Springboot2.3集成Spring security框架的案例
这篇文章主要介绍Springboot2.3集成Spring security框架的案例,文中介绍的非常详细,具有一定的参考价值,感兴趣的小伙伴们一定要看完!
0、pom
<?xml version="1.0" encoding="UTF-8"?><project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd"><modelVersion>4.0.0</modelVersion><parent><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-parent</artifactId><version>2.3.0.RELEASE</version><relativePath/> <!-- lookup parent from repository --></parent><groupId>com.jack</groupId><artifactId>demo</artifactId><version>0.0.1-SNAPSHOT</version><packaging>war</packaging><name>demo</name><description>Demo project for Spring Security</description><properties><java.version>1.8</java.version></properties><dependencies><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-security</artifactId></dependency><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-web</artifactId></dependency><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-tomcat</artifactId><scope>provided</scope></dependency><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-test</artifactId><scope>test</scope><exclusions><exclusion><groupId>org.junit.vintage</groupId><artifactId>junit-vintage-engine</artifactId></exclusion></exclusions></dependency><dependency><groupId>org.springframework.security</groupId><artifactId>spring-security-test</artifactId><scope>test</scope></dependency></dependencies><build><plugins><plugin><groupId>org.springframework.boot</groupId><artifactId>spring-boot-maven-plugin</artifactId></plugin></plugins></build></project>
1、SpringSecurityConfig(security配置)
// 手动定义用户认证 和 // 关联用户Service认证 二者取一
这里测试用的是 手动定义用户认证!!!
package com.jack.demo;import org.springframework.beans.factory.annotation.Autowired;import org.springframework.context.annotation.Configuration;import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;import org.springframework.security.config.annotation.web.builders.HttpSecurity;import org.springframework.security.config.annotation.web.builders.WebSecurity;import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;/** * @program: demo * @description: Security 配置 * @author: Jack.Fang * @date:2020-06-01 1541 **/@Configuration@EnableWebSecuritypublic class SpringSecurityConfig extends WebSecurityConfigurerAdapter { @Autowired private MyUserService myUserService; @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { // 手动定义用户认证 auth.inMemoryAuthentication().passwordEncoder(new BCryptPasswordEncoder()).withUser("admin").password(new BCryptPasswordEncoder().encode("123456")).roles("ADMIN"); auth.inMemoryAuthentication().passwordEncoder(new BCryptPasswordEncoder()).withUser("jack").password(new BCryptPasswordEncoder().encode("fang")).roles("USER"); // 关联用户Service认证 //auth.userDetailsService(myUserService).passwordEncoder(new MyPasswordEncoder()); // 默认jdbc认证 // auth.jdbcAuthentication().usersByUsernameQuery("").authoritiesByUsernameQuery("").passwordEncoder(new MyPasswordEncoder()); } @Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests() .antMatchers("/").permitAll() .anyRequest().authenticated() .and() .logout().permitAll() .and() .formLogin(); http.csrf().disable(); } @Override public void configure(WebSecurity web) throws Exception { web.ignoring().antMatchers("/js/**","/css/**","/image/**"); }}
2、MyPasswordEncoder(自定义密码比较)
package com.jack.demo;import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;import org.springframework.security.crypto.password.PasswordEncoder;/** * @program: demo * @description: 密码加密 * @author: Jack.Fang * @date:2020-06-01 1619 **/public class MyPasswordEncoder implements PasswordEncoder { @Override public String encode(CharSequence charSequence) { return new BCryptPasswordEncoder().encode(charSequence.toString()); } @Override public boolean matches(CharSequence charSequence, String s) { return new BCryptPasswordEncoder().matches(charSequence,s); }}
3、MyUserService(自行实现的用户登录接口)
具体内容 省略。这里测试用的是SpringSecurityConfig手动添加用户名与密码。
package com.jack.demo;import org.springframework.security.core.userdetails.UserDetails;import org.springframework.security.core.userdetails.UserDetailsService;import org.springframework.security.core.userdetails.UsernameNotFoundException;import org.springframework.stereotype.Component;/** * @program: demo * @description: 用户 * @author: Jack.Fang * @date:2020-06-01 1617 **/@Componentpublic class MyUserService implements UserDetailsService { @Override public UserDetails loadUserByUsername(String s) throws UsernameNotFoundException { return null; }}
4、启动类(测试)
DemoApplication.java
package com.jack.demo;import org.springframework.boot.SpringApplication;import org.springframework.boot.autoconfigure.SpringBootApplication;import org.springframework.security.access.prepost.PostAuthorize;import org.springframework.security.access.prepost.PostFilter;import org.springframework.security.access.prepost.PreAuthorize;import org.springframework.security.access.prepost.PreFilter;import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;import org.springframework.security.core.userdetails.User;import org.springframework.web.bind.annotation.RequestMapping;import org.springframework.web.bind.annotation.RestController;import java.util.List;@EnableGlobalMethodSecurity(prePostEnabled = true)@RestController@SpringBootApplicationpublic class DemoApplication {public static void main(String[] args) {SpringApplication.run(DemoApplication.class, args);}@RequestMapping("/")public String index(){return "hello Spring Security!";}@RequestMapping("/hello")public String hello(){return "hello !";}@PreAuthorize("hasRole('ROLE_ADMIN')")@RequestMapping("/roleAdmin")public String role() {return "admin auth";}@PreAuthorize("#id<10 and principal.username.equals(#username) and #user.username.equals('abc')")@PostAuthorize("returnObject%2==0")@RequestMapping("/test")public Integer test(Integer id, String username, User user) {// ...return id;}@PreFilter("filterObject%2==0")@PostFilter("filterObject%4==0")@RequestMapping("/test2")public List<Integer> test2(List<Integer> idList) {// ...return idList;}}
测试hello接口(http://localhost:8080/hello)
未登录跳转登录页
登录SpringSecurityConfig配置的admin账号与密码123456
成功调用hello
测试roleAdmin(登录admin 123456成功,登录jack fang访问则失败)
登出 logout
以上是Springboot2.3集成Spring security框架的案例的所有内容,感谢各位的阅读!希望分享的内容对大家有帮助,更多相关知识,欢迎关注亿速云行业资讯频道!
声明:本站所有文章资源内容,如无特殊说明或标注,均为采集网络资源。如若本站内容侵犯了原著者的合法权益,可联系本站删除。
