新建springboot项目就不在多赘述了,首先,pom.xml引入依赖有
4.0.0 com.pan demo 0.0.1-SNAPSHOT jar demo Demo project for Spring Boot org.springframework.boot spring-boot-starter-parent 2.0.4.RELEASE UTF-8 UTF-8 1.8 org.springframework.boot spring-boot-starter-jdbc org.springframework.boot spring-boot-starter-thymeleaf org.springframework.boot spring-boot-starter-web org.mybatis.spring.boot mybatis-spring-boot-starter 1.3.2 mysql mysql-connector-java runtime org.springframework.boot spring-boot-starter-test test com.alibaba fastjson 1.2.17 com.fasterxml.jackson.core jackson-core com.google.code.gson gson org.springframework.boot spring-boot-starter-security org.springframework.boot spring-boot-starter-thymeleaf org.thymeleaf.extras thymeleaf-extras-springsecurity4 com.github.pagehelper pagehelper org.springframework.boot spring-boot-devtools true org.springframework.boot spring-boot-maven-plugin org.mybatis.generator mybatis-generator-maven-plugin 1.3.5 true true
至于热部署,前面博客有讲。。。
其次,application.properties
# 数据库连接信息 spring.datasource.url = jdbc:mysql://******* spring.datasource.username =**** spring.datasource.password = ***** spring.datasource.driverClassName = com.mysql.jdbc.Driver # 禁止默认springboot图标 spring.mvc.favicon.enabled=false # thymeleaf相关配置参数 spring.thymeleaf.prefix=classpath:/templates/ spring.thymeleaf.suffix=.html spring.thymeleaf.mode=HTML5 spring.thymeleaf.encoding=UTF-8 spring.thymeleaf.servlet.content-type=text/html # 调试阶段关闭缓存,以适用热更新 spring.thymeleaf.cache=false #mapper映射文件 mybatis.mapper-locations=classpath:mapper/**/*.xml
然后就是使用mybatis生成entity dao 以及mapper了
要注意的是entit要实现UserDetails,并实现方法,如下
package com.pan.demo.entity; import com.pan.demo.constants.Constants; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import java.beans.Transient; import java.util.ArrayList; import java.util.Collection; import java.util.List; public class User implements UserDetails{ private Integer id; private String name; private String password; private String phone; private Listfunctions; public List getFunctions() { return functions; } public void setFunctions(List functions) { this.functions = functions; } public Integer getId() { return id; } public void setId(Integer id) { this.id = id; } public String getName() { return name; } public void setName(String name) { this.name = name == null ? null : name.trim(); } /** * 获取当前用户所具有的菜单权限modid列表 */ private List getFuncAuthorities(List functions) { List auths = new ArrayList<>(); if(this.name.equals(Constants.ADMIN_USERCODE)){ auths.add( new SimpleGrantedAuthority("ROLE_ADMIN") ); } if(functions !=null && !functions.isEmpty()){ for (Function function : functions) { auths.add(new SimpleGrantedAuthority("ROLE_" + function.getModid().trim())); if(function.getSubFunctions() != null && !function.getSubFunctions().isEmpty()) auths.addAll(getFuncAuthorities(function.getSubFunctions())); } } return auths; } /** SpringSecurity User */ private List auths; @Override public Collection extends GrantedAuthority> getAuthorities() { if(functions == null) return null; if(auths == null){ auths = getFuncAuthorities(functions); } return auths; } @Transient public boolean isValidCredentials(String credentials) { return credentials != null && new BCryptPasswordEncoder().matches(credentials,getPassword()); } public String getPassword() { return password; } @Override public String getUsername() { return name; } @Override public boolean isAccountNonExpired() { return true; } @Override public boolean isAccountNonLocked() { return true; } @Override public boolean isCredentialsNonExpired() { return true; } @Override public boolean isEnabled() { return true; } public void setPassword(String password) { this.password = password == null ? null : password.trim(); } public String getPhone() { return phone; } public void setPhone(String phone) { this.phone = phone == null ? null : phone.trim(); } }
然后就是我们的config文件WebSecurityConfig
package com.pan.demo.config; import com.pan.demo.service.UserService; import com.pan.demo.service.impl.UserServiceImpl; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.WebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import javax.annotation.Resource; @Configuration //必须加这个注解,用于生成一个配置类, @EnableWebSecurity @EnableGlobalMethodSecurity(securedEnabled = true) //启用Security注解 public class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Autowired LoginAuthenticationProvider authenticationProvider; @Resource UserServiceImpl userService; @Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests() .antMatchers("/drugcode/**","/invalidSession","/sendPhoneVerCode","/captcha/**").permitAll() .anyRequest() .authenticated() .and() .formLogin() .loginPage("/login") .usernameParameter("name") //采用用户名登录 括号内与from表单name名一致 .passwordParameter("password") //修正密码框名称 括号内与from表单name名一致 //.failureUrl("/login?error") //登陆失败返回URL:/login?error .defaultSuccessUrl("/index") //登陆成功跳转URL .permitAll() //登陆页面全部权限可访问 .and() .logout() //注销 .permitAll() .and() .sessionManagement() .maximumSessions(1) //最大session并发数 .maxSessionsPreventsLogin(false); //是否保持当前用户登录 /* .expiredSessionStrategy(new SessionExpiredStrategy());*/ //挤下线异常处理 // 关闭csrf 防止循环定向 http.csrf().disable(); // session失效后跳转 //跳转方法,返回login http.sessionManagement().invalidSessionUrl("/invalidSession"); } @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth.authenticationProvider(authenticationProvider); auth.userDetailsService(userService).passwordEncoder(new BCryptPasswordEncoder()); } @Override public void configure(WebSecurity web) throws Exception { /* 错误页面 */ web.ignoring().antMatchers("/error/**"); /* 静态资源路径 */ web.ignoring().antMatchers("/static/**"); web.ignoring().antMatchers("/images/**"); web.ignoring().antMatchers("/css/**"); web.ignoring().antMatchers("/js/**"); /* 网页图标 */ web.ignoring().antMatchers("/favicon.ico"); /* druid监控 */ /* web.ignoring().antMatchers("/druid/**");*/ } }
以及登录获取权限类LoginAuthenticationProvider
package com.pan.demo.config; import com.pan.demo.constants.Results; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.authentication.AuthenticationProvider; import org.springframework.security.authentication.BadCredentialsException; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.stereotype.Component; import java.util.Collection; @Component public class LoginAuthenticationProvider implements AuthenticationProvider { @Autowired UserDetailsService userDetailsService; @Override public Authentication authenticate(Authentication authentication) throws AuthenticationException { String principal = authentication.getPrincipal().toString(); String password = (String) authentication.getCredentials(); //检查用户名有效性 UserDetails userDetails = userDetailsService.loadUserByUsername(principal); // 获取用户权限集合 Collection extends GrantedAuthority> authorities = userDetails.getAuthorities(); if(password.equals(userDetails.getPassword())){ return new UsernamePasswordAuthenticationToken(userDetails, userDetails.getPassword(), authorities); }else { throw new BadCredentialsException(Results.USER_PASSWORD_WRONG.getMsg()); } } @Override public boolean supports(Class> authentication) { return authentication.equals(UsernamePasswordAuthenticationToken.class); } }
至于测试的话,spring Security 有提供登录页面,只是一般都习惯用自己的,上面的可能只是我做为代码搬运工的一些简单理解,各取所需就好,还未完善。。。