JSP中使用SpringBoot Security步骤

1. 引入POM文件

<parent>        <groupId>org.springframework.boot</groupId>        <artifactId>spring-boot-starter-parent</artifactId>        <version>1.3.3.RELEASE</version>        <relativePath /> <!-- lookup parent from repository -->    </parent>    <dependencies>        <dependency>            <groupId>org.springframework.boot</groupId>            <artifactId>spring-boot-starter-web</artifactId>        </dependency>        <dependency>            <groupId>org.apache.tomcat.embed</groupId>            <artifactId>tomcat-embed-jasper</artifactId>            <scope>provided</scope>        </dependency>        <dependency>            <groupId>mysql</groupId>            <artifactId>mysql-connector-java</artifactId>            <version>5.1.9</version>        </dependency>        <dependency>            <groupId>javax.servlet</groupId>            <artifactId>jstl</artifactId>        </dependency>        <dependency>            <groupId>org.springframework.boot</groupId>            <artifactId>spring-boot-starter-test</artifactId>            <scope>test</scope>        </dependency>        <dependency>            <groupId>org.springframework.boot</groupId>            <artifactId>spring-boot-starter-security</artifactId>        </dependency>        <dependency>            <groupId>org.springframework.boot</groupId>            <artifactId>spring-boot-starter-data-jpa</artifactId>        </dependency>        <dependency>            <groupId>org.springframework.security</groupId>            <artifactId>spring-security-taglibs</artifactId>        </dependency>        <dependency>            <groupId>com.oracle</groupId>            <artifactId>ojdbc6</artifactId>            <version>11.2.0.1.0</version>        </dependency>    </dependencies>    <build>        <finalName>springboot-web-jsp</finalName>        <plugins>            <plugin>                <groupId>org.springframework.boot</groupId>                <artifactId>spring-boot-maven-plugin</artifactId>            </plugin>        </plugins>    </build>

2.创建角色和用户表

（1）@Entity@Table(name="SYS_ROLES")public class SysRole extends BaseEntity{    private static final long serialVersionUID = 5799265763294090239L;    private String name;    public String getName() {        return name;    }    public void setName(String name) {        this.name = name;    }}（2）：**用户表需要实现UserDetails接口，重写getAuthorities（）方法**@Entity()@Table(name="SYS_USERS")public class SysUser extends BaseEntity implements UserDetails{    private static final long serialVersionUID = 2060489721205695393L;    private String username;    private String password;    @ManyToMany(cascade={CascadeType.REFRESH},fetch=FetchType.EAGER)    private List<SysRole> roles;    @Override    public Collection<? extends GrantedAuthority> getAuthorities() {        List<GrantedAuthority> authorities=new ArrayList<GrantedAuthority>();        List<SysRole> sysRoles=this.getRoles();        for (SysRole sysRole : sysRoles) {            authorities.add(new SimpleGrantedAuthority(sysRole.getName()));        }        return authorities;    }}

3.编写Repository，Service类

（1）：我是使用的JPA来实现数据访问，此处根据你项目需要来选择需要的Repository接口public interface SysUserRepository extends JpaRepository<SysUser, String>{    SysUser findByUsername(String name);}（2）：**service需要实现UserDetailsService接口，重写loadUserByUsername方法，引入需要的Repository来访问数据库**@Servicepublic class SysUserService implements UserDetailsService{    @Autowired    SysUserRepository sysUserRepository;    @Override    public UserDetails loadUserByUsername(String name)            throws UsernameNotFoundException {        SysUser sysUser=sysUserRepository.findByUsername(name);        if(sysUser==null){            throw new UsernameNotFoundException("该用户不存在！");        }        return sysUser;    }}

4.写SecurityConfig配置文件

@Configurationpublic class SecurityConfig extends WebSecurityConfigurerAdapter {    @Bean    UserDetailsService sysUserService() {        return new SysUserService();    }    @Override    public void configure(WebSecurity web) throws Exception {        web.ignoring().antMatchers("/static/**");    }    @Override    protected void configure(HttpSecurity http) throws Exception {        //此处我把csrf校验取消，开始总是报错，就是它惹的祸        http.csrf().disable().authorizeRequests()                        .anyRequest().authenticated() //任何用户需要权限校验                        .and()                        .formLogin()                        .loginPage("/login")                        .failureUrl("/login?error")                        .permitAll()                         .and()                        .logout().permitAll();     }    @Override    protected void configure(AuthenticationManagerBuilder auth) throws Exception {        //校验注入Service        auth.userDetailsService(sysUserService());    }}

5.在JSP页面引入spring security标签

<%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %>     ROLE_ADMIN，ROLE_HR，ROLE_COMMON这些角色在sys_roles表中设置            <sec:authorize access="hasRole('ROLE_ADMIN')">                <div>                    <!-- 3 -->                    <p class="bg-info">${msg.content_admin}</p>                </div>            </sec:authorize>            <sec:authorize access="hasRole('ROLE_HR')">                <div>                    <!-- 3 -->                    <p class="bg-info">只有HR角色的人员才能看到</p>                </div>            </sec:authorize>            <sec:authorize access="hasRole('ROLE_COMMON')">                <div>                    <p class="bg-info">所以用户都能看到</p>                </div>            </sec:authorize>