spring boot 中使用spring security阶段小结
1 项目结构图
2 AnyUserDetailsService
package com.fengyntec.config; import com.fengyntec.entity.UserEntity;
import com.fengyntec.service.UserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service; import java.util.ArrayList;
import java.util.List; @Service
public class AnyUserDetailsService implements UserDetailsService { @Autowired
private UserService userService; @Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
UserEntity userEntity = userService.getByUsername(username);
if (userEntity == null){
System.out.println("用户不存在");
}
List<SimpleGrantedAuthority> simpleGrantedAuthorities = createAuthorities(userEntity.getRoles());
UserDetails userDetails = new User(userEntity.getUsername(),userEntity.getPassword(),simpleGrantedAuthorities);
return userDetails;
} private List<SimpleGrantedAuthority> createAuthorities(String roleStr){
String[] roles = roleStr.split(",");
List<SimpleGrantedAuthority> simpleGrantedAuthorities = new ArrayList<>();
for (String role : roles) {
simpleGrantedAuthorities.add(new SimpleGrantedAuthority(role));
}
return simpleGrantedAuthorities;
}
}
3 WebSecurityConfig
package com.fengyntec.config; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; @EnableWebSecurity
@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Autowired
private AnyUserDetailsService anyUserDetailsService; @Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.authorizeRequests()
.antMatchers("/user/**").hasRole("USER")
.antMatchers("/admin/**").hasRole("ADMIN")
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login.html")
.permitAll()
;
} /**
* 添加 UserDetailsService, 实现自定义登录校验
*/
@Override
protected void configure(AuthenticationManagerBuilder builder) throws Exception{
builder.userDetailsService(anyUserDetailsService).passwordEncoder(new BCryptPasswordEncoder());
}
}
4 Constant
package com.fengyntec.constant; public interface Constant {
public static String ROLE_USER = "ROLE_USER";
}
5 HomeController
package com.fengyntec.controller; import com.fengyntec.service.UserService;
import com.google.gson.Gson;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.annotation.Secured;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController; import java.util.ArrayList;
import java.util.List; @RestController
@EnableGlobalMethodSecurity(securedEnabled = true)
public class HomeController { @Autowired
private UserService userService; @GetMapping("/hell")
public String hello(SecurityContextHolder holder){
System.out.println(holder.toString());
return new Gson().toJson(holder);
} @GetMapping("admin")
public String admin(){
return "admin";
} @GetMapping("/vip")
@Secured("ROLE_VIP")
public String vip(){
return "仅限于vip用户查看";
} @GetMapping("/openVip")
public boolean uodateVip(){
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
List<GrantedAuthority> updateAuthority = new ArrayList<>(auth.getAuthorities());
updateAuthority.add(new SimpleGrantedAuthority("ROLE_VIP"));
Authentication newAuth = new UsernamePasswordAuthenticationToken(auth.getPrincipal(),auth.getCredentials(),updateAuthority);
SecurityContextHolder.getContext().setAuthentication(newAuth);
return true;
}
}
6 UserEntity
package com.fengyntec.entity; import lombok.Data; @Data
public class UserEntity {
private Long id; /**
* 账号
*/
private String username; /**
* 密码
*/
private String password; /**
* 昵称
*/
private String nickname; /**
* 权限
*/
private String roles;
}
7 Mapper
package com.fengyntec.mapper; import com.fengyntec.entity.UserEntity;
import org.apache.ibatis.annotations.Insert;
import org.apache.ibatis.annotations.Param;
import org.apache.ibatis.annotations.Select;
import org.springframework.stereotype.Component; @org.apache.ibatis.annotations.Mapper
@Component
public interface Mapper { @Insert("insert into user(username, password, nickname, roles) values(#{username}, #{password}, #{nickname}, #{roles})")
int insert(UserEntity userEntity); @Select("select * from user where username = #{username}")
UserEntity selectByUsername(@Param("username") String username);
}
8 UserService
package com.fengyntec.service; import com.fengyntec.constant.Constant;
import com.fengyntec.entity.UserEntity;
import com.fengyntec.mapper.Mapper;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Primary; @org.springframework.stereotype.Service
@Primary
public class UserService { @Autowired
private Mapper mapper; public boolean insert(UserEntity userEntity){
String username = userEntity.getUsername();
if (exist(username)){
return false;
}
userEntity.setRoles(Constant.ROLE_USER);
int result = mapper.insert(userEntity);
return result == 1 ;
} private boolean exist(String username){
UserEntity userEntity = mapper.selectByUsername(username);
return userEntity != null;
} public UserEntity getByUsername(String username) {
return mapper.selectByUsername(username);
}
}
spring boot 中使用spring security阶段小结的更多相关文章
- Spring Boot中使用 Spring Security 构建权限系统
Spring Security是一个能够为基于Spring的企业应用系统提供声明式的安全访问控制解决方案的安全框架.它提供了一组可以在Spring应用上下文中配置的Bean,为应用系统提供声明式的安全 ...
- Spring Boot中使用Spring Security进行安全控制
我们在编写Web应用时,经常需要对页面做一些安全控制,比如:对于没有访问权限的用户需要转到登录表单页面.要实现访问控制的方法多种多样,可以通过Aop.拦截器实现,也可以通过框架实现(如:Apache ...
- 【swagger】1.swagger提供开发者文档--简单集成到spring boot中【spring mvc】【spring boot】
swagger提供开发者文档 ======================================================== 作用:想使用swagger的同学,一定是想用它来做前后台 ...
- 在Spring Boot中使用Spring Security实现权限控制
丢代码地址 https://gitee.com/a247292980/spring-security 再丢pom.xml <properties> <project.build.so ...
- Spring Boot中集成Spring Security 专题
check to see if spring security is applied that the appropriate resources are permitted: @Configurat ...
- Spring Boot 中使用 Spring Security, OAuth2 跨域问题 (自己挖的坑)
使用 Spring Boot 开发 API 使用 Spring Security + OAuth2 + JWT 鉴权,已经在 Controller 配置允许跨域: @RestController @C ...
- Spring Boot 中应用Spring data mongdb
摘要 本文主要简单介绍下如何在Spring Boot 项目中使用Spring data mongdb.没有深入探究,仅供入门参考. 文末有代码链接 准备 安装mongodb 需要连接mongodb,所 ...
- spring boot中扩展spring mvc 源码分析
首先,确认你是对spring boot的自动配置相关机制是有了解的,如果不了解请看我spring boot相关的源码分析. 通常的使用方法是继承自org.springframework.boot.au ...
- spring-boot-starter-security Spring Boot中集成Spring Security
spring security是springboot支持的权限控制系统. security.basic.authorize-mode 要使用权限控制模式. security.basic.enabled ...
随机推荐
- 2020牛客暑期多校训练营(第一场)H Minimum-cost Flow
Minimum-cost Flow 题目:给n个点,m条边.接下来m行包含(a,b,c),即a,b之间有单位流量代价为c的边.接下来有q个问题,每个问题给定(x,y),即假设每条边的容量为x/y时,从 ...
- Linux下显示运行时链接(运行时加载)
目录 介绍 如何加载动态库 dlopen() 第一个参数: 被加载动态库的路径 第二个参数: flag表示函数符号的解析方式 dlopen 返回值 dlsym() 参数: 返回值 符号优先级 dler ...
- OSCP Learning Notes - Post Exploitation(2)
Windows Post Exploitation Target Server: IE8-Win 7 VM 1. Download and upload the fgdump, PwDump7, wc ...
- OSCP Learning Notes - WebApp Exploitation(4)
Local File Inclusion[LFI] Target Pentester Lab: Download from the following website: https://www.vul ...
- 【译】GraalVM—下一代JVM介绍
原标题:GraalVM – an introduction to the next level JVM 随着Red Hat宣布Quarkus作为- 为GraalVM和HotSpot量身定制的下一代Ku ...
- C# 泛型中的数据类型判定与转换
提到类型转换,首先要明确C#中的数据类型,主要分为值类型和引用类型: 1.常用的值类型有:(struct) 整型家族:int,byte,char,short,long等等一系列 浮点家族:float, ...
- View Animation 运行原理解析
Android 平台目前提供了两大类动画,在 Android 3.0 之前,一大类是 View Animation,包括 Tween animation(补间动画),Frame animation(帧 ...
- jmeter之断言、数据提取器(正则表达式、jsonpath、beanshell)、聚合报告、参数化
ctx - ( JMeterContext) - gives access to the context vars - ( JMeterVariables) - gives read/write ac ...
- 基于jqgrid + ashx + nhibernate的分页
因为我目前运维的是一个webform项目,项目中未用到分页的功能,我百度了很多文章也没有一篇是结合jqgrid + ashx + nhibernate的分页,可能是因为后台要请求ashx的原因,不像m ...
- ~~并发编程(十四):Queue~~
进击のpython ***** 并发编程--Queue 进程其实就提过这个Queue的问题,我们为什么在进程使用Queue? 是因为当时我们想要对共享数据进行修改,同时也希望它能够自动的给我加个锁 基 ...