Spring Security密码存储及用户登录验证功能
Spring Security密码存储(使用BCryptPasswordEncoder加密)
1.Spring Security的依赖:
org.springframework.boot
spring-boot-starter-security
org.springframework.boot
spring-boot-starter-jdbc
mysql
mysql-connector-java
runtime
5.1.38
1.1.它们三个可官网下载:
我的百度网盘:
链接:https://pan.baidu.com/s/17TzgQX0OVSef49aAawXf6w
提取码:0mqm
1.2.主启动类 CrowdManagerApplication.java:
1.3.工具类 ResultEntity.java:
public class ResultEntity {
//常量
public static final String CODE_SUCCESS="SUCCESS";
public static final String CODE_FAILED="FAILED";
//设定状态码,前端根据状态码,判断成功、失败的响应
private String code;
//返回的消息
private String msg;
//回显的数据
T data;
//成功,并返回消息
public static ResultEntity successWithData(Object data){
ResultEntity 2.application.yml配置文件
spring:
datasource:
driver-class-name: com.mysql.jdbc.Driver
url: jdbc:mysql://localhost:3306/kmu_crowd?characterEncoding=utf8
username: root
password: root
2.CrowdConfig.java类中
注:部分代码省略
@Configuration
@EnableWebSecurity
public class CrowdConfig extends WebSecurityConfigurerAdapter {
//执行权限配置,如:为指定资源分配权限,开放无需权限的资源等
@Override
protected void configure(HttpSecurity http) throws Exception {
//父类中默认进行了配置,我们将其拿到子类,按照自己的需求进行修改
http
.addFilterBefore(new CodeFilter(), UsernamePasswordAuthenticationFilter.class)
.authorizeRequests()//进行权限设
.anyRequest()//任何请求
.authenticated()//进行认证
// 这是and语法,表示向后退一步,回到HttpSecurity位置的那一个级别,
// 可以认为是使用这种方式实现HttpSecurity对象通过连续调用方法实现配置,
// 每进行一个板块的配置完毕,则向后退一步回到HttpSecurity位置
.and().exceptionHandling().accessDeniedPage("/decline.html")//访问拒绝后跳转的页面
.and()
.formLogin()//设置表单登录,后续可以在这里修改自定义登录页面
.loginPage("/login.html") //设置自定义的登录页面
//指定处理登录请求的路径,对应form表单的action地址
.loginProcessingUrl("/login").permitAll()
//设置接收表单提交的用户name,默认为username
.usernameParameter("account")
//设置接收表单提交的用户密码,默认为password
.passwordParameter("password")
//指定权限认证失败跳转的错误页面
.failureUrl("/login.html?login=error")
//直接访问登录页面时返回的地址,如果访问的是登录页的话返回指定的地址
.defaultSuccessUrl("/main.html",true)
//指定退出登录URL
.and().logout().logoutUrl("/logout.do")
// .logoutSuccessUrl("http://baidu.com") 设置退出后跳转的路径
.and().rememberMe().rememberMeParameter("remember-me")//开启记住我的功能
.and().csrf().disable() //禁用csrf功能,这里暂时用不到
;
}
//设置不需要权限认证的资源
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/kaptcha","/bootstrap/**","/css/**",
"/fonts/**","/img/**","/jquery/**","/script/**","/ztree/**","/layer/**");
}
//密码加密
@Bean
PasswordEncoder passwordEncoder(){
//废弃的类,表示不需要对密码进行编码,暂且先使用,后续再进行密码加密
//不加密:NoOpPasswordEncoder
// return NoOpPasswordEncoder.getInstance();
//Bcrypt加密:BCryptPasswordEncoder --->encode()
//针对正确的明文密码与密文密码进行匹配:BCryptPasswordEncoder --->matches()
return new BCryptPasswordEncoder();
}
//将自定义UserDetailService配置到Security中
@Resource
private UserDetailsService userDetailsService;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService);
}
}
一、密码加密:
3.ManageController.java控制层:
//新增用户
@PostMapping("/add.do")
public String add(Manager manager,Model model){
boolean add=managerService.add(manager);
if(add){
return "redirect:/user.html";
}else{
ResultEntity resultEntity = ResultEntity.failedWithData("帐号已注册,请重试!", null);
model.addAttribute("resultEntity",resultEntity);
return "add";
}
}
4.ManagerService.java接口:
5.ManagerServiceImpl.java实现类:
@Autowired
PasswordEncoder passwordEncoder;
@Override
public boolean add(Manager manager) {
QueryWrapper qw = new QueryWrapper<>();
MD5 md5 = SecureUtil.md5();
qw.eq("m_account",manager.getAccount());
List managers = managerMapper.selectList(qw);
if(managers != null && managers.size() > 0){
return false;
}else{
//md5的加密方式
// String s = md5.digestHex(manager.getPassword());
//修改为加密盐的加密方式
String encode = passwordEncoder.encode(manager.getPassword());
manager.setPassword(encode);
managerMapper.insert(manager);
return true;
}
}
二、用户登录验证:
6.UserDetailServiceImpl.java
@Service
public class UserDetailServiceImpl implements UserDetailsService {
// @Autowired
@Resource
private AuthMapper authMapper;
@Resource
private ManagerMapper managerMapper;
@Resource
private RoleMapper roleMapper;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
QueryWrapper qw = new QueryWrapper<>();
qw.eq("m_account",username);
//查询用户信息
Manager manager = managerMapper.selectOne(qw);
// System.out.println("账号:"+manager.getAccount());
// System.out.println(manager.getPassword());
if(manager == null){
return null;
}
//创建集合用来存放权限信息,并保存到集合中
Collection authorities = new ArrayList<>();
//根据用户id查询拥有的角色
// 注意:一定要加“ROLE_”
List roles=roleMapper.selectByManagerId(manager.getId());
for (String roleName : roles) {
// 注意:一定要加“ROLE_”
authorities.add(new SimpleGrantedAuthority("ROLE_"+roleName));
}
//根据用户id查询拥有的权限,并保存到集合中
List auths=authMapper.selectByManagerId(manager.getId());
for (String authName : auths) {
authorities.add(new SimpleGrantedAuthority(authName));
}
//将角色和权限封装到User中
//创建代表当前用户的User对象
UserDetails build = User.withUsername(manager.getAccount()).password(manager.getPassword()).authorities(authorities).build();
return build;
}
}
7.RoleMapper.java:
List selectUnAssginRoleById(Integer id);
8.RoleMapper.xml
9.AuthMapper.java
List selectByManagerId(Integer id);
10.AuthMapper.xml:
11.错误提示:ManagerController.java中
@GetMapping("/login.html")
public String tologin(HttpServletRequest request,Model model){
//String cr = request.getParameter("codeerror");
// if(cr !=null){
// model.addAttribute("error","验证码输入错误!请重试");
// }
String lo = request.getParameter("login");
if(lo !=null){
model.addAttribute("error","帐号或密码错误,登录失败!请重试");
}
return "login";
}
12.login.html模板中:
三、记住我:
当选择记住我后,SpringSecurity会通过写出cookie的方式,来记录当前登录的用户,当下次会话进来时,通过cookie认定当前用户的登录状态。
实现方式:1、修改配置,开启记住我功能,2、在提交登录时,提交是否需要记住我的字段,默认字段名name为:remember-me,可以在配置文件中修改。
login.html:
CrowdConfig.Java配置中:
13.pom.xml:
4.0.0
com.kmu
crowd-manager
0.0.1-SNAPSHOT
crowd-manager
Demo project for Spring Boot
1.8
UTF-8
UTF-8
2.3.0.RELEASE
com.github.penggle
kaptcha
2.3.2
org.springframework.boot
spring-boot-starter-security
cn.hutool
hutool-all
5.3.7
com.baomidou
mybatis-plus-boot-starter
3.3.2
org.springframework.boot
spring-boot-starter-data-jdbc
org.springframework.boot
spring-boot-starter-jdbc
org.springframework.boot
spring-boot-starter-thymeleaf
org.springframework.boot
spring-boot-starter-web
org.springframework.boot
spring-boot-devtools
runtime
true
mysql
mysql-connector-java
runtime
5.1.38
org.projectlombok
lombok
true
org.springframework.boot
spring-boot-starter-test
test
org.junit.vintage
junit-vintage-engine
org.springframework.boot
spring-boot-dependencies
${spring-boot.version}
pom
import
org.apache.maven.plugins
maven-compiler-plugin
1.8
1.8
UTF-8
org.springframework.boot
spring-boot-maven-plugin
src/main/java
**/*.xml
src/main/resources
true
**/*.woff
**/*.woff2
**/*.ttf
src/main/resources
false
**/*.woff
**/*.woff2
**/*.ttf
14.application.yml
spring:
datasource:
driver-class-name: com.mysql.jdbc.Driver
url: jdbc:mysql://localhost:3306/kmu_crowd?characterEncoding=utf8
username: root
password: root