Spring Security的入门案例!!!

      一、导入依赖


        
        
            org.springframework.boot
            spring-boot-starter-web
        
        
        
            org.springframework.boot
            spring-boot-starter-security
        
    

二、创建启动类:

/*
 * Copyright (c) 2020, 2024,  All rights reserved.
 *
 */
package com.by;

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;

/**
 * 

Project: ican_parent - SpringSecurityApplication

*

Powered by scl On 2024-01-29 10:44:12

*

描述:

* * @author 孙臣龙 [[email protected]] * @version 1.0 * @since 17 */ @SpringBootApplication //Map<"springSecurityFilterChain",FilterChainProxy> -----> FilterChainProxy ----->doFilterInternal()方法 @EnableWebSecurity //启动security public class SpringSecurityApplication { public static void main(String[] args) { ConfigurableApplicationContext applicationContext = SpringApplication.run(SpringSecurityApplication.class, args); Object bean = applicationContext.getBean("springSecurityFilterChain"); System.out.println("-----------------:"+bean.getClass()); } }

三、编写配置类

/*
 * Copyright (c) 2020, 2024,  All rights reserved.
 *
 */
package com.by.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Component;

/**
 * 

Project: ican_parent - SecurityConfig

*

Powered by scl On 2024-01-29 11:36:09

*

描述:

* * @author 孙臣龙 [[email protected]] * @version 1.0 * @since 17 */ @Component @EnableGlobalMethodSecurity(prePostEnabled = true) //开启权限注解支持 public class SecurityConfig extends WebSecurityConfigurerAdapter { @Autowired private PasswordEncoder passwordEncoder; @Autowired private UserDetailsService userDetailsService; @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder); } /** * 配置要放开的页面和配置静态资源 * * @param web * @throws Exception */ @Override public void configure(WebSecurity web) throws Exception { //web.ignoring().antMatchers("/pages/a.html"); //web.ignoring().antMatchers("/pages/**"); web.ignoring().antMatchers("/login.html"); } @Override protected void configure(HttpSecurity http) throws Exception { //super.configure(http); //关闭跨站请求 http.csrf().disable(); //认证 http.formLogin() .loginPage("/login.html") //登录页面 .loginProcessingUrl("/login") //表单的请求路径 .usernameParameter("username") .passwordParameter("password") .defaultSuccessUrl("/pages/index.html", true);//登录成功后跳转的页面 //授权 http.authorizeRequests() //.antMatchers("/pages/a.html").hasAuthority("aaa") //.antMatchers("/pages/b.html").hasAuthority("bbb") //.antMatchers("/pages/c.html").hasRole("CCC") //角色标识符不能用ROLE_开头 .anyRequest().authenticated();//登录成后,放开权限能够访问其它页面 //退出登录 http.logout().logoutUrl("/logout") .logoutSuccessUrl("/login.html") .invalidateHttpSession(true); } /** * 加密方法,使用直接注入 * * @return */ @Bean public PasswordEncoder passwordEncoder() { return new BCryptPasswordEncoder(); } }

四、UserServiceImpl

/*
 * Copyright (c) 2020, 2024,  All rights reserved.
 *
 */
package com.by.service;

import com.by.pojo.UserInfo;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Component;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;

/**
 * 

Project: ican_parent - UserServiceImpl

*

Powered by scl On 2024-01-29 16:37:34

*

描述:

* * @author 孙臣龙 [[email protected]] * @version 1.0 * @since 17 */ @Component public class UserServiceImpl implements UserDetailsService { @Autowired private PasswordEncoder passwordEncoder; private Map mysql = new HashMap<>(); public void initMysql() { mysql.put("admin", new UserInfo("admin", passwordEncoder.encode("111"))); mysql.put("test", new UserInfo("test", passwordEncoder.encode("111"))); } @Override public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { //初始化数据(类似与数据库) initMysql(); //根据前端传过来的参数去数据库中查询 UserInfo userInfo = mysql.get(username); if (userInfo == null) { return null; } String password = userInfo.getPassword();//密码为明文 //模拟从数据库查询权限 List list = new ArrayList<>(); //通过用户名配置权限 if (username.equals("admin")) { list.add(new SimpleGrantedAuthority("aaa")); list.add(new SimpleGrantedAuthority("bbb")); } else { list.add(new SimpleGrantedAuthority("ROLE_CCC")); } //为什么不对比密码?程序员只需提供数据,对比密码归security管 return new User(username, password, list); } }

五、使用注解配置权限

/*
 * Copyright (c) 2020, 2024,  All rights reserved.
 *
 */
package com.by.controller;

import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

import java.util.Collection;

/**
 * 

Project: ican_parent - HelloController

*

Powered by scl On 2024-01-29 19:50:41

*

描述:

* * @author 孙臣龙 [[email protected]] * @version 1.0 * @since 17 */ @RestController public class HelloController { @RequestMapping("/aaa") @PreAuthorize("hasAuthority('aaa')") public String aaa() { return "aaa"; } @RequestMapping("/bbb") @PreAuthorize("hasAuthority('bbb')") public String bbb() { return "bbb"; } @RequestMapping("/ccc") @PreAuthorize("hasRole('CCC')") public String ccc() { return "ccc"; } @RequestMapping("/ddd") @PreAuthorize("isAuthenticated()") public String ddd() { return "ddd"; } /** * 获取用户名 * @param authentication * @return */ @GetMapping("/user") public String getCurrentUser(Authentication authentication) { UserDetails userDetails = (UserDetails) authentication.getPrincipal(); String username = userDetails.getUsername(); Collection authorities = userDetails.getAuthorities(); // 这里可以根据需要获取更多的用户信息 return "用户名:" + username + ";角色:" + authorities; } }

六、实体类

package com.by.pojo;

public class UserInfo {
    String username;
    String password;

    public UserInfo(String username,String password){
        this.username = username;
        this.password = password;
    }

    public String getUsername() {
        return username;
    }

    public void setUsername(String username) {
        this.username = username;
    }

    public String getPassword() {
        return password;
    }

    public void setPassword(String password) {
        this.password = password;
    }

    @Override
    public String toString() {
        return "UserInfo{" +
                "username='" + username + '\'' +
                ", password='" + password + '\'' +
                '}';
    }
}

七、html页面

Spring Security的入门案例!!!_第1张图片

a.html、b.html、c.html:




    
    Title


a 页面,你瞅啥!!!!

index.html




    
    Title


就这就这就这!!!!退出登录
获取用户名

login.html:




    
    登录页面


自定义登录页面

username:
password:

你可能感兴趣的:(spring,java,数据库)