Spring security开发权限管理系统(一)

从今天起,我将使用SpringBoot+SpringBoot+Mybatis+Vue从到一开发一个系统。
今天将说明Spring Security+SpringBoot+Mybatis的结合

引入POM

    <dependencies>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>
        <dependency>
            <groupId>org.mybatis.spring.boot</groupId>
            <artifactId>mybatis-spring-boot-starter</artifactId>
            <version>2.1.2</version>
        </dependency>
        <dependency>
            <groupId>com.alibaba</groupId>
            <artifactId>druid-spring-boot-starter</artifactId>
            <version>1.1.16</version>
        </dependency>
        <dependency>
            <groupId>org.projectlombok</groupId>
            <artifactId>lombok</artifactId>
        </dependency>
        <dependency>
            <groupId>mysql</groupId>
            <artifactId>mysql-connector-java</artifactId>
            <scope>runtime</scope>
            <version>5.1.47</version>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
            <scope>test</scope>
            <exclusions>
                <exclusion>
                    <groupId>org.junit.vintage</groupId>
                    <artifactId>junit-vintage-engine</artifactId>
                </exclusion>
            </exclusions>
        </dependency>
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-test</artifactId>
            <scope>test</scope>
        </dependency>
    </dependencies>

引入用户概念,实现登录功能

在数据库中创建数据库表

DROP TABLE IF EXISTS `system_user`;
CREATE TABLE `system_user` (
  `id` varchar(50) DEFAULT NULL,
  `username` varchar(255) DEFAULT NULL,
  `password` varchar(255) DEFAULT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8;

SET FOREIGN_KEY_CHECKS = 1;

建立类 值得注意的是我们使用Lombok。在IDEA上需要安装lombok插件

package com.xzz.vdc.model;


import lombok.Data;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;

import java.util.Collection;

@Data
public class User implements UserDetails {
    public  String id;
    public  String username;
    public  String password;

    @Override
    public Collection<? extends GrantedAuthority> getAuthorities() {
        return null;
    }

    @Override
    public boolean isAccountNonExpired() {
        return true;
    }

    @Override
    public boolean isAccountNonLocked() {
        return true;
    }

    @Override
    public boolean isCredentialsNonExpired() {
        return true;
    }

    @Override
    public boolean isEnabled() {
        return true;
    }
}

值得注意的是,此处引入和继承了Spring Security的关于用户实体类的类,用来实现相应的功能
配置Mybatis并创建Mapper文件

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
<mapper namespace="com.xzz.vdc.mapper.UserMapper">


    <select id="loadUserByName" resultType="com.xzz.vdc.model.User">
        select * from system_user where username = #{username}
    </select>

</mapper>

创建对应的
Mapper接口

package com.xzz.vdc.mapper;

import com.xzz.vdc.model.User;
import org.springframework.stereotype.Repository;

@Repository
public interface UserMapper {

    public User loadUserByName(String username);
}

项目相关配置

spring:
  datasource:
    type: com.alibaba.druid.pool.DruidDataSource
    username: root
    password: root
    url: jdbc:mysql://localhost:3306/vdc?useUnicode=true&characterEncoding=UTF-8&serverTimezone=Asia/Shanghai
server:
  port: 9090
mybatis:
  mapper-locations: classpath:mappers/*Mapper.xml
  type-aliases-package: com.xzz.vdc.model

继承UserDetailService,实现对于用户的查询

ackage com.xzz.vdc.service;

import com.xzz.vdc.mapper.UserMapper;
import com.xzz.vdc.model.User;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;

@Service
public class UserService  implements UserDetailsService {

    @Autowired
    UserMapper userMapper;
    @Override
    public UserDetails loadUserByUsername(String s) throws UsernameNotFoundException {

        User user = userMapper.loadUserByName(s);
        if (user==null){
            throw new UsernameNotFoundException("用户找不到");
        }else{
            return user;
        }
    }
}

在配置类中进行权限验证

package com.xzz.vdc.config;

import com.xzz.vdc.service.UserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;

@Configuration
public class SecurityConfig  extends WebSecurityConfigurerAdapter {
    @Autowired
    UserService userService;

    @Bean
    PasswordEncoder passwordEncoder(){
        return   NoOpPasswordEncoder.getInstance();
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
            auth.userDetailsService(userService);
    }
}

此处需要注意的是。PasswordEncoder是你所使用的密码的加密方式。。必须与你存入数据的相对应,此处我使用的NoOpPasswordEncoder是不使用加密。还可以使用BCryptPasswordEncoder等加密方式

实现上述之后,我们可以写一个测试类


@RestController
public class HelloController {

    @GetMapping("/hello")
    public String hello(){
        return "hello";
    }
}

访问测试类接口。直接转到Spring Security的登录页面。输入用户名和密码即可跳转到显示hello的hello接口页面

已标记关键词 清除标记
©️2020 CSDN 皮肤主题: 博客之星2020 设计师:CY__0809 返回首页