SpringBoot集成Spring Security(一)登录注销
2024-05-18 17:08:28
同个人网站 https://www.serendipper-x.cn/,欢迎访问 !
SpringBoot集成Spring Security(二)注册 、密码加密、修改密码
写在前面
Spring Security是一种基于 Spring AOP 和 Servlet 过滤器的安全框架。它提供全面的安全性解决方案,同时在 Web 请求级和方法调用级处理身份确认和授权。
由于最近写的项目用到了这方面知识,这里做一些总结。下面直接看代码
一、创建项目
这里以多模块项目为例。
多模块项目优点: 帮助项目划分模块,鼓励重用,防止POM变得过于庞大,方便各个模块的构建,而不用每次都构建整个项目,使得针对某个模块的特殊控制更为方便。
二、引入pom依赖
<dependency><groupId>org.springframework.security</groupId><artifactId>spring-security-test</artifactId><scope>test</scope></dependency>
三、web层
项目最核心的代码
SecurityConfig.java
/*** @author xiao* 使用springsecurity对用户登录、注销以及权限进行控制*/
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {@Autowiredprivate StudentService studentService;@Autowiredprivate ObjectMapper objectMapper;@BeanPasswordEncoder passwordEncoder() {return new BCryptPasswordEncoder();}@Overrideprotected void configure(AuthenticationManagerBuilder auth) throws Exception {auth.userDetailsService(studentService).passwordEncoder(new BCryptPasswordEncoder());}@Overrideprotected void configure(HttpSecurity http) throws Exception {http
// .authenticationProvider(authenticationProvider()).httpBasic()//未登录时.authenticationEntryPoint((request,response,authException) -> {response.setContentType("application/json;charset=utf-8");response.setStatus(HttpServletResponse.SC_FORBIDDEN);PrintWriter out = response.getWriter();RespBean error = RespBean.error("未登录");String s = new ObjectMapper().writeValueAsString(error);out.write(s);out.flush();out.close();}).and().authorizeRequests().anyRequest().authenticated() //必须授权才能范围.and().formLogin() //使用自带的登录.usernameParameter("username").passwordParameter("password").permitAll()//登录失败,返回json.failureHandler(new AuthenticationFailureHandler() {@Overridepublic void onAuthenticationFailure(HttpServletRequest req, HttpServletResponse resp, AuthenticationException exception) throws IOException, ServletException {resp.setContentType("application/json;charset=utf-8");resp.setStatus(HttpServletResponse.SC_UNAUTHORIZED);PrintWriter out = resp.getWriter();RespBean respBean = RespBean.error("登录失败!");if (exception instanceof UsernameNotFoundException || exception instanceof BadCredentialsException) {respBean.setMsg("用户名或者密码输入错误,请重新输入!");} else if (exception instanceof DisabledException) {respBean.setMsg("账户被禁用");} else {respBean.setMsg("未知错误");}out.write(objectMapper.writeValueAsString(respBean));out.flush();out.close();}})//登录成功,返回json.successHandler(new AuthenticationSuccessHandler() {@Overridepublic void onAuthenticationSuccess(HttpServletRequest req, HttpServletResponse resp, Authentication authentication) throws IOException, ServletException {resp.setContentType("application/json;charset=utf-8");PrintWriter out = resp.getWriter();Student student = (Student) authentication.getPrincipal();student.setPassword(null);RespBean ok = RespBean.ok("登录成功!", student);String s = new ObjectMapper().writeValueAsString(ok);out.write(s);out.flush();out.close();}}).and().exceptionHandling()//没有权限,返回json.accessDeniedHandler((request,response,ex) -> {response.setContentType("application/json;charset=utf-8");response.setStatus(HttpServletResponse.SC_FORBIDDEN);PrintWriter out = response.getWriter();out.write(new ObjectMapper().writeValueAsString(RespBean.error("权限不足")));out.flush();out.close();}).and().logout()//退出成功,返回json.logoutSuccessHandler(new LogoutSuccessHandler() {@Overridepublic void onLogoutSuccess(HttpServletRequest req, HttpServletResponse resp, Authentication authentication) throws IOException, ServletException {resp.setContentType("application/json;charset=utf-8");PrintWriter out = resp.getWriter();out.write(new ObjectMapper().writeValueAsString(RespBean.ok("注销成功!")));out.flush();out.close();}}).permitAll();//开启跨域访问http.cors().disable();//开启模拟请求,比如API POST测试工具的测试,不开启时,API POST为报403错误http.csrf().disable();}@Overridepublic void configure(WebSecurity web) {//对于在header里面增加token等类似情况,放行所有OPTIONS请求。web.ignoring().antMatchers(HttpMethod.OPTIONS, "/**");}
}
四、mapper层
mapper下的StudentMapper.java
/*** @author xiao*/
public interface StudentMapper {Student loadUserBySno(String sno);
}
resource下的StudentMapper.xml**
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
<mapper namespace="com.jxnu.os.mapper.StudentMapper"><resultMap id="BaseResultMap" type="com.jxnu.os.model.Student"><id column="id" property="id" jdbcType="INTEGER"/><result column="username" property="username" jdbcType="VARCHAR"/><result column="sno" property="sno" jdbcType="VARCHAR"/><result column="s_sex" property="s_sex" jdbcType="CHAR"/><result column="t_id" property="t_id" jdbcType="INTEGER"/><result column="password" property="password" jdbcType="VARCHAR"/></resultMap><select id="loadUserByUsername" resultMap="BaseResultMap">select * from student where username=#{username}</select></mapper>五、model层
model下的Student.java
注意一定要implements UserDetails
/*** @author xiao* 学生实体类*/
public class Student implements UserDetails {////学生主键IDprivate Integer id;//学生姓名private String username;//登录密码private String password;public Integer getId() {return id;}public void setId(Integer id) {this.id = id;}private Collection<? extends GrantedAuthority> authorities;public void setUsername(String username) {this.username = username;}public void setPassword(String password) {this.password = password;}public void setAuthorities(Collection<? extends GrantedAuthority> authorities) {this.authorities = authorities;}@Overridepublic Collection<? extends GrantedAuthority> getAuthorities() {return this.authorities;}@Overridepublic String getPassword() {return this.password;}@Overridepublic String getUsername() {return this.username;}@Overridepublic boolean isAccountNonExpired() {return true;}@Overridepublic boolean isAccountNonLocked() {return true;}@Overridepublic boolean isCredentialsNonExpired() {return true;}@Overridepublic boolean isEnabled() {return true;}
}
六、service层
service下的StudentService.java
/*** @author xiao*/
@Service
public class StudentService implements UserDetailsService {@AutowiredStudentMapper studentMapper;/*** 登录* @param username* @return* @throws UsernameNotFoundException*/@Overridepublic UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {Student student = studentMapper.loadUserBySno(username);if (student == null) {throw new UsernameNotFoundException("用户不存在");}return student;}
}SpringBoot集成Spring Security(一)登录注销相关推荐
- springboot集成spring security实现登录和注销
文章目录 一.导入坐标 二.Users实体类及其数据库表的创建 三.controller,service,mapper层的实现 四.核心–编写配置文件 五.页面的实现 运行结果 一.导入坐标 < ...
- SpringBoot集成Spring Security —— 第二章自动登录
文章目录 一.修改login.html 二.两种实现方式 2.1 Cookie 存储 2.2 数据库存储 2.2.1 基本原理 2.2.2 代码实现 三.运行程序 在上一章:SpringBoot集成S ...
- SpringBoot集成Spring Security(2)——自动登录
在上一章:SpringBoot集成Spring Security(1)--入门程序中,我们实现了入门程序,本篇为该程序加上自动登录的功能. 文章目录 一.修改login.html 二.两种实现方式 2 ...
- SpringBoot集成Spring Security(二)注册 、密码加密、修改密码
SpringBoot集成Spring Security(一)登录注销 写在前面 上一节创建了项目并且利用Spring Security完成了登录注销功能,这里继续说一下注册.密码加密和找回密码,代码注 ...
- SpringBoot 集成 Spring Security
Spring Security Spring Security是一个功能强大且高度可定制的身份验证和访问控制框架.它实际上是保护基于spring的应用程序的标准. Spring Security是一个 ...
- Spring Security MVC登录注销示例教程
Spring Security MVC登录注销示例教程 今天我们将了解Spring Security Login Example.在阅读这篇文章之前,请先阅读我在"Spring 4 Secu ...
- springboot集成Spring Security oauth2(八)
由于公司项目需要,进行SpringBoot集成Spring Security oauth2,几乎搜寻网上所有大神的案例,苦苦不能理解,不能完全OK. 以下是借鉴各大神的代码,终于demo完工,请欣赏 ...
- SpringBoot集成Spring Security(1)——入门程序
因为项目需要,第一次接触 Spring Security,早就听闻 Spring Security 功能强大但上手困难,学习了几天出入门道,特整理这篇文章希望能让后来者少踩一点坑(本文附带实例程序,请 ...
- springboot集成spring security安全框架入门篇
一. :spring security的简介 Spring Security是一个能够为基于Spring的企业应用系统提供声明式的安全访问控制解决方案的安全框架.它提供了一组可以在Spring应用上下 ...
最新文章
- mysql导入csv文件
- 使用python编写单元测试
- linux串口boost,Boost串口通信第一课 boost::asio::serial_port基本使用
- Docker系列之烹饪披萨(二)
- leetcode 330. 按要求补齐数组(贪心算法)
- mysql存储过程触发器_MySQL存储过程及触发器
- 七个不容易被发现的生成对抗网络(GAN)用例
- 今天上网感觉有点儿卡,上了路由器一看,数据包狂跳
- (149)System Verilog接口(interface)连线待测模块
- 数据结构学习记录连载1
- 获取当前user的Session状态
- 关于java中assert(断言)的使用讲解
- 数电笔记之逻辑函数卡诺图化简
- 泰坦尼克号数据集的下载
- 微信小程序 抓css,微信小程序css篇
- 电子电路学习笔记(15)——晶振
- window10安装kubectl工具及配置config信息
- 游戏技能一:激光扫射的实现【CocosCreator 2D】【TypeScript】
- win10 suse linux,Windows 10现已支持安装SUSE Linux子系统 附安装教程|蓝点网
- 鸿蒙系统有没有红外遥控,红外遥控与蓝牙遥控的区别