SpringSecurity权限框架实战
pom文件:
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.1.4.RELEASE</version>
<relativePath /> <!-- lookup parent from repository -->
</parent>
<groupId>com.baidu.security</groupId>
<artifactId>security</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>security</name>
<description>Demo project for Spring Boot</description><properties>
<java.version>1.8</java.version>
</properties><dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency><dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-classic</artifactId>
</dependency>
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-core</artifactId>
</dependency>
<!-- 引入freeMarker的依赖包. -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-freemarker</artifactId>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency><dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-classic</artifactId>
<version>1.2.3</version>
</dependency>
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-core</artifactId>
<version>RELEASE</version>
</dependency><dependency>
<groupId>org.mybatis.spring.boot</groupId>
<artifactId>mybatis-spring-boot-starter</artifactId>
<version>1.3.0</version>
</dependency><dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<scope>runtime</scope>
</dependency></dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build></project>
login.ftl
<!DOCTYPE html>
<html>
<head lang="en">
<meta charset="UTF-8" />
<title></title>
</head>
<body>登录页面${msg}<form action="/login_check" method="post"><input type="text" name="username" /></br> </br> <input type="text"name="password" /></br> </br> <input type="submit" value="登录" /></br></form></body></html>
index.ftl
<!DOCTYPE html>
<html>
<head lang="en">
<meta charset="UTF-8" />
<title></title>
</head>
<body><form action="/logout" method="post"><input type="submit" value="退出" /></br></form>你好啊!${userName}</body>
</html>
config包中的:WebSecurityConfig 首先更具login中action路径 进入此处
package com.baidu.security.config;import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {@Beanpublic MyUserDetailService myUserdetailService() {return new MyUserDetailService();}@Overrideprotected void configure(AuthenticationManagerBuilder auth) throws Exception {auth.userDetailsService(myUserdetailService()).passwordEncoder(new BCryptPasswordEncoder());}@Bean@Overrideprotected AuthenticationManager authenticationManager() throws Exception {return super.authenticationManager();}@Overrideprotected void configure(HttpSecurity http) throws Exception {http.csrf().disable(); // 关闭跨站检测http.authorizeRequests().anyRequest().fullyAuthenticated();http.formLogin().loginPage("/login").loginProcessingUrl("/login_check").failureUrl("/login").defaultSuccessUrl("/index").permitAll();http.logout().permitAll();}public static void main(String[] args) {BCryptPasswordEncoder encode = new BCryptPasswordEncoder();String string = encode.encode("123456").toString();System.out.println(string);}}
config包中的:MyUserDetailService【用户名秘密验证】
package com.baidu.security.config;import java.util.ArrayList;
import java.util.List;import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;import com.baidu.security.entity.Role;
import com.baidu.security.entity.User;
import com.baidu.security.mapper.UserRoleMapper;
@Service
public class MyUserDetailService implements UserDetailsService {@Autowiredprivate UserRoleMapper urMapper;@Overridepublic UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {// 要去通过用戶名获取数据库的用户User dbUser = urMapper.selectByUsername(username);if (dbUser == null) {System.out.println("用户" + username + "不存在");throw new UsernameNotFoundException("用户" + username + "不存在");}List<Role> roleList = urMapper.selectRoleList(username);List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();for (Role role : roleList) {GrantedAuthority e = new SimpleGrantedAuthority("ROLE_" + role.getCode());authorities.add(e);}try {// 是去做校验密码org.springframework.security.core.userdetails.User sUser = new org.springframework.security.core.userdetails.User(username, dbUser.getPassword(), authorities);return sUser;} catch (Exception e) {System.out.println("用户" + username + "密码错误");throw new UsernameNotFoundException("用户" + username + "密码错误");}}}
control: 获取Security(CQ瑞忒)的用户信息
package com.baidu.security.controller;import java.util.Map;import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;@Controller
public class IndexController {@RequestMapping("/index")public String index(Map<String, String> map) {SecurityContext context = SecurityContextHolder.getContext();Authentication authentication = context.getAuthentication();Object principal = authentication.getPrincipal();System.out.println(principal.toString());map.put("userName", "屈伸");return "index";}@RequestMapping("/login")public String login(Map<String, String> map) {map.put("msg", "消息");return "login";}
}
entity包中的实体类:Role
package com.baidu.security.entity;public class Role {private Integer id;private String code;private String name;public Integer getId() {return id;}public void setId(Integer id) {this.id = id;}public String getCode() {return code;}public void setCode(String code) {this.code = code;}public String getName() {return name;}public void setName(String name) {this.name = name;}}
entity包中的实体类:User
package com.baidu.security.entity;public class User {private Integer id;private String username;private String password;public Integer getId() {return id;}public void setId(Integer id) {this.id = id;}public String getUsername() {return username;}public void setUsername(String username) {this.username = username;}public String getPassword() {return password;}public void setPassword(String password) {this.password = password;}}
Mapper文件:
package com.baidu.security.mapper;import java.util.List;import org.apache.ibatis.annotations.Mapper;
import org.apache.ibatis.annotations.Param;
import org.apache.ibatis.annotations.Select;import com.baidu.security.entity.Role;
import com.baidu.security.entity.User;@Mapper
public interface UserRoleMapper {// 做登陆,通过用户名获取用户信息@Select("select * from user where username = #{username} limit 1")User selectByUsername(@Param("username") String username);// 通过用户名获取权限列表@Select("select * from user u,role r,user_role ur where u.username = #{username} and ur.userId = u.id and ur.roleId = r.id")List<Role> selectRoleList(@Param("username") String username);}
参考博客:https://blog.csdn.net/pengshisong/article/details/82969900
SpringSecurity权限框架实战相关推荐
- SpringSecurity权限管理系统实战—六、SpringSecurity整合JWT
文章目录 系列目录 前言 一.无状态登录 二.JWT介绍 1.什么是jwt 头部(Header) 载荷(Payload) 签名(Signature) 2.JWT工作流程 3.简单实现 三.整合JWT ...
- SpringSecurity权限管理系统实战—一、项目简介和开发环境准备
源码获取: github或者gitee 文章目录 系列目录 前言 一.简介 二.什么是RBAC 三.系统功能 四.环境搭建 五.技术栈 六.说明 七.项目截图 八.请作者喝杯卡布奇诺 系列目录 Spr ...
- 视频教程-Apache Shiro权限框架实战+项目案例视频课程-Java
Apache Shiro权限框架实战+项目案例视频课程 拥有10余年项目实战经验. 2006-2011在nttdata从事对日软件开发类工作. 2011-2015在HP从事技术服务工作. 擅长于j2e ...
- 一篇文章轻松搞定SpringSecurity权限框架!
目录 前言 一.引入依赖 二.提供正常的业务接口 三.自定义用户认证 3.1 编写配置类 3.2 编写UserDetailsService实现类 3.3 启动项目,完成认证功能的验证 3.4 小说明 ...
- 【Spring框架家族】Spring--Security权限控制密码加密
Spring Security简介 Spring Security是 Spring提供的安全认证服务的框架. 使用Spring Security可以帮助我们来简化认证 和授权的过程.官网:https: ...
- springboot jwt token前后端分离_实战:十分钟实现基于JWT前后端分离的权限框架
前言 面试过很多Java开发,能把权限这块说的清楚的实在是不多,很多人因为公司项目职责问题,很难学到这类相关的流程和技术,本文梳理一个简单的场景,实现一个基于jwt前后端分离的权限框架. 简易流程 登 ...
- spring-security权限控制详解
在本例中,主要讲解spring-boot与spring-security的集成,实现方式为: 将用户.权限.资源(url)采用数据库存储 自定义过滤器,代替原有的 FilterSecurityInte ...
- Spring Boot 框架学习笔记(五)( SpringSecurity安全框架 )
Spring Boot 框架学习笔记(五) SpringSecurity安全框架 概述 作用 开发示例: 1. 新建项目 2. 引入依赖 3. 编写`SecurityConfig`类,实现认证,授权, ...
- 在项目中应用SpringSecurity权限控制
在项目中应用SpringSecurity权限控制 要进行认证和授权需要前面课程中提到的权限模型涉及的7张表支撑,因为用户信息.权限信息.菜单信息.角色信息.关联信息等都保存在这7张表中,也就是这些表中 ...
最新文章
- 阿里一面:如何保证API接口数据安全?
- CAP带你轻松玩转ASP.NETCore消息队列
- 卷积神经网络mnist手写数字识别代码_搭建经典LeNet5 CNN卷积神经网络对Mnist手写数字数据识别实例与注释讲解,准确率达到97%...
- python--类与GUI编程框架
- 三、悟透javascript中的function
- idea debug的时候 启动起来超级慢
- 微信小程序云开发教程-JavaScript入门(4)-捕捉异常
- 无法登录 mysql 服务器_无法登录 MySQL服务器/无法开启 MySQL服务
- 考研408(操作系统、计算机组成原理、数据结构、计算机网络)
- 关于复制粘贴快捷键失效问题的解决方法
- Enjoying Web Development with Tapestry下载
- 什么是研究报告,研究报告分为那些部分
- zscore标准化步骤_z-score的标准化究竟怎么弄?
- 他们的爱情(王小波和李银河)
- UG NX与PLC-1500的在环虚拟测试
- 200 元数字人民币面世 !
- 安搭Share提醒,谨防秋冬季儿童呼吸道疾病
- java k v t_java 中的 t,e,k,v
- 精美动态欧美风通用PPT模板
- Linux的help命令的使用详解