springSecurity配置和相关API

首先进行pom文件配置

<dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency>

Config类的配置

通过连接数据库上的数据进行验证和授权

这是配置类

@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
//    @Bean
//    public PasswordEncoder passwordEncoder(){
//        return new BCryptPasswordEncoder();
//    }
@Autowired
private UserDetatlsServiceImpl  userDetatlsService;
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
       auth.userDetailsService(userDetatlsService);
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        //进行授权
        http.csrf().disable().authorizeRequests()
                .antMatchers(
                        "/index.html",
                        "/img/*",
                        "/js/*",
                        "/css/*",
                        "/login.html",
                        "/register.html",
                        "/register",
                        "/bower_components/**"
                ).permitAll()//全部允许
                //需要认证的
                .anyRequest().authenticated().and().formLogin()//采用表单进行认证
        .loginPage("/login.html")//展示验证表单
        .loginProcessingUrl("/login")//处理登陆的路径
        .failureUrl("/login.html?error")//登陆失败的路径
        .defaultSuccessUrl("/index.html")//登陆成功的页面
        .and().logout()//等处
        .logoutUrl("/logout")//等处的路径
        .logoutSuccessUrl("/login.html?logout")//登出成功访问的路径
        ;
    }
}

这个类是被UserDetailsImp类调用而获取UserDetailsImp对象的类

@Service
public class UserServiceImpl extends ServiceImpl<UserMapper, User> implements IUserService {
@Autowired
private UserMapper userMapper;
    @Override
    public UserDetails getUserDetails(String username) {
        User user = userMapper.findUserByUsername(username);
        if (user==null){
            return null;
        }
        List<Permission> list = userMapper.findUserPermissionsById(user.getId());
        int i = 0;
        String[]  authorities=new String[list.size()];
        for (Permission p : list) {
            authorities[i++]=p.getName();
        }
        UserDetails u= org.springframework.security.core.userdetails.User.builder()
                .username(user.getUsername())
                .password(user.getPassword())
                .accountLocked(user.getLocked()==1)
                .disabled(user.getEnabled()==0)
                .authorities(authorities)
                .build();
        return u;
    }
}

获取用户信息

 public String currentUsername() {
        //利用springSecurity框架获得用户信息
      Authentication authentication =  SecurityContextHolder.getContext().getAuthentication();
      //检查是否为匿名登陆
      if (!(authentication instanceof AnonymousAuthenticationToken)){
          String  username = authentication.getName();
          return username;
      }
       throw ServiceException.notFound("还没有 登陆！！！");
    }

springSecurity测试组件

 <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-test</artifactId>
             <scope>test</scope>
        </dependency>

权限验证（比较）

@RestController
@Slf4j
public class HomeController {
    static final GrantedAuthority STUDENT =  new SimpleGrantedAuthority("ROLE_STUDENT");
    static final GrantedAuthority TEACHER =  new SimpleGrantedAuthority("ROLE_TEACHER");

    @GetMapping("/index.html")
    public ModelAndView index(@AuthenticationPrincipal User user){
        log.debug("用户信息为：{}",user);
        if (user.getAuthorities().contains(STUDENT)) {
            return new ModelAndView("index");
        }else if(user.getAuthorities().contains(TEACHER)){
            return new ModelAndView("index_teacher");
        }
       throw ServiceException.notFound("没有找到权限");
    }