接上一章,上一章讲了如何整合Springboot+Activiti7+Security,还没看的可以先去看看:Springboot+Activiti7+Security整合_混进大佬群的萌新的博客-CSDN博客
本章呢就讲一下配置Security,实现数据库用户登录。
由于全是代码部分,我就直接上代码吧
一、在pojo包下新建:UserInfoBean
@Component
public class UserInfoBean implements UserDetails {
private Long id;
private String name;
private String address;
private String username;
private String password;
private String roles;
public String getAddress(){
return address;
}
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
return Arrays.stream(roles.split(","))
.map(s -> new SimpleGrantedAuthority(s))
.collect(Collectors.toList());
}
@Override
public String getPassword() {
return password;
}
@Override
public String getUsername() {
return username;
}
@Override
public boolean isAccountNonExpired() {
return true;
}
@Override
public boolean isAccountNonLocked() {
return true;
}
@Override
public boolean isCredentialsNonExpired() {
return true;
}
@Override
public boolean isEnabled() {
return true;
}
}
二、在mapper包下新建接口:UserInfoBeanMapper
@Mapper
@Component
public interface UserInfoBeanMapper {
//查询用户信息
@Select("select * from user where username = #{username}")
UserInfoBean selectByUsername(@Param("username") String username);
}
三、新建security包,在里面要建五个类:
登录配置类:LoginSecurityConfig
//登录配置
@Configuration
public class LoginSecurityConfig extends WebSecurityConfigurerAdapter {
//登录成功类
@Autowired
private LoginSuccess loginSuccess;
//登录失败类
@Autowired
private LoginFailure loginFailure;
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.formLogin()
//登录的方法
.loginPage("/login")
.loginProcessingUrl("/login")
//登录成功:
.successHandler(loginSuccess)
//登录失败:
.failureHandler(loginFailure)
.and()
.authorizeRequests()
.anyRequest().permitAll()
.and()
.logout().permitAll()
.and()
.csrf().disable()
.headers().frameOptions().disable();
}
}
登录成功类:LoginSuccess
//登录成功
@Component("LoginSuccess")
public class LoginSuccess implements AuthenticationSuccessHandler {
@Autowired
private ObjectMapper objectMapper;
@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, FilterChain chain, Authentication authentication) throws IOException, ServletException {
}
@Override
public void onAuthenticationSuccess(HttpServletRequest request,
HttpServletResponse response,
Authentication authentication)
throws IOException, ServletException {
response.setContentType("application/json;charset=UTF-8");
response.getWriter().write("登录成功!");
}
}
登录失败类:LoginFailure
//登录失败
@Component("LoginFailure")
public class LoginFailure implements AuthenticationFailureHandler {
@Autowired
private ObjectMapper objectMapper;
@Override
public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException, ServletException {
response.setStatus(HttpStatus.INTERNAL_SERVER_ERROR.value());//返回500错误码
response.setContentType("application/json;charset=UTF-8");
response.getWriter().write("登录失败!"+ exception.getMessage());
}
}
用户登录控制器类:SecurityController
//用户登录控制器
public class SecurityController {
@RequestMapping("/login")
@ResponseStatus(code = HttpStatus.UNAUTHORIZED)
public String login(HttpServletRequest request, HttpServletResponse response) {
return new String("需要登录!");
}
}
查询登录:MyUserDetailsService
@Component
public class MyUserDetailsService implements UserDetailsService {
@Autowired
UserInfoBeanMapper userInfoBeanMapper;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
//查库,完成登录
UserInfoBean userInfoBean = userInfoBeanMapper.selectByUsername(username);
if (userInfoBean == null) {
throw new UsernameNotFoundException("数据库中无此用户");
}
return userInfoBean;
}
//加密方法
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
}
四、与启动类平级目录再建一个类:Security
@Component
public class Security {
private Logger logger = LoggerFactory.getLogger(Security.class);
@Autowired
private UserDetailsService userDetailsService;
public void logInAs(String username){
UserDetails user = userDetailsService.loadUserByUsername(username);
if (user == null) {
throw new IllegalStateException("用户"+username+"不存在!");
}
logger.info(">以身份登录:"+username);
SecurityContextHolder.setContext(new SecurityContextImpl(new Authentication() {
//获取权限
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
return user.getAuthorities();
}
//获取凭据
@Override
public Object getCredentials() {
return user.getPassword();
}
//获取详细信息
@Override
public Object getDetails() {
return user;
}
//获取委托人
@Override
public Object getPrincipal() {
return user;
}
//已通过身份验证
@Override
public boolean isAuthenticated() {
return true;
}
//设置已验证
@Override
public void setAuthenticated(boolean isAuthenticated) throws IllegalArgumentException {
}
//获取用户名称
@Override
public String getName() {
return user.getUsername();
}
}));
}
}
ok,这样就算完事了,前台访问登录的时候就可以输入第一章在数据库user表中插入的用户数据了,密码是1。
下一章预计内容:启动流程实例
(多多点赞哟,我的动力来自于你们的点赞,哈哈哈)