Spring-Security 实现黑白名单功能

添加该功能是在原有功能上新增功能: SpringBoot +SpringSecurity+mysql 实现用户数据权限管理

本文仅做重点代码的和相关依赖说明:SpringBoot +SpringSecurity+mysql 实现用户数据权限管理 文章中,我们采用的了分布式架构搭建该项目,导致controller 模块是不存在数据库连接资源(DataSource),由此,我们在controller 模块需要添加关于mysql 的连接和相关配置参数:
 

	
		
			mysql
			mysql-connector-java
			8.0.12
		
		
		
			org.springframework.boot
			spring-boot-starter-data-jpa
		

application.properties 添加数据库相关配置参数:

#mysql setting
spring.datasource.url=jdbc:mysql://192.168.1.73:3306/boot-security?serverTimezone=UTC&useSSL=false&allowPublicKeyRetrieval=true
spring.datasource.username=root
spring.datasource.password=digipower
spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver
spring.jpa.properties.hibernate.hbm2ddl.auto=update

自定义IP黑白名单相关实体文件和查询接口:

package com.zzg.security.ip;

import java.io.Serializable;
import java.util.Date;


/**
 * 黑白IP对象
 * @author zzg
 *
 */
@SuppressWarnings("serial")
public class IpRoster implements Serializable {
	
	private Long id;
	
	private String ip;
	
	private Date date;
	
	public IpRoster(){
		super();
	}

	// 构造函数
	public IpRoster(Long id, String ip, Date date) {
		super();
		this.id = id;
		this.ip = ip;
		this.date = date;
	}
	
	// set 和 get 方法
	public Long getId() {
		return id;
	}

	public void setId(Long id) {
		this.id = id;
	}

	public String getIp() {
		return ip;
	}

	public void setIp(String ip) {
		this.ip = ip;
	}

	public Date getDate() {
		return date;
	}

	public void setDate(Date date) {
		this.date = date;
	}

}

package com.zzg.security.ip;

import java.sql.ResultSet;
import java.sql.SQLException;


import org.springframework.jdbc.core.RowMapper;
/**
 * RowMapper 转换IpRoster 实体对象
 * @author zzg
 *
 */
public class IpRosterMapper implements RowMapper {

	@Override
	public IpRoster mapRow(ResultSet rs, int rowNum) throws SQLException {
		// TODO Auto-generated method stub
		IpRoster object = new IpRoster();
		object.setId(rs.getLong("id"));
		object.setIp(rs.getString("ip"));
		object.setDate(rs.getDate("date"));
		return object;
	}

}
package com.zzg.security.ip;

import java.util.List;
import org.springframework.jdbc.core.support.JdbcDaoSupport;

/**
 * IP黑白名单数据库查询
 * @author zzg
 *
 */
public class IpRosterRepositoryImpl extends JdbcDaoSupport {
	public static final String DEF_SELECT_IP_SQL ="select id, ip, date from ip_roster";
	
	public List getAllIpRoster(){
		return getJdbcTemplate().query(DEF_SELECT_IP_SQL, new IpRosterMapper());
		
	}

}

自定义认证器,添加验证用户IP是否在黑白名单中:

package com.zzg.security.provider;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.stream.Collectors;

import javax.sql.DataSource;

import org.apache.commons.codec.digest.DigestUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.web.authentication.WebAuthenticationDetails;
import org.springframework.stereotype.Component;

import com.zzg.security.ip.IpRoster;
import com.zzg.security.ip.IpRosterRepositoryImpl;
import com.zzg.security.userservice.AuthUserDetails;
import com.zzg.security.userservice.CustomUserService;

/**
 *自定义身份验证提供者
 * 
 * @author zzg
 *
 */
@Component
public class SpringSecurityProvider implements AuthenticationProvider {

	@Autowired
	private CustomUserService userDetailService;
	
	@Autowired
	private DataSource dataSource; // 数据源
	
	private IpRosterRepositoryImpl ip; // IP 黑白名单查询
	
	private List black_white = new ArrayList<>();
	
	


	@Override
	public Authentication authenticate(Authentication authentication) throws AuthenticationException {
		// TODO Auto-generated method stub
		// 检查用户IP
	    WebAuthenticationDetails details = (WebAuthenticationDetails) authentication.getDetails();
        String userIp = details.getRemoteAddress();
        
        // 黑白名单初始化数据
        if(ip == null){
			ip = new IpRosterRepositoryImpl();
			ip.setDataSource(dataSource); // 设定数据源
		}
		List list = ip.getAllIpRoster();
		if(list != null && list.size() > 0){
			black_white = list.stream().map(IpRoster::getIp).collect(Collectors.toList());
		}
		
        // 判断用户IP 是否在黑白名单中
        if(black_white.contains(userIp)){
            throw new BadCredentialsException("非法 IP 地址");
        }
        
		
		String userName = authentication.getName();
		String password = (String) authentication.getCredentials();

	    // 查询用户权限信息
		AuthUserDetails userInfo = (AuthUserDetails) userDetailService.loadUserByUsername(userName); 
		if (userInfo == null) {
			throw new UsernameNotFoundException("");
		}

		// 密码判断
		String encodePwd = DigestUtils.md5Hex(password).toUpperCase();
		if (!userInfo.getPassword().equals(encodePwd)) {
			throw new BadCredentialsException("");
		}

		return new UsernamePasswordAuthenticationToken(userInfo, userInfo.getPassword(),
				userInfo.getAuthorities());
	}

	@Override
	public boolean supports(Class authentication) {
		// TODO Auto-generated method stub
		return UsernamePasswordAuthenticationToken.class.equals(authentication);
	}
	
	// 拓展获取用户查询服务
	public UserDetailsService getUserDetailsService(){
		return this.userDetailService;
	}
}

补全黑白名单的SQL脚本:

DROP TABLE IF EXISTS `persistent_logins`;
CREATE TABLE `persistent_logins`  (
  `username` varchar(64) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL,
  `series` varchar(64) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL,
  `token` varchar(64) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL,
  `last_used` timestamp(0) NOT NULL DEFAULT CURRENT_TIMESTAMP(0) ON UPDATE CURRENT_TIMESTAMP(0),
  PRIMARY KEY (`series`) USING BTREE
) ENGINE = InnoDB CHARACTER SET = utf8 COLLATE = utf8_general_ci ROW_FORMAT = Dynamic;

 

你可能感兴趣的:(springsecurity,微服务springboot)