一、引入依赖
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
二、配置application.properties
driver-class-name: com.mysql.jdbc.Driver
url: jdbc:mysql://127.0.0.1:3306/test?useSSL=false
username: root
password: root
三、创建实体
- user 实体
public class TestUser {
private Integer id;
private String username;
private String password;
public Integer getId() {
return id;
}
public void setId(Integer id) {
this.id = id;
}
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
}
- permission实体
public class TestPermission {
private Integer id;
private String name;
public Integer getId() {
return id;
}
public void setId(Integer id) {
this.id = id;
}
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
}
四、创建mapper
- userMapper
public interface UserMapper{
@Select("select * from user where username = #{username}")
TestUser findByName(String username);
}
- PermissionMapper
public interface PermissionMapper {
@Select("SELECT " +
"p.name,p.id " +
"FROM " +
"permission p " +
"LEFT JOIN permission_role pr ON p.id = pr.permission_id " +
"LEFT JOIN user_role ur ON pr.role_id = ur.role_id " +
"LEFT JOIN `user` u ON ur.user_id = u.id " +
"WHERE " +
"u.`username` = #{username}")
List<TestPermission> findAll(String username);
}
五、创建控制器
@RestController
public class HelloController {
@RequestMapping("/index")
public String index(){
return "首页";
}
@RequestMapping("/logout")
public String logout(){
return "执行登出";
}
@RequestMapping("/show")
@PreAuthorize("hasAuthority('show')")
public String show(){
return "可以查看";
}
@RequestMapping("/add")
@PreAuthorize("hasAuthority('add')")
public String add(){
return "可以新增";
}
@RequestMapping("/delete")
@PreAuthorize("hasAuthority('delete')")
public String delete(){
return "可以删除";
}
}
六、配置WebSecurityConfig
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled=true, prePostEnabled=true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private UserService userService;
@Bean
public BCryptPasswordEncoder passwordEncoder(){
return new BCryptPasswordEncoder();
}
// 指定认证对象的来源
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userService).passwordEncoder(passwordEncoder());
}
// SpringSecurity配置信息
@Override
public void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
// 匹配url
.antMatchers("/**")
// 所有接口都需要进行校验
.fullyAuthenticated()
.and()
.httpBasic()
.and()
// 加入过滤器
.addFilter(new UsernamePasswordAuthenticationFilter())
// 登出
.logout()
.logoutUrl("/logout")
.deleteCookies("JSESSIONID")
.logoutSuccessUrl("/index")
.permitAll()
// 关闭csrf跨域攻击防御
.and()
.csrf()
.disable()
;
}
}
七、配置UserService
- UserService
public interface UserService extends UserDetailsService {
}
- UserService实现类
首先我们需要自定义 UserServiceImpl ,将用户信息和权限注入进来。
我们需要重写 loadUserByUsername 方法,参数是用户输入的用户名。返回值是UserDetails。
@Service
@Transactional
public class UserServiceImpl implements UserService {
@Autowired
private UserMapper userMapper;
@Autowired
private PermissionMapper permissionMapper;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
try {
//根据用户名做查询
TestUser testUser = userMapper.findByName(username);
if(testUser == null){
return null;
}
List<SimpleGrantedAuthority> authorities = new ArrayList<>();
List<TestPermission> permissionList = permissionMapper.findAll(username);
for (TestPermission testPermission : permissionList) {
authorities.add(new SimpleGrantedAuthority(testPermission.getName()));
}
System.out.println(authorities);
//{noop}后面的密码,springsecurity会认为是原文。
UserDetails userDetails = new User(testUser.getUsername(),
testUser.getPassword(), authorities);
System.out.println(userDetails);
return userDetails;
}catch (Exception e){
e.printStackTrace();
//认证失败!
return null;
}
}
}