SpringBoot整合Spring Security和Mybatis验证
来源:互联网 发布:stc12c2052ad数据手册 编辑:程序博客网 时间:2024/04/29 21:40
近来项目后台做安全验证,仔细考虑之后选型Security。
一、引入依赖
<dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-web</artifactId> <version>4.2.3.RELEASE</version> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-config</artifactId> <version>4.2.3.RELEASE</version> </dependency>
二、Java Config
继承WebSecurityConfigurerAdapter,并重写相关方法。
import org.springframework.beans.factory.annotation.Autowired;import org.springframework.context.annotation.Bean;import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;import org.springframework.security.config.annotation.web.builders.HttpSecurity;import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;import org.springframework.security.crypto.password.PasswordEncoder;/** * Created by baiguantao on 2017/9/15. */@EnableWebSecuritypublic class WebSecurityConfig extends WebSecurityConfigurerAdapter { //配置URL权限过滤规则,登录页等等 @Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .antMatchers("/admin//**").hasRole("ADMIN") .antMatchers("/index//**").hasAnyRole("ADMIN") .antMatchers("/index").hasAnyRole("ADMIN") .antMatchers("/static_rbg*//**").permitAll() .antMatchers("/ricky*//**").permitAll() .anyRequest().authenticated() .and() .formLogin() .loginPage("/login") .loginProcessingUrl("/ricky-login") .defaultSuccessUrl("/index") .successForwardUrl("/index") .usernameParameter("username").passwordParameter("password") .permitAll() .and().csrf().disable(); } @Autowired private CustomUserService myAppUserDetailsService;//mybatis验证类 @Autowired public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { //注入mybatis查询类和密码校验类 auth.userDetailsService(myAppUserDetailsService) .passwordEncoder(passwordEncoder()); } /** 密码验证规则 */ @Bean(name = "passwordEncoder") public PasswordEncoder passwordEncoder(){ return new MyPasswordEncoder(); }}
mybatis验证相关–》
import org.springframework.beans.factory.annotation.Autowired;import org.springframework.security.core.GrantedAuthority;import org.springframework.security.core.authority.SimpleGrantedAuthority;import org.springframework.security.core.userdetails.UserDetails;import org.springframework.security.core.userdetails.UserDetailsService;import org.springframework.security.core.userdetails.UsernameNotFoundException;import org.springframework.stereotype.Service;import java.util.HashSet;import java.util.Set;/** * Created by baiguantao on 2017/9/15. */@Servicepublic class CustomUserService implements UserDetailsService { @Autowired SysUserMapper sysUserMapper; @Override public UserDetails loadUserByUsername(String s) throws UsernameNotFoundException { SysUser t=new SysUser(); t.setLoginName(s); SysUser user = sysUserMapper.findByModelOne(t); if (user == null) { throw new UsernameNotFoundException("用户名不存在"); } Set<GrantedAuthority> grantedAuthorities = new HashSet<>(); grantedAuthorities.add(new SimpleGrantedAuthority("ROLE_ADMIN"));//默认是ROLE_开头,对应前边的ADMIN System.out.println(user.getPassword()); return new org.springframework.security.core.userdetails.User(user.getLoginName(), user.getPassword(), grantedAuthorities); }}
密码校验类
import org.springframework.security.crypto.password.PasswordEncoder;/** * Created by baiguantao on 2017/9/18. */public class MyPasswordEncoder implements PasswordEncoder { @Override public String encode(CharSequence charSequence) { //进行编码 是来自页面输入的密码明文 return charSequence.toString(); } @Override public boolean matches(CharSequence charSequence, String s) { //明文和密文密码对比 if (validatePassword(charSequence.toString(),s)) { return true; } else { return false; } }}
结语
至此,利用数据库来进行安全认证已经完成,特别注意的是角色中ROLE_ADMIN和ADMIN的对应性,以及crsf的关闭。
阅读全文
0 0
- SpringBoot整合Spring Security和Mybatis验证
- springboot整合spring-security
- springboot+mybatis+spring security
- SpringBoot和Mybatis整合
- springboot和mybatis整合
- SpringBoot--整合Mybatis和Redis
- springBoot(七)整合之整合spring Security理解
- SpringBoot系列—mybatis和spirng security
- SpringMVC+Spring Security+mave+mybatis整合一
- springboot+security框架整合
- Mybatis和Spring整合
- mybatis和spring整合
- spring和mybatis整合
- Spring和MyBatis整合
- mybatis和spring整合
- spring和mybatis整合
- spring和mybatis整合
- Spring和Mybatis整合
- pandas学习记录
- 代码干货 | 一个Reentrant Error引发的对Python信号机制的探索和思考
- linux下修改MAC地址方法-大全
- Phoenix 散裂表(Salted Tables)
- UML类图详解
- SpringBoot整合Spring Security和Mybatis验证
- acm常见陌生词汇
- 几种简单的负载均衡算法及其Java代码实现
- MySQL常见的性能优化
- SGU 103. Traffic Lights (SPFA)
- 吴聘虽是被毒死的,但这个才是其根源所在
- 基于注解的spring AOP的配置和简易使用
- nativeXml使用方法
- java三种代理模式