1、Spring Security简介
Spring 是非常流行和成功的 Java 应用开发框架,Spring Security 正是 Spring 家族中的成员。Spring Security 基于 Spring 框架,提供了一套 Web 应用安全性的完整解决方案。
正如你可能知道的关于安全方面的两个核心功能是“认证”和“授权”,一般来说,Web 应用的安全性包括用户认证(Authentication)和用户授权(Authorization)两个部分,这两点也是 SpringSecurity 重要核心功能。
(1)用户认证指的是:验证某个用户是否为系统中的合法主体,也就是说用户能否访问该系统。用户认证一般要求用户提供用户名和密码,系统通过校验用户名和密码来完成认证过程。
通俗点说就是系统认为用户是否能登录
(2)用户授权指的是验证某个用户是否有权限执行某个操作。在一个系统中,不同用户所具有的权限是不同的。比如对一个文件来说,有的用户只能进行读取,而有的用户可以进行修改。一般来说,系统会为不同的用户分配不同的角色,而每个角色则对应一系列的权限。
通俗点讲就是系统判断用户是否有权限去做某些事情。
2、历史
“Spring Security 开始于 2003 年年底,““spring 的 acegi 安全系统”。 起因是 Spring开发者邮件列表中的一个问题,有人提问是否考虑提供一个基于 spring 的安全实现。
Spring Security 以“The Acegi Secutity System for Spring” 的名字始于 2013 年晚些时候。一个问题提交到 Spring 开发者的邮件列表,询问是否已经有考虑一个机遇 Spring 的安全性社区实现。那时候 Spring 的社区相对较小(相对现在)。实际上 Spring 自己在2013 年只是一个存在于 ScourseForge 的项目,这个问题的回答是一个值得研究的领域,虽然目前时间的缺乏组织了我们对它的探索。
考虑到这一点,一个简单的安全实现建成但是并没有发布。几周后,Spring 社区的其他成员询问了安全性,这次这个代码被发送给他们。其他几个请求也跟随而来。到 2014 年一月大约有 20 万人使用了这个代码。这些创业者的人提出一个 SourceForge 项目加入是为了,这是在 2004 三月正式成立。
在早些时候,这个项目没有任何自己的验证模块,身份验证过程依赖于容器管理的安全性和 Acegi 安全性。而不是专注于授权。开始的时候这很适合,但是越来越多的用户请求额外的容器支持。容器特定的认证领域接口的基本限制变得清晰。还有一个相关的问题增加新的容器的路径,这是最终用户的困惑和错误配置的常见问题。
Acegi 安全特定的认证服务介绍。大约一年后,Acegi 安全正式成为了 Spring 框架的子项目。1.0.0 最终版本是出版于 2006 -在超过两年半的大量生产的软件项目和数以百计的改进和积极利用社区的贡献。
Acegi 安全 2007 年底正式成为了 Spring 组合项目,更名为"Spring Security"。
3、同款产品对比
3.1、Spring Security
Spring 技术栈的组成部分。
https://spring.io/projects/spring-security
通过提供完整可扩展的认证和授权支持保护你的应用程序。
SpringSecurity 特点:
⚫ 和 Spring 无缝整合。
⚫ 全面的权限控制。
⚫ 专门为 Web 开发而设计。
◼旧版本不能脱离 Web 环境使用。
◼新版本对整个框架进行了分层抽取,分成了核心模块和 Web 模块。单独引入核心模块就可以脱离 Web 环境。
⚫ 重量级。
3.2、Apache Shiro
Apache 旗下的轻量级权限控制框架。
特点:
⚫ 轻量级。Shiro 主张的理念是把复杂的事情变简单。针对对性能有更高要求
的互联网应用有更好表现。
⚫ 通用性。
◼好处:不局限于 Web 环境,可以脱离 Web 环境使用。
◼缺陷:在 Web 环境下一些特定的需求需要手动编写代码定制。
Spring Security 是 Spring 家族中的一个安全管理框架,实际上,在 Spring Boot 出现之前,Spring Security 就已经发展了多年了,但是使用的并不多,安全管理这个领域,一直是 Shiro 的天下。
相对于 Shiro,在 SSM 中整合 Spring Security 都是比较麻烦的操作,所以,Spring Security 虽然功能比 Shiro 强大,但是使用反而没有 Shiro 多(Shiro 虽然功能没有Spring Security 多,但是对于大部分项目而言,Shiro 也够用了)。
自从有了 Spring Boot 之后,Spring Boot 对于 Spring Security 提供了自动化配置方案,可以使用更少的配置来使用 Spring Security。
因此,一般来说,常见的安全管理技术栈的组合是这样的:
• SSM + Shiro
• Spring Boot/Spring Cloud + Spring Security
以上只是一个推荐的组合而已,如果单纯从技术上来说,无论怎么组合,都是可以运行的
4、Spring Security实现权限
要对Web资源进行保护,最好的办法莫过于Filter要想对方法调用进行保护,最好的办法莫过于AOP。
Spring Security进行认证和鉴权的时候,就是利用的一系列的Filter来进行拦截的。
Spring Security实现权限图
如图所示,一个请求想要访问到API就会从左到右经过蓝线框里的过滤器,其中绿色部分是负责认证的过滤器,蓝色部分是负责异常处理,橙色部分则是负责授权。进过一系列拦截最终访问到我们的API。
这里面我们只需要重点关注两个过滤器即可:
UsernamePasswordAuthenticationFilter负责登录认证,FilterSecurityInterceptor负责权限授权。
说明:Spring Security的核心逻辑全在这一套过滤器中,过滤器里会调用各种组件完成功能,掌握了这些过滤器和组件你就掌握了Spring Security!这个框架的使用方式就是对这些过滤器和组件进行扩展。
5、Spring Security入门
5.1、整体架构
Spring Security架构图
5.2、实现流程
1、先创建maven工程
2、配置pom.xml文件
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.gec.security</groupId>
<artifactId>SpringSecurity</artifactId>
<version>1.0-SNAPSHOT</version>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.2.6.RELEASE</version>
<relativePath /> <!-- lookup parent from repository -->
</parent>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<java.version>1.8</java.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.mybatis.spring.boot</groupId>
<artifactId>mybatis-spring-boot-starter</artifactId>
<version>1.3.2</version>
</dependency>
<dependency>
<groupId>com.github.pagehelper</groupId>
<artifactId>pagehelper-spring-boot-starter</artifactId>
<version>1.2.3</version>
<exclusions>
<exclusion>
<groupId>org.mybatis.spring.boot</groupId>
<artifactId>mybatis-spring-boot-starter</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<scope>runtime</scope>
<version>5.1.46</version>
</dependency>
<dependency>
<groupId>com.alibaba</groupId>
<artifactId>druid-spring-boot-starter</artifactId>
<version>1.1.10</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt</artifactId>
<version>0.9.1</version>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>3、在resource下创建application.yml文件
spring:
datasource:
url: jdbc:mysql://localhost:3306/shirodb?useUnicode=true&characterEncoding=utf-8&serverTimezone=Asia/Shanghai
username: root
password: root
pagehelper:
helper-dialect: mysql
reasonable: true4、在src下的main下的java文件夹下创建com.gec.security.config包 、
com.gec.security.controller包 、com.gec.security.mapper包 、com.gec.security.pojo包 、com.gec.security.service包
src/main/java文件夹
5、在com.gec.security.pojo包下创建RespBean类、SysUser类、SysUserExample类
RespBean类
package com.gec.security.pojo;
public class RespBean {
private Integer status;
private String msg;
private Object obj;
public static RespBean ok(String msg) {
return new RespBean(200, msg);
}
public static RespBean ok(String msg,Object obj) {
return new RespBean(200, msg, obj);
}
public static RespBean error(String msg) {
return new RespBean(500, msg);
}
public static RespBean error(String msg,Object obj) {
return new RespBean(500, msg, obj);
}
private RespBean() {
}
private RespBean(Integer status, String msg, Object obj) {
this.status = status;
this.msg = msg;
this.obj = obj;
}
private RespBean(Integer status, String msg) {
this.status = status;
this.msg = msg;
this.obj = null;
}
public Integer getStatus() {
return status;
}
public void setStatus(Integer status) {
this.status = status;
}
public String getMsg() {
return msg;
}
public void setMsg(String msg) {
this.msg = msg;
}
public Object getObj() {
return obj;
}
public void setObj(Object obj) {
this.obj = obj;
}
}
SysUser类
package com.gec.security.pojo;
import java.util.Collection;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
public class SysUser implements UserDetails{
private String id;
private String usercode;
private String username;
private String password;
private String salt;
private String locked;
public String getId() {
return id;
}
public void setId(String id) {
this.id = id == null ? null : id.trim();
}
public String getUsercode() {
return usercode;
}
public void setUsercode(String usercode) {
this.usercode = usercode == null ? null : usercode.trim();
}
public String getUsername() {
return username;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password == null ? null : password.trim();
}
public String getSalt() {
return salt;
}
public void setSalt(String salt) {
this.salt = salt == null ? null : salt.trim();
}
public String getLocked() {
return locked;
}
public void setLocked(String locked) {
this.locked = locked == null ? null : locked.trim();
}
//判断账号是否过期
@Override
public boolean isAccountNonExpired() {
return true;
}
//判断账号是否锁定
@Override
public boolean isAccountNonLocked() {
return this.locked.equals("0");
}
@Override
public boolean isCredentialsNonExpired() {
return true;
}
@Override
public boolean isEnabled() {
return true;
}
public void setUsername(String username) {
this.username = username == null ? null : username.trim();
}
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
return null;
}
}SysUserExample类
package com.gec.security.pojo;
import java.util.ArrayList;
import java.util.List;
public class SysUserExample {
protected String orderByClause;
protected boolean distinct;
protected List<Criteria> oredCriteria;
public SysUserExample() {
oredCriteria = new ArrayList<Criteria>();
}
public void setOrderByClause(String orderByClause) {
this.orderByClause = orderByClause;
}
public String getOrderByClause() {
return orderByClause;
}
public void setDistinct(boolean distinct) {
this.distinct = distinct;
}
public boolean isDistinct() {
return distinct;
}
public List<Criteria> getOredCriteria() {
return oredCriteria;
}
public void or(Criteria criteria) {
oredCriteria.add(criteria);
}
public Criteria or() {
Criteria criteria = createCriteriaInternal();
oredCriteria.add(criteria);
return criteria;
}
public Criteria createCriteria() {
Criteria criteria = createCriteriaInternal();
if (oredCriteria.size() == 0) {
oredCriteria.add(criteria);
}
return criteria;
}
protected Criteria createCriteriaInternal() {
Criteria criteria = new Criteria();
return criteria;
}
public void clear() {
oredCriteria.clear();
orderByClause = null;
distinct = false;
}
protected abstract static class GeneratedCriteria {
protected List<Criterion> criteria;
protected GeneratedCriteria() {
super();
criteria = new ArrayList<Criterion>();
}
public boolean isValid() {
return criteria.size() > 0;
}
public List<Criterion> getAllCriteria() {
return criteria;
}
public List<Criterion> getCriteria() {
return criteria;
}
protected void addCriterion(String condition) {
if (condition == null) {
throw new RuntimeException("Value for condition cannot be null");
}
criteria.add(new Criterion(condition));
}
protected void addCriterion(String condition, Object value, String property) {
if (value == null) {
throw new RuntimeException("Value for " + property + " cannot be null");
}
criteria.add(new Criterion(condition, value));
}
protected void addCriterion(String condition, Object value1, Object value2, String property) {
if (value1 == null || value2 == null) {
throw new RuntimeException("Between values for " + property + " cannot be null");
}
criteria.add(new Criterion(condition, value1, value2));
}
public Criteria andIdIsNull() {
addCriterion("id is null");
return (Criteria) this;
}
public Criteria andIdIsNotNull() {
addCriterion("id is not null");
return (Criteria) this;
}
public Criteria andIdEqualTo(String value) {
addCriterion("id =", value, "id");
return (Criteria) this;
}
public Criteria andIdNotEqualTo(String value) {
addCriterion("id <>", value, "id");
return (Criteria) this;
}
public Criteria andIdGreaterThan(String value) {
addCriterion("id >", value, "id");
return (Criteria) this;
}
public Criteria andIdGreaterThanOrEqualTo(String value) {
addCriterion("id >=", value, "id");
return (Criteria) this;
}
public Criteria andIdLessThan(String value) {
addCriterion("id <", value, "id");
return (Criteria) this;
}
public Criteria andIdLessThanOrEqualTo(String value) {
addCriterion("id <=", value, "id");
return (Criteria) this;
}
public Criteria andIdLike(String value) {
addCriterion("id like", value, "id");
return (Criteria) this;
}
public Criteria andIdNotLike(String value) {
addCriterion("id not like", value, "id");
return (Criteria) this;
}
public Criteria andIdIn(List<String> values) {
addCriterion("id in", values, "id");
return (Criteria) this;
}
public Criteria andIdNotIn(List<String> values) {
addCriterion("id not in", values, "id");
return (Criteria) this;
}
public Criteria andIdBetween(String value1, String value2) {
addCriterion("id between", value1, value2, "id");
return (Criteria) this;
}
public Criteria andIdNotBetween(String value1, String value2) {
addCriterion("id not between", value1, value2, "id");
return (Criteria) this;
}
public Criteria andUsercodeIsNull() {
addCriterion("usercode is null");
return (Criteria) this;
}
public Criteria andUsercodeIsNotNull() {
addCriterion("usercode is not null");
return (Criteria) this;
}
public Criteria andUsercodeEqualTo(String value) {
addCriterion("usercode =", value, "usercode");
return (Criteria) this;
}
public Criteria andUsercodeNotEqualTo(String value) {
addCriterion("usercode <>", value, "usercode");
return (Criteria) this;
}
public Criteria andUsercodeGreaterThan(String value) {
addCriterion("usercode >", value, "usercode");
return (Criteria) this;
}
public Criteria andUsercodeGreaterThanOrEqualTo(String value) {
addCriterion("usercode >=", value, "usercode");
return (Criteria) this;
}
public Criteria andUsercodeLessThan(String value) {
addCriterion("usercode <", value, "usercode");
return (Criteria) this;
}
public Criteria andUsercodeLessThanOrEqualTo(String value) {
addCriterion("usercode <=", value, "usercode");
return (Criteria) this;
}
public Criteria andUsercodeLike(String value) {
addCriterion("usercode like", value, "usercode");
return (Criteria) this;
}
public Criteria andUsercodeNotLike(String value) {
addCriterion("usercode not like", value, "usercode");
return (Criteria) this;
}
public Criteria andUsercodeIn(List<String> values) {
addCriterion("usercode in", values, "usercode");
return (Criteria) this;
}
public Criteria andUsercodeNotIn(List<String> values) {
addCriterion("usercode not in", values, "usercode");
return (Criteria) this;
}
public Criteria andUsercodeBetween(String value1, String value2) {
addCriterion("usercode between", value1, value2, "usercode");
return (Criteria) this;
}
public Criteria andUsercodeNotBetween(String value1, String value2) {
addCriterion("usercode not between", value1, value2, "usercode");
return (Criteria) this;
}
public Criteria andUsernameIsNull() {
addCriterion("username is null");
return (Criteria) this;
}
public Criteria andUsernameIsNotNull() {
addCriterion("username is not null");
return (Criteria) this;
}
public Criteria andUsernameEqualTo(String value) {
addCriterion("username =", value, "username");
return (Criteria) this;
}
public Criteria andUsernameNotEqualTo(String value) {
addCriterion("username <>", value, "username");
return (Criteria) this;
}
public Criteria andUsernameGreaterThan(String value) {
addCriterion("username >", value, "username");
return (Criteria) this;
}
public Criteria andUsernameGreaterThanOrEqualTo(String value) {
addCriterion("username >=", value, "username");
return (Criteria) this;
}
public Criteria andUsernameLessThan(String value) {
addCriterion("username <", value, "username");
return (Criteria) this;
}
public Criteria andUsernameLessThanOrEqualTo(String value) {
addCriterion("username <=", value, "username");
return (Criteria) this;
}
public Criteria andUsernameLike(String value) {
addCriterion("username like", value, "username");
return (Criteria) this;
}
public Criteria andUsernameNotLike(String value) {
addCriterion("username not like", value, "username");
return (Criteria) this;
}
public Criteria andUsernameIn(List<String> values) {
addCriterion("username in", values, "username");
return (Criteria) this;
}
public Criteria andUsernameNotIn(List<String> values) {
addCriterion("username not in", values, "username");
return (Criteria) this;
}
public Criteria andUsernameBetween(String value1, String value2) {
addCriterion("username between", value1, value2, "username");
return (Criteria) this;
}
public Criteria andUsernameNotBetween(String value1, String value2) {
addCriterion("username not between", value1, value2, "username");
return (Criteria) this;
}
public Criteria andPasswordIsNull() {
addCriterion("password is null");
return (Criteria) this;
}
public Criteria andPasswordIsNotNull() {
addCriterion("password is not null");
return (Criteria) this;
}
public Criteria andPasswordEqualTo(String value) {
addCriterion("password =", value, "password");
return (Criteria) this;
}
public Criteria andPasswordNotEqualTo(String value) {
addCriterion("password <>", value, "password");
return (Criteria) this;
}
public Criteria andPasswordGreaterThan(String value) {
addCriterion("password >", value, "password");
return (Criteria) this;
}
public Criteria andPasswordGreaterThanOrEqualTo(String value) {
addCriterion("password >=", value, "password");
return (Criteria) this;
}
public Criteria andPasswordLessThan(String value) {
addCriterion("password <", value, "password");
return (Criteria) this;
}
public Criteria andPasswordLessThanOrEqualTo(String value) {
addCriterion("password <=", value, "password");
return (Criteria) this;
}
public Criteria andPasswordLike(String value) {
addCriterion("password like", value, "password");
return (Criteria) this;
}
public Criteria andPasswordNotLike(String value) {
addCriterion("password not like", value, "password");
return (Criteria) this;
}
public Criteria andPasswordIn(List<String> values) {
addCriterion("password in", values, "password");
return (Criteria) this;
}
public Criteria andPasswordNotIn(List<String> values) {
addCriterion("password not in", values, "password");
return (Criteria) this;
}
public Criteria andPasswordBetween(String value1, String value2) {
addCriterion("password between", value1, value2, "password");
return (Criteria) this;
}
public Criteria andPasswordNotBetween(String value1, String value2) {
addCriterion("password not between", value1, value2, "password");
return (Criteria) this;
}
public Criteria andSaltIsNull() {
addCriterion("salt is null");
return (Criteria) this;
}
public Criteria andSaltIsNotNull() {
addCriterion("salt is not null");
return (Criteria) this;
}
public Criteria andSaltEqualTo(String value) {
addCriterion("salt =", value, "salt");
return (Criteria) this;
}
public Criteria andSaltNotEqualTo(String value) {
addCriterion("salt <>", value, "salt");
return (Criteria) this;
}
public Criteria andSaltGreaterThan(String value) {
addCriterion("salt >", value, "salt");
return (Criteria) this;
}
public Criteria andSaltGreaterThanOrEqualTo(String value) {
addCriterion("salt >=", value, "salt");
return (Criteria) this;
}
public Criteria andSaltLessThan(String value) {
addCriterion("salt <", value, "salt");
return (Criteria) this;
}
public Criteria andSaltLessThanOrEqualTo(String value) {
addCriterion("salt <=", value, "salt");
return (Criteria) this;
}
public Criteria andSaltLike(String value) {
addCriterion("salt like", value, "salt");
return (Criteria) this;
}
public Criteria andSaltNotLike(String value) {
addCriterion("salt not like", value, "salt");
return (Criteria) this;
}
public Criteria andSaltIn(List<String> values) {
addCriterion("salt in", values, "salt");
return (Criteria) this;
}
public Criteria andSaltNotIn(List<String> values) {
addCriterion("salt not in", values, "salt");
return (Criteria) this;
}
public Criteria andSaltBetween(String value1, String value2) {
addCriterion("salt between", value1, value2, "salt");
return (Criteria) this;
}
public Criteria andSaltNotBetween(String value1, String value2) {
addCriterion("salt not between", value1, value2, "salt");
return (Criteria) this;
}
public Criteria andLockedIsNull() {
addCriterion("locked is null");
return (Criteria) this;
}
public Criteria andLockedIsNotNull() {
addCriterion("locked is not null");
return (Criteria) this;
}
public Criteria andLockedEqualTo(String value) {
addCriterion("locked =", value, "locked");
return (Criteria) this;
}
public Criteria andLockedNotEqualTo(String value) {
addCriterion("locked <>", value, "locked");
return (Criteria) this;
}
public Criteria andLockedGreaterThan(String value) {
addCriterion("locked >", value, "locked");
return (Criteria) this;
}
public Criteria andLockedGreaterThanOrEqualTo(String value) {
addCriterion("locked >=", value, "locked");
return (Criteria) this;
}
public Criteria andLockedLessThan(String value) {
addCriterion("locked <", value, "locked");
return (Criteria) this;
}
public Criteria andLockedLessThanOrEqualTo(String value) {
addCriterion("locked <=", value, "locked");
return (Criteria) this;
}
public Criteria andLockedLike(String value) {
addCriterion("locked like", value, "locked");
return (Criteria) this;
}
public Criteria andLockedNotLike(String value) {
addCriterion("locked not like", value, "locked");
return (Criteria) this;
}
public Criteria andLockedIn(List<String> values) {
addCriterion("locked in", values, "locked");
return (Criteria) this;
}
public Criteria andLockedNotIn(List<String> values) {
addCriterion("locked not in", values, "locked");
return (Criteria) this;
}
public Criteria andLockedBetween(String value1, String value2) {
addCriterion("locked between", value1, value2, "locked");
return (Criteria) this;
}
public Criteria andLockedNotBetween(String value1, String value2) {
addCriterion("locked not between", value1, value2, "locked");
return (Criteria) this;
}
}
public static class Criteria extends GeneratedCriteria {
protected Criteria() {
super();
}
}
public static class Criterion {
private String condition;
private Object value;
private Object secondValue;
private boolean noValue;
private boolean singleValue;
private boolean betweenValue;
private boolean listValue;
private String typeHandler;
public String getCondition() {
return condition;
}
public Object getValue() {
return value;
}
public Object getSecondValue() {
return secondValue;
}
public boolean isNoValue() {
return noValue;
}
public boolean isSingleValue() {
return singleValue;
}
public boolean isBetweenValue() {
return betweenValue;
}
public boolean isListValue() {
return listValue;
}
public String getTypeHandler() {
return typeHandler;
}
protected Criterion(String condition) {
super();
this.condition = condition;
this.typeHandler = null;
this.noValue = true;
}
protected Criterion(String condition, Object value, String typeHandler) {
super();
this.condition = condition;
this.value = value;
this.typeHandler = typeHandler;
if (value instanceof List<?>) {
this.listValue = true;
} else {
this.singleValue = true;
}
}
protected Criterion(String condition, Object value) {
this(condition, value, null);
}
protected Criterion(String condition, Object value, Object secondValue, String typeHandler) {
super();
this.condition = condition;
this.value = value;
this.secondValue = secondValue;
this.typeHandler = typeHandler;
this.betweenValue = true;
}
protected Criterion(String condition, Object value, Object secondValue) {
this(condition, value, secondValue, null);
}
}
}6、在com.gec.security.service包下创建SysUserService类
SysUserService类
package com.gec.security.service;
import com.gec.security.mapper.SysUserMapper;
import com.gec.security.pojo.SysUser;
import com.gec.security.pojo.SysUserExample;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;
import java.util.List;
@Service
public class SysUserService implements UserDetailsService {
@Autowired
private SysUserMapper sysUserMapper;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
System.out.println("用户名: "+username);
SysUserExample example=new SysUserExample();
SysUserExample.Criteria criteria=example.createCriteria();
criteria.andUsercodeEqualTo(username);
List<SysUser> list=sysUserMapper.selectByExample(example);
if (list.size()==0){
throw new UsernameNotFoundException("账号不存在");
}
return list.get(0);
}
}
7、在com.gec.security.mapper包下创建SysUserMapper接口
package com.gec.security.mapper;
import com.gec.security.pojo.SysUser;
import com.gec.security.pojo.SysUserExample;
import java.util.List;
import org.apache.ibatis.annotations.Param;
public interface SysUserMapper {
int countByExample(SysUserExample example);
int deleteByExample(SysUserExample example);
int deleteByPrimaryKey(String id);
int insert(SysUser record);
int insertSelective(SysUser record);
List<SysUser> selectByExample(SysUserExample example);
SysUser selectByPrimaryKey(String id);
int updateByExampleSelective(@Param("record") SysUser record, @Param("example") SysUserExample example);
int updateByExample(@Param("record") SysUser record, @Param("example") SysUserExample example);
int updateByPrimaryKeySelective(SysUser record);
int updateByPrimaryKey(SysUser record);
}8、在resources下创建com.gec.security.mapper文件夹,创建的时候.换成/
9、在com.gec.security.mapper文件夹下创建SysUserMapper.xml文件
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
<mapper namespace="com.gec.security.mapper.SysUserMapper" >
<resultMap id="BaseResultMap" type="com.gec.security.pojo.SysUser" >
<id column="id" property="id" jdbcType="VARCHAR" />
<result column="usercode" property="usercode" jdbcType="VARCHAR" />
<result column="username" property="username" jdbcType="VARCHAR" />
<result column="password" property="password" jdbcType="VARCHAR" />
<result column="salt" property="salt" jdbcType="VARCHAR" />
<result column="locked" property="locked" jdbcType="CHAR" />
</resultMap>
<sql id="Example_Where_Clause" >
<where >
<foreach collection="oredCriteria" item="criteria" separator="or" >
<if test="criteria.valid" >
<trim prefix="(" suffix=")" prefixOverrides="and" >
<foreach collection="criteria.criteria" item="criterion" >
<choose >
<when test="criterion.noValue" >
and ${criterion.condition}
</when>
<when test="criterion.singleValue" >
and ${criterion.condition} #{criterion.value}
</when>
<when test="criterion.betweenValue" >
and ${criterion.condition} #{criterion.value} and #{criterion.secondValue}
</when>
<when test="criterion.listValue" >
and ${criterion.condition}
<foreach collection="criterion.value" item="listItem" open="(" close=")" separator="," >
#{listItem}
</foreach>
</when>
</choose>
</foreach>
</trim>
</if>
</foreach>
</where>
</sql>
<sql id="Update_By_Example_Where_Clause" >
<where >
<foreach collection="example.oredCriteria" item="criteria" separator="or" >
<if test="criteria.valid" >
<trim prefix="(" suffix=")" prefixOverrides="and" >
<foreach collection="criteria.criteria" item="criterion" >
<choose >
<when test="criterion.noValue" >
and ${criterion.condition}
</when>
<when test="criterion.singleValue" >
and ${criterion.condition} #{criterion.value}
</when>
<when test="criterion.betweenValue" >
and ${criterion.condition} #{criterion.value} and #{criterion.secondValue}
</when>
<when test="criterion.listValue" >
and ${criterion.condition}
<foreach collection="criterion.value" item="listItem" open="(" close=")" separator="," >
#{listItem}
</foreach>
</when>
</choose>
</foreach>
</trim>
</if>
</foreach>
</where>
</sql>
<sql id="Base_Column_List" >
id, usercode, username, password, salt, locked
</sql>
<select id="selectByExample" resultMap="BaseResultMap" parameterType="com.gec.security.pojo.SysUserExample" >
select
<if test="distinct" >
distinct
</if>
<include refid="Base_Column_List" />
from sys_user
<if test="_parameter != null" >
<include refid="Example_Where_Clause" />
</if>
<if test="orderByClause != null" >
order by ${orderByClause}
</if>
</select>
<select id="selectByPrimaryKey" resultMap="BaseResultMap" parameterType="java.lang.String" >
select
<include refid="Base_Column_List" />
from sys_user
where id = #{id,jdbcType=VARCHAR}
</select>
<delete id="deleteByPrimaryKey" parameterType="java.lang.String" >
delete from sys_user
where id = #{id,jdbcType=VARCHAR}
</delete>
<delete id="deleteByExample" parameterType="com.gec.security.pojo.SysUserExample" >
delete from sys_user
<if test="_parameter != null" >
<include refid="Example_Where_Clause" />
</if>
</delete>
<insert id="insert" parameterType="com.gec.security.pojo.SysUser" >
insert into sys_user (id, usercode, username,
password, salt, locked
)
values (#{id,jdbcType=VARCHAR}, #{usercode,jdbcType=VARCHAR}, #{username,jdbcType=VARCHAR},
#{password,jdbcType=VARCHAR}, #{salt,jdbcType=VARCHAR}, #{locked,jdbcType=CHAR}
)
</insert>
<insert id="insertSelective" parameterType="com.gec.security.pojo.SysUser" >
insert into sys_user
<trim prefix="(" suffix=")" suffixOverrides="," >
<if test="id != null" >
id,
</if>
<if test="usercode != null" >
usercode,
</if>
<if test="username != null" >
username,
</if>
<if test="password != null" >
password,
</if>
<if test="salt != null" >
salt,
</if>
<if test="locked != null" >
locked,
</if>
</trim>
<trim prefix="values (" suffix=")" suffixOverrides="," >
<if test="id != null" >
#{id,jdbcType=VARCHAR},
</if>
<if test="usercode != null" >
#{usercode,jdbcType=VARCHAR},
</if>
<if test="username != null" >
#{username,jdbcType=VARCHAR},
</if>
<if test="password != null" >
#{password,jdbcType=VARCHAR},
</if>
<if test="salt != null" >
#{salt,jdbcType=VARCHAR},
</if>
<if test="locked != null" >
#{locked,jdbcType=CHAR},
</if>
</trim>
</insert>
<select id="countByExample" parameterType="com.gec.security.pojo.SysUserExample" resultType="java.lang.Integer" >
select count(*) from sys_user
<if test="_parameter != null" >
<include refid="Example_Where_Clause" />
</if>
</select>
<update id="updateByExampleSelective" parameterType="map" >
update sys_user
<set >
<if test="record.id != null" >
id = #{record.id,jdbcType=VARCHAR},
</if>
<if test="record.usercode != null" >
usercode = #{record.usercode,jdbcType=VARCHAR},
</if>
<if test="record.username != null" >
username = #{record.username,jdbcType=VARCHAR},
</if>
<if test="record.password != null" >
password = #{record.password,jdbcType=VARCHAR},
</if>
<if test="record.salt != null" >
salt = #{record.salt,jdbcType=VARCHAR},
</if>
<if test="record.locked != null" >
locked = #{record.locked,jdbcType=CHAR},
</if>
</set>
<if test="_parameter != null" >
<include refid="Update_By_Example_Where_Clause" />
</if>
</update>
<update id="updateByExample" parameterType="map" >
update sys_user
set id = #{record.id,jdbcType=VARCHAR},
usercode = #{record.usercode,jdbcType=VARCHAR},
username = #{record.username,jdbcType=VARCHAR},
password = #{record.password,jdbcType=VARCHAR},
salt = #{record.salt,jdbcType=VARCHAR},
locked = #{record.locked,jdbcType=CHAR}
<if test="_parameter != null" >
<include refid="Update_By_Example_Where_Clause" />
</if>
</update>
<update id="updateByPrimaryKeySelective" parameterType="com.gec.security.pojo.SysUser" >
update sys_user
<set >
<if test="usercode != null" >
usercode = #{usercode,jdbcType=VARCHAR},
</if>
<if test="username != null" >
username = #{username,jdbcType=VARCHAR},
</if>
<if test="password != null" >
password = #{password,jdbcType=VARCHAR},
</if>
<if test="salt != null" >
salt = #{salt,jdbcType=VARCHAR},
</if>
<if test="locked != null" >
locked = #{locked,jdbcType=CHAR},
</if>
</set>
where id = #{id,jdbcType=VARCHAR}
</update>
<update id="updateByPrimaryKey" parameterType="com.gec.security.pojo.SysUser" >
update sys_user
set usercode = #{usercode,jdbcType=VARCHAR},
username = #{username,jdbcType=VARCHAR},
password = #{password,jdbcType=VARCHAR},
salt = #{salt,jdbcType=VARCHAR},
locked = #{locked,jdbcType=CHAR}
where id = #{id,jdbcType=VARCHAR}
</update>
</mapper>10、在com.gec.security.config包下创建SecurityConfig类
package com.gec.security.config;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.gec.security.pojo.RespBean;
import com.gec.security.pojo.SysUser;
import com.gec.security.service.SysUserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.CredentialsExpiredException;
import org.springframework.security.authentication.DisabledException;
import org.springframework.security.authentication.LockedException;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private SysUserService userService;
//指定加密算法BCrypt
@Bean
public PasswordEncoder passwordEncoder(){
return new BCryptPasswordEncoder();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userService);//指定业务逻辑
}
//链式编程
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.anyRequest().authenticated()
.and()
.formLogin()
.usernameParameter("username")
.passwordParameter("password")
.loginProcessingUrl("/doLogin")
.successHandler(new AuthenticationSuccessHandler() {
@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
//json响应回前端
response.setContentType("application/json;charset=UTF-8");
//获取用户的对象身份信息
SysUser user= (SysUser) authentication.getPrincipal();
RespBean respBean=RespBean.ok("登录成功",user);
//java对象-->json字符串
String json=new ObjectMapper().writeValueAsString(respBean);
System.out.println(json);
PrintWriter out=response.getWriter();
out.write(json);
out.flush();
out.close();
}
})
.failureHandler(new AuthenticationFailureHandler() {
@Override
public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException, ServletException {
//json响应回前端
response.setContentType("application/json;charset=UTF-8");
PrintWriter out=response.getWriter();
RespBean respBean=RespBean.error("登录失败");
//判断异常类型
if (exception instanceof LockedException){
respBean.setMsg("账号被锁定");
}else if (exception instanceof CredentialsExpiredException){
respBean.setMsg("密码过期");
}else if (exception instanceof DisabledException){
respBean.setMsg("账号被禁用");
}else if (exception instanceof BadCredentialsException){
respBean.setMsg("账号或密码错误");
}
out.write(new ObjectMapper().writeValueAsString(respBean));
out.flush();
out.close();
}
})
.permitAll()
.and()
.logout()
.logoutSuccessHandler(new LogoutSuccessHandler() {
@Override
public void onLogoutSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException {
}
})
.permitAll()
.and()
.csrf().disable(); //如果不禁用,则post提交的参数会被拦截
}
}
11、在com.gec.security.controller包下创建HelloController类
package com.gec.security.controller;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;
@RestController
public class HelloController {
@GetMapping("/hello")
public String hello(){
return "hello world ~_~";
}
}
12、在src下的test下的java文件夹创建com.gec.security.junit包
src/test/java文件夹
13、在com.gec.security.junit包 下创建TestPass类生成密文
package com.gec.security.junit;
import org.junit.jupiter.api.Test;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
@SpringBootTest
public class TestPass {
@Test
public void test(){
String password="111111";
BCryptPasswordEncoder encoder=new BCryptPasswordEncoder();
String text=encoder.encode(password);
System.out.println(text);
}
}
14、在com.gec.security包下创建SecurityApp类
package com.gec.security;
import org.mybatis.spring.annotation.MapperScan;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
@SpringBootApplication
@MapperScan("com.gec.security.mapper")
public class SecurityApp {
public static void main(String[] args) {
SpringApplication.run(SecurityApp.class,args);
}
}
15、创建数据库和数据表
CREATE DATABASE shirodb;
DROP TABLE IF EXISTS `sys_user`;
CREATE TABLE `sys_user` (
`id` varchar(36) NOT NULL COMMENT '主键',
`usercode` varchar(32) NOT NULL COMMENT '账号',
`username` varchar(64) NOT NULL COMMENT '姓名',
`password` varchar(64) NOT NULL COMMENT '密码',
`salt` varchar(64) DEFAULT NULL COMMENT '盐',
`locked` char(1) DEFAULT NULL COMMENT '账号是否锁定,1:锁定,0未锁定',
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
INSERT INTO `sys_user` VALUES ('lisi', 'lisi', '李四', '1753810a48cf8a8a2e70a9b036fd4c89', 'eteokues', '1');
INSERT INTO `sys_user` VALUES ('wangwu', 'wangwu', '王五', '1753810a48cf8a8a2e70a9b036fd4c89', 'eteokues', '0');
INSERT INTO `sys_user` VALUES ('zhangsan', 'zhangsan', '张三', '1753810a48cf8a8a2e70a9b036fd4c89', 'eteokues', '0');
16、运行TestPass类,把生成的密文与之前创建的数据表的密码替换掉
把生成的密文替换掉数据表的密码
17、运行SecurityApp类
SecurityApp类运行结果
18、打开浏览器输入
http://localhost:8080/hello跳转到登录页面并验证
输入网址后跳转的页面
①输入错误的用户名看是否有进行判断
输入错误的用户名判断的结果
②输入被锁定的用户lisi看是否有进行判断
输入锁定的用户判断的结果
③输入正确的用户看是否能进去
输入正确的用户名密码的结果
6941
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
