Spring Security
pom.xml:
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.5.4</version>
<relativePath/>
</parent>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>com.baomidou</groupId>
<artifactId>mybatis-plus-boot-starter</artifactId>
<version>3.4.2</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
</dependency>
<dependency>
<groupId>org.thymeleaf.extras</groupId>
<artifactId>thymeleaf-extras-springsecurity5</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
</dependencies>
thymeleaf-extras-springsecurity5:thymeleaf和Spring security的整合jar包
application.yml:
spring:
datasource:
username: root
password: abcdefg
driverClassName: com.mysql.cj.jdbc.Driver
url: jdbc:mysql://localhost:3306/springSecurityTest?useUnicode=true&characterEncoding=utf8&zeroDateTimeBehavior=convertToNull&useSSL=true&serverTimezone=GMT%2B8
配置数据库
java
目录结构
<B>config
<C>securityConfig.java
<B>controller
<C>UserController.java
<B>>hander
<C>MyAccessDeniedHandler.java
<C>MyAuthenticationFailureHandle.java
<C>MyAuthenticationSuccessHandle.java
<B>mapper
<C>RoleMapper.java
<C>UserMapper.java
<B>pojo
<I>Role.java
<I>Users.java
<B>service
<I>MyAccess.java
<C>MyAccessImpl.java
<C>RoleService.java
<C>UserService.java
<C>UserDetailServiceImpl.java
B>包;I>接口;C>普通类
pojo
对应数据库的实体类
@Data
@AllArgsConstructor
@NoArgsConstructor
public class Role {
private String uid;
private String roleName;
private String roleDesc;
}
@Data
@NoArgsConstructor
@AllArgsConstructor
public class Users {
private Integer id;
@TableId(type = IdType.ASSIGN_UUID)
private String uid;
private String username;
private String password;
}
@TableId(type = IdType.ASSIGN_UUID):使用uid
mapper
使用mybatisPlus操作数据库
@Mapper
public interface RoleMapper extends BaseMapper<Role> {
}
@Mapper
public interface UsersMapper extends BaseMapper<Users> {
}
service
查询用户表的用户uid,username,paddword信息,再根据uid查询角色表对应用户角色权限
@Service
public class RoleService {
@Autowired
private RoleMapper roleMapper;
public List<Role> selectRole(String uid) {
return roleMapper.selectList(new QueryWrapper<Role>().eq("uid",uid));
}
}
@Service
public class UsersService {
@Autowired
private UsersMapper usersMapper;
public Users selectUsername(String username) {
return usersMapper.selectOne(new QueryWrapper<Users>().eq("username", username));
}
}
自定义登录认证逻辑
@Service
@Slf4j
public class UserDetailServiceImpl implements UserDetailsService {
@Autowired
private UsersService usersService;
@Autowired
private RoleService roleService;
@Override
public UserDetails loadUserByUsername(String s) throws UsernameNotFoundException {
//根据用户名去数据库查询,不存在就抛异常UsernameNotFoundException
Users user = usersService.selectUsername(s);
if (user == null) {
throw new UsernameNotFoundException("用户名不存在");
}
List<Role> roles = roleService.selectRole(user.getUid());
//创建list集合用来存储用户的权限角色
ArrayList<SimpleGrantedAuthority> authorities = new ArrayList<>();
if (roles.size() >= 1) {
for (Role role : roles) {
authorities.add(new SimpleGrantedAuthority(role.getRoleName()));
}
}
log.info("执行自定义登录逻辑");
log.info("角色权限:" + authorities