springboot整合springsecutity入门案例
一、配置文件实现
二、配置类实现
三、自定义实现类(查询数据库)
1.创建maven项目,引入maven依赖
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.4.1</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<groupId>com.test</groupId>
<artifactId>demo</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>demo</name>
<description>Demo project for Spring Boot</description>
<properties>
<java.version>1.8</java.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-test</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>
2.创建测试Controller
package com.springsecutity01.controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
/**
* @author TANGSHUAI
* @version 1.0
* @date 2021-01-12 16:28
*/
@RestController
@RequestMapping("/test")
public class TestController {
@RequestMapping("/hello")
public String hello(){
return "hello";
}
}
3.创建启动类
package com.springsecutity01;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
/**
* @author TANGSHUAI
* @version 1.0
* @date 2021-01-12 16:31
*/
@SpringBootApplication
public class App {
public static void main(String[] args) {
SpringApplication.run(App.class, args);
}
}
4.运行启动类,注意观察控制台打印的springsecutity密码
536ba907-5149-4e36-b71a-0ad7bd340052
5.测试访问/test/hello请求,此时浏览器会自动跳转到springsecutity默认登陆界面
账号默认是:user
密码是控制台打印的密码:536ba907-5149-4e36-b71a-0ad7bd340052
登陆成功返回hello字符串
一、配置文件实现
application.properties
spring.security.user.name=admin
spring.security.user.password=admin
二、配置类实现
@Configuration
public class SecutityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
BCryptPasswordEncoder passwordEncoder=new BCryptPasswordEncoder();
String password = passwordEncoder.encode("admin");
auth.inMemoryAuthentication().withUser("admin").password(password).roles("admin");
}
}
三、自定义实现类(查询数据库)
1.创建数据库
2.引入相关依赖
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.1.4.RELEASE</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<groupId>com</groupId>
<artifactId>springsecutity</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>springsecutity</name>
<description>Demo project for Spring Boot</description>
<properties>
<java.version>1.8</java.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
</dependency>
<dependency>
<groupId>com.baomidou</groupId>
<artifactId>mybatis-plus-boot-starter</artifactId>
<version>3.3.2</version>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
<exclusions>
<exclusion>
<groupId>org.junit.vintage</groupId>
<artifactId>junit-vintage-engine</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-test</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<configuration>
<excludes>
<exclude>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
</exclude>
</excludes>
</configuration>
</plugin>
</plugins>
</build>
</project>
3.实体类
@Data
@AllArgsConstructor
@NoArgsConstructor
public class Users {
private Integer id;
private String username;
private String password;
}
4.Mapper
@Repository
public interface UsersMapper extends BaseMapper<Users> {
}
5.创建MyUserDatailsService实现UserDetailsService
UserDetailsService是springsecutity自带的服务类
@Service("userDetailsService")
public class MyUserDatailsService implements UserDetailsService {
@Autowired
private UsersMapper usersMapper;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
//根据用户名查询
QueryWrapper<Users> queryWrapper=new QueryWrapper<>();
queryWrapper.eq("username", username);
Users users = this.usersMapper.selectOne(queryWrapper);
if(users==null){
throw new UsernameNotFoundException("用户名或密码错误!");
}
//我这里加了几个权限
List<GrantedAuthority> auths= AuthorityUtils.commaSeparatedStringToAuthorityList("ROLE_sale,admins,ROLE_admins");
return new User(users.getUsername(), new BCryptPasswordEncoder().encode(users.getPassword()), auths);
}
}
6.修改配置类
@Configuration
public class SecutityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private UserDetailsService userDetailsService;
@Autowired
private DataSource dataSource;
@Bean
public PersistentTokenRepository persistentTokenRepository(){
JdbcTokenRepositoryImpl jdbcTokenRepository=new JdbcTokenRepositoryImpl();
jdbcTokenRepository.setDataSource(dataSource);
//自动创建表结构jdbcTokenRepository.setCreateTableOnStartup(true);
return jdbcTokenRepository;
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
// BCryptPasswordEncoder passwordEncoder=new BCryptPasswordEncoder();
// String password = passwordEncoder.encode("admin");
// auth.inMemoryAuthentication().withUser("admin").password(password).roles("admin");
auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
}
@Bean
PasswordEncoder passwordEncoder(){
return new BCryptPasswordEncoder();
}
@Override
protected void configure(HttpSecurity http) throws Exception{
//配置退出登陆
http.logout().logoutUrl("/loginout").logoutSuccessUrl("/test/hello").permitAll();
//设置没有权限访问跳转自定义页面
http.exceptionHandling().accessDeniedPage("/403.html");
http.formLogin()
//登陆表单
.loginPage("/login.html")
//登陆路径
.loginProcessingUrl("/user/login")
//登陆成功跳转路径
//.defaultSuccessUrl("/test/index").permitAll()
.defaultSuccessUrl("/success.html").permitAll()
//不需要登陆就能访问的路径
.and().authorizeRequests().antMatchers("/","/test/hello","/user/login").permitAll()
//.antMatchers("/test/index").hasAnyAuthority("admins")
.antMatchers("/test/index").hasAnyRole("sale")
.anyRequest().authenticated()
//记住我
.and().rememberMe().tokenRepository(persistentTokenRepository())
//记住时长
.tokenValiditySeconds(60)
//查询数据库
.userDetailsService(userDetailsService)
//关闭csrf防护
.and().csrf().disable();
}
package com.springsecutity.controller;
import com.springsecutity.po.Users;
import org.springframework.security.access.annotation.Secured;
import org.springframework.security.access.prepost.PostAuthorize;
import org.springframework.security.access.prepost.PostFilter;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.access.prepost.PreFilter;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.bind.annotation.RestController;
import java.util.ArrayList;
import java.util.List;
/**
* @author TANGSHUAI
* @version 1.0
* @date 2021-01-03 15:54
*/
@RestController
@RequestMapping("/test")
public class TestController {
@RequestMapping("/hello")
public String hello() {
return "hello";
}
@RequestMapping("/index")
public String index() {
return "index";
}
/**
* 判断是否有角色
*
* @return
*/
@RequestMapping("/update")
@Secured("ROLE_sale")
public String update() {
return "hello update";
}
/**
* PreAuthorize方法前执行
*
* @return
*/
@RequestMapping("/insert")
@PreAuthorize("hasAnyAuthority('admins')")
public String insert() {
return "insert";
}
/**
* PostAuthorize方法之后执行
*
* @return
*/
@RequestMapping("/delete")
@PostAuthorize("hasAnyRole('ROLE_admins')")
public String delete() {
System.out.println("PostAuthorize方法之后执行");
return "delete";
}
/**
* 权限验证之后对数据进行过滤
*
* @return
*/
@RequestMapping("getAll")
@PreAuthorize("hasAnyAuthority('admins')")
@PostFilter("filterObject.username == 'admin1'")
public List<Users> getAllUser() {
ArrayList<Users> list = new ArrayList<>();
list.add(new Users(1, "admin1", "6666"));
list.add(new Users(2, "admin2", "888"));
return list;
}
/**
* 进入控制器之前对数据进行过滤
* @param list
* @return
*/
@RequestMapping("getTestPreFilter")
@PreAuthorize("hasAnyAuthority('admins')")
@PreFilter(value = "filterObject.id%2==0")
@ResponseBody
public List<Users> getTestPreFilter(@RequestBody List<Users> list) {
list.forEach(t -> {
System.out.println(t.getId() + "\t" + t.getUsername());
});
return list;
}
}
package com.springsecutity;
import org.mybatis.spring.annotation.MapperScan;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
@SpringBootApplication
@MapperScan("com.springsecutity.mapper")
//开启springsecutity注解
@EnableGlobalMethodSecurity(securedEnabled = true,prePostEnabled = true)
public class SpringsecutityApplication {
public static void main(String[] args) {
SpringApplication.run(SpringsecutityApplication.class, args);
}
}
7.创建login.html界面
这里的name属性对应
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Title</title>
</head>
<body>
<form action="/user/login" method="post">
用户名:<input type="text" name="username" value="admin"/>
<br/>
密码:<input type="text" name="password" value="admin"/>
<br/>
记住我:<input type="checkbox" name="remember-me"/>
<br/>
<input type="submit" value="登陆"/>
</form>
</body>
</html>
403.html
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Title</title>
</head>
<body>
<h4>403</h4>
</body>
</html>
success.html
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Title</title>
</head>
<body>
登陆成功!
<a href="/loginout">退出登陆</a>
</body>
</html>