1.文件结构
文件结构.png
2.依赖
4.0.0
com.dfyang
springsecurity
0.0.1-SNAPSHOT
jar
springsecurity
Demo project for Spring Boot
org.springframework.boot
spring-boot-starter-parent
1.5.14.RELEASE
UTF-8
UTF-8
1.8
org.springframework.boot
spring-boot-starter-data-jpa
org.springframework.boot
spring-boot-starter-security
org.springframework.boot
spring-boot-starter-thymeleaf
org.springframework.boot
spring-boot-starter-web
mysql
mysql-connector-java
runtime
org.projectlombok
lombok
true
org.springframework.boot
spring-boot-starter-test
test
org.springframework.security
spring-security-test
test
org.springframework.boot
spring-boot-maven-plugin
3.aplication.yml
spring:
datasource:
url: jdbc:mysql://localhost:3306/db?useUnicode=true&characterEncording=utf-8&useSSL=true
username: root
password: 151310
driver-class-name: com.mysql.jdbc.Driver
jpa:
show-sql: true
4.要用到的3个页面,用的是Thymeleaf
首页
首页
首页
登录页面
登录
登录
注册页面
注册
注册
5.实体类
package com.dfyang.springsecurity.entity;
import lombok.Data;
import javax.persistence.Entity;
import javax.persistence.Id;
@Data
@Entity
public class User {
@Id
private String username;
private String password;
}
6.dao层
package com.dfyang.springsecurity.dao;
import com.dfyang.springsecurity.entity.User;
import org.springframework.data.jpa.repository.JpaRepository;
public interface UserJpa extends JpaRepository {
}
7.service层——由于只完成登录注册,只写了两个简单的方法
package com.dfyang.springsecurity.service;
import com.dfyang.springsecurity.entity.User;
public interface UserService {
User findUserByUsername(String username);
User addUser(User user);
}
package com.dfyang.springsecurity.service.impl;
import com.dfyang.springsecurity.dao.UserJpa;
import com.dfyang.springsecurity.entity.User;
import com.dfyang.springsecurity.service.UserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Service;
@Service
public class UserServiceImpl implements UserService {
@Autowired
private PasswordEncoder passwordEncoder; //security提供的加密接口,先写着,等会配置
@Autowired
private UserJpa userJpa;
@Override
public User findUserByUsername(String username) {
User user = userJpa.findOne(username);
return user;
}
@Override
public User addUser(User user) {
if (user.getUsername() != null && user.getPassword() != null){
user.setPassword(passwordEncoder.encode(user.getPassword()));
userJpa.save(user);
}
else
user = null;
return user;
}
}
8.controller层
用于返回页面
package com.dfyang.springsecurity.controller;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.servlet.ModelAndView;
@Controller
public class IndexController {
@GetMapping("/index")
public String index(){
return "index";
}
@GetMapping("/login")
public String login(){
return "loginPage";
}
@GetMapping("/register")
public String register() {
return "registerPage";
}
}
用于处理请求
package com.dfyang.springsecurity.controller;
import com.dfyang.springsecurity.entity.User;
import com.dfyang.springsecurity.service.UserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RestController;
@RestController
public class UserController {
@Autowired
private UserService userService;
@PostMapping("/doRegister")
public String register(User user) {
userService.addUser(user);
return user == null ? "注册失败" : "注册成功";
}
}
9.security配置类,这是关键
package com.dfyang.springsecurity.config;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
//这里配置PasswordEncoder,BCryptPasswordEncoder是security提供的PasswordEncorder的一个实现类
@Bean
public PasswordEncoder passwordEncoder(){
return new BCryptPasswordEncoder();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.httpBasic() //security提供的登录页面
.and()
.authorizeRequests() //认证请求
.antMatchers("/register", "/doRegister", "/login", "/doLogin").permitAll() //除了***能够无认证访问
.anyRequest().authenticated() //任何请求都需要认证
.and()
.csrf().disable(); //CSRF跨站请求伪造直接关闭
}
}
10.加载用户登录信息类——通过你登录时输入的账号从数据库进行查找,找到后将信息封装交给security的登录处理机制进行处理
package com.dfyang.springsecurity.security;
import com.dfyang.springsecurity.service.UserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Component;
@Component
public class UserDetailsServiceImpl implements UserDetailsService {
@Autowired
private UserService userService;
@Override
public UserDetails loadUserByUsername(String s) throws UsernameNotFoundException {
com.dfyang.springsecurity.entity.User user = userService.findUserByUsername(s);
return new User(s, user.getPassword(), AuthorityUtils.commaSeparatedStringToAuthorityList("admin"));
}
}
11.接下来使用security提供的登录页面试一下
http://localhost:8080/register
注册页面.png
输出用户名admin,密码123456(随意),提交注册后进入/doRegister进行逻辑处理
注册结果.png
此时数据库多了一条数据
数据.png
接着访问index页面,由于没有在security配置类中antMatchers中加入"/index",所以请求被拦截,要求进行登录,以下就是security提供的登录页面,各浏览器显示可能有所不同
http://localhost:8080/index
访问index.png
输入我们刚才注册的账号,成功访问index页面
index页面.png
12.接下来使用自己写的登录页面试一下
修改security配置类
package com.dfyang.springsecurity.config;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Bean
public PasswordEncoder passwordEncoder(){
return new BCryptPasswordEncoder();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.formLogin() //使用表单登录页面
.loginPage("/login") //登录url
.loginProcessingUrl("/doLogin") //登录提交url
.and()
.authorizeRequests()
.antMatchers("/register", "/doRegister", "/login", "/doLogin").permitAll()
.anyRequest().authenticated()
.and()
.csrf().disable();
}
}
同样访问index页面
http://localhost:8080/index
访问index页面.png