springSecurity基础（二）连接数据库的登录

一.搭建项目

1.pom.xml

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>
    <parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
        <version>2.7.1</version>
        <relativePath/> <!-- lookup parent from repository -->
    </parent>
    <groupId>com.example</groupId>
    <artifactId>springSecurity</artifactId>
    <version>0.0.1-SNAPSHOT</version>
    <name>springSecurity</name>
    <description>springSecurity</description>
    <properties>
        <java.version>1.8</java.version>
    </properties>
    <dependencies>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>
        <dependency>
            <groupId>org.mybatis.spring.boot</groupId>
            <artifactId>mybatis-spring-boot-starter</artifactId>
            <version>2.2.2</version>
        </dependency>

        <dependency>
            <groupId>mysql</groupId>
            <artifactId>mysql-connector-java</artifactId>
            <scope>runtime</scope>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
            <scope>test</scope>
        </dependency>
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-test</artifactId>
            <scope>test</scope>
        </dependency>
    </dependencies>

    <build>
        <resources>
            <resource>
                <directory>src/main/java</directory>
                <includes>
                    <include>**/*.xml
                
            
            
                src/main/resources
            
        
        
            
                org.springframework.boot
                spring-boot-maven-plugin
            
        
    

2.数据库建表：

在这里插入图片描述

写入数据

application.properties中连接数据库

spring.datasource.url=jdbc:mysql:///day07db?serverTimezone=Asia/Shanghai
spring.datasource.username=root
spring.datasource.password=1234

3.配置实体类，实现UserDetails接口

1.定义用户对象，需要实现 UserDetails 接口，对于 Spring Security 框架而言，所有的用户对象都是一个 UserDetails 的实例,而我们要做的就是如实实现接口中的方法就可以了
注意：此处不要用lombok，要不然没办法实现UserDetails接口的所有方法。
.
二.继承的UserDetails接口的方法，有数据的话就如实返回，没有的话就返回true
三.

package com.huang.springsecurity.model;

import lombok.Data;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;

import java.util.Collection;


/**
 * 定义用户对象，需要实现 UserDetails 接口，对于 Spring Security 框架而言，所有的用户对象都是一个 UserDetails 的实例
 *
 * 如实实现接口中的方法就可以了
 */
public class    User implements UserDetails {
    private Integer id;
    private String username;
    private String password;
    private Boolean enabled;

    public Integer getId() {
        return id;
    }

    public void setId(Integer id) {
        this.id = id;
    }

    public void setUsername(String username) {
        this.username = username;
    }

    public void setPassword(String password) {
        this.password = password;
    }

    public void setEnabled(Boolean enabled) {
        this.enabled = enabled;
    }

    /**
     * 这个方法用来返回当前用户的角色/权限信息
     * @return
     */
    @Override
    public Collection<? extends GrantedAuthority> getAuthorities() {
        return null;
    }

    /**
     * 获取用户密码
     * @return
     */
    @Override
    public String getPassword() {
        return password;
    }

    /**
     * 获取用户名
     * @return
     */
    @Override
    public String getUsername() {
        return username;
    }



    /**
     * 账户是否没有过期
     *
     * 正常来说，数据库中应该也有一个描述账户是否过期的字段
     * @return
     */
    @Override
    public boolean isAccountNonExpired() {
        return true;
    }

            /**
             * 账户是否没有被锁定
             * @return
             */
    @Override
    public boolean isAccountNonLocked() {
        return true;
    }

    /**
     * 密码是否没有过期
     * @return
     */
    @Override
    public boolean isCredentialsNonExpired() {
        return true;
    }

        /**
         * 账户是否可用
         * @return
         */
    @Override
    public boolean isEnabled() {
        return enabled;
    }
}

4.service

package com.huang.springsecurity.service;


import com.huang.springsecurity.mapper.UserMapper;
import com.huang.springsecurity.model.User;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;

import java.nio.file.attribute.UserPrincipalLookupService;

@Service
public class UserService implements UserDetailsService {

    @Autowired
    UserMapper userMapper;


    /**
     * 根据用户名查询用户对象
     * @param username 用户登录时候输入的用户名
     * @return
     * @throws UsernameNotFoundException
     */
    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
        User u = userMapper.loadUserByUsername(username);
        if (u == null) {
            //说明用户名不存在
            throw new UsernameNotFoundException("账户不存在");
        }
        return u;
    }
}

4.mapper

userMapper

package com.huang.springsecurity.mapper;

import com.huang.springsecurity.model.User;
import org.apache.ibatis.annotations.Mapper;

@Mapper
public interface UserMapper {
    User loadUserByUsername(String username);
}

userMapper.xml

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapper
        PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
        "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
<mapper namespace="com.huang.springsecurity.mapper.UserMapper">
    <select id="loadUserByUsername" resultType="com.huang.springsecurity.model.User">

            select * from t_user where username=#{username};

    </select>
</mapper>

5.登录

不输入用户名或者密码报错

我们的报错不管是输入用户名和密码报错是同一个提示，底层是抛出同一个异常，原因是spring security在底层隐藏并且封装了密码和用户的异常，避免新手抛出密码错误，或者账户错误的异常（这样会让有心人去暴力破解账户）

输入账户zhangsan,123登录成功

logout是默认封装好的退出，跟登录界面一样，同理也可以自己配置