spring boot security的简单学习demo

项目的目录结构如图

---

bootstrap.min.css自己上网上找到下载吧

---

pom.xml

<!-- Spring Boot 启动父依赖 核心模块，包括自动配置支持、日志和YAML-->    <parent>        <groupId>org.springframework.boot</groupId>        <artifactId>spring-boot-starter-parent</artifactId>        <version>1.5.1.RELEASE</version>    </parent>    <dependencies>        <!--start-web-->        <dependency>            <groupId>org.springframework.boot</groupId>            <artifactId>spring-boot-starter-web</artifactId>        </dependency>        <!--jpa-->        <dependency>            <groupId>org.springframework.boot</groupId>            <artifactId>spring-boot-starter-data-jpa</artifactId>        </dependency>        <!--security-->        <dependency>            <groupId>org.springframework.boot</groupId>            <artifactId>spring-boot-starter-security</artifactId>        </dependency>        <!--Thymeleaf-->        <dependency>            <groupId>org.springframework.boot</groupId>            <artifactId>spring-boot-starter-thymeleaf</artifactId>        </dependency>        <!--mysql-->        <dependency>            <groupId>mysql</groupId>            <artifactId>mysql-connector-java</artifactId>            <version>5.1.39</version>        </dependency>        <!--jdbc-->        <dependency>            <groupId>org.springframework.boot</groupId>            <artifactId>spring-boot-starter-jdbc</artifactId>        </dependency>        <dependency>            <groupId>javax.batch</groupId>            <artifactId>javax.batch-api</artifactId>            <version>1.0.1</version>        </dependency>        <!--Thymeleaf的spring security的支持-->        <dependency>            <groupId>org.thymeleaf.extras</groupId>            <artifactId>thymeleaf-extras-springsecurity4</artifactId>        </dependency>    </dependencies>

application.properties文件

# 设置端口号server.port=8080# 设置日志级别logging.level.root=info# 数据源配置spring.datasource.driver-class-name=com.mysql.jdbc.Driverspring.datasource.url=jdbc:mysql://ip:3306/dbname?useUnicode=true&characterEncoding=UTF-8spring.datasource.username=spring.datasource.password=# 让控制器输出json字符串格式spring.jackson.serialization.indent-output=true# spring.jpa.hibernate.ddl-auto=update# 显示sql语句spring.jpa.show-sql=true# security日志配置logging.level.org.springframework.security=debug# thymeleaf模板缓存设置spring.thymeleaf.cache=false

启动类

import org.springframework.boot.SpringApplication;import org.springframework.boot.autoconfigure.SpringBootApplication;@SpringBootApplicationpublic class SpringSecurityContext {    public static void main(String[] args) {        SpringApplication.run(SpringSecurityContext.class);    }}

domian
SysRole

import javax.persistence.Entity;import javax.persistence.GeneratedValue;import javax.persistence.Id;/** * 角色 */@Entitypublic class SysRole {    @Id    @GeneratedValue    private Long id;    private String name;    public Long getId() {        return id;    }    public void setId(Long id) {        this.id = id;    }    public String getName() {        return name;    }    public void setName(String name) {        this.name = name;    }}

SysUser

import org.springframework.security.core.GrantedAuthority;import org.springframework.security.core.authority.SimpleGrantedAuthority;import org.springframework.security.core.userdetails.UserDetails;import javax.persistence.*;import java.util.ArrayList;import java.util.Collection;import java.util.List;/** * 用户 */@Entitypublic class SysUser implements UserDetails {    @Id    @GeneratedValue    private Long id;    private String username;    private String password;    @ManyToMany(cascade = {CascadeType.REFRESH}, fetch = FetchType.EAGER) // 配置用户和角色的多对多关系    private List<SysRole> sysRoles;    @Override // 将用户的角色作为权限    public Collection<? extends GrantedAuthority> getAuthorities() {        List<GrantedAuthority> auths = new ArrayList<>();        List<SysRole> roles = this.getSysRoles();        for (SysRole role : roles) {            auths.add(new SimpleGrantedAuthority(role.getName()));        }        return auths;    }    @Override    public boolean isAccountNonExpired() {        return true;    }    @Override    public boolean isAccountNonLocked() {        return true;    }    @Override    public boolean isCredentialsNonExpired() {        return true;    }    @Override    public boolean isEnabled() {        return true;    }    public Long getId() {        return id;    }    public void setId(Long id) {        this.id = id;    }    @Override    public String getUsername() {        return username;    }    public void setUsername(String username) {        this.username = username;    }    @Override    public String getPassword() {        return password;    }    public void setPassword(String password) {        this.password = password;    }    public List<SysRole> getSysRoles() {        return sysRoles;    }    public void setSysRoles(List<SysRole> sysRoles) {        this.sysRoles = sysRoles;    }}

Msg

public class Msg {    private String title;    private String content;    private String etraInfo;    public Msg(String title, String content, String etraInfo) {        super();        this.title = title;        this.content = content;        this.etraInfo = etraInfo;    }    public String getTitle() {        return title;    }    public void setTitle(String title) {        this.title = title;    }    public String getContent() {        return content;    }    public void setContent(String content) {        this.content = content;    }    public String getEtraInfo() {        return etraInfo;    }    public void setEtraInfo(String etraInfo) {        this.etraInfo = etraInfo;    }}

dao

import cn.zfs.springboot.security.domain.SysUser;import org.springframework.data.jpa.repository.JpaRepository;public interface SysUserRepository extends JpaRepository<SysUser,Long> {    SysUser findByUsername(String username);}

service

import cn.zfs.springboot.security.dao.SysUserRepository;import cn.zfs.springboot.security.domain.SysUser;import org.springframework.beans.factory.annotation.Autowired;import org.springframework.security.core.userdetails.UserDetails;import org.springframework.security.core.userdetails.UserDetailsService;import org.springframework.security.core.userdetails.UsernameNotFoundException;public class CustomerUserService implements UserDetailsService {    @Autowired    private SysUserRepository sysUserRepository;    @Override    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {        SysUser sysUser = sysUserRepository.findByUsername(username);        if(sysUser == null){            throw new UsernameNotFoundException("用户名不存在");        }        return sysUser;    }}

配置类
securityConfig

import cn.zfs.springboot.security.service.CustomerUserService;import org.springframework.context.annotation.Bean;import org.springframework.context.annotation.Configuration;import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;import org.springframework.security.config.annotation.web.builders.HttpSecurity;import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;import org.springframework.security.core.userdetails.UserDetailsService;@Configurationpublic class SecurityConfig extends WebSecurityConfigurerAdapter{    @Bean    UserDetailsService customerUserService(){        return new CustomerUserService();    }    @Override    protected void configure(AuthenticationManagerBuilder auth) throws Exception {        auth.userDetailsService(customerUserService());    }    @Override    protected void configure(HttpSecurity http) throws Exception {        http.authorizeRequests()                .anyRequest().authenticated() // 所有请求页面都需要登录才能访问                .and()                .formLogin()                    .loginPage("/login")                    .failureForwardUrl("/login?error")                    .permitAll() // 定制登录行为,登录页面可以任意访问                .and()                .logout().permitAll(); // 定制注销行为,注销请求可以任意访问    }}

WebMvcConfig

import org.springframework.context.annotation.Configuration;import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;@Configurationpublic class WebMVCConfig extends WebMvcConfigurerAdapter{    @Override    public void addViewControllers(ViewControllerRegistry registry) {        registry.addViewController("/login").setViewName("login"); // 注册访问转向login.HTML页面    }}

Controller

import cn.zfs.springboot.security.domain.Msg;import org.springframework.stereotype.Controller;import org.springframework.ui.Model;import org.springframework.web.bind.annotation.RequestMapping;@Controllerpublic class SecurityController {    @RequestMapping("/")    public String index(Model model){        Msg msg = new Msg("测试标题","测试内容","额外信息,只对管理员显示");        model.addAttribute("msg",msg);        return "home";    }}

home.html

<!DOCTYPE html><html xmlns:th="http://www.thymeleaf.org"       xmlns:sec="http://www.thymeleaf.org/thymeleaf-extras-springsecurity4"><!-- 1 --><head><meta content="text/html;charset=UTF-8"/><title sec:authentication="name"></title> <!-- 2 --><link rel="stylesheet" th:href="@{css/bootstrap.min.css}" /><style type="text/css">body {  padding-top: 50px;}.starter-template {  padding: 40px 15px;  text-align: center;}</style></head><body>     <nav class="navbar navbar-inverse navbar-fixed-top">      <div class="container">        <div class="navbar-header">          <a class="navbar-brand" href="#">Spring Security演示</a>        </div>        <div id="navbar" class="collapse navbar-collapse">          <ul class="nav navbar-nav">           <li><a th:href="@{/}"> 首页 </a></li>          </ul>        </div><!--/.nav-collapse -->      </div>    </nav>     <div class="container">      <div class="starter-template">        <h1 th:text="${msg.title}"></h1>        <p class="bg-primary" th:text="${msg.content}"></p>        <div sec:authorize="hasRole('ROLE_ADMIN')"> <!-- 3 -->            <p class="bg-info" th:text="${msg.etraInfo}"></p>        </div>          <div sec:authorize="hasRole('ROLE_USER')"> <!-- 4-->            <p class="bg-info">无更多信息显示</p>        </div>          <form th:action="@{/logout}" method="post">            <input type="submit" class="btn btn-primary" value="注销"/><!-- 5 -->        </form>      </div>    </div></body></html>

login.html

<!DOCTYPE html><html xmlns:th="http://www.thymeleaf.org"><head><meta content="text/html;charset=UTF-8"/><title>登录页面</title><link rel="stylesheet" th:href="@{css/bootstrap.min.css}"/><style type="text/css">    body {  padding-top: 50px;}.starter-template {  padding: 40px 15px;  text-align: center;}</style></head><body>     <nav class="navbar navbar-inverse navbar-fixed-top">      <div class="container">        <div class="navbar-header">          <a class="navbar-brand" href="#">Spring Security演示</a>        </div>        <div id="navbar" class="collapse navbar-collapse">          <ul class="nav navbar-nav">           <li><a th:href="@{/}"> 首页 </a></li>          </ul>        </div><!--/.nav-collapse -->      </div>    </nav>     <div class="container">      <div class="starter-template">       <p th:if="${param.logout}" class="bg-warning">已成功注销</p><!-- 1 -->            <p th:if="${param.error}" class="bg-danger">有错误，请重试</p> <!-- 2 -->            <h2>使用账号密码登录</h2>            <form name="form" th:action="@{/login}" action="/login" method="POST"> <!-- 3 -->                <div class="form-group">                    <label for="username">账号</label>                    <input type="text" class="form-control" name="username" value="" placeholder="账号" />                </div>                <div class="form-group">                    <label for="password">密码</label>                    <input type="password" class="form-control" name="password" placeholder="密码" />                </div>                <input type="submit" id="login" value="Login" class="btn btn-primary" />            </form>      </div>    </div></body></html>

注:学自 <<javaEE 开发的颠覆者 spring boot 实战>>