第八篇:Spring-security实现用户权限认证登录
spring-security原本是Acegi Security组件,该组件是一个强大的安全框架,但是使用方式很繁琐,要配置几百行XML。集成进Spring后,就可以通过xml或者JavaConfig的方式,很容易的就实现了系统的集成。下面示例展示了通过JavaConfig的方式集成spring-security安全框架
1,实现AbstractSecurityWebApplicationInitializer,只用写好一个实现类就可以了,Spring系统会发现他,并用他在web容器中注册DelegetingFilterProxy。DelegetingFilterProxy会拦截发往应用中的请求。并将请求委托给一个ID为springSecurityFilterChain的bean,该bean可以连接一个或任意多个Filter,Spring security就是依赖着一系列servlet filter来提供不同的安全特性。这些细节我们不用管,当启用web安全性时,会自动创建这些filter。
package com.halfworlders.idat.security;
import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;
public class SecurityWebInitializer extends AbstractSecurityWebApplicationInitializer {
}
2,创建SecurityConfig
package com.halfworlders.idat.config;
import javax.sql.DataSource;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.password.StandardPasswordEncoder;
import com.halfworlders.idat.security.IdatUserDetailsService;
import com.halfworlders.idat.service.Userservice;
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
// @Autowired
// private DataSource dataSource;
@Autowired
private Userservice userservice;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
/*
* 可以通过内存设置的方式,来做用户登录验证,此种方式比较适合开发和测试阶段使用
*/
/*auth
.inMemoryAuthentication()
.withUser("admin")
.password("admin")
.roles("ADMIN");*/
/*
* 可以通过数据源设置的方式,直接基于数据库的验证,还可以设置密码加密,
* 但此种方式要求数据库的用户表结构必须符合spring-security的要求
* 一下配上sql
*/
/*auth
.jdbcAuthentication()
.dataSource(dataSource)
.passwordEncoder(new StandardPasswordEncoder("idatpwd"));*/
/*
* 最好的是基于UserDetailService的接口方式,这样spring-security并不知道系统通过什么样的方式来实现用户数据验证
* 开发人员可以在接口内以任意方式实现,增加了系统的灵活性
*/
auth.userDetailsService(new IdatUserDetailsService(userservice));
}
}
3,在TilesWebConfig中导入配置
@Configuration
@EnableWebMvc
@ComponentScan(basePackages = "com.halfworlders.idat.controller")
@Import(SecurityConfig.class)
public class TilesWebConfig extends WebMvcConfigurerAdapter {
。。。。。
}
只需这三步,就能轻松的启用了Spring security安全框架
另外再需要实现UserDetailsService
package com.halfworlders.idat.security;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import com.halfworlders.idat.service.Userservice;
public class IdatUserDetailsService implements UserDetailsService{
private final Userservice userservice;
public IdatUserDetailsService(Userservice userservice) {
this.userservice = userservice;
}
@Override
public UserDetails loadUserByUsername(String userName) throws UsernameNotFoundException {
User user = userservice.findUserByName(userName);
if (null != user) {
return user;
}
throw new UsernameNotFoundException("User name" + userName + "not find");
}
}
package com.halfworlders.idat.service;
import org.springframework.security.core.userdetails.User;
public interface Userservice {
User findUserByName(String userName);
}
package com.halfworlders.idat.service.impl;
import java.util.ArrayList;
import java.util.List;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.stereotype.Service;
import com.halfworlders.idat.service.Userservice;
@Service
public class UserServiceImpl implements Userservice {
@Override
public User findUserByName(String userName) {
List grantedAuthorities = new ArrayList();
grantedAuthorities.add(new SimpleGrantedAuthority("ROLE_ADMIN"));
return new User(userName, "admin", grantedAuthorities);
}
}
mysql-sql
SET FOREIGN_KEY_CHECKS=0;
-- ----------------------------
-- Table structure for authorities
-- ----------------------------
DROP TABLE IF EXISTS `authorities`;
CREATE TABLE `authorities` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`username` varchar(20) DEFAULT NULL,
`authority` varchar(50) DEFAULT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=utf8;
-- ----------------------------
-- Table structure for groups
-- ----------------------------
DROP TABLE IF EXISTS `groups`;
CREATE TABLE `groups` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`groupName` varchar(50) DEFAULT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=3 DEFAULT CHARSET=utf8;
-- ----------------------------
-- Table structure for group_authorities
-- ----------------------------
DROP TABLE IF EXISTS `group_authorities`;
CREATE TABLE `group_authorities` (
`group_Id` int(11) NOT NULL AUTO_INCREMENT,
`authority` varchar(50) DEFAULT NULL,
PRIMARY KEY (`group_Id`)
) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=utf8;
-- ----------------------------
-- Table structure for group_members
-- ----------------------------
DROP TABLE IF EXISTS `group_members`;
CREATE TABLE `group_members` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`userName` varchar(20) DEFAULT NULL,
`group_Id` int(11) DEFAULT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=utf8;
-- ----------------------------
-- Table structure for users
-- ----------------------------
DROP TABLE IF EXISTS `users`;
CREATE TABLE `users` (
`id` int(8) NOT NULL AUTO_INCREMENT,
`userName` varchar(20) DEFAULT NULL,
`password` varchar(50) DEFAULT NULL,
`enabled` tinyint(4) DEFAULT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=utf8;