Spring Security密码存储及用户登录验证功能

Spring Security密码存储(使用BCryptPasswordEncoder加密)

1.Spring Security的依赖:



        org.springframework.boot
        spring-boot-starter-security
    



  org.springframework.boot
  spring-boot-starter-jdbc


  mysql
  mysql-connector-java
  
  runtime
  5.1.38

1.1.它们三个可官网下载:
我的百度网盘:
链接:https://pan.baidu.com/s/17TzgQX0OVSef49aAawXf6w
提取码:0mqm
Spring Security密码存储及用户登录验证功能_第1张图片
1.2.主启动类 CrowdManagerApplication.java:
Spring Security密码存储及用户登录验证功能_第2张图片

1.3.工具类 ResultEntity.java:

public class ResultEntity {
    //常量
    public static final String CODE_SUCCESS="SUCCESS";
    public static final String CODE_FAILED="FAILED";

    //设定状态码,前端根据状态码,判断成功、失败的响应
    private String code;
    //返回的消息
    private String msg;
    //回显的数据
    T data;

    //成功,并返回消息
    public static ResultEntity successWithData(Object data){
        ResultEntity tResultEntity = new ResultEntity<>();
        tResultEntity.code=CODE_SUCCESS;
        tResultEntity.setData(data);
        return tResultEntity;
    }

    //失败,并返回消息
    public static ResultEntity failedWithData(Object data){
        ResultEntity tResultEntity = new ResultEntity<>();
        tResultEntity.code=CODE_FAILED;
        tResultEntity.setData(data);
        return tResultEntity;
    }

    //成功,并返回消息
    public static ResultEntity successWithData(String msg,Object data){
        ResultEntity tResultEntity = new ResultEntity<>();
        tResultEntity.code=CODE_SUCCESS;
        tResultEntity.setMsg(msg);
        tResultEntity.setData(data);
        return tResultEntity;
    }

    //失败,并返回消息
    public static ResultEntity failedWithData(String msg,Object data){
        ResultEntity tResultEntity = new ResultEntity<>();
        tResultEntity.code=CODE_FAILED;
        tResultEntity.setMsg(msg);
        tResultEntity.setData(data);
        return tResultEntity;
    }

    //成功
    public static ResultEntity success(){
        ResultEntity tResultEntity = new ResultEntity<>();
        tResultEntity.code=CODE_SUCCESS;
        return tResultEntity;
    }

    //失败
    public static ResultEntity failed(){
        ResultEntity tResultEntity = new ResultEntity<>();
        tResultEntity.code=CODE_FAILED;
        return tResultEntity;
    }

    public ResultEntity() {
        super();
    }

    public ResultEntity(String code, String msg, T data) {
        this.code = code;
        this.msg = msg;
        this.data = data;
    }

    public String getCode() {
        return code;
    }

    public void setCode(String code) {
        this.code = code;
    }

    public String getMsg() {
        return msg;
    }

    public void setMsg(String msg) {
        this.msg = msg;
    }

    public T getData() {
        return data;
    }

    public void setData(T data) {
        this.data = data;
    }
}
 
  

2.application.yml配置文件

spring:
  datasource:
    driver-class-name: com.mysql.jdbc.Driver
    url: jdbc:mysql://localhost:3306/kmu_crowd?characterEncoding=utf8
    username: root
    password: root

2.CrowdConfig.java类中
注:部分代码省略

@Configuration
@EnableWebSecurity
public class CrowdConfig extends WebSecurityConfigurerAdapter {
    //执行权限配置,如:为指定资源分配权限,开放无需权限的资源等
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        //父类中默认进行了配置,我们将其拿到子类,按照自己的需求进行修改
        http
                .addFilterBefore(new CodeFilter(), UsernamePasswordAuthenticationFilter.class)
                .authorizeRequests()//进行权限设
                .anyRequest()//任何请求
                .authenticated()//进行认证
                // 这是and语法,表示向后退一步,回到HttpSecurity位置的那一个级别,
                // 可以认为是使用这种方式实现HttpSecurity对象通过连续调用方法实现配置,
                // 每进行一个板块的配置完毕,则向后退一步回到HttpSecurity位置
                .and().exceptionHandling().accessDeniedPage("/decline.html")//访问拒绝后跳转的页面
                .and()
                .formLogin()//设置表单登录,后续可以在这里修改自定义登录页面
                .loginPage("/login.html") //设置自定义的登录页面

                //指定处理登录请求的路径,对应form表单的action地址
                .loginProcessingUrl("/login").permitAll()
                //设置接收表单提交的用户name,默认为username
                .usernameParameter("account")
                //设置接收表单提交的用户密码,默认为password
                .passwordParameter("password")
                //指定权限认证失败跳转的错误页面
                .failureUrl("/login.html?login=error")
                //直接访问登录页面时返回的地址,如果访问的是登录页的话返回指定的地址
                .defaultSuccessUrl("/main.html",true)
                //指定退出登录URL
                .and().logout().logoutUrl("/logout.do")
//           .logoutSuccessUrl("http://baidu.com") 设置退出后跳转的路径
                .and().rememberMe().rememberMeParameter("remember-me")//开启记住我的功能

                .and().csrf().disable() //禁用csrf功能,这里暂时用不到
        ;
    }

    //设置不需要权限认证的资源
    @Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring().antMatchers("/kaptcha","/bootstrap/**","/css/**",
                "/fonts/**","/img/**","/jquery/**","/script/**","/ztree/**","/layer/**");
    }

 //密码加密
    @Bean
    PasswordEncoder passwordEncoder(){
        //废弃的类,表示不需要对密码进行编码,暂且先使用,后续再进行密码加密
        //不加密:NoOpPasswordEncoder
//        return NoOpPasswordEncoder.getInstance();

        //Bcrypt加密:BCryptPasswordEncoder --->encode()
        //针对正确的明文密码与密文密码进行匹配:BCryptPasswordEncoder --->matches()
        return new BCryptPasswordEncoder();
    }
    //将自定义UserDetailService配置到Security中
    @Resource
    private UserDetailsService userDetailsService;
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService);
    }
    }

一、密码加密:
3.ManageController.java控制层:

 //新增用户
    @PostMapping("/add.do")
    public String add(Manager manager,Model model){
        boolean add=managerService.add(manager);
        if(add){
            return "redirect:/user.html";
        }else{
            ResultEntity resultEntity = ResultEntity.failedWithData("帐号已注册,请重试!", null);
            model.addAttribute("resultEntity",resultEntity);
            return "add";
        }
    }

4.ManagerService.java接口:
在这里插入图片描述
5.ManagerServiceImpl.java实现类:

@Autowired
    PasswordEncoder passwordEncoder;

 @Override
    public boolean add(Manager manager) {
        QueryWrapper qw = new QueryWrapper<>();
        MD5 md5 = SecureUtil.md5();
        qw.eq("m_account",manager.getAccount());
        List managers = managerMapper.selectList(qw);
        if(managers != null && managers.size() > 0){
            return false;
        }else{
            //md5的加密方式
//            String s = md5.digestHex(manager.getPassword());
            //修改为加密盐的加密方式
            String encode = passwordEncoder.encode(manager.getPassword());
            manager.setPassword(encode);
            managerMapper.insert(manager);
            return true;
        }
    }

二、用户登录验证:
6.UserDetailServiceImpl.java

@Service
public class UserDetailServiceImpl implements UserDetailsService {
//    @Autowired
    @Resource
    private AuthMapper authMapper;

    @Resource
    private ManagerMapper managerMapper;

    @Resource
    private RoleMapper roleMapper;

    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
        QueryWrapper qw = new QueryWrapper<>();
        qw.eq("m_account",username);
        //查询用户信息
        Manager manager = managerMapper.selectOne(qw);
//        System.out.println("账号:"+manager.getAccount());
//        System.out.println(manager.getPassword());
        if(manager == null){
            return null;
        }

        //创建集合用来存放权限信息,并保存到集合中
        Collection authorities = new ArrayList<>();

        //根据用户id查询拥有的角色
        // 注意:一定要加“ROLE_”
        List roles=roleMapper.selectByManagerId(manager.getId());
        for (String roleName : roles) {
            // 注意:一定要加“ROLE_”
            authorities.add(new SimpleGrantedAuthority("ROLE_"+roleName));
        }

        //根据用户id查询拥有的权限,并保存到集合中
        List auths=authMapper.selectByManagerId(manager.getId());
        for (String authName : auths) {
            authorities.add(new SimpleGrantedAuthority(authName));
        }


        //将角色和权限封装到User中
        //创建代表当前用户的User对象
        UserDetails build = User.withUsername(manager.getAccount()).password(manager.getPassword()).authorities(authorities).build();

        return build;
    }
}

7.RoleMapper.java:

List selectUnAssginRoleById(Integer id);

8.RoleMapper.xml


9.AuthMapper.java

List selectByManagerId(Integer id);

10.AuthMapper.xml:


11.错误提示:ManagerController.java中

@GetMapping("/login.html")
    public String tologin(HttpServletRequest request,Model model){
        //String cr = request.getParameter("codeerror");
       // if(cr !=null){
          // model.addAttribute("error","验证码输入错误!请重试");
       // }
        String lo = request.getParameter("login");
        if(lo !=null){
            model.addAttribute("error","帐号或密码错误,登录失败!请重试");
        }
        return "login";
    }

12.login.html模板中:




    
    
    
    
    
    
    
    
    
    




三、记住我:
当选择记住我后,SpringSecurity会通过写出cookie的方式,来记录当前登录的用户,当下次会话进来时,通过cookie认定当前用户的登录状态。
实现方式:1、修改配置,开启记住我功能,2、在提交登录时,提交是否需要记住我的字段,默认字段名name为:remember-me,可以在配置文件中修改。

Spring Security密码存储及用户登录验证功能_第3张图片
login.html:
Spring Security密码存储及用户登录验证功能_第4张图片
CrowdConfig.Java配置中:
Spring Security密码存储及用户登录验证功能_第5张图片

13.pom.xml:



    4.0.0
    com.kmu
    crowd-manager
    0.0.1-SNAPSHOT
    crowd-manager
    Demo project for Spring Boot

    
        1.8
        UTF-8
        UTF-8
        2.3.0.RELEASE
    

    
        
        
            com.github.penggle
            kaptcha
            2.3.2
        
        
            org.springframework.boot
            spring-boot-starter-security
        

        
            cn.hutool
            hutool-all
            5.3.7
        

        
        
            com.baomidou
            mybatis-plus-boot-starter
            3.3.2
        

        
            org.springframework.boot
            spring-boot-starter-data-jdbc
        
        
            org.springframework.boot
            spring-boot-starter-jdbc
        
        
            org.springframework.boot
            spring-boot-starter-thymeleaf
        
        
            org.springframework.boot
            spring-boot-starter-web
        

        
            org.springframework.boot
            spring-boot-devtools
            runtime
            true
        
        
            mysql
            mysql-connector-java
            runtime
            5.1.38
        
        
            org.projectlombok
            lombok
            true
        
        
            org.springframework.boot
            spring-boot-starter-test
            test
            
                
                    org.junit.vintage
                    junit-vintage-engine
                
            
        
    

    
        
            
                org.springframework.boot
                spring-boot-dependencies
                ${spring-boot.version}
                pom
                import
            
        
    

    
        
            
                org.apache.maven.plugins
                maven-compiler-plugin
                
                    1.8
                    1.8
                    UTF-8
                
            
            
                org.springframework.boot
                spring-boot-maven-plugin
            
        
        
            
                src/main/java
                
                    **/*.xml
                
            

            
                src/main/resources
                true
                
                    **/*.woff
                    **/*.woff2
                    **/*.ttf
                
            
            
                src/main/resources
                false
                
                    **/*.woff
                    **/*.woff2
                    **/*.ttf
                
            
        
    

14.application.yml

spring:
  datasource:
    driver-class-name: com.mysql.jdbc.Driver
    url: jdbc:mysql://localhost:3306/kmu_crowd?characterEncoding=utf8
    username: root
    password: root

你可能感兴趣的:(Spring Security密码存储及用户登录验证功能)