Spring-Security使用
环境搭建
4.0.0
com.chauncy
spring-security-demom
0.0.1-SNAPSHOT
spring-security-demom
Demo project for Spring Boot
1.8
UTF-8
UTF-8
2.3.7.RELEASE
org.springframework.boot
spring-boot-starter-security
org.springframework.boot
spring-boot-starter-web
com.baomidou
mybatis-plus-boot-starter
3.4.2
mysql
mysql-connector-java
runtime
org.springframework.boot
spring-boot-starter-test
test
org.junit.vintage
junit-vintage-engine
org.springframework.security
spring-security-test
test
org.springframework.boot
spring-boot-dependencies
${spring-boot.version}
pom
import
org.apache.maven.plugins
maven-compiler-plugin
3.8.1
1.8
1.8
UTF-8
org.springframework.boot
spring-boot-maven-plugin
2.3.7.RELEASE
com.chauncy.SpringSecurityDemomApplication
repackage
repackage
# 应用名称
spring.application.name=spring-security-demom
# 应用服务 WEB 访问端口
server.port=8080
# 数据库驱动:
spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver
# 数据源名称
spring.datasource.name=defaultDataSource
# 数据库连接地址
spring.datasource.url=jdbc:mysql://192.168.7.17:3306/chauncy?serverTimezone=Asia/Shanghai&characterEncoding=utf8&useSSL=false&zeroDateTimeBehavior=convertToNull&allowPublicKeyRetrieval=true
# 数据库用户名&密码:
spring.datasource.username=meifute
spring.datasource.password=meifute
基础认证
Security 配置类
package com.chauncy.config;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
//.passwordEncoder(new CustomPasswordEncoder())
.passwordEncoder(new BCryptPasswordEncoder())
// {bcrypt}123
.withUser("user").password(new BCryptPasswordEncoder().encode("123")).authorities("USER")
.and()
.withUser("admin").password(new BCryptPasswordEncoder().encode("123")).authorities("ADMIN", "USER")
.and()
.withUser("chauncy").password(new BCryptPasswordEncoder().encode("123")).authorities("OK");
// 在数据库中存取密码的修改方式
//auth.userDetailsService(接口).passwordEncoder(new BCryptPasswordEncoder())
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.formLogin().failureUrl("/error").failureForwardUrl("/login")
.and().httpBasic()
.and().authorizeRequests()
.antMatchers("/img
.and().rememberMe().tokenValiditySeconds(600).key("caikey");
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
public static class CustomPasswordEncoder implements PasswordEncoder {
@Override
public String encode(CharSequence charSequence) {
return charSequence.toString();
}
@Override
public boolean matches(CharSequence charSequence, String s) {
return s.equals(charSequence.toString());
}
}
}
controller
package com.chauncy.controller;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;
import javax.servlet.http.HttpServletRequest;
@RestController
//@RequestMapping("/admin")
public class MainController {
@GetMapping("/admin/api/hello")
public String hello(HttpServletRequest request){
System.out.println("request.getRemoteUser()用户: " + request.getRemoteUser());
UserDetails ud = (UserDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
System.out.println("SecurityContextHolder用户: " + ud.getUsername());
System.out.println(ud.getPassword());
for (GrantedAuthority authority : ud.getAuthorities()) {
System.out.println("角色: " + authority);
}
return "hello";
}
@GetMapping("/api/hello")
//@PreAuthorize("OK")
public String ww(HttpServletRequest request){
System.out.println("request.getRemoteUser()用户: " + request.getRemoteUser());
UserDetails ud = (UserDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
System.out.println("SecurityContextHolder用户: " + ud.getUsername());
System.out.println(ud.getPassword());
for (GrantedAuthority authority : ud.getAuthorities()) {
System.out.println("角色: " + authority);
}
return "world";
}
@GetMapping("/error")
//@PreAuthorize("OK")
public String error(){
return "ERROR: 请重新登录!!!";
}
}
使用数据库进行认证
CREATE TABLE `user_sec` (
`id` bigint(20) NOT NULL,
`username` varchar(20) NOT NULL,
`password` varchar(66) NOT NULL,
`roles` varchar(255) DEFAULT NULL,
`enabled` tinyint(1) NOT NULL,
PRIMARY KEY (`id`) USING BTREE,
UNIQUE KEY `indx_user` (`username`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4
package com.chauncy.config;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Qualifier("userDetailsServiceImpl")
@Autowired
UserDetailsService userDetailsService;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
//auth.inMemoryAuthentication()
// //.passwordEncoder(new CustomPasswordEncoder())
// .passwordEncoder(new BCryptPasswordEncoder())
// // {bcrypt}123
// .withUser("user").password(new BCryptPasswordEncoder().encode("123")).roles("USER")
// .and()
// .withUser("admin").password(new BCryptPasswordEncoder().encode("123")).roles("ADMIN", "USER")
// .and()
// .withUser("chauncy").password(new BCryptPasswordEncoder().encode("123")).roles("OK");
// 在数据库中存取密码的修改方式
DaoAuthenticationProvider daoAuthProvider = new DaoAuthenticationProvider();
daoAuthProvider.setPasswordEncoder(passwordEncoder());
// userDetailsService 是查询数据库的接口
daoAuthProvider.setUserDetailsService(userDetailsService);
auth.authenticationProvider(daoAuthProvider);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.formLogin().failureUrl("/error").failureForwardUrl("/login")
.and().httpBasic()
.and().authorizeRequests()
.antMatchers("/img
.and().rememberMe().tokenValiditySeconds(600).key("caikey");
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
public static class CustomPasswordEncoder implements PasswordEncoder {
@Override
public String encode(CharSequence charSequence) {
return charSequence.toString();
}
@Override
public boolean matches(CharSequence charSequence, String s) {
return s.equals(charSequence.toString());
}
}
}
package com.chauncy.service.impl;
import com.chauncy.entity.UserSec;
import com.chauncy.service.mapper.UserSecMapper;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Component;
@Component
public class UserDetailsServiceImpl implements UserDetailsService {
@Autowired
private UserSecMapper mapper;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
// 查询数据库 包含用户名 密码 还有权限
UserSec user = mapper.selectByUsername(username);
return new User(username, user.getPassword(), AuthorityUtils.createAuthorityList(user.getRoles()));
}
}
