springboot2.1.4 与security5用户认证学习笔记
1、学习这个用了4天终于弄出来
2、刚调试成功做个笔记
<?xml version="1.0" encoding="UTF-8"?><project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion>4.0.0</modelVersion> <parent> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-parent</artifactId> <version>2.1.4.RELEASE</version> <relativePath/> <!-- lookup parent from repository --> </parent> <groupId>com.eSpringSecurity</groupId> <artifactId>demo</artifactId> <version>0.0.1-SNAPSHOT</version> <name>demo</name> <description>Demo project for Spring Boot</description> <properties> <java.version>1.8</java.version> </properties> <dependencies> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-thymeleaf</artifactId> </dependency> <dependency> <groupId>org.thymeleaf.extras</groupId> <artifactId>thymeleaf-extras-springsecurity5</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> </dependency> <dependency> <groupId>org.mybatis.spring.boot</groupId> <artifactId>mybatis-spring-boot-starter</artifactId> <version>2.0.1</version> </dependency> <dependency> <groupId>mysql</groupId> <artifactId>mysql-connector-java</artifactId> <scope>runtime</scope> </dependency> <dependency> <groupId>org.projectlombok</groupId> <artifactId>lombok</artifactId> <optional>true</optional> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-test</artifactId> <scope>test</scope> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-test</artifactId> <scope>test</scope> </dependency> <!-- https://mvnrepository.com/artifact/com.alibaba/druid --> <dependency> <groupId>com.alibaba</groupId> <artifactId>druid</artifactId> <version>1.1.9</version> </dependency> <!-- https://mvnrepository.com/artifact/log4j/log4j --> <dependency> <groupId>log4j</groupId> <artifactId>log4j</artifactId> <version>1.2.17</version> </dependency> <!-- https://mvnrepository.com/artifact/com.github.pagehelper/pagehelper-spring-boot-starter --> <dependency> <groupId>com.github.pagehelper</groupId> <artifactId>pagehelper-spring-boot-starter</artifactId> <version>1.2.10</version> </dependency> <dependency> <groupId>org.mybatis.spring.boot</groupId> <artifactId>mybatis-spring-boot-starter</artifactId> <version>2.0.1</version> </dependency> <!--配置js.scc--> <!-- https://mvnrepository.com/artifact/org.webjars/bootstrap --> <dependency> <groupId>org.webjars</groupId> <artifactId>bootstrap</artifactId> <version>4.3.1</version> </dependency> <!-- https://mvnrepository.com/artifact/org.webjars.bower/jquery --> <dependency> <groupId>org.webjars.bower</groupId> <artifactId>jquery</artifactId> <version>3.3.1</version> </dependency> <!-- https://mvnrepository.com/artifact/org.apache.commons/commons-lang3 --> <dependency> <groupId>org.apache.commons</groupId> <artifactId>commons-lang3</artifactId> <version>3.8.1</version> </dependency> <dependency> <groupId>cn.hutool</groupId> <artifactId>hutool-all</artifactId> <version>4.5.7</version> </dependency> </dependencies> <build> <plugins> <plugin> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-maven-plugin</artifactId> </plugin> </plugins> </build></project>application.properties
#thymelea模板配置spring.thymeleaf.prefix=classpath:/templates/spring.thymeleaf.suffix=.htmlspring.thymeleaf.mode=HTML5spring.thymeleaf.encoding=UTF-8spring.thymeleaf.servlet.content-type=text/html#热部署文件,页面不产生缓存,及时更新# 开发阶段务必关闭缓存 (=false)spring.thymeleaf.cache=falsespring.resources.chain.strategy.content.enabled=truespring.resources.chain.strategy.content.paths=/**#logging.level.com.dy.springboot.server.mapper=debugspring.jackson.date-format=yyyy-MM-dd HH:mm:ssspring.jackson.time-zone=GMT+8server.port=8080application.yml
spring: datasource: username: root# password: root password: 123456 url: jdbc:mysql://localhost:3306/ssm_crud?useUnicode=true&characterEncoding=UTF-8&useJDBCCompliantTimezoneShift=true&useLegacyDatetimeCode=false&serverTimezone=UTC type: com.alibaba.druid.pool.DruidDataSource initialSize: 5 minIdle: 5 maxActive: 20 maxWait: 60000 timeBetweenEvictionRunsMillis: 60000 minEvictableIdleTimeMillis: 300000 validationQuery: SELECT 1 FROM DUAL testWhileIdle: true testOnBorrow: false testOnReturn: false poolPreparedStatements: true # 配置监控统计拦截的filters,去掉后监控界面sql无法统计,'wall'用于防火墙 filters: stat,wall,log4j maxPoolPreparedStatementPerConnectionSize: 20 useGlobalDataSourceStat: true connectionProperties: druid.stat.mergeSql=true;druid.stat.slowSqlMillis=500mybatis: # 指定全局配置文件位置 config-location: classpath:generator/mybatis-config.xml # 指定sql映射文件位置 mapper-locations: classpath:mapping/*.xml# schema:# - classpath:department.sqllog4j.properties
log4j.rootCategory=INFO, stdout , logfilelog4j.appender.stdout=org.apache.log4j.ConsoleAppenderlog4j.appender.stdout.layout=org.apache.log4j.PatternLayoutlog4j.appender.stdout.layout.ConversionPattern=[SeleniumAutoConsole] %p [%t] %C.%M(%L) | %m%nlog4j.appender.logfile.encoding=UTF-8log4j.appender.logfile=org.apache.log4j.DailyRollingFileAppenderlog4j.appender.logfile.File=logs/logs.log#log4j.appender.logfile.DatePattern='.'yyyy-MM-dd'.log'#log4j.appender.logfile.Append=truelog4j.appender.logfile.layout=org.apache.log4j.PatternLayoutlog4j.appender.logfile.layout.ConversionPattern=%d-[SeleniumAutoFile] %p [%t] %C.%M(%L) - %m%nconfigDruidConfig
package com.espringsecurity.config;import com.alibaba.druid.pool.DruidDataSource;import com.alibaba.druid.support.http.StatViewServlet;import com.alibaba.druid.support.http.WebStatFilter;import org.springframework.boot.context.properties.ConfigurationProperties;import org.springframework.boot.web.servlet.FilterRegistrationBean;import org.springframework.boot.web.servlet.ServletRegistrationBean;import org.springframework.context.annotation.Bean;import org.springframework.context.annotation.Configuration;import javax.sql.DataSource;import java.util.Arrays;import java.util.HashMap;import java.util.Map;/** * @author liwen406 * @Title: DruidConfig * @Description: * @date 2018/12/21 / 22:43 */@Configurationpublic class DruidConfig { @ConfigurationProperties(prefix = "spring.datasource") @Bean public DataSource druid() { return new DruidDataSource(); } /** * 配置Druid的监控 * 1、配置一个管理后台的Servlet * @return */ @Bean public ServletRegistrationBean statViewServlet() { ServletRegistrationBean bean = new ServletRegistrationBean(new StatViewServlet(), "/druid/*"); Map<String, String> initParams = new HashMap<>(); initParams.put("loginUsername", "admin"); initParams.put("loginPassword", "123456"); ////默认就是允许所有访问 initParams.put("allow", ""); initParams.put("deny", "192.168.15.21"); bean.setInitParameters(initParams); return bean; } /**2、配置一个web监控的filter*/ @Bean public FilterRegistrationBean webStatFilter() { FilterRegistrationBean bean = new FilterRegistrationBean(); bean.setFilter(new WebStatFilter()); Map<String, String> initParams = new HashMap<>(); initParams.put("exclusions", "*.js,*.css,/druid/*"); bean.setInitParameters(initParams); bean.setUrlPatterns(Arrays.asList("/*")); return bean; }}MyBatisConfig
package com.espringsecurity.config;import com.github.pagehelper.PageHelper;import org.apache.ibatis.session.Configuration;import org.mybatis.spring.boot.autoconfigure.ConfigurationCustomizer;import org.springframework.context.annotation.Bean;import java.util.Properties;/** *配置文件 * @author liwen406 * @date 2019-04-20 12:14 2019-04-20 13:20 */@org.springframework.context.annotation.Configurationpublic class MyBatisConfig { /** * 目的防止驼峰命名规则 * @return */ @Bean public ConfigurationCustomizer configurationCustomizer(){ return new ConfigurationCustomizer(){ @Override public void customize(Configuration configuration) { configuration.setMapUnderscoreToCamelCase(true); } }; } /** * 分页插件 * @return */ @Bean public PageHelper pageHelper() {// System.out.println("MyBatisConfiguration.pageHelper()"); PageHelper pageHelper = new PageHelper(); Properties p = new Properties(); p.setProperty("offsetAsPageNum", "true"); p.setProperty("rowBoundsWithCount", "true"); p.setProperty("reasonable", "true"); pageHelper.setProperties(p); return pageHelper; }}MyPasswordEncoder
import org.springframework.security.crypto.password.PasswordEncoder;/** * @author liwen406 * @Title: MyPasswordEncoder * @Description: * @date 2019/5/4 / 18:20 */public class MyPasswordEncoder implements PasswordEncoder { @Override public String encode(CharSequence charSequence) { return charSequence.toString(); } @Override public boolean matches(CharSequence charSequence, String s) { return s.equals(charSequence.toString()); }}WebMvcConfig
/** * @author liwen406 * @Title: WebMvcConfig * @Description: * @date 2019/4/29 / 13:00 */@Configurationpublic class WebMvcConfig implements WebMvcConfigurer { @Override public void addResourceHandlers(ResourceHandlerRegistry registry) { registry.addResourceHandler("/static/**").addResourceLocations("classpath:/static/"); }}WebSecurityConfig
import com.espringsecurity.pojo.User;import com.espringsecurity.service.PasswordEncoder;import com.espringsecurity.service.UserService;import org.springframework.beans.factory.annotation.Autowired;import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;import org.springframework.security.config.annotation.web.builders.HttpSecurity;import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;import org.springframework.security.web.util.matcher.AntPathRequestMatcher;import javax.annotation.Resource;/** * @author liwen406 * @Title: WebSecurityConfig * @Description: * @date 2019/5/4 / 18:18 */@EnableWebSecuritypublic class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Resource private UserService<User> userService; /** * 认证请求规则 * * @param http * @throws Exception */ @Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests().antMatchers("/").permitAll() .antMatchers("/level1/**").hasRole("VIP1") .antMatchers("/level2/**").hasRole("VIP2") .antMatchers("/level3/**").hasRole("VIP3"); // 注销账号 http.logout().logoutSuccessUrl("/"); /****************** 默认的 ****************/ // 默认登录表单 http.formLogin(); // 记住我 http.rememberMe(); /****************** 定制的 ****************/ // 定制页面和参数,默认名称:username,password http.formLogin().loginPage("/login").usernameParameter("username").passwordParameter("passowrd"); // 定制记住我 http.rememberMe().rememberMeParameter("remember"); } /** * 授权 * * @param auth * @throws Exception */ @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth.userDetailsService(userService).passwordEncoder(new PasswordEncoder()); } } controller
package com.espringsecurity.controller;import org.springframework.stereotype.Controller;import org.springframework.web.bind.annotation.GetMapping;import org.springframework.web.bind.annotation.ResponseBody;/** * @author liwen406 * @Title: PageController * @Description: * @date 2019/5/4 / 18:20 */@Controllerpublic class PageController { @GetMapping({"/", "", "/index"}) public String index() { return "index"; } // 定制的登录表单 @GetMapping("/login") public String login() { return "login"; } @GetMapping("level1") @ResponseBody public String level1() { return "level1 拥有角色VIP1"; } @GetMapping("level2") @ResponseBody public String level2() { return "level2 拥有角色VIP2"; } @GetMapping("level3") @ResponseBody public String level3() { return "level3 拥有角色VIP3"; }}dao
import com.espringsecurity.pojo.User;import org.apache.ibatis.annotations.Mapper;import org.apache.ibatis.annotations.Select;/** * @author liwen406 * @Title: UserDao * @Description: * @date 2019/5/4 / 18:58 */@Mapperpublic interface UserDao { @Select("SELECT * from usersys WHERE username = #{userName}") User findByUsername(String username);}pojo
import lombok.AllArgsConstructor;import lombok.Data;import lombok.NoArgsConstructor;/** * @author liwen406 * @Title: User * @Description: * @date 2019/5/4 / 18:33 */@Data@AllArgsConstructor@NoArgsConstructorpublic class User { private Integer id; private String userName; private String password; private String roles;}service
import cn.hutool.core.util.StrUtil;import com.espringsecurity.dao.UserDao;import com.espringsecurity.pojo.User;import lombok.extern.log4j.Log4j2;import org.springframework.beans.factory.annotation.Autowired;import org.springframework.security.core.authority.SimpleGrantedAuthority;import org.springframework.security.core.userdetails.UserDetails;import org.springframework.security.core.userdetails.UserDetailsService;import org.springframework.security.core.userdetails.UsernameNotFoundException;import org.springframework.stereotype.Service;import java.util.ArrayList;/** * @author liwen406 * @Title: UserService * @Description: * @date 2019/5/4 / 18:32 */@Log4j2@Servicepublic class UserService<T extends User> implements UserDetailsService { @Autowired UserDao userDao; @Override public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { try { User user = userDao.findByUsername(username); if (user == null) { throw new UsernameNotFoundException("用户不存在"); } ArrayList<SimpleGrantedAuthority> authorities = new ArrayList<>(1); if (StrUtil.isNotBlank(user.getRoles())) { String[] roles = user.getRoles().split(","); for (String role : roles) { if (!StrUtil.isBlank(role)) { authorities.add(new SimpleGrantedAuthority("ROLE_"+role.trim())); } } } log.info("前端用户名" + username + "==" + user.getPassword()); return new org.springframework.security.core.userdetails.User(user.getUserName(), user.getPassword(), authorities); } catch (UsernameNotFoundException e) { e.printStackTrace(); } return null; }}PasswordEncoder
import com.espringsecurity.utils.MD5Util;/** * @author liwen406 * @Title: PasswordEncoder * @Description: * @date 2019/5/4 / 18:56 */public class PasswordEncoder implements org.springframework.security.crypto.password.PasswordEncoder { @Override public String encode(CharSequence rawPassword) { return MD5Util.encode((String) rawPassword); } @Override public boolean matches(CharSequence rawPassword, String encodedPassword) {//user Details Service验证 return encodedPassword.equals(MD5Util.encode((String) rawPassword)); }}MD5Util
package com.espringsecurity.utils;import java.io.UnsupportedEncodingException;import java.math.BigInteger;import java.security.MessageDigest;import java.security.NoSuchAlgorithmException;/** * @author liwen406 * @Title: MD5Util * @Description: * @date 2019/5/4 / 18:56 */public class MD5Util { public static final int time = 5; public static final String SALT = "springsecurity"; /** * 密码加密方法 * * @param password * @return */ public static String encode(String password) { MessageDigest digest; try { digest = MessageDigest.getInstance("MD5"); } catch (NoSuchAlgorithmException e) { throw new IllegalStateException("MD5 algorithm not available. Fatal (should be in the JDK)."); } try { for (int i = 0; i < time; i++) { byte[] bytes = digest.digest((password + SALT).getBytes("UTF-8")); password = String.format("%032x", new BigInteger(1, bytes)); } return password; } catch (UnsupportedEncodingException e) { throw new IllegalStateException("UTF-8 encoding not available. Fatal (should be in the JDK)."); } } public static void main(String[] args) { System.out.println(MD5Util.encode("123456")); }}htmlindex.html
<html xmlns:th="http://www.thymeleaf.org" xmlns:sec="http://www.thymeleaf.org/thymeleaf-extras-springsecurity5"><head> <meta charset="UTF-8"> <title>SpringBoot 整合 SpringSecurity</title></head><body><h3 align="center">SpringBoot 整合 SpringSecurity 实现登录、授权案例</h3><div sec:authorize="!isAuthenticated()"> <h5 align="center">游客您好,<a th:href="@{/login}">请登录</a></h5></div><div sec:authorize="isAuthenticated()"> <h5><span sec:authentication="name"></span>,您拥有的角色:<span sec:authentication="principal.authorities"></span></h5> <form th:action="@{/logout}" method="post"> <input type="submit" value="注销"/> </form></div><hr><ul> <div sec:authorize="hasRole('VIP1')"> <li><a th:href="@{/level1}">VIP1,可以访问</a></li> </div> <div sec:authorize="hasRole('VIP2')"> <li><a th:href="@{/level2}">VIP2,可以访问</a></li> </div> <div sec:authorize="hasRole('VIP3')"> <li><a th:href="@{/level3}">VIP3,可以访问</a></li> </div></ul></body></html>login.html
<html xmlns:th="http://www.thymeleaf.org"><head> <meta charset="UTF-8"> <title>美丽的开始</title></head><body><h3 align="center">我们要加油学习登录页面</h3><hr><form th:action="@{/login}" method="post" > 用户名:<input type="text" name="username"><br> 密码:<input type="password" name="passowrd"><br> <input type="checkbox" name="remember"> 记住我<br> <input type="submit" value="登录"></form></body></html>
声明:本站所有文章资源内容,如无特殊说明或标注,均为采集网络资源。如若本站内容侵犯了原著者的合法权益,可联系本站删除。
