spring boot 实例之 用户登录

最新推荐文章于 2024-10-10 14:20:14 发布
最新推荐文章于 2024-10-10 14:20:14 发布
阅读量752 收藏 1
点赞数 1
分类专栏: spring boot spring security 文章标签: spring security 登录实例 spring boot 登录实例

转载请注明出处spring boot 实例之 用户登录--碧波之心简书

上两篇完成了用户信息表的增删查,接下来增加用户登录功能。采用spring security来进行权限控制。我们希望用户可以通过用户名+密码、邮箱+密码、手机号+验证码、微信登录三种登录途径。
先用来完成用户名+密码或手机号+验证码登录。
前面做的用户信息表不是用来登录的,那些信息只是用户的基本信息。为了在用户列表请求得到的数据中不包含密码、手机号等敏感信息。把登录用的数据分开保存,关联到用户信息。

建立对象

创建数据模型 Safety

package com.biboheart.demo.user.domain;

import javax.persistence.Entity;
import javax.persistence.GeneratedValue;
import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.Table;

import lombok.Data;

@Data
@Entity
@Table(name = "bh_user_safety")
public class Safety {
    @Id
    @GeneratedValue(strategy = GenerationType.IDENTITY)
    private Long id; // ID
    private Long uid; // 用户ID
    private String username; // 用户名
    private String mobile; // 手机号
    private String password; // 密码
    private Long createTime; // 创建时间
    private Long updateTime; // 最后修改时间
}

创建repository

package com.biboheart.demo.user.repository;

import com.biboheart.demo.user.basejpa.CustomRepository;
import com.biboheart.demo.user.domain.Safety;

public interface SafetyRepository extends CustomRepository<Safety, Long> {
    Safety findByUsernameAndUidNot(String username, Long uid);
    
    Safety findByMobileAndUidNot(String mobile, Long uid);
    
    @Transactional
    void deleteByUid(Long uid);
}

创建service

package com.biboheart.demo.user.service;

import com.biboheart.brick.exception.BhException;
import com.biboheart.demo.user.domain.Safety;

public interface SafetyService {
    public Safety save(Safety safety) throws BhException;
    
    public void delete(Long id, Long uid);
    
    public Safety load(Long uid, String username, String mobile);
}

package com.biboheart.demo.user.service.impl;

import org.apache.commons.codec.digest.DigestUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;

import com.biboheart.brick.exception.BhException;
import com.biboheart.brick.utils.CheckUtils;
import com.biboheart.brick.utils.TimeUtils;
import com.biboheart.demo.user.domain.Safety;
import com.biboheart.demo.user.repository.SafetyRepository;
import com.biboheart.demo.user.service.SafetyService;

@Service
public class SafetyServiceImpl implements SafetyService {
    @Autowired
    private SafetyRepository safetyRepository;

    @Override
    public Safety save(Safety safety) throws BhException {
        if (null == safety.getId()) {
            safety.setId(0L);
        }
        if (CheckUtils.isEmpty(safety.getUid())) {
            throw new BhException("必须关联到用户");
        }
        if (CheckUtils.isEmpty(safety.getUsername())) {
            if (!CheckUtils.isEmpty(safety.getMobile())) {
                safety.setUsername(safety.getMobile());
            }
        }
        if (CheckUtils.isEmpty(safety.getUsername())) {
            throw new BhException("用户名不能为空");
        }
        Safety source = safetyRepository.findByUid(safety.getUid());
        if (null != source) {
            safety.setId(source.getId());
        }
        source = safetyRepository.findByUsername(safety.getUsername());
        if (null != source) {
            if (!safety.getUid().equals(source.getUid())) {
                throw new BhException("用户名已经被占用");
            }
            if (!source.getId().equals(safety.getId())) {
                if (CheckUtils.isEmpty(safety.getId())) {
                    safety.setId(source.getId());
                } else {
                    safetyRepository.deleteById(source.getId());
                }
            }
        }
        source = safetyRepository.findByMobile(safety.getMobile());
        if (null != source) {
            if (!safety.getUid().equals(source.getUid())) {
                throw new BhException("用户名已经被占用");
            }
            if (!source.getId().equals(safety.getId())) {
                if (CheckUtils.isEmpty(safety.getId())) {
                    safety.setId(source.getId());
                } else {
                    safetyRepository.deleteById(source.getId());
                }
            }
        }
        if (!CheckUtils.isEmpty(safety.getPassword()) && safety.getPassword().length() != 32) {
            safety.setPassword(DigestUtils.md5Hex(safety.getPassword()));
        }
        Long now = TimeUtils.getCurrentTimeInMillis();
        if (CheckUtils.isEmpty(safety.getCreateTime())) {
            safety.setCreateTime(now);
        }
        safety.setUpdateTime(now);
        safety = safetyRepository.save(safety);
        return safety;
    }

    @Override
    public void delete(Long id, Long uid) {
        if (!CheckUtils.isEmpty(uid)) {
            safetyRepository.deleteByUid(uid);
        }
        if (!CheckUtils.isEmpty(id)) {
            safetyRepository.deleteById(id);
        }
    }
    
    @Override
    public Safety load(Long uid, String username, String mobile) {
        Safety safety = null;
        if (!CheckUtils.isEmpty(uid)) {
            safety = safetyRepository.findByUid(uid);
        }
        if (null == safety && !CheckUtils.isEmpty(username)) {
            safety = safetyRepository.findByUsername(username);
        }
        if (null == safety && !CheckUtils.isEmpty(mobile)) {
            safety = safetyRepository.findByMobile(mobile);
        }
        return safety;
    }

}

创建控制器

这里我们先做一个保存的API,如果不保存一个密码的话,登录的功能不方便测试。先简单的实现用户登录的功能,接下去再优化,修改。把能考虑到的不安全因素解决。

package com.biboheart.demo.user.controller;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController;

import com.biboheart.brick.exception.BhException;
import com.biboheart.brick.model.BhResponseResult;
import com.biboheart.brick.utils.CheckUtils;
import com.biboheart.demo.user.domain.Safety;
import com.biboheart.demo.user.domain.User;
import com.biboheart.demo.user.service.SafetyService;
import com.biboheart.demo.user.service.UserService;

@RestController
public class SafetyController {
    @Autowired
    private UserService userService;
    @Autowired
    private SafetyService safetyService;
    
    @RequestMapping(value = "/userapi/safety/save", method = {RequestMethod.POST})
    public BhResponseResult<?> save(Safety safety) throws BhException {
        User user = userService.load(safety.getUid());
        if (null == user) {
            // 如果不是对某个用户设置登录参数则创建一个新用户,用户注册时
            user = new User();
            String name = safety.getUsername();
            if (CheckUtils.isEmpty(name)) {
                name = safety.getMobile();
            }
            user.setName(name);
            user = userService.save(user);
        }
        safety.setUid(user.getId());
        safety = safetyService.save(safety);
        return new BhResponseResult<>(0, "success", null != safety);
    }

}

创建一个用户

创建用户

 

用户列表

 

创建一个用户名为biboheart,手机号为15000000000,密码为test的用户。用户前面的列表接口能查到最新创建的用户。

开始登录功能

引入spring security组件,开始开发用户登录功能。

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency>

创建包:com.biboheart.demo.user.security,用户登录功能都在这个包中完成。
创建security配置文件

package com.biboheart.demo.user.security;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

import com.biboheart.demo.user.security.filter.BhAuthenticationFilter;
import com.biboheart.demo.user.security.provider.MobileCodeAuthenticationProvider;
import com.biboheart.demo.user.security.provider.UsernamePasswordAuthenticationProvider;

@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
    @Autowired
    private UsernamePasswordAuthenticationProvider usernamePasswordAuthenticationProvider;
    @Autowired
    private MobileCodeAuthenticationProvider mobileCodeAuthenticationProvider;
    
    @Autowired
    @Qualifier("authenticationManagerBean")
    private AuthenticationManager authenticationManager;
    
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth
            .authenticationProvider(mobileCodeAuthenticationProvider)
            .authenticationProvider(usernamePasswordAuthenticationProvider);
    }
    
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        // @formatter:off
        http
            .csrf().disable()
            .addFilterAt(bhAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class)
            .authorizeRequests()
                .antMatchers("/", "/home", "/loginIn", "/oauth/authorize", "/oauth/token").permitAll()
                .anyRequest().authenticated()
                .and()
            .formLogin()
                .loginPage("/login")
                .permitAll()
                .and()
            .logout()
                .permitAll();
        // @formatter:on
    }
    
    @Bean
    public BhAuthenticationFilter bhAuthenticationFilter() {
        BhAuthenticationFilter filter = new BhAuthenticationFilter();
        filter.setAuthenticationManager(authenticationManager);
        return filter;
    }
    
    @Override
    @Bean
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }
}

因为我们有两种登录方式,所以我们建立usernamePasswordAuthenticationProvider和mobileCodeAuthenticationProvider两个provider来处理登录请求。
UsernamePasswordAuthenticationToken是spring security内置的token对象。我们就不再定义了,需要定义一个MobileCodeAuthenticationToken在包com.biboheart.demo.user.security.tokens中

package com.biboheart.demo.user.security.tokens;

import java.util.Collection;

import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.SpringSecurityCoreVersion;

public class MobileCodeAuthenticationToken extends AbstractAuthenticationToken {
    
    private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
    
    private final Object principal;
    private String credentials;

    public MobileCodeAuthenticationToken(Object principal, String credentials) {
        super(null);
        this.principal = principal;
        this.credentials = credentials;
        setAuthenticated(false);
    }
    
    public MobileCodeAuthenticationToken(Object principal, Collection<? extends GrantedAuthority> authorities) {
        super(authorities);
        this.principal = principal;
        this.credentials = null;
        super.setAuthenticated(true); // must use super, as we override
    }

    // ~ Methods
    // ========================================================================================================

    public String getCredentials() {
        return this.credentials;
    }

    public Object getPrincipal() {
        return this.principal;
    }

    public void setAuthenticated(boolean isAuthenticated) throws IllegalArgumentException {
        if (isAuthenticated) {
            throw new IllegalArgumentException(
                    "Cannot set this token to trusted - use constructor which takes a GrantedAuthority list instead");
        }

        super.setAuthenticated(false);
    }

    @Override
    public void eraseCredentials() {
        super.eraseCredentials();
        credentials = null;
    }

}

创建过滤器

创建一个过滤器,替换掉原来的UsernamePasswordAuthenticationFilter过滤器。定义为BhAuthenticationFilter 继承至 AbstractAuthenticationProcessingFilter。

package com.biboheart.demo.user.security.filter;

import java.io.IOException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.util.Assert;

import com.biboheart.demo.user.security.tokens.MobileCodeAuthenticationToken;

public class BhAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
    // ~ Static fields/initializers
    // =====================================================================================

    public static final String SPRING_SECURITY_FORM_USERNAME_KEY = "username";
    public static final String SPRING_SECURITY_FORM_PASSWORD_KEY = "password";
    public static final String SPRING_SECURITY_FORM_AUTYPE_KEY = "autype";

    private String usernameParameter = SPRING_SECURITY_FORM_USERNAME_KEY;
    private String passwordParameter = SPRING_SECURITY_FORM_PASSWORD_KEY;
    private String autypeParameter = SPRING_SECURITY_FORM_AUTYPE_KEY;
    private boolean postOnly = true;

    // ~ Constructors
    // ===================================================================================================

    public BhAuthenticationFilter() {
        super(new AntPathRequestMatcher("/login", "POST"));
    }

    @Override
    public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)
            throws AuthenticationException, IOException, ServletException {
        if (postOnly && !request.getMethod().equals("POST")) {
            throw new AuthenticationServiceException(
                    "Authentication method not supported: " + request.getMethod());
        }
        
        String username = obtainUsername(request);
        String password = obtainPassword(request);
        String autype = obtainAutype(request);
        System.out.println(this.getClass().getName() + "----autype:" + autype);

        if (username == null) {
            username = "";
        }

        if (password == null) {
            password = "";
        }
        
        if (autype == null) {
            autype = "";
        }

        username = username.trim();
        
        AbstractAuthenticationToken authRequest = null;
        switch(autype) {
        case "mobileCode":
            authRequest = new MobileCodeAuthenticationToken(username, password);
            break;
        default:
            authRequest = new UsernamePasswordAuthenticationToken(username, password);
            break;
        }

        /*UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(
                username, password);*/

        // Allow subclasses to set the "details" property
        setDetails(request, authRequest);

        return this.getAuthenticationManager().authenticate(authRequest);
    }
    
    protected String obtainPassword(HttpServletRequest request) {
        return request.getParameter(passwordParameter);
    }
    
    protected String obtainUsername(HttpServletRequest request) {
        return request.getParameter(usernameParameter);
    }
    
    protected String obtainAutype(HttpServletRequest request) {
        return request.getParameter(autypeParameter);
    }
    
    protected void setDetails(HttpServletRequest request,
            AbstractAuthenticationToken authRequest) {
        authRequest.setDetails(authenticationDetailsSource.buildDetails(request));
    }
    
    public void setAutypeParameter(String autypeParameter) {
        Assert.hasText(autypeParameter, "Autype parameter must not be empty or null");
        this.autypeParameter = autypeParameter;
    }
    
    public void setUsernameParameter(String usernameParameter) {
        Assert.hasText(usernameParameter, "Username parameter must not be empty or null");
        this.usernameParameter = usernameParameter;
    }
    
    public void setPasswordParameter(String passwordParameter) {
        Assert.hasText(passwordParameter, "Password parameter must not be empty or null");
        this.passwordParameter = passwordParameter;
    }
    
    public void setPostOnly(boolean postOnly) {
        this.postOnly = postOnly;
    }

    public final String getUsernameParameter() {
        return usernameParameter;
    }

    public final String getPasswordParameter() {
        return passwordParameter;
    }

}

对于登录请求,我们接收三个参数。分别是:username,password,autype。autype参数用于告知登录类型:默认为用户名密码方式,mobileCode为手机号验证码方式。如果是mobileCode方式,那么username对应的是手机号,password对应的是验证码。
通过SecurityConfiguration中的.addFilterAt(bhAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class)插入过滤器。

实现用户认证

用户名密码认证的实现

package com.biboheart.demo.user.security.provider;

import java.util.HashSet;
import java.util.Set;

import org.apache.commons.codec.digest.DigestUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.stereotype.Component;

import com.biboheart.brick.utils.CheckUtils;
import com.biboheart.demo.user.domain.Safety;
import com.biboheart.demo.user.domain.User;
import com.biboheart.demo.user.service.SafetyService;
import com.biboheart.demo.user.service.UserService;

@Component
public class UsernamePasswordAuthenticationProvider implements AuthenticationProvider {
    @Autowired
    private SafetyService safetyService;
    @Autowired
    private UserService userService;

    @Override
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        String username = (authentication.getPrincipal() == null) ? "NONE_PROVIDED" : authentication.getName();
        String password = (String) authentication.getCredentials();
        if (CheckUtils.isEmpty(password)) {
            throw new BadCredentialsException("密码不能为空");
        }
        Safety safety = safetyService.load(null, username, null);
        if (null == safety) {
            throw new BadCredentialsException("用户不存在");
        }
        User user = userService.load(safety.getUid());
        if (null == user) {
            throw new BadCredentialsException("用户不存在");
        }
        if (password.length() != 32) {
            password = DigestUtils.md5Hex(password);
        }
        if (!password.equals(safety.getPassword())) {
            throw new BadCredentialsException("用户名或密码不正确");
        }
        UsernamePasswordAuthenticationToken result = new UsernamePasswordAuthenticationToken(username, password, listUserGrantedAuthorities(user.getId()));
        result.setDetails(authentication.getDetails());
        return result;
    }

    @Override
    public boolean supports(Class<?> authentication) {
        System.out.println(this.getClass().getName() + "---supports");
        return (UsernamePasswordAuthenticationToken.class.isAssignableFrom(authentication));
    }

    private Set<GrantedAuthority> listUserGrantedAuthorities(Long uid) {
        Set<GrantedAuthority> authorities = new HashSet<GrantedAuthority>();
        if (CheckUtils.isEmpty(uid)) {
            return authorities;
        }
        authorities.add(new SimpleGrantedAuthority("ROLE_USER"));
        return authorities;
    }

}

手机号验证码认证的实现

package com.biboheart.demo.user.security.provider;

import java.util.HashSet;
import java.util.Set;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.stereotype.Component;

import com.biboheart.brick.utils.CheckUtils;
import com.biboheart.demo.user.domain.Safety;
import com.biboheart.demo.user.domain.User;
import com.biboheart.demo.user.security.tokens.MobileCodeAuthenticationToken;
import com.biboheart.demo.user.service.SafetyService;
import com.biboheart.demo.user.service.UserService;

@Component
public class MobileCodeAuthenticationProvider implements AuthenticationProvider {
    @Autowired
    private SafetyService safetyService;
    @Autowired
    private UserService userService;

    @Override
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        String mobile = (authentication.getPrincipal() == null) ? "NONE_PROVIDED" : authentication.getName();
        String code = (String) authentication.getCredentials();
        if (CheckUtils.isEmpty(code)) {
            throw new BadCredentialsException("验证码不能为空");
        }
        Safety safety = safetyService.load(null, null, mobile);
        if (null == safety) {
            throw new BadCredentialsException("用户不存在");
        }
        User user = userService.load(safety.getUid());
        if (null == user) {
            throw new BadCredentialsException("用户不存在");
        }
        // 手机号验证码业务还没有开发,先用4个0验证
        if (!code.equals("0000")) {
            throw new BadCredentialsException("验证码不正确");
        }
        UsernamePasswordAuthenticationToken result = new UsernamePasswordAuthenticationToken(safety.getUsername(), code, listUserGrantedAuthorities(user.getId()));
        result.setDetails(authentication.getDetails());
        return result;
    }

    @Override
    public boolean supports(Class<?> authentication) {
        System.out.println(this.getClass().getName() + "---supports");
        return (MobileCodeAuthenticationToken.class.isAssignableFrom(authentication));
    }

    private Set<GrantedAuthority> listUserGrantedAuthorities(Long uid) {
        Set<GrantedAuthority> authorities = new HashSet<GrantedAuthority>();
        if (CheckUtils.isEmpty(uid)) {
            return authorities;
        }
        authorities.add(new SimpleGrantedAuthority("ROLE_USER"));
        return authorities;
    }

}

更多的认证方式照着扩展就可以了。

用户登录界面

用户登录需要界面,未登录时要跳转到登录界面,登录成功后要跳转到首页。
页面跳转控制器

package com.biboheart.demo.user.security.controller;

import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;

@Controller
public class SecurityController {

    @RequestMapping(value = "/login", method = RequestMethod.GET)
    public String loginPage() {
        return "login";
    }
}

首页控制器

package com.biboheart.demo.user.controller;

import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;

@Controller
public class HelloController {
    
    @RequestMapping(value = { "/", "/home" }, method = RequestMethod.GET)
    public String homePage() {
        return "index";
    }
    
    @RequestMapping(value = "/hello", method = RequestMethod.GET)
    public String hello() {
        return "hello";
    }

}

index.html

<!DOCTYPE html>
<html lang="zh-CN">
<head>
    <meta charset="UTF-8"></meta>
    <title>Spring Security入门</title>
</head>
<body>
    <h1>欢迎使用Spring Security!</h1>
    <p>
        点击 <a href="/hello">这里</a> 打个招呼吧
    </p>
</body>
</html>

hello.html

<!DOCTYPE html>
<html lang="zh-CN" xmlns:th="http://www.thymeleaf.org">
<head>
    <meta charset="UTF-8"></meta>
    <title>Hello World!</title>
</head>
<body>
    <h1>Hello world!</h1>
    <a href="/logout">注销</a>
    <form th:action="@{/logout}" method="post">
        <input type="submit" value="Sign Out"/>
    </form>
    <h1 th:inline="text">Hello [[${#httpServletRequest.remoteUser}]]!</h1>
</body>
</html>

login.html

<!DOCTYPE html>
<html lang="zh-CN" xmlns:th="http://www.thymeleaf.org">
<head>
    <meta charset="UTF-8"></meta>
    <title>登录</title>
</head>
<body>
    <div th:if="${param.containsKey('error')}">
        <p class="error">登录不成功,可能是用户名/密码错了</p>
    </div>
    <div th:if="${param.containsKey('logout')}">
        <h4>成功 </h4>
        <p>您已经成功退出</p>
    </div>
    <form method="post" role="form">
        <div class="form-group">
            用户名密码认证 <input name="autype" type="radio" value="usernamePassword" checked="checked"/>
            手机号验证码 <input name="autype" type="radio" value="mobileCode"/>
        </div>
        <div class="form-group">
            <label for="username">用户名:</label>
            <input type='text' name='username'/>
        </div>
        <div class="form-group">
            <label for="password">密码:</label>
            <input type='password' name='password'/>
        </div>
        <!-- <input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}"/> -->
        <button class="btn btn-primary" type="submit">登录</button>
    </form>
    With Github: <a href="/login/github">click here</a>
</body>
</html>

在pom.xml中引入组件

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-thymeleaf</artifactId>
        </dependency>

首页

 

首页是允许访问的,点击“这里”的链接。就进入登录页面。

 

登录界面

 

选择手机号验证码登录:

 

手机号登录


实际上这里用户和密码输入的是手机号和验证码(0000),前端可以控制,根据不同的选择改下提示文字。
点击登录后进入hello页面

hello页面

 

可以点击注销,再试试用户名密码登录。

总结

  1. 创建用户认证的信息对象;
  2. 引入spring security;
  3. spring security配置文件;
  4. 自定义token;
  5. 自定义provider;

  6. 登录页面
    当前目录结构:

     

    目录结构


 

spring boot实例
03-14
在本小实例中,我们将基于 "Spring Boot in Action" 一书中的示例来探索 Spring Boot 的核心概念和实践应用。 首先,让我们理解 Spring Boot 的核心特性: 1. **起步依赖(Starters)**:Spring Boot 提供了一系列...
SpringBoot实战】实现用户名密码登录
Daybreak's blog
12-13 447
在Java项目中,实现用户名密码登录是最基本的功能。尽管实现起来不难,但也有些细节问题,故写下此篇博客作为记录。
springboot入门项目-用户登录1-持久层/业务层
qxyx1213的博客
04-11 1591
1. 用户登录功能简介 用户输入用户名和密码,提交给后台数据库查询,如果存在对应的用户名和密码,则登录成功,跳转到系统的主页,即index.html页面;前端使用Jquery实现。 2. 用户登录-持久层 用户登录时,需要进行用户名密码的验证,因此需要按username查找用户,可以复用注册功能时编写的sql语句和对应接口。 3. 用户登录-业务层 1. 异常规划 登录时可能出现的异常有:用户不存在、密码错误,因此需要定义两个异常类:UserNotFoundException、PasswordErrorEx
Springboot+Spring-Security+JWT 实现用户登录和权限认证
最新发布
yuwinter的博客
10-10 1928
Spring Boot 项目初始化:利用 Spring Initializr 创建项目,并添加必要依赖(Spring Web、Spring Security、JWT、JPA 等)。 用户登录和注册接口:实现 AuthController,处理用户登录请求,并返回 JWT。 Spring Security 配置:通过扩展 WebSecurityConfigurerAdapter 来配置 Spring Security,设置无状态的会话管理、JWT 过滤器、受保护的资源路径等。 JWT 生成和解析:实现。
Springboot usernamePasswordAuthenticationToken
qq_307183846的博客
02-20 2万+
UsernamePasswordAuthenticationToken继承AbstractAuthenticationToken实现Authentication 所以当在页面中输入用户名和密码之后首先会进入到UsernamePasswordAuthenticationToken验证(Authentication), 然后生成的Authentication会被交由AuthenticationManager来进行管理 而AuthenticationManager管理一系列的AuthenticationProvi
springBoot案例(登陆,增删改查)
qq_44716544的博客
06-17 3667
目录 主要功能:实现登陆拦截,然后进入主页面进行增删改查工作,开启Druid数据源,进行durid日志监控 页面展示: 代码编写: 目录结构: 导入依赖: 配置application.yml 配置登陆拦截器以及开启durid监控 配置开启拦截功能: 创建MyMvConfig类 编写登陆拦截:创建LoginHandlerInterceptor类 配置开启durid数据源...
springboot + spring security验证token进行用户认证
热门推荐
孟林洁的博客
11-23 6万+
核心组件 SecurityContextHolder SecurityContextHolder是spring security最基本的组件。用于存储安全上下文(security context)的信息。当前操作的用户是谁,该用户是否已经被认证,他拥有哪些角色权限等这些都被保存在SecurityContextHolder中。SecurityContextHolder默认是使用ThreadLoc...
JAVA---SpringBoot简单登录页面案例
大呱的博客
01-31 1314
JAVA---SpringBoot简单登录页面案例
Spring Boot 实例代码之通过接口安全退出
08-29
`spring-boot-starter-security`则负责应用的安全性,确保只有授权的用户才能执行敏感操作,如关闭应用。 1. 引入依赖: ```xml <groupId>org.springframework.boot <artifactId>spring-boot-starter-actuator ...
Eclipse Spring Boot maven web demo 简单项目实例
05-26
【Eclipse Spring Boot Maven Web Demo 简单项目实例】是一个实用的学习资源,旨在帮助开发者快速搭建基于Spring Boot、Maven和Eclipse的Web应用程序。这个项目实例为初学者提供了良好的起点,让他们能够理解并实践...
SpringBoot Security认证 Redis缓存用户信息【SpringBoot系列10】
BASK2312的博客
03-31 1776
然后咱们在 Spring Security 配置的拦截器中,token 校验通过后,从 Redis 中查询缓存的用户信息,将用户信息的 UserId 配置到请求头中。这里是自定义的 HttpServletRequestWrapper ,本小节是对 请求Request 中的请求头的操作,后续咱们还会在这里 获取请求体中的参数。本文章是系列文章 ,每节文章都有对应的代码,每节的源码都是在上一节的基础上配置而来,对应的视频讲解课程正在火速录制中。有兴趣可以关注一下公众号:biglead。
springboot3整合SpringSecurity实现登录校验与权限认证(万字超详细讲解)
2301_78646673的博客
12-11 1万+
用户提交登录请求Spring Security 将请求交给 UsernamePasswordAuthenticationFilter 过滤器处理。UsernamePasswordAuthenticationFilter 获取请求中的用户名和密码,并生成一个 AuthenticationToken 对象,将其交给 AuthenticationManager 进行认证。
spring security 自定义Provider 实现多种认证方式
yfx000的专栏
07-23 9759
我的系统里有两种用户,对应数据库两张表,所以必须自定义provider 和 AuthenticationToken,这样才能走到匹配自定义的UserDetailsService,我这里只粘贴一套代码,另一套同理复制就行。 必须自定义原因在于,自定义prodvider会根据重写的support方法判断是否匹配自定义AuthenticationToken,匹配后可以调用自定义的UserDetailsService的方法loadUserByUsername(String username),这样就直接查对应的数
springboot 菜单权限控制 入门级 -2
m0_48917083的博客
01-03 664
菜单→前端的路由、菜单、按钮等目的:不同角色要不同的路由和菜单菜单表menu_idmenu_nameparent_id 父级idiconpath_namecomponentpathmenu_type整个映射表 menu_id role_id根据用户-角色查询菜单就完成了sql怎么写:文心一言我就知道。
Springboot(十)springsecurity认证流程源码分析
念念不忘,必有回响
12-27 497
用户认证流程 这里我们简单从springsecurity源码中分析用户认证流程 当用户发送登入请求首先会进入UsernamePasswordAuthenticationFilter并调用 attemptAuthentication()方法获取用户名密码 从源码我们可以看到获取的用户参数信息放在了UsernamePasswordAuthenticationToken对象中, 在UsernamePa...
SpringSecurity自定义登录
weixin_51431465的博客
12-12 680
【代码】SpringSecurity自定义登录
SpringBoot实现免登录
weixin_43434961的博客
12-02 5418
最近公司有个需求,用户在以前的项目里登录了之后,跳转到新项目可以不用登录 为了实现这个需求,在旧项目跳转到新项目的时候需要把token带过来,新项目后台调用旧项目的接口,通过token获取登录用户信息,将登录信息存入redis实现免登录,具体代码如下: import java.io.IOException; import javax.servlet.FilterChain; import javax.servlet.ServletException; import javax.servlet.http
Spring Boot JWT实现单点登录详解
Spring Boot结合JWT实现单点登录是现代应用架构中一种高效且安全的身份验证方式,通过简化用户登录流程,提升系统的可用性和用户体验。通过以上步骤,开发人员可以快速集成JWT到现有的Spring Boot项目中,实现实例中...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值