欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页  >  IT编程

2020-11-20

程序员文章站 2022-10-03 11:43:38
Spring Security1.介绍Spring Security是一个能够为基于Spring的企业应用系统提供声明式的安全访问控制解决方案的安全框架。由于它是Spring生态系统中的一员,因此它伴随着整个Spring生态系统不断修正、升级,在spring boot项目中加入springsecurity更是十分简单,使用Spring Security 减少了为企业系统安全控制编写大量重复代码的工作。2.创建工程创建mavan工程引入依赖

Spring Security

1.介绍

Spring Security是一个能够为基于Spring的企业应用系统提供声明式的安全访问控制解决方案的安全框架。由于它

是Spring生态系统中的一员,因此它伴随着整个Spring生态系统不断修正、升级,在spring boot项目中加入spring

security更是十分简单,使用Spring Security 减少了为企业系统安全控制编写大量重复代码的工作。

2.创建工程

  1. 创建mavan工程

  2. 引入依赖

    <parent> 
        <groupId>org.springframework.boot</groupId> 
        <artifactId>spring‐boot‐starter‐parent</artifactId>                         <version>2.1.3.RELEASE</version> 
    </parent>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-security</artifactId>
    </dependency>
    ​
  3. 配置

    package com.example.demo.configuration;
    ​
    import org.springframework.context.annotation.Configuration;
    import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
    import org.springframework.security.config.annotation.web.builders.HttpSecurity;
    import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
    import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
    @EnableWebSecurity
    public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
        @Override
        protected void configure(HttpSecurity http) throws Exception {
            http.csrf().disable();
    ​
            // 配置登录页面
            http.formLogin().loginPage("/login").permitAll();
    ​
            // 配置登录成功后的默认页面
            http.formLogin().defaultSuccessUrl("/");
    ​
            // 登出授权
            http.logout().permitAll();
    ​
            // 授权配置
            http.authorizeRequests().anyRequest().fullyAuthenticated();
    ​
        }
    ​
        @Override
        protected void configure(AuthenticationManagerBuilder auth) throws Exception {
            auth.inMemoryAuthentication ().withUser ("root").password ("{noop}root").roles ("USER","ADMIN");
    ​
        }
    }
    ​

     

Tips:

  1. 关闭csrf拦截

  2. 使用内存数据来进行用户认证管理

3. 集成数据库进行用户认证授权管理

  1. 导入依赖

            <dependency>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-starter-data-jpa</artifactId>
            </dependency>
            <dependency>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-starter-jdbc</artifactId>
            </dependency>
            <dependency>
                <groupId>mysql</groupId>
                <artifactId>mysql-connector-java</artifactId>
                <scope>runtime</scope>
            </dependency>

     

  2. 创建实体类

    package com.example.demo.entry;
    ​
    import lombok.Data;
    import org.springframework.data.jpa.repository.JpaRepository;
    import org.springframework.security.core.GrantedAuthority;
    import org.springframework.security.core.authority.SimpleGrantedAuthority;
    import org.springframework.security.core.userdetails.UserDetails;
    ​
    import javax.persistence.*;
    import java.util.ArrayList;
    import java.util.Collection;
    import java.util.List;
    ​
    @Entity
    @Table
    @Data
    public class SysUser implements UserDetails {
        @Id
        @GeneratedValue(strategy = GenerationType.IDENTITY)
        @Column(name = "id")
        private Integer id;
        @Column(name = "username")
        private String username;
        @Column(name = "password")
        private String password;
    ​
        @Override
        public Collection<? extends GrantedAuthority> getAuthorities() {
            List<SimpleGrantedAuthority> simpleGrantedAuthorities = new ArrayList<> ();
            simpleGrantedAuthorities.add (new SimpleGrantedAuthority ("ROLE_USER"));
            return simpleGrantedAuthorities;
        }
    ​
        @Override
        public boolean isAccountNonExpired() {
            return true;
        }
    ​
        @Override
        public boolean isAccountNonLocked() {
            return true;
        }
    ​
        @Override
        public boolean isCredentialsNonExpired() {
            return true;
        }
    ​
        @Override
        public boolean isEnabled() {
            return true;
        }
    }
    ​
  3. 业务层

    package com.example.demo.service;
    ​
    import com.example.demo.entry.SysUser;
    import com.example.demo.repositry.SysUserRepository;
    import org.springframework.beans.factory.annotation.Autowired;
    import org.springframework.security.core.userdetails.UserDetails;
    import org.springframework.security.core.userdetails.UserDetailsService;
    import org.springframework.security.core.userdetails.UsernameNotFoundException;
    import org.springframework.stereotype.Service;
    ​
    @Service
    public class SysUserService implements UserDetailsService {
        @Autowired
        private SysUserRepository sysUserRepository;
        @Override
        public UserDetails loadUserByUsername(String s) throws UsernameNotFoundException {
            SysUser sysUserByUsername = sysUserRepository.findSysUserByUsername (s);
            return sysUserByUsername;
        }
    }
    ​

     

  4. 配置

    package com.example.demo.configuration;
    ​
    import com.example.demo.service.SysUserService;
    import org.springframework.beans.factory.annotation.Autowired;
    import org.springframework.context.annotation.Bean;
    import org.springframework.context.annotation.Configuration;
    import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
    import org.springframework.security.config.annotation.web.builders.HttpSecurity;
    import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
    import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
    import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
    import org.springframework.security.crypto.util.EncodingUtils;
    ​
    @Configuration
    @EnableWebSecurity
    public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
        @Autowired
        private SysUserService sysUserService;
        @Autowired
        BCryptPasswordEncoder bCryptPasswordEncoder;
        @Bean
        public BCryptPasswordEncoder getPasswordEncoder(){
            return new BCryptPasswordEncoder ();
        }
        @Override
        protected void configure(HttpSecurity http) throws Exception {
    ​
    ​
            // 配置登录页面
            http.formLogin().loginPage("/login").permitAll();
    ​
            // 配置登录成功后的默认页面
            http.formLogin().defaultSuccessUrl("/");
    ​
            // 登出授权
            http.logout().permitAll();
    ​
            // 授权配置
            http.authorizeRequests().anyRequest().fullyAuthenticated();
    ​
        }
    ​
        @Override
        protected void configure(AuthenticationManagerBuilder auth) throws Exception {
    //        auth.inMemoryAuthentication ().withUser ("root").password ("{noop}root").roles ("USER","ADMIN");
            auth.userDetailsService (sysUserService).passwordEncoder (bCryptPasswordEncoder);
        }
    }
    ​

 

本文地址:https://blog.csdn.net/qq1440837150/article/details/109861327

相关标签: 笔记