config
SecurityConfig.java
package com.x.springsecurityday01.config;
import com.x.springsecurityday01.dao.UserDao;
import com.x.springsecurityday01.handler.*;
import com.x.springsecurityday01.service.SecurityService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled = true,jsr250Enabled = true,prePostEnabled=true)//作用:开启注解式鉴权
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private SecurityService securityService;
@Autowired
private LoginSuccessHandler loginSuccessHandler;
@Autowired
private JWTFilter jwtFilter;
/**
* 认证
* @param auth
* @throws Exception
*/
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
//BCryptPasswordEncoder passwordEncoder=new BCryptPasswordEncoder();
//String encode=passwordEncoder.encode("123");
//自定义用户名和密码
// auth.inMemoryAuthentication().withUser("admin").password(encode).roles("admin");
auth.userDetailsService(securityService);
}
/**
* 自定义登录页面
* @param http
* @throws Exception
*/
@Override
public void configure(HttpSecurity http) throws Exception {
http.formLogin() //告诉框架自定义页面
//.loginPage("/login.html") //登录页面地址
//.loginProcessingUrl("/dologin")//对应表单提交的action
.successHandler(loginSuccessHandler)
.failureHandler(new LoginFailHandler())
.permitAll();//对上面两个请求放行
//1.无权限2.未登录而登录
http.exceptionHandling()
.accessDeniedHandler(new NOAuthHandler())
.authenticationEntryPoint(new NoLoginHandler());
/**
* 授权
*/
http.authorizeRequests()
//.antMatchers("/hello").hasAuthority("stu:query")
//.antMatchers("/delete").hasAuthority("stu:query")
//.antMatchers("/hello").hasAnyAuthority("stu:query","hello")
//.antMatchers("/hello").hasRole("stu:query")
//.antMatchers("/delete").permitAll() //配置免拦截方法
.anyRequest().authenticated();//所有请求都拦截
/**
* 把jwtfilter注入进来
*/
http.addFilterAfter(jwtFilter, UsernamePasswordAuthenticationFilter.class);
/**
* 把session禁掉
*/
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
//跨站脚本攻击关闭
http.csrf().disable();
//允许跨域请求
//http.cors();
}
@Bean
public PasswordEncoder passwordEncoder(){
return new BCryptPasswordEncoder();
}
}
controller
UserController.java
package com.x.springsecurityday01.controller;
import com.x.springsecurityday01.domain.Users;
import com.x.springsecurityday01.service.UserService;
import com.x.springsecurityday01.util.ResponseResult;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.*;
@RestController
@RequestMapping("/user")
public class UserController {
@Autowired
private UserService userService;
@RequestMapping("/queryUser")
public ResponseResult<?> queryUser(String name,Integer gender){
return userService.queryUserInfo(name,gender);
}
@PostMapping("/addUser")
@PreAuthorize("hasAuthority('stu:query')")
public ResponseResult<?> addUser(@RequestBody Users users){
return userService.insertUser(users);
}
@GetMapping("/removeUser")
@PreAuthorize("hasAuthority('stu:query')")
public ResponseResult<?> removeUser(Integer id){
return userService.removeUser(id);
}
@PostMapping("/updateUser")
@PreAuthorize("hasAuthority('stu:query')")
public ResponseResult<?> updateUser(@RequestBody Users users){
return userService.updateUser(users);
}
@GetMapping("/findId")
@PreAuthorize("hasAuthority('stu:query')")
public ResponseResult<?> selectById(Integer id){
return userService.selectById(id);
}
}
dao
UserDao.java
package com.x.springsecurityday01.dao;
import com.baomidou.mybatisplus.core.mapper.BaseMapper;
import com.xd.springsecurityday01.domain.Users;
import org.springframework.stereotype.Repository;
import java.util.List;
@Repository
public interface UserDao {
/**
* 根据账号查用户信息及其权限
*/
Users getUserInfoByAccount(String account);
/**
* 根据用户名和性别查询用户信息
* @param name
* @param gender
* @return
*/
List<Users> getUserInfoByNameAndGender(String name,Integer gender);
/**
* 新增用户
* @param users
*/
void insertUser(Users users);
void removeUser(Integer id);
void updateUser(Users users);
Users selectById(Integer id);
}
domain
Users,java
package com.x.springsecurityday01.domain;
import com.baomidou.mybatisplus.annotation.TableField;
import lombok.AllArgsConstructor;
import lombok.Data;
import lombok.NoArgsConstructor;
import java.util.List;
@Data
@AllArgsConstructor
@NoArgsConstructor
public class Users {
private Integer id;
private String username;
private String account;
private String password;
private String phone;
private Integer gender;//性别
private List<String> anth;//该用户拥有的权限
}
handler
JWTFilter.java
package com.x.springsecurityday01.handler;
import com.x.springsecurityday01.service.SecurityService;
import com.x.springsecurityday01.util.JWTUtil;
import lombok.SneakyThrows;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.redis.core.StringRedisTemplate;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.stereotype.Component;
import org.springframework.web.filter.OncePerRequestFilter;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.Map;
import java.util.concurrent.TimeUnit;
/**
* 校验jwt
*
* 1:判断请求是否携带jwt
* 否:放行不处理
* 是:走到第二步
* 2:对前端传过来的jwt解密
* 否:放行不处理
* 是:走到第三步
* 3: 获取redis的jwt
* 获取不到:放行不处理
* 获取到:走到第四步
* 4:对比jwt
* 否:放行不处理
* 是:走到第五步
* 5:给jwt续期
*
*/
@Component
public class JWTFilter extends OncePerRequestFilter {
/**
* StringRedisTemplate和RedisTemplate区别
*/
@Autowired
private StringRedisTemplate redisTemplate;
@Autowired
private SecurityService securityService;
@SneakyThrows
@Override
protected void doFilterInternal(HttpServletRequest request,
HttpServletResponse response,
FilterChain filterChain)
throws ServletException, IOException {
/**
* * 1:判断请求是否携带jwt
* * 否:放行不处理
* * 是:走到第二步
*/
String jwt=request.getHeader("jwt");
if(jwt==null){
//交给下一个过滤器处理
filterChain.doFilter(request,response);
return;
}
/**
* 2:对前端传过来的jwt解密
* * 否:放行不处理
* * 是:走到第三步
*/
if(!JWTUtil.decode(jwt)){
filterChain.doFilter(request,response);
return;
}
/**
* 3: 获取redis的jwt
* * 获取不到:放行不处理
* * 获取到:走到第四步
*/
Map payLoad = JWTUtil.getPayLoad(jwt);
String username=(String)payLoad.get("username");
String redisJwt = redisTemplate.opsForValue().get("jwt:" + username);
if(redisJwt==null){
filterChain.doFilter(request,response);
return;
}
/**
* 4:对比jwt
* * 否:放行不处理
* * 是:走到第五步
*/
if(!jwt.equals(redisJwt)){
filterChain.doFilter(request,response);
return;
}
/**
* 5:给jwt续期
*/
redisTemplate.opsForValue().set("jwt:"+ username,jwt,30, TimeUnit.MINUTES);
//把用户信息放到security容器中去
UserDetails userDetails = securityService.loadUserByUsername(username);
UsernamePasswordAuthenticationToken upa=
new UsernamePasswordAuthenticationToken(userDetails.getUsername(),
userDetails.getPassword(),
userDetails.getAuthorities());
//把信息放到security容器中去
SecurityContextHolder.getContext().setAuthentication(upa);
filterChain.doFilter(request,response);
}
}
LoginFailHandler.java
package com.x.springsecurityday01.handler;
import com.alibaba.fastjson.JSON;
import com.x.springsecurityday01.util.ResponseResult;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
/**
* 登陆失败
*/
public class LoginFailHandler implements AuthenticationFailureHandler{
@Override
public void onAuthenticationFailure(HttpServletRequest httpServletRequest,
HttpServletResponse httpServletResponse,
AuthenticationException e)
throws IOException, ServletException {
httpServletResponse.setContentType("application/json;charset=UTF-8");
// Map map=new HashMap<>();
// map.put("code",500);
httpServletResponse.getWriter().write(JSON.toJSONString(ResponseResult.LOGIN_FAIL));
}
}
LoginSuccessHandler.java
package com.x.springsecurityday01.handler;
import com.alibaba.fastjson.JSON;
import com.x.springsecurityday01.util.JWTUtil;
import com.woniu.springsecurityday01.util.ResponseResult;
import lombok.SneakyThrows;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.redis.core.StringRedisTemplate;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.stereotype.Component;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.TimeUnit;
/**
* 登录成功处理器
*/
@Component
public class LoginSuccessHandler implements AuthenticationSuccessHandler {
@Autowired
private StringRedisTemplate redisTemplate;
@SneakyThrows
@Override
public void onAuthenticationSuccess(HttpServletRequest httpServletRequest,
HttpServletResponse httpServletResponse,
Authentication authentication)
throws IOException, ServletException {
httpServletResponse.setContentType("application/json;charset=UTF-8");
User user=(User) authentication.getPrincipal();
String username= user.getUsername();
Map map=new HashMap();
map.put("username",username);
String jwt= JWTUtil.createJWT(map);
//拿jwt干那些事情? 1:放到redis,2:把jwt传到前端
redisTemplate.opsForValue().set("jwt:"+username,jwt,30, TimeUnit.DAYS);
httpServletResponse.getWriter().write(JSON.toJSONString( new ResponseResult().ok(jwt)));
}
}
NOAuthHandler.java
package com.x.springsecurityday01.handler;
import com.alibaba.fastjson.JSON;
import com.x.springsecurityday01.util.ResponseResult;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.web.access.AccessDeniedHandler;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
/**
* 用户登录成功后,但是访问无权限的接口
*/
public class NOAuthHandler implements AccessDeniedHandler {
@Override
public void handle(HttpServletRequest httpServletRequest,
HttpServletResponse httpServletResponse,
AccessDeniedException e)
throws IOException, ServletException {
httpServletResponse.setContentType("application/json;charset=UTF-8");
httpServletResponse.getWriter().write(JSON.toJSONString( ResponseResult.NO_AUTH));
}
}
NoLoginHandler.java
package com.x.springsecurityday01.handler;
import com.alibaba.fastjson.JSON;
import com.x.springsecurityday01.util.ResponseResult;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.AuthenticationEntryPoint;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
/**
* 用户未登录,就想访问系统接口
*/
public class NoLoginHandler implements AuthenticationEntryPoint {
@Override
public void commence(HttpServletRequest httpServletRequest,
HttpServletResponse httpServletResponse,
AuthenticationException e)
throws IOException, ServletException {
httpServletResponse.setContentType("application/json;charset=UTF-8");
httpServletResponse.getWriter().write(JSON.toJSONString( ResponseResult.NO_LOGIN));
}
}
service
impl/UserSErviceImpl.java
package com.x.springsecurityday01.service.impl;
import com.x.springsecurityday01.dao.UserDao;
import com.x.springsecurityday01.domain.Users;
import com.x.springsecurityday01.service.UserService;
import com.x.springsecurityday01.util.ResponseResult;
import lombok.AllArgsConstructor;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import java.util.List;
@Service
public class UserSErviceImpl implements UserService {
@Autowired
private UserDao userDao;
@Override
public ResponseResult<?> queryUserInfo(String name, Integer gender) {
List<Users> users = userDao.getUserInfoByNameAndGender(name, gender);
return new ResponseResult<>().ok(users);
}
@Override
public ResponseResult<?> insertUser(Users users) {
try {
userDao.insertUser(users);
return new ResponseResult().ok();
} catch (Exception e) {
e.printStackTrace();
return new ResponseResult().fail();
}
}
@Override
public ResponseResult<?> removeUser(Integer id) {
try {
userDao.removeUser(id);
return new ResponseResult().ok();
} catch (Exception e) {
e.printStackTrace();
return new ResponseResult().fail();
}
}
@Override
public ResponseResult<?> updateUser(Users users) {
try {
userDao.updateUser(users);
return new ResponseResult().ok();
} catch (Exception e) {
e.printStackTrace();
return new ResponseResult().fail();
}
}
@Override
public ResponseResult<?> selectById(Integer id) {
Users users=userDao.selectById(id);
return new ResponseResult<>().ok(users);
}
}
SecurityService.java
package com.x.springsecurityday01.service;
import com.x.springsecurityday01.dao.UserDao;
import com.x.springsecurityday01.domain.Users;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Service;
import java.util.List;
@Service
public class SecurityService implements UserDetailsService {
@Autowired
private PasswordEncoder passwordEncoder;
@Autowired
private UserDao userDao;
/**
* username:页面传过来的用户名
* @param username
* @return
* @throws UsernameNotFoundException
*/
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
Users userInfo=userDao.getUserInfoByAccount(username);
if(userInfo!=null){
String join =String.join(",",userInfo.getAnth());//集合以
//根据username 去数据库查该用户信息
return new User(userInfo.getAccount(),passwordEncoder.encode(userInfo.getPassword()), AuthorityUtils.commaSeparatedStringToAuthorityList(join));
}else {
throw new UsernameNotFoundException("用户不存在");
}
}
}
UserService.java
package com.x.springsecurityday01.service;
import com.x.springsecurityday01.domain.Users;
import com.x.springsecurityday01.util.ResponseResult;
import java.util.List;
public interface UserService {
ResponseResult<?> queryUserInfo(String name,Integer gender);
ResponseResult<?> insertUser(Users users);
ResponseResult<?> removeUser(Integer id);
ResponseResult<?> updateUser(Users users);
ResponseResult<?> selectById(Integer id);
}
util
JWTUtil.java
package com.x.springsecurityday01.util;
import com.nimbusds.jose.*;
import com.nimbusds.jose.crypto.MACSigner;
import com.nimbusds.jose.crypto.MACVerifier;
import java.text.ParseException;
import java.util.HashMap;
import java.util.Map;
/**
* jwt 工具类
* 1.创建jwt
* 2.解密jwt
*/
public class JWTUtil {
private static final String KEY="kkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk";
public static String createJWT(Map map) throws JOSEException{
//第一部分:头部,主要放jwt自我描述部分,比如加密方式
JWSHeader header=new JWSHeader.Builder(JWSAlgorithm.HS256)
.type(JOSEObjectType.JWT).build();
//第二部分:载荷部分,主要放用户登录成功后,一些个人信息(注意:不要放敏感信息)
Payload payload=new Payload(map);
//第三部分:签名部分,(头部+载荷)通过一个密钥加密后得到的
JWSObject jwsObject=new JWSObject(header,payload);
JWSSigner jwsSigner=new MACSigner(KEY);
//拿到密钥加密
jwsObject.sign(jwsSigner);
return jwsObject.serialize();
}
public static boolean decode(String jwt) throws ParseException, JOSEException {
//parse()把字符串转换一个对象
JWSObject jwsObject= JWSObject.parse(jwt);
JWSVerifier jwsVerifier=new MACVerifier(KEY);
//解密方法verify()
return jwsObject.verify(jwsVerifier);
}
/**
* 根据jwt获取其中的载荷部分
* @param jwt
* @return
*/
public static Map getPayLoad(String jwt) throws ParseException {
//parse()把字符串转换一个对象
JWSObject jwsObject= JWSObject.parse(jwt);
Payload payload = jwsObject.getPayload();
Map<String, Object> map = payload.toJSONObject();
return map;
}
}
ResponseEnum.java
package com.x.springsecurityday01.util;
public enum ResponseEnum {
LOGIN_SUCCESS(200,"okkk"),
LOGIN_FAIL(500,"faill"),
NO_LOGIN(20001,"NOLOGIN"),
NO_AUTH(5000,"NOAUTH")
;
private Integer code;
private String msg;
ResponseEnum(Integer code, String msg) {
this.code = code;
this.msg = msg;
}
ResponseEnum() {
}
public Integer getCode() {
return code;
}
public void setCode(Integer code) {
this.code = code;
}
public String getMsg() {
return msg;
}
public void setMsg(String msg) {
this.msg = msg;
}
}
ResponseResult.java
package com.x.springsecurityday01.util;
import lombok.Data;
import lombok.NoArgsConstructor;
@NoArgsConstructor
@Data
public class ResponseResult<T> {
private Integer code;
private String msg;
private T data;
public ResponseResult<T> ok(T t){
return new ResponseResult(ResponseEnum.LOGIN_SUCCESS.getCode(),t);
}
public ResponseResult<T> ok(){
return new ResponseResult(ResponseEnum.LOGIN_SUCCESS.getCode(),"ok");
}
public ResponseResult<T> fail(){
return new ResponseResult(ResponseEnum.LOGIN_FAIL.getCode(),"fail");
}
public static final ResponseResult<Void> LOGIN_SUCCESS=
new ResponseResult(ResponseEnum.LOGIN_SUCCESS.getCode(),
ResponseEnum.LOGIN_SUCCESS.getMsg());
public static final ResponseResult<Void> LOGIN_FAIL=
new ResponseResult(ResponseEnum.LOGIN_FAIL.getCode(),
ResponseEnum.LOGIN_FAIL.getMsg());
public static final ResponseResult<Void> NO_LOGIN=
new ResponseResult(ResponseEnum.NO_LOGIN.getCode(),
ResponseEnum.NO_LOGIN.getMsg());
public static final ResponseResult<Void> NO_AUTH=
new ResponseResult(ResponseEnum.NO_AUTH.getCode(),
ResponseEnum.NO_AUTH.getMsg());
public ResponseResult(Integer code, T data) {
this.code = code;
this.data = data;
}
public ResponseResult(Integer code, String msg) {
this.code = code;
this.msg = msg;
}
}
TestJWT.java
package com.x.springsecurityday01.util;
import com.nimbusds.jose.*;
import com.nimbusds.jose.crypto.MACSigner;
import com.nimbusds.jose.crypto.MACVerifier;
import java.text.ParseException;
import java.util.HashMap;
import java.util.Map;
public class TestJWT {
private static final String KEY="kkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk";
public static void main(String[] args) throws Exception{
Map map1=new HashMap();
map1.put("username","admin");
String jwt=JWTUtil.createJWT(map1);
Map payload1=JWTUtil.getPayLoad(jwt);
System.out.println(payload1.get("username"));
//第一部分:头部,主要放jwt自我描述部分,比如加密方式
JWSHeader header=new JWSHeader.Builder(JWSAlgorithm.HS256)
.type(JOSEObjectType.JWT).build();
System.out.println(header.toBase64URL());
//第二部分:载荷部分,主要放用户登录成功后,一些个人信息(注意:不要放敏感信息)
Map map=new HashMap();
map.put("username","admin");
map.put("gender","男");
Payload payload=new Payload(map);
System.out.println(payload.toBase64URL());
//第三部分:签名部分,(头部+载荷)通过一个密钥加密后得到的
JWSObject jwsObject=new JWSObject(header,payload);
JWSSigner jwsSigner=new MACSigner(KEY);
//拿到密钥加密
jwsObject.sign(jwsSigner);
System.out.println(jwsObject.serialize());
//看看能不能解密
String sigin="eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJnZW5kZXIiOiLnlLciLCJ1c2VybmFtZSI6ImFkbWluIn0.a3N4ec6XYQjDwrf5SykTVBPZF1NmIWdIwZT4hxia8sU";
System.out.println(decode(sigin));
}
/**
* 拿到jwt根据系统的密码,看能不能解开
* @return
*/
public static boolean decode(String jwt) throws ParseException, JOSEException {
//parse()把字符串转换一个对象
JWSObject jwsObject= JWSObject.parse(jwt);
JWSVerifier jwsVerifier=new MACVerifier(KEY);
//解密方法verify()
return jwsObject.verify(jwsVerifier);
}
}
启动类
Springsecurityday01Application.java
package com.x.springsecurityday01;
import org.mybatis.spring.annotation.MapperScan;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
@SpringBootApplication
@MapperScan("com.woniu.springsecurityday01.dao")
public class Springsecurityday01Application {
public static void main(String[] args) {
SpringApplication.run(Springsecurityday01Application.class, args);
}
}
888888888888888888888888888888888888888888
UserDao.xml
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
<mapper namespace="com.x.springsecurityday01.dao.UserDao">
<resultMap id="userMap" type="com.x.springsecurityday01.domain.Users">
<result property="id" column="id"></result>
<result property="username" column="username"></result>
<result property="account" column="account"></result>
<result property="password" column="password"></result>
<collection property="anth" ofType="java.lang.String">
<result column="anth_code"></result>
</collection>
</resultMap>
<select id="getUserInfoByAccount" resultMap="userMap">
SELECT
us.id,
us.username,
us.account,
us.password,
ta.anth_code
FROM
users us
left join t_user_anth tua on us.id=tua.user_id
left join t_anth ta on tua.anth_id=ta.id
WHERE account=#{account}
</select>
<select id="getUserInfoByNameAndGender" resultType="com.x.springsecurityday01.domain.Users">
select
id,
username,
account,
phone,
sex gender
from
users
<where>
<if test="name!=null and name!=''">
and username like concat('%',#{name},'%')
</if>
<if test="gender!=null and gender!=0">
and sex=#{gender}
</if>
</where>
</select>
<insert id="insertUser" parameterType="com.x.springsecurityday01.domain.Users">
insert into users(username,account,password,phone)
values (#{username},#{account},#{password},#{phone})
</insert>
<delete id="removeUser" parameterType="com.x.springsecurityday01.domain.Users">
delete from users where id=#{id}
</delete>
<update id="updateUser" parameterType="com.x.springsecurityday01.domain.Users">
update users set username=#{username},account=#{account},password=#{password} where id=#{id}
</update>
<select id="selectById" resultType="com.x.springsecurityday01.domain.Users">
select * from users where id=#{id}
</select>
</mapper>
application.yml
server:
port: 8082
spring:
datasource:
driver-class-name: com.mysql.cj.jdbc.Driver
url: jdbc:mysql://127.0.0.1:3306/test?useUnicode=true&characterEncoding=utf-8&serverTimezone=UTC
username: root
password: 123456789
redis:
host: 127.0.0.1
port: 6379
database: 0
mybatis:
mapper-locations: classpath:mapper/*Dao.xml
logging:
level:
com.woniu.dao: debug
pattern:
console: '%d{yyyy-MM-dd HH:mm:ss.SSS} [%thread] %-5level %logger{50} - %msg%n'
pom.xml
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.5.4</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<groupId>com.woniu</groupId>
<artifactId>springsecurityday01</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>springsecurityday01</name>
<description>Demo project for Spring Boot</description>
<properties>
<java.version>1.8</java.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<!--springboot整合security坐标-->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<!-- mysql-connector -->
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>8.0.32</version>
</dependency>
<!-- mybatis-plus -->
<dependency>
<groupId>com.baomidou</groupId>
<artifactId>mybatis-plus-boot-starter</artifactId>
<version>3.5.1</version>
</dependency>
<!--mybatis -->
<dependency>
<groupId>org.mybatis.spring.boot</groupId>
<artifactId>mybatis-spring-boot-starter</artifactId>
<version>2.2.0</version>
</dependency>
<!--json-->
<dependency>
<groupId>com.alibaba</groupId>
<artifactId>fastjson</artifactId>
<version>2.0.12</version>
</dependency>
<!-- jwt -->
<dependency>
<groupId>com.nimbusds</groupId>
<artifactId>nimbus-jose-jwt</artifactId>
<version>9.11.1</version>
</dependency>
<!-- springboot整合redis-->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-redis</artifactId>
</dependency>
<!-- 使用 lettuce 时要加这个包;使用 jedis 时则不需要。-->
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-pool2</artifactId>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<configuration>
<excludes>
<exclude>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
</exclude>
</excludes>
</configuration>
</plugin>
</plugins>
</build>
</project>