SpringBoot~Spring Security入门
来源:互联网 发布:企业数据备份方案 编辑:程序博客网 时间:2024/05/17 14:25
Spring Security简介
Spring Security 是专门针对基于Spring的项目安全框架,充分利用了依赖注入和AOP来实现安全的功能,安全框架主要用的是认证(Authentication)和授权(Authorization)。
SpringBoot 对其的支持
关于Spring Security 的自动配置在SpringBoot 中在org.springframework.boot.autoconfigure.security包中
关于在SpringBoot中配置Spring Security 包含下图这样
当我们需要使用自己的扩展配置时需要自己的类实现WebSecurityConfigurerAdapter类即可
@Configurationpublic class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Bean UserDetailsService customUserService(){ return new CustomUserService(); } @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth.userDetailsService(customUserService()); } @Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests() .anyRequest().authenticated() .and() .formLogin() .loginPage("/login") .failureUrl("/login?error") .permitAll() .and() .logout() .permitAll(); }}
实战
- 首先添加pom文件 。这里使用的mysql 数据库
<dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-data-jpa</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-thymeleaf</artifactId> </dependency> <dependency> <groupId>org.thymeleaf.extras</groupId> <artifactId>thymeleaf-extras-springsecurity4</artifactId> </dependency> <dependency> <groupId>mysql</groupId> <artifactId>mysql-connector-java</artifactId> <scope>runtime</scope> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-test</artifactId> <scope>test</scope> </dependency> <dependency> <groupId>mysql</groupId> <artifactId>mysql-connector-java</artifactId> <version>5.1.21</version> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-test</artifactId> <scope>test</scope> </dependency>
- 在application.properties中配置好数据库链接
spring.jpa.database=mysqlspring.datasource.url=jdbc:MySQL://localhost:3306/com_studyspring.datasource.username = rootspring.datasource.password=111111spring.datasource.driverClassName = com.mysql.jdbc.Driverspring.jackson.srialization.indent_output=truespring.jpa.hibernate.ddl-auto=updatespring.jpa.show-sql=truedebug=truelogging.level.org.springframework.security= INFOspring.thymeleaf.cache=false
- 定义实现我们的实体bean
@Entitypublic class SysUser implements UserDetails{ private static final long serialVersionUID = 1L; @Id @GeneratedValue private Long id; private String userName; private String password; @ManyToMany(cascade = {CascadeType.REFRESH},fetch = FetchType.EAGER) private List<SysRole> roles; public static long getSerialVersionUID() { return serialVersionUID; } public Long getId() { return id; } public void setId(Long id) { this.id = id; } public String getUserName() { return userName; } public void setUserName(String userName) { this.userName = userName; } public void setPassword(String password) { this.password = password; } @Override public Collection<? extends GrantedAuthority> getAuthorities() { List<GrantedAuthority> auths=new ArrayList<GrantedAuthority>(); List<SysRole> roles=this.getRoles(); for(SysRole role:roles){ auths.add(new SimpleGrantedAuthority(role.getName())); } return auths; } @Override public String getPassword() { return null; } @Override public String getUsername() { return null; } @Override public boolean isAccountNonExpired() { return false; } @Override public boolean isAccountNonLocked() { return false; } @Override public boolean isCredentialsNonExpired() { return false; } @Override public boolean isEnabled() { return false; } public List<SysRole> getRoles() { return roles; } public void setRoles(List<SysRole> roles) { this.roles = roles; }}@Entitypublic class SysRole { @Id @GeneratedValue private Long id; private String name; public Long getId() { return id; } public void setId(Long id) { this.id = id; } public String getName() { return name; } public void setName(String name) { this.name = name; }}
- 添加配置文件web和Security配置
@Configurationpublic class WebMvcConfig extends WebMvcConfigurerAdapter{ @Override public void addViewControllers(ViewControllerRegistry registry) { registry.addViewController("/login").setViewName("login"); }}@Configurationpublic class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Bean UserDetailsService customUserService(){ return new CustomUserService(); } @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth.userDetailsService(customUserService()); } @Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests() .anyRequest().authenticated() .and() .formLogin() .loginPage("/login") .failureUrl("/login?error") .permitAll() .and() .logout() .permitAll(); }}
- 实现service 并且dao层实现jpa
public interface SysUserRepository extends JpaRepository<SysUser,Long> { SysUser findByUserName(String userName);}public class CustomUserService implements UserDetailsService { @Autowired private SysUserRepository sysUserRepository; @Override public UserDetails loadUserByUsername(String username) { SysUser user=sysUserRepository.findByUserName(username); if(user==null){ throw new UsernameNotFoundException("用户名不存在"); } return user; }}
- 添加我们的页面的登录页面login.html
总结
我们在实现安全验证内容的时候,首先需要实现我们需要的WebSecurityConfigurerAdapter 然后我们重写我们config 方法,在代码Security配置中我们设置权限访问anyRequest 任何访问页面的路径都需要先登录验证后才可以。如果不想每个页面都得登录才可以访问,我们可以自己定制匹配路径可以在http.authorizeRequests()中使用antMatcher(“/user/index”)或者regexMatchers(“/user/index”),更多配置方式可以看Spring的页面。
阅读全文
0 0
- SpringBoot~Spring Security入门
- SpringBoot - Spring Security学习
- springboot+mybatis+spring security
- springboot整合spring-security
- SpringBoot入门系列:Spring Security 和 Angular JS(1)
- SpringBoot入门系列:Spring Security 和 Angular JS(2)
- springboot集成spring security初探
- Acegi (Spring Security)入门
- Acegi (Spring Security)入门
- spring security 教程入门
- spring security 入门
- Acegi (Spring Security)入门
- Spring Security 入门
- Spring security入门
- spring security入门文章
- spring security入门实例
- Spring Security入门Demo
- spring security 入门
- 串的模式匹配
- Redis.conf配置文件示例
- 用java打印出几种图形及简单的了解下循环
- Hadoop学习之Hive简介
- c++多态的实现原理
- SpringBoot~Spring Security入门
- js 的基础知识
- 操作系统
- hdu 1104
- idea 导入Web项目详解(404错误)
- 曹操五大谋士评点
- 智能指针
- 图示识别光流Optical Flow
- 异常分类