一:
1.user表中添加两个字段(最后两个字段)
2.创建role和user_role
user_role
两个表中的数据:
3.在自己的项目中添加依赖(pom.xml)
org.springframework.boot spring-boot-starter-security
添加后重启服务器访问:http://localhost:9090/login,会有一个自动调用的登陆界面,
添加后如果再访问自己的控制层接口就会自动弹出此登陆界面,之后就直接访问不了自己设 置的接口
以上为简单的默认安全机制的设置。
二:自定义设置(我自己项目中的操作):
1.创建Role.java的pojo 。
2.自己的User类继承UserDetails。
package com.example.pojo;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import java.io.Serializable;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
public class User implements UserDetails, Serializable {
private long uid;
private String name;
private long sex;
private String phone;
private String area;
private long manager;
private String username;
private String password;
private String photo;
private List roles;
private Boolean enabled;//账号的两种状态
private Boolean locked;
public List getRoles() {
return roles;
}
public void setRoles(List roles) {
this.roles = roles;
}
public Boolean getEnabled() {
return enabled;
}
public void setEnabled(Boolean enabled) {
this.enabled = enabled;
}
public Boolean getLocked() {
return locked;
}
public void setLocked(Boolean locked) {
this.locked = locked;
}
private java.sql.Timestamp createTime;
public long getUid() {
return uid;
}
public void setUid(long uid) {
this.uid = uid;
}
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
public long getSex() {
return sex;
}
public void setSex(long sex) {
this.sex = sex;
}
public String getPhone() {
return phone;
}
public void setPhone(String phone) {
this.phone = phone;
}
public String getArea() {
return area;
}
public void setArea(String area) {
this.area = area;
}
public long getManager() {
return manager;
}
public void setManager(long manager) {
this.manager = manager;
}
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
public String getPhoto() {
return photo;
}
public void setPhoto(String photo) {
this.photo = photo;
}
public java.sql.Timestamp getCreateTime() {
return createTime;
}
public void setCreateTime(java.sql.Timestamp createTime) {
this.createTime = createTime;
}
@Override
public boolean isAccountNonExpired() {//账号未过期
return true;
}
@Override
public boolean isAccountNonLocked() {//账号未锁定
return !locked;
}
@Override
public boolean isCredentialsNonExpired() {//密码为过期
return true;
}
@Override
public boolean isEnabled() {//账号是否可用
return enabled;
}
@Override
public Collection getAuthorities(){
List authorities=new ArrayList<>();
if (roles!=null){
for (Role role:roles){
authorities.add(new SimpleGrantedAuthority(role.getRname()));
}
}
return authorities;
}
}
3.在service包下创建UserDetailServiceImpl.java UserDetailServiceImpl.java
package com.example.service;
import com.example.dao.UserMapper;
import com.example.pojo.User;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
@Service
public class UserDetailServiceImpl implements UserDetailsService {
@Autowired
UserMapper userMapper;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
User user = userMapper.loadUserByUsername(username);
if (user == null) {
throw new UsernameNotFoundException("账号不存在");
}
//密码比对不需要自己写代码对比
user.setRoles(userMapper.getUserRolesByUid(user.getUid()));
return user;
}
}
UserMapper.java(新加的两个方法)
@Select("select * from user where username=#{username}")
User loadUserByUsername(String username);
@Select("select * from role r,user_role ur where r.rid=ur.rid and ur.uid=#{uid}")
List getUserRolesByUid(long uid);
4. 配置Spring Security,(在config包下创建WebSecurityConfig.java)
WebSecurityConfig.java
package com.example.config;
import com.example.service.UserDetailServiceImpl;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
UserDetailServiceImpl userDetailService;
// @Bean
// PasswordEncoder passwordEncoder() {
// System.out.println("password");
// return new BCryptPasswordEncoder();//对密码进行了加密
// }
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailService).passwordEncoder(NoOpPasswordEncoder.getInstance());//密码没加密
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeHttpRequests()
//访问路径
.antMatchers("/user
@RequestMapping("/user")
