热门标签
热门文章
- 1PyCharm免费安装和新手使用教程_pycharm免费版
- 2Pytorch实现Seq2Seq(Attention)字符级机器翻译_nn.module 简单翻译
- 3Nginx使用SSL加密并隐藏真实地址详细教程_nginx 隐藏真实的url
- 4鼠标悬停,出现另一个元素,点击这个元素的解决方法_悬浮元素出现一个按钮
- 5Keras-5-深度学习用于文本和序列-处理文本数据_keras 预训练网络一维序列分类
- 62018android面试宝典,2024京东Android面试真题解析
- 7【VSCode】支持argparser/接受命令行参数_argparse vscode
- 8前端调取接口格式vue_前端network里的接口变成了collect,该怎样转变回正常网址
- 9人工智能程序员应该有什么职业素养?_keeping neural networks simple by minimizing the d
- 10强光环境下阴影消除算法_去除路面阴影干扰的算法
当前位置: article > 正文
springboot基于数据库的认证Spring Security_spring boot+spring security实现用户的登录登出配置基于数据库的认证信息和角
作者:爱喝兽奶帝天荒 | 2024-07-03 16:04:09
赞
踩
spring boot+spring security实现用户的登录登出配置基于数据库的认证信息和角色
Spring Boot针对Spring Security提供了自动化配置方案,因此可以使Spring Security非常容易地整合进Spring Boot项目中,这也是在Spring Boot项目中使用Spring Security的优势。
基本用法
创建项目,添加依赖
创建一个Spring Boot Web项目,然后添加spring-boot-starter-security依赖即可,代码如下:
- <dependency>
- <groupId>org.springframework.boot</groupId>
- <artifactId>spring-boot-starter-security</artifactId>
- </dependency>
- <dependency>
- <groupId>org.springframework.boot</groupId>
- <artifactId>spring-boot-starter-web</artifactId>
- </dependency>
只要开发者在项目中添加了spring-boot-starter-security依赖,项目中所有资源都会被保护起来。
添加hello接口
接下来在项目中添加一个简单的/hello接口,内容如下:
- package com.shrimpking.controller;
-
- import org.springframework.web.bind.annotation.GetMapping;
- import org.springframework.web.bind.annotation.RestController;
-
- /**
- * Created by IntelliJ IDEA.
- *
- * @Author : Shrimpking
- * @create 2023/6/6 17:22
- */
- @RestController
- public class HelloController
- {
- @GetMapping("/hello")
- public String hello()
- {
- return "hello";
- }
- }
配置用户名和密码
如果开发者对默认的用户名和密码不满意,可以在application.properties中配置默认的用户名、密码以及用户角色,配置方式如下:
- server.port=8099
-
- spring.security.user.name=user
- spring.security.user.password=1234
- spring.security.user.roles=admin
启动项目测试
接下来启动项目,启动成功后,访问/hello接口会自动跳转到登录页面,这个登录页面是由Spring Security提供的,如图所示。
基于数据库的认证
在真实项目中,用户的基本信息以及角色等都存储在数据库中,因此需要从数据库中获取数据进行认证。介绍如何使用数据库中的数据进行认证和授权。
设计数据表
首先需要设计一个基本的用户角色表,一共三张表,分别是用户表、角色表以及用户角色关联表。为了方便测试,预置几条测试数据
- drop table if EXISTS r_user;
- create table r_user(
- id int(11) not null auto_increment primary key,
- userName varchar(32) not null,
- password varchar(50) not null,
- enabled tinyint default 1 comment '是否启用,0未启用,1启用',
- locked tinyint default 0 comment '是否锁定,0锁定,1未锁定'
- ) comment '用户表';
- insert into r_user(userName,password) values ('root','1234');
- insert into r_user(userName,password) values ('admin','1234');
- insert into r_user(userName,password) values ('king','1234');
-
- drop table if EXISTS r_role;
- create table r_role(
- id int(11) not null auto_increment,
- name varchar(32) not null comment '角色英文名称',
- displayName varchar(32) not null comment '角色中文名称',
- primary key(id)
- ) comment '角色表';
- insert into r_role(name,displayName) values('ROLE_dba','数据库管理员');
- insert into r_role(name,displayName) values('ROLE_admin','系统管理员');
- insert into r_role(name,displayName) values('ROLE_user','用户');
-
- drop table if EXISTS r_user_role;
- create table r_user_role(
- id int(11) not null auto_increment primary key,
- userId int not null comment '用户id',
- roleId int not null comment '角色id'
- ) comment '用户角色关联表';
- insert into r_user_role(userId,roleId) values (1,1);
- insert into r_user_role(userId,roleId) values (1,2);
- insert into r_user_role(userId,roleId) values (1,3);
- insert into r_user_role(userId,roleId) values (2,2);
- insert into r_user_role(userId,roleId) values (2,3);
- insert into r_user_role(userId,roleId) values (3,3);
-
-
创建项目,选择MyBatis,因此创建Spring Boot Web项目添加如下依赖:
- <dependency>
- <groupId>org.springframework.boot</groupId>
- <artifactId>spring-boot-starter-security</artifactId>
- </dependency>
- <dependency>
- <groupId>org.springframework.boot</groupId>
- <artifactId>spring-boot-starter-web</artifactId>
- </dependency>
- <dependency>
- <groupId>org.mybatis.spring.boot</groupId>
- <artifactId>mybatis-spring-boot-starter</artifactId>
- <version>1.3.2</version>
- </dependency>
- <dependency>
- <groupId>mysql</groupId>
- <artifactId>mysql-connector-java</artifactId>
- <version>5.1.47</version>
- </dependency>
- <dependency>
- <groupId>com.alibaba</groupId>
- <artifactId>druid</artifactId>
- <version>1.1.10</version>
- </dependency>
配置数据库
在application.properties中进行数据库连接配置:
- server.port=8099
- #数据源
- spring.datasource.type=com.alibaba.druid.pool.DruidDataSource
- spring.datasource.driver-class-name=com.mysql.jdbc.Driver
- spring.datasource.url=jdbc:mysql://localhost:3306/test?useUnicode=true&characterEncoding=utf-8&useSSL=false&serverTimeZone=UTC
- spring.datasource.username=root
- spring.datasource.password=mysql123
创建实体类
分别创建角色表和用户表对应的实体类,代码如下:
Role.java
- package com.shrimpking.pojo;
-
- /**
- * Created by IntelliJ IDEA.
- *
- * @Author : Shrimpking
- * @create 2023/6/6 18:27
- */
- public class Role
- {
- private String id;
- private String name;
- private String displayName;
-
- public Role()
- {
- }
-
- public Role(String name, String displayName)
- {
- this.name = name;
- this.displayName = displayName;
- }
-
- public String getId()
- {
- return id;
- }
-
- public void setId(String id)
- {
- this.id = id;
- }
-
- public String getName()
- {
- return name;
- }
-
- public void setName(String name)
- {
- this.name = name;
- }
-
- public String getDisplayName()
- {
- return displayName;
- }
-
- public void setDisplayName(String displayName)
- {
- this.displayName = displayName;
- }
-
- @Override
- public String toString()
- {
- return "Role{" + "id='" + id + '\'' + ", name='" + name + '\'' + ", displayName='" + displayName + '\'' + '}';
- }
- }
User.java
- package com.shrimpking.pojo;
-
- import org.springframework.security.core.GrantedAuthority;
- import org.springframework.security.core.authority.SimpleGrantedAuthority;
- import org.springframework.security.core.userdetails.UserDetails;
-
- import java.util.ArrayList;
- import java.util.Collection;
- import java.util.List;
-
- /**
- * Created by IntelliJ IDEA.
- *
- * @Author : Shrimpking
- * @create 2023/6/6 18:29
- */
- public class User implements UserDetails
- {
- private int id;
- private String userName;
- private String password;
- private boolean enabled;
- private boolean locked;
- private List<Role> roles;
-
- public User()
- {
- }
-
- public User(String userName, String password)
- {
- this.userName = userName;
- this.password = password;
- }
-
- public int getId()
- {
- return id;
- }
-
- public void setId(int id)
- {
- this.id = id;
- }
-
- public String getUserName()
- {
- return userName;
- }
-
- public void setUserName(String userName)
- {
- this.userName = userName;
- }
-
- /**
- * 获取当前用户对象的密码
- * @return
- */
- @Override
- public String getPassword()
- {
- return password;
- }
-
- public void setPassword(String password)
- {
- this.password = password;
- }
-
- /**
- * 当前账号是否可用
- * @return
- */
- @Override
- public boolean isEnabled()
- {
- return enabled;
- }
-
- public void setEnabled(boolean enabled)
- {
- this.enabled = enabled;
- }
-
- public boolean isLocked()
- {
- return locked;
- }
-
- public void setLocked(boolean locked)
- {
- this.locked = locked;
- }
-
- public List<Role> getRoles()
- {
- return roles;
- }
-
- public void setRoles(List<Role> roles)
- {
- this.roles = roles;
- }
-
- @Override
- public String toString()
- {
- return "User{" + "id=" + id + ", userName='" + userName + '\'' + ", password='" + password + '\'' + ", enabled=" + enabled + ", locked=" + locked + ", roles=" + roles + '}';
- }
-
-
- /**
- * 获取当前用户对象所具有的角色信息
- * @return
- */
- @Override
- public Collection<? extends GrantedAuthority> getAuthorities()
- {
-
- List<SimpleGrantedAuthority> authorities = new ArrayList<>();
- for (Role role : roles)
- {
- authorities.add(new SimpleGrantedAuthority(role.getName()));
- }
- return authorities;
- }
-
- /**
- * 获取当前用户对象的用户名
- * @return
- */
- @Override
- public String getUsername()
- {
- return userName;
- }
-
- /**
- * 当前账号是否未过期
- * @return
- */
- @Override
- public boolean isAccountNonExpired()
- {
- return true;
- }
-
- /**
- * 当前账号是否未锁定
- * @return
- */
- @Override
- public boolean isAccountNonLocked()
- {
- return !locked;
- }
-
- /**
- * 当前账号密码是否未过期
- * @return
- */
- @Override
- public boolean isCredentialsNonExpired()
- {
- return true;
- }
- }
代码解释:
• 用户实体类需要实现UserDetails接口,并实现该接口中的7个方法,getAuthorities,getUsername,isAccountNonExpired,isAccountNonLocked,isCredentialsNonExpired,isEnabled,getPassword。
用户根据实际情况设置这7个方法的返回值。因为默认情况下不需要开发者自己进行密码角色等信息的比对,开发者只需要提供相关信息即可,例如getPassword()方法返回的密码和用户输入的登录密码不匹配,会自动抛出BadCredentialsException异常,isAccountNonExpired()方法返回了false,会自动抛出AccountExpiredException异常,因此对开发者而言,只需要按照数据库中的数据在这里返回相应的配置即可。本案例因为数据库中只有enabled和locked字段,故账户未过期和密码未过期两个方法都返回true。
• getAuthorities()方法用来获取当前用户所具有的角色信息,本案例中,用户所具有的角色存储在roles属性中,因此该方法直接遍历roles属性,然后构造SimpleGrantedAuthority集合并返回。
创建UserService
接下来创建UserService,代码如下:
- package com.shrimpking.service;
-
- import com.shrimpking.mapper.UserMapper;
- import com.shrimpking.pojo.User;
- import org.springframework.beans.factory.annotation.Autowired;
- import org.springframework.security.core.userdetails.UserDetails;
- import org.springframework.security.core.userdetails.UserDetailsService;
- import org.springframework.security.core.userdetails.UsernameNotFoundException;
- import org.springframework.stereotype.Service;
-
- /**
- * Created by IntelliJ IDEA.
- *
- * @Author : Shrimpking
- * @create 2023/6/6 19:01
- */
- @Service
- public class UserService implements UserDetailsService
- {
- @Autowired
- private UserMapper userMapper;
-
- @Override
- public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException
- {
- User user = userMapper.loadUserByUsername(username);
- if(user == null)
- {
- throw new UsernameNotFoundException("账号不存在");
- }
- user.setRoles(userMapper.getUserRolesByUid(user.getId()));
- return user;
- }
- }
代码解释:
定义UserService实现UserDetailsService接口,并实现该接口中的loadUserByUsername方法,该方法的参数就是用户登录时输入的用户名,通过用户名去数据库中查找用户,如果没有查找到用户,就抛出一个账户不存在的异常,如果查找到了用户,就继续查找该用户所具有的角色信息,并将获取到的user对象返回,再由系统提供的DaoAuthenticationProvider类去比对密码是否正确。
• loadUserByUsername方法将在用户登录时自动调用。
还涉及UserMapper和UserMapper.xml,相关源码如下:
UserMapper.java
- package com.shrimpking.mapper;
-
-
- import com.shrimpking.pojo.Role;
- import com.shrimpking.pojo.User;
- import org.apache.ibatis.annotations.Mapper;
-
- import java.util.List;
-
- /**
- * Created by IntelliJ IDEA.
- *
- * @Author : Shrimpking
- * @create 2023/6/6 19:02
- */
- @Mapper
- public interface UserMapper
- {
- User loadUserByUsername(String username);
- List<Role> getUserRolesByUid(int id);
- }
UserMapper.xml
- <?xml version="1.0" encoding="UTF-8" ?>
- <!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
- "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
- <mapper namespace="com.shrimpking.mapper.UserMapper">
-
- <select id="loadUserByUsername" resultType="com.shrimpking.pojo.User">
- select id,userName,password,enabled,locked
- from r_user where userName = #{userName}
- </select>
-
- <select id="getUserRolesByUid" resultType="com.shrimpking.pojo.Role">
- select
- r.id,
- r.name,
- r.displayName
- from r_role r,r_user_role ur
- where r.id = ur.roleId
- and ur.userId = #{id}
- </select>
-
- </mapper>
配置Spring Security
接下来对Spring Security进行配置,代码如下:
- package com.shrimpking.config;
-
- import com.shrimpking.service.UserService;
- import org.springframework.beans.factory.annotation.Autowired;
- import org.springframework.context.annotation.Bean;
- import org.springframework.context.annotation.Configuration;
- import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
- import org.springframework.security.config.annotation.web.builders.HttpSecurity;
- import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
- import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
- import org.springframework.security.crypto.password.NoOpPasswordEncoder;
- import org.springframework.security.crypto.password.PasswordEncoder;
-
- /**
- * Created by IntelliJ IDEA.
- *
- * @Author : Shrimpking
- * @create 2023/6/6 19:20
- */
- @Configuration
- public class WebSecurityConfig extends WebSecurityConfigurerAdapter
- {
- @Autowired
- private UserService userService;
-
- @Bean
- PasswordEncoder passwordEncoder()
- {
- //return new BCryptPasswordEncoder(10); //默认10,取值范围4-31之间
-
- //本案例使用NoOpPasswordEncoder,即不对密码进行加密。
- return NoOpPasswordEncoder.getInstance();
- }
-
- @Override
- protected void configure(AuthenticationManagerBuilder auth) throws Exception
- {
- auth.userDetailsService(userService);
- }
-
- @Override
- protected void configure(HttpSecurity http) throws Exception
- {
- http.authorizeRequests()
- .antMatchers("/admin/**").hasRole("admin")
- .antMatchers("/db/**").hasRole("dba")
- .antMatchers("/user/**").hasRole("user")
- .anyRequest().authenticated()
- .and()
- .formLogin()
- .loginProcessingUrl("/login").permitAll()
- .and()
- .csrf().disable();
- }
-
- }
-
- /*
- 首先配置了三个用户,
- root用户具备ADMIN和DBA的角色,
- admin用户具备ADMIN和USER的角色,
- king用户具备USER的角色。
-
- 调用authorizeRequests()方法开启HttpSecurity的配置,
- antMatchers配置分别表示用户访问“/admin/**”模式的URL必须具备ADMIN的角色;
- antMatchers用户访问“/user/**”模式的URL必须具备ADMIN或USER的角色;
- antMatchers用户访问“/db/**”模式的URL必须具备ADMIN和DBA的角色。
- anyRequest用户访问URL都必须认证后访问(登录后访问)。
- formLogin表示开启表单登录,即读者一开始看到的登录页面,
- loginProcessingUrl同时配置了登录接口为“/login”,即可以直接调用“/login”接口,
- 发起一个POST请求进行登录,登录参数中用户名必须命名为username,
- 密码必须命名为password,
- 配置loginProcessingUrl接口主要是方便Ajax或者移动端调用登录接口。
- permitAll,表示和登录相关的接口都不需要认证即可访问。
- 表示关闭csrf。
- */
创建Controller进行测试了,
HelloController.java
- package com.shrimpking.controller;
-
- import org.springframework.web.bind.annotation.GetMapping;
- import org.springframework.web.bind.annotation.RestController;
-
- /**
- * Created by IntelliJ IDEA.
- *
- * @Author : Shrimpking
- * @create 2023/6/6 19:29
- */
- @RestController
- public class HelloController
- {
- @GetMapping("/admin/hello")
- public String admin()
- {
- return "hello admin";
- }
-
- @GetMapping("/user/hello")
- public String user()
- {
- return "hello user";
- }
-
- @GetMapping("/db/hello")
- public String dba()
- {
- return "hello dba";
- }
-
- @GetMapping("/hello")
- public String hello()
- {
- return "hello";
- }
- }
记得pom.xml中过滤条件的配置
- <resources>
- <resource>
- <directory>src/main/java</directory>
- <includes>
- <include>**/*.xml</include>
- <include>**/*.properties</include>
- </includes>
- <filtering>false</filtering>
- </resource>
- <resource>
- <directory>src/main/resources</directory>
- <includes>
- <include>**/*.xml</include>
- <include>**/*.properties</include>
- </includes>
- <filtering>false</filtering>
- </resource>
- </resources>
权限大小依次为 root > admin > king。
声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/爱喝兽奶帝天荒/article/detail/783735
推荐阅读
相关标签
