1、创建需要的数据库
1.1用户表
CREATE TABLE user ( uid int(11) NOT NULL AUTO_INCREMENT, username varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL, password varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL, PRIMARY KEY (uid) USING BTREE ) ENGINE = InnoDB AUTO_INCREMENT = 11 CHARACTER SET = utf8 COLLATE = utf8_general_ci ROW_FORMAT = Dynamic;
1.2权限表
CREATE TABLE role ( rid int(11) NOT NULL AUTO_INCREMENT, role varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL, PRIMARY KEY (rid) USING BTREE ) ENGINE = InnoDB AUTO_INCREMENT = 3 CHARACTER SET = utf8 COLLATE = utf8_general_ci ROW_FORMAT = Dynamic;
1.3关系表
CREATE TABLE user_role ( id int(11) NOT NULL AUTO_INCREMENT, uid int(11) NULL DEFAULT NULL, rid int(11) NULL DEFAULT NULL, PRIMARY KEY (id) USING BTREE ) ENGINE = InnoDB AUTO_INCREMENT = 10 CHARACTER SET = utf8 COLLATE = utf8_general_ci ROW_FORMAT = Dynamic;
1.4添加测试数据
– 添加2个用户 INSERT INTO user VALUES (1, 'user', 'user123'); INSERT INTO user VALUES (1, 'admin', 'admin123'); – 添加2个角色 INSERT INTO role VALUES (1, 'user'); INSERT INTO role VALUES (2, 'admin'); – 2个用户,分别拥有1个角色 INSERT INTO user_role VALUES (1, 1, 1); INSERT INTO user_role VALUES (2, 2, 2);
2、创建一个springboot项目,名字随便,然后在项目的pom.xml中添加如下有关依赖
org.springframework.boot spring-boot-starter-web org.springframework.boot spring-boot-starter-test test org.springframework.boot spring-boot-starter-thymeleaf org.projectlombok lombok true org.springframework.boot spring-boot-starter-security org.thymeleaf.extras thymeleaf-extras-springsecurity5 org.mybatis.spring.boot mybatis-spring-boot-starter 2.2.0 com.alibaba druid 1.2.6 mysql mysql-connector-java 5.1.47 log4j log4j 1.2.17 org.springframework.boot spring-boot-maven-plugin org.projectlombok lombok src/main/java ***.*
3、创建项目结构包
4、在application-db.yml配置数据源
spring:
datasource:
username: root
password: 123456
#?serverTimezone=UTC解决时区的报错
url: jdbc:mysql://localhost:3306/mybatis?serverTimezone=UTC&useUnicode=true&characterEncoding=utf-8&useSSL=false
driver-class-name: com.mysql.jdbc.Driver
type: com.alibaba.druid.pool.DruidDataSource
#Spring Boot 默认是不注入这些属性值的,需要自己绑定
#druid 数据源专有配置
initialSize: 5
minIdle: 5
maxActive: 20
maxWait: 60000
timeBetweenEvictionRunsMillis: 60000
minEvictableIdleTimeMillis: 300000
validationQuery: SELECt 1 FROM DUAL
testWhileIdle: true
testOnBorrow: false
testOnReturn: false
poolPreparedStatements: true
#配置监控统计拦截的filters,stat:监控统计、log4j:日志记录、wall:防御sql注入
#如果允许时报错 java.lang.ClassNotFoundException: org.apache.log4j.Priority
#则导入 log4j 依赖即可,Maven 地址:https://mvnrepository.com/artifact/log4j/log4j
filters: stat,wall,log4j
maxPoolPreparedStatementPerConnectionSize: 20
useGlobalDataSourceStat: true
connectionProperties: druid.stat.mergeSql=true;druid.stat.slowSqlMillis=500
5、在application.properties做有关配置
#端口
server.port=8081
#添加application-db.yml
spring.profiles.active=db
#为实体类设置别名
mybatis.type-aliases-package=com.itlhc.pojo
#绑定mapper.xml
mybatis.mapper-locations=com/itlhc/dao
public class MD5Util {
private final static String[] hexDigits = {"0", "1", "2", "3", "4", "5", "6", "7",
"8", "9", "a", "b", "c", "d", "e", "f"};
public static String byteArrayToHexString(byte[] b) {
StringBuilder resultSb = new StringBuilder();
for (byte aB : b) {
resultSb.append(byteToHexString(aB));
}
return resultSb.toString();
}
private static String byteToHexString(byte b) {
int n = b;
if (n < 0) {
n = 256 + n;
}
int d1 = n / 16;
int d2 = n % 16;
return hexDigits[d1] + hexDigits[d2];
}
public static String pwdMd5(String password) {
String pwdMd5 = null;
try {
MessageDigest md = MessageDigest.getInstance("MD5");
byte[] array = md.digest(password.getBytes("UTF-8"));
StringBuilder sb = new StringBuilder();
for (byte item : array) {
sb.append(Integer.toHexString((item & 0xFF) | 0x100).substring(1, 3));
}
pwdMd5 = sb.toString().toLowerCase();
} catch (Exception e) {
e.printStackTrace();
}
return pwdMd5;
}
}
10、在config包下创建SecurityConfig配置类
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private MyUserDetailsService userDetailsService;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.userDetailsService(userDetailsService)
//密码加密方法
.passwordEncoder(new PasswordEncoder() {
//密码加密规则
@Override
public String encode(CharSequence charSequence) {
return MD5Util.pwdMd5((String) charSequence);
}
//密码校验规则
@Override
public boolean matches(CharSequence charSequence, String s) {
return encode(charSequence).equals(s);
}
});
}
@Override
protected void configure(HttpSecurity http) throws Exception {
//禁用跨域保护
http.csrf().disable();
//配置登出
http.logout().logoutUrl("/logout").logoutSuccessUrl("/LoginHtml").permitAll();
http
.formLogin()//自定义自己编写的登陆页面
.loginPage("/LoginHtml") //登录页面设置
.loginProcessingUrl("/user/login")//登录访问路劲(随便写)
.defaultSuccessUrl("/index1").permitAll()//登录成功之后跳转的页面
.and().authorizeRequests()
.antMatchers("/", "/user/login", "/LoginHtml","/registerUser","/registers").permitAll()//哪些路径可以直接访问,不需要验证
.antMatchers("/test2").hasAnyRole("user")//拥有该权限可以访问,hasAnyRole会自动添加ROLE_前缀
.antMatchers("/test3").hasAnyRole("admin")
;
//没有权限进行访问跳转的页面
http.exceptionHandling().accessDeniedPage("/unauth");
}
}
11、在controller包下创建LoginController登录控制类、RegisterController注册控制类、UserController用户控制类
11.1LoginController
@Controller
public class LoginController {
@GetMapping("test2")
@ResponseBody
public String test2(){
return "hello,test2";
}
@GetMapping("test3")
@ResponseBody
public String test3(){
return "hello,test3";
}
@GetMapping("index1")
public String index(){
return "user/index1";
}
@RequestMapping("LoginHtml")
public String loginHtml(){
return "user/login";
}
@GetMapping("unauth")
public String unauthHtml(){
return "user/unauth";
}
}
11.2RegisterController
@Controller
public class RegisterController {
@Autowired
private UserService userService;
@RequestMapping("registers")
public String registers(){
return "user/register";
}
@RequestMapping("registerUser")
public String register(User user){
int i = userService.insertUser(user);
userService.insertsqx(user);
System.out.println("注册成功:"+i);
return "user/login";
}
}
11.3UserController
@Controller
public class UserController {
@Autowired
private UserService userService;
@RequestMapping("/selectUser")
@ResponseBody
public List selectUserList(){
List users = userService.selectUser();
return users;
}
}
12、html页面
12.1index.html
Title
欢迎来到lhc信息管理系统
登录
注册
12.2login.html
Title
欢迎登录!
12.3register.html
Title
欢迎注册!
12.4index1.html
Title
全选
uid
username
password
操作
注销
test2
test3
12.5error.html
Title
发生错误
12.6unauth.html
Title
没有权限
