
<version>1.3.1</version>
</dependency>
<!-- https://mvnrepository.com/artifact/commons-io/commons-io -->
<dependency>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
<version>2.6</version>
</dependency>
<!-- 服务端数据验证依赖 -->
<!-- https://mvnrepository.com/artifact/org.hibernate.validator/hibernate-validator -->
<dependency>
<groupId>org.hibernate.validator</groupId>
<artifactId>hibernate-validator</artifactId>
<version>6.1.5.Final</version>
</dependency>
<!--json依赖 -->
<!-- https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-databind -->
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
<version>2.12.0</version>
</dependency>
<!-- https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-core -->
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-core</artifactId>
<version>2.12.0</version>
</dependency>
<!-- 权限管理框架依赖security -->
<!-- https://mvnrepository.com/artifact/org.springframework.security/spring-security-config -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>5.3.3.RELEASE</version>
</dependency>
<!-- https://mvnrepository.com/artifact/org.springframework.security/spring-security-taglibs -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
<version>5.3.3.RELEASE</version>
</dependency>
<!--
日志相關依賴
-->
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
<version>2.0.0-alpha1</version>
</dependency>
<!-- https://mvnrepository.com/artifact/org.slf4j/slf4j-log4j12 -->
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
<version>2.0.0-alpha1</version>
</dependency>
<!-- https://mvnrepository.com/artifact/log4j/log4j -->
<dependency>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
<version>1.2.17</version>
</dependency>
</dependencies>
<build>
<!-- 配置定义版本插件 -->
<plugins>
<!-- tomcat插件控制 -->
<plugin>
<groupId>org.apache.tomcat.maven</groupId>
<artifactId>tomcat7-maven-plugin</artifactId>
<version>2.2</version>
<configuration>
<!--端口控制-->
<port>8080</port>
<!--项目路径控制意味着http://localhost:8080/abc-->
<path>/</path>
<!--编码-->
<uriEncoding>UTF-8</uriEncoding>
</configuration>
</plugin>
<!-- 定义jdk版本插件 -->
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.5.1</version>
<configuration>
<source>1.8</source>
<target>1.8</target>
</configuration>
</plugin>
</plugins>
<!-- mapper扫描插件 -->
<resources>
<resource>
<directory>src/main/java</directory>
<includes>
<include>**/*.xml</include>
</includes>
</resource>
</resources>
</build>
</project>
2.相关的配置文件:
-
db.properties
jdbc_driver=com.mysql.jdbc.Driver
jdbc_url=jdbc:mysql://localhost:3306/test
jdbc_username=root
jdbc_password=root
-
log4j.properties
# \u65E5\u5FD7\u5F00\u5173
log4j.rootLogger=debug, Console, info,error,debug
#Console
log4j.appender.Console=org.apache.log4j.ConsoleAppender
log4j.appender.Console.layout=org.apache.log4j.PatternLayout
log4j.appender.Console.layout.ConversionPattern=%d [%t] %-5p [%c] - %m%n
### \u4FDD\u5B58debug\u4FE1\u606F\u5230\u5355\u72EC\u6587\u4EF6 ###
log4j.appender.debug=org.apache.log4j.DailyRollingFileAppender
#log4j.appender.debug.File=${catalina.home}/logs/debug.log
log4j.appender.debug.File=D:/logs/debug.log
log4j.appender.debug.Append = true
log4j.appender.debug.Threshold = DEBUG
log4j.appender.debug.layout=org.apache.log4j.PatternLayout
log4j.appender.debug.layout.ConversionPattern=%d [%t] %-5p [%c] - %m%n
### \u4FDD\u5B58info\u4FE1\u606F\u5230\u5355\u72EC\u6587\u4EF6 ###
log4j.appender.info=org.apache.log4j.DailyRollingFileAppender
log4j.appender.info.File=${catalina.home}/logs/info.log
log4j.appender.info.Append = true
log4j.appender.info.Threshold = INFO
log4j.appender.info.layout=org.apache.log4j.PatternLayout
log4j.appender.info.layout.ConversionPattern=%d [%t] %-5p [%c] - %m%n
### \u4FDD\u5B58\u5F02\u5E38\u4FE1\u606F\u5230\u5355\u72EC\u6587\u4EF6 ###
log4j.appender.error = org.apache.log4j.DailyRollingFileAppender
log4j.appender.error.File = ${catalina.home}/logs/error.log
log4j.appender.error.Append = true
log4j.appender.error.Threshold = ERROR
log4j.appender.error.layout = org.apache.log4j.PatternLayout
log4j.appender.error.layout.ConversionPattern = %d [%t] %-5p [%c] - %m%n
#Project default level
log4j.logger.com.as.resource = INFO
log4j.logger.org.springframework.web = INFO
#DEBUG
log4j.logger.java.sql.Connection = DEBUG
log4j.logger.java.sql.Statement = DEBUG
log4j.logger.java.sql.PreparedStatement = DEBUG
log4j.logger.java.sql.ResultSet =DEBUG
#mybatis
log4j.logger.com.ibatis=DEBUG
log4j.logger.com.ibatis.common.jdbc.SimpleDataSource=DEBUG
log4j.logger.com.ibatis.common.jdbc.ScriptRunner=DEBUG
log4j.logger.com.ibatis.sqlmap.engine.impl.SqlMapClientDelegate=DEBUG
-
mybatis-config.xml
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE configuration
PUBLIC "-//mybatis.org//DTD Config 3.0//EN"
"http://mybatis.org/dtd/mybatis-3-config.dtd">
<configuration>
</configuration>
-
spring_applicationContext.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:aop="http://www.springframework.org/schema/aop"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/tx
http://www.springframework.org/schema/tx/spring-tx.xsd
http://www.springframework.org/schema/aop
https://www.springframework.org/schema/aop/spring-aop.xsd">
<!-- 配置扫描类 -->
<context:component-scan base-package="com.self.spring.service.*"/>
<!-- <context:component-scan base-package="com.self.spring.service.*" use-default-filters="true">
除了controller类外的包被扫描到,@service,@component,@repository 标识的类
<context:exclude-filter type="annotation" expression="org.springframework.stereotype.Controller" />
</context:component-scan> -->
<!-- 关联属性文件 -->
<context:property-placeholder location="classpath:db.properties" />
<!-- 配置数据源 -->
<bean id="dataSource"
class="com.alibaba.druid.pool.DruidDataSource" init-method="init"
destroy-method="close">
<property name="url" value="${jdbc_url}" />
<property name="driverClassName" value="${jdbc_driver}" />
<property name="password" value="${jdbc_password}" />
<property name="username" value="${jdbc_username}" />
</bean>
<!--整合mybatis,将mybatis相关的对象交给springIOC容器 -->
<bean id="sqlSessionFactory"
class="org.mybatis.spring.SqlSessionFactoryBean">
<!-- 关联mybatis的配置文件; 在整合spring、springmvc和mybatis的时候必须用classpath:加载配置文件,要是不会找不到文件 -->
<property name="configLocation" value="classpath:mybatis-config.xml" />
<!-- 关联数据源 -->
<property name="dataSource" ref="dataSource" />
<!--
映射文件和接口文件不再同一个目录下的时候,他的spring是不会去扫描jar中的相应目录的,
智慧去他当前目录下获取。如果要改变这种情况也很简单,
在classpath后面加一个*号,*号的作用是让spring的扫描涉及全个目录包括jar
-->
<property name="mapperLocations" value="classpath*:mapper/*.xml"></property>
</bean>
<!-- 配置数据映射扫描路径 -->
<bean class="org.mybatis.spring.mapper.MapperScannerConfigurer">
<property name="basePackage" value="com.self.spring.mapper" />
</bean>
<!-- 导入springsecurity.xml文件 -->
<import resource="classpath:spring_security.xml"/>
</beans>
-
spring_mvc.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:aop="http://www.springframework.org/schema/aop"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc.xsd
http://www.springframework.org/schema/aop
http://www.springframework.org/schema/aop/spring-aop.xsd ">
<!-- 静态资源加载 -->
<mvc:resources location="/img/" mapping="/img/**"></mvc:resources>
<!-- 配置扫描类 -->
<context:component-scan base-package="com.self.spring.controller"/>
<!-- <context:component-scan
base-package="com.self.spring.controller" use-default-filters="false">
只扫描controller包下
<context:include-filter type="annotation" expression="org.springfraework.stereotype.Controller" />
</context:component-scan> -->
<!-- 开启注解支持 -->
<mvc:annotation-driven/>
<!-- 配置试图解析器 Internal:内部-->
<bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="suffix" value=".jsp"/>
<property name="prefix" value="/"/>
</bean>
<!-- 开启AOP支持(在使用security权限-注解的时候必须开启才有用,因为security原理是面向切面编程) -->
<aop:aspectj-autoproxy proxy-target-class="true"/>
</beans>
-
spring_security.xml:使用先后顺序123
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd ">
<!-- 开启权限注解 -->
<!--3.
jsr250-annotations="enabled":表示支持jsr250-api注解
pre-post-annotations="enabled":表示支持spring表达式
secured-annotations="enabled":支持springsecurity自身提供的注解
-->
<security:global-method-security jsr250-annotations="enabled" pre-post-annotations="enabled" secured-annotations="enabled"/>
<!-- 静态资源释放 -->
<security:http pattern="/img/**" security="none"></security:http>
<!-- 1.
auto-config="true" :表示自动加载springsecurity配置文件 ;
use-expressions="true":表示使用spring的EL表达式
-->
<security:http auto-config="true" use-expressions="true">
<!-- 讓認證頁面可以匿名访问 -->
<security:intercept-url pattern="/login.jsp" access="permitAll()"/>
<!--pattern="/**" :拦截所有资源; access="hasAnyRole(''ROLE_USER')" :表示只有ROLE_USER这个角色可以访问 -->
<security:intercept-url pattern="/**" access="hasAnyRole('ROLE_USER')" />
<!-- 自定义登录配置:
login-page="/login.jsp" :自定义登录
login-processing-url="/login" :security中处理登录的请求
default-target-url="/home.jsp" :默认跳转页面
authentication-failure-url="/failure.jsp" :登录失败页面
-->
<security:form-login login-page="/login.jsp" login-processing-url="/login" default-target-url="/home.jsp" authentication-failure-url="/failure.jsp"/>
<!-- 访问被拒绝时的跳转 -->
<security:access-denied-handler error-page="/403.jsp"/>
</security:http>
<!-- 关闭csrf过滤器;但是一般是不用关闭的,但是使用的时候可能回报403错误,因为默认的四种请求可以通过GET", "HEAD", "TRACE", "OPTIONS";可以通过前端页面的设置 -->
<!-- <security:csrf disabled="true"/> -->
<!--2. 配置认证管理器 -->
<bean class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder" id="passwordEcoder"/>
<security:authentication-manager>
<!--user-service-ref="userServiceImpl":绑定数据库验证 -->
<security:authentication-provider user-service-ref="userServiceImpl">
<!-- 加密验证配置 -->
<security:password-encoder ref="passwordEcoder"/>
<!-- 配置用户信息 ; noop:springsecurity中默认密码验证是要加密的,noop表示不加密-->
<!--写死的用户:
<security:user-service>
<security:user name="zhangsan" authorities="ROLE_USER" password="{noop}123456"/>
<security:user name="lisi" authorities="ROLE_USER" password="{noop}123456"/>
</security:user-service>
-->
</security:authentication-provider>
</security:authentication-manager>
</beans>
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<display-name>Archetype Created Web Application</display-name>
<!--
1. 初始化spring容器,把springIOC容器交给springMVC管理
-->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:spring_applicationContext.xml</param-value>
</context-param>
<!-- 初始化spring容器,优先于dispatchsevlet执行,将spring容器加载完成后保存到servletcontext 容器中-->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!--
配置注册前段控制器dispatchservlet
必须 注册前端控制器
-->
<servlet>
<servlet-name>spring_security</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<!-- 关联配置文件 -->
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:spring_mvc.xml</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>spring_security</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<!--
springsecurity过滤器; 名字固定配置:springSecurityFilterChain
-->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!--
配置 字符过滤器 ; 需要注意的是配置的时候,每个 标签都得按照顺序来,要不是会报错无法通过
-->
<filter>
<filter-name>encodingFilter</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>utf-8</param-value>
</init-param>
<init-param>
<!-- 响应编码方式开启 -->
<param-name>forceResponseEncoding</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>encodingFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>
4.具体的实现层代码:
- pojo层
package com.self.spring.pojo;
public class Dept {
private int deptno;
private String dname;
private String loc;
private Integer state;
public int getDeptno() {
return deptno;
}
public void setDeptno(int deptno) {
this.deptno = deptno;
}
public String getDname() {
return dname;
}
public void setDname(String dname) {
this.dname = dname;
}
public String getLoc() {
return loc;
}
public void setLoc(String loc) {
this.loc = loc;
}
public Integer getState() {
return state;
}
public void setState(Integer state) {
this.state = state;
}
public Dept() {
super();
// TODO Auto-generated constructor stub
}
public Dept(int deptno, String dname, String loc, Integer state) {
super();
this.deptno = deptno;
this.dname = dname;
this.loc = loc;
this.state = state;
}
@Override
public String toString() {
return "Dept [deptno=" + deptno + ", dname=" + dname + ", loc=" + loc + ", state=" + state + "]";
}
}
- mapper层
1.映射文件:
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapper
PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
"http://mybatis.org/dtd/mybatis-3-mapper.dtd">
<mapper namespace="com.self.spring.mapper.UserMapper">
<!--
总结一下#{}和${}之间的区别:
#{}:传入的内容会被作为字符串,被加上引号,以预编译的方式传入,安全性高,可以防止sql注入。
${}:传入的内容会直接拼接,不会加上引号,可能存在sql注入的安全隐患。
所以能用#{}的地方就用#{},但是诸如传入表名,需要排序的时候order by 字段 的 “字段名”的时候可以用${}.
-->
<select id="queryList" resultType="com.self.spring.pojo.Dept">
select * from dept
</select>
<select id="queryUserName" resultType="com.self.spring.pojo.Dept">
select * from dept where dname=#{userName}
</select>
</mapper>
2.接口类
package com.self.spring.mapper;
import java.util.List;
import org.apache.ibatis.annotations.Param;
import com.self.spring.pojo.Dept;
public interface UserMapper {
List<Dept> queryList();
List<Dept> queryUserName(@Param("userName")String userName);
}
- service层
package com.self.spring.service;
import java.util.List;
import org.springframework.security.core.userdetails.UserDetailsService;
import com.self.spring.pojo.Dept;
/** 用户信息验证service,连接数据库验证数据库的数据;
* 必须要继承接口UserDetilsService,该接口一定有,内部可以不用添加任何方法,
* 实现该接口后重写loadUserByUsername()方法即可
*
* @ClassName:IUserService
* @Description:TODO
* @author guanjun.zhou
* @data: 2021-1-1810:08:30
*/
public interface IUserService extends UserDetailsService{
String hello();
List<Dept> queryList();
}
package com.self.spring.service.impl;
import java.util.ArrayList;
import java.util.List;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;
import com.self.spring.mapper.UserMapper;
import com.self.spring.pojo.Dept;
import com.self.spring.service.IUserService;
@Service
public class UserServiceImpl implements IUserService {
@Autowired
private UserMapper mapper;
public String hello() {
System.out.println("hello word....");
return "hello service......";
}
public List<Dept> queryList() {
return mapper.queryList();
}
/**
* 定义自定义数据库用户验证方法;前提是接口要是继承UserDetailsService接口
*/
@Override
public UserDetails loadUserByUsername(String s) throws UsernameNotFoundException {
System.out.println("定义自定义用户验证方法....." +s);
List<Dept> list = mapper.queryUserName(s);
if (list !=null && list.size()==1) {
Dept dept = list.get(0);
if (dept !=null) {
//账号存在,给当前登录的账号 授权相关的角色
ArrayList<SimpleGrantedAuthority> authr = new ArrayList<>();
authr.add(new SimpleGrantedAuthority("ROLE_USER"));
//1.表示不加密:{noop}
// UserDetails user = new User(s, "{noop}"+dept.getLoc(), authr);
//2.加密使用
// UserDetails user = new User(s, dept.getLoc(), authr);
//3.加密和用户状态的使用:dept.getState()==1,状态等于1,表示账户可用,其他的表示停用
UserDetails user = new User(s, dept.getLoc(),
dept.getState()==1,
true,
true,
true,
authr);
return user;
}
}
//返回空表示账号不存在
return null;
}
}
- controller层:(在使用注解权限时候,必须添加依赖aspectjweaver,使用jsr250时候还要依赖jsr250-api)
package com.self.spring.controller;
import java.util.List;
import javax.annotation.security.RolesAllowed;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.servlet.ModelAndView;
import com.self.spring.pojo.Dept;
import com.self.spring.service.IUserService;
@RestController
public class UserController {
@Autowired
private IUserService dao;
//@RolesAllowed使用jsr250-annotations权限注解
@RolesAllowed({"ROLE_USER"})
@RequestMapping("/hello")
public String hello() {
System.out.println(dao.hello());
return "index";
}
@RolesAllowed({"ROLE_QUERY"})
@GetMapping("/user/findAll")
public List<Dept> findListUser(Model model) {
System.out.println("findListUser.....");
List<Dept> list = dao.queryList();
model.addAttribute("users", list);
return list;
}
@RolesAllowed({"ROLE_DELETE"})
@GetMapping("/user/query")
public ModelAndView findList() {
System.out.println("query.....");
List<Dept> list = dao.queryList();
ModelAndView model=new ModelAndView();
model.setViewName("index");
model.addObject("list", list);
return model;
}
}
package com.self.spring.controller;
import java.util.List;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.annotation.Secured;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.servlet.ModelAndView;
import com.self.spring.pojo.Dept;
import com.self.spring.service.IUserService;
@RestController
@RequestMapping("/secured")
public class securedController {
@Autowired
private IUserService dao;
//@Secured使用secured-annotations权限注解
@Secured(value= {"ROLE_USER"})
@RequestMapping("/hello")
public String hello() {
System.out.println(dao.hello());
return "index";
}
@Secured(value= {"ROLE_UPDATE"})
@GetMapping("/findAll")
public List<Dept> findListUser(Model model) {
System.out.println("findListUser.....");
List<Dept> list = dao.queryList();
model.addAttribute("users", list);
return list;
}
@Secured(value= {"ROLE_QUERY"})
@GetMapping("/query")
public ModelAndView findList() {
System.out.println("query.....");
List<Dept> list = dao.queryList();
ModelAndView model=new ModelAndView();
model.setViewName("index");
model.addObject("list", list);
return model;
}
}
package com.self.spring.controller;
import java.util.List;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.servlet.ModelAndView;
import com.self.spring.pojo.Dept;
import com.self.spring.service.IUserService;
@RestController
@RequestMapping("/older")
public class olderController {
@Autowired
private IUserService dao;
//@PreAuthorize表示使用pre-post-annotations权限-注解
@PreAuthorize(value= "hasAnyRole('ROLE_UPDATE')")
@RequestMapping("/hello")
public String hello() {
System.out.println(dao.hello());
return "index";
}
@PreAuthorize(value= "hasAnyRole('ROLE_USER')")
@GetMapping("/findAll")
public List<Dept> findListUser(Model model) {
System.out.println("findListUser.....");
List<Dept> list = dao.queryList();
model.addAttribute("users", list);
return list;
}
@PreAuthorize(value= "hasAnyRole('ROLE_DELETE')")
@GetMapping("/query")
public ModelAndView findList() {
System.out.println("query.....");
List<Dept> list = dao.queryList();
ModelAndView model=new ModelAndView();
model.setViewName("index");
model.addObject("list", list);
return model;
}
}
3.jsp数据请求认证相关:
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<%@ taglib prefix="security" uri="http://www.springframework.org/security/tags" %>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>授权-标签</title>
</head>
<body>
<!--
对应的权限下才会显示,否则掩藏,登录时候只显示查询的角色
-->
<H1>角色管理</H1>
当前登录的用户:<security:authentication property="principal.username"/>
<security:authorize access="hasAnyRole('ROLE_QUERY')">
<a href="#" >添加角色</a>
</security:authorize>
<security:authorize access="hasAnyRole('ROLE_UPDATE')">
<a href="#" >修改角色</a>
</security:authorize>
<security:authorize access="hasAnyRole('ROLE_USER')">
<a href="#" >查询角色</a>
</security:authorize>
<security:authorize access="hasAnyRole('ROLE_DELETE')">
<a href="#" >删除角色</a>
</security:authorize>
</body>
</html>
- 403.jsp页面:
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>登录失败页面!</title>
</head>
<body>
<H1>无权访问该页面,请联系管理员。。。。。。</H1>
</body>
</html>
- failure.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>登录失败页面!</title>
</head>
<body>
<H1>登录失败页面!</H1>
</body>
</html>
- home.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<%@ taglib prefix="security" uri="http://www.springframework.org/security/tags" %>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>登录成功页面</title>
</head>
<body>
<H1>home页面</H1>
<FORM method="post" ACTION="${pageContext.request.contextPath }/logout">
<security:csrfInput/>
<INPUT type="submit" value="注销"/>
</FORM>
</body>
</html>
- index.jsp
<%-- isELIgnored 开启el表达式的支持 --%>
<%@ page contentType="text/html; charset=utf-8" language="java" isELIgnored="false" %>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions"%>
<html>
<body>
<h2>mybatis_spring_springmvc</h2>
<TABLE>
<tr>
<th>部门号</th>
<th>部门名称</th>
<th>员工号</th>
</tr>
<c:forEach items="${list}" var="dept" varStatus="index">
<tr>
<td>${dept.deptno}</td>
<td>${dept.dname}</td>
<td>${dept.loc}</td>
</tr>
</c:forEach>
</TABLE>
</body>
</html>
- login.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<%@ taglib prefix="security" uri="http://www.springframework.org/security/tags" %>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Insert title here</title>
</head>
<body>
<H1>登录管理</H1>
<FORM ACTION="${pageContext.request.contextPath }/login" method="post">
账号:<INPUT type="text" name="username"><BR>
密码:<INPUT type="text" name="password"><BR>
<!-- 开启csrf防护识别 -->
<security:csrfInput/>
<input type="submit" value="登录"/><BR>
<img src="${pageContext.request.contextPath}/img/01.jpg"/>
</FORM>
</body>
</html>
扫一扫
1023
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
