1 项目结构图

2 AnyUserDetailsService

package com.fengyntec.config;

import com.fengyntec.entity.UserEntity;
import com.fengyntec.service.UserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service; import java.util.ArrayList;
import java.util.List; @Service
public class AnyUserDetailsService implements UserDetailsService { @Autowired
private UserService userService; @Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
UserEntity userEntity = userService.getByUsername(username);
if (userEntity == null){
System.out.println("用户不存在");
}
List<SimpleGrantedAuthority> simpleGrantedAuthorities = createAuthorities(userEntity.getRoles());
UserDetails userDetails = new User(userEntity.getUsername(),userEntity.getPassword(),simpleGrantedAuthorities);
return userDetails;
} private List<SimpleGrantedAuthority> createAuthorities(String roleStr){
String[] roles = roleStr.split(",");
List<SimpleGrantedAuthority> simpleGrantedAuthorities = new ArrayList<>();
for (String role : roles) {
simpleGrantedAuthorities.add(new SimpleGrantedAuthority(role));
}
return simpleGrantedAuthorities;
}
}

3 WebSecurityConfig

package com.fengyntec.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; @EnableWebSecurity
@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Autowired
private AnyUserDetailsService anyUserDetailsService; @Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.authorizeRequests()
.antMatchers("/user/**").hasRole("USER")
.antMatchers("/admin/**").hasRole("ADMIN")
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login.html")
.permitAll()
;
} /**
* 添加 UserDetailsService, 实现自定义登录校验
*/
@Override
protected void configure(AuthenticationManagerBuilder builder) throws Exception{
builder.userDetailsService(anyUserDetailsService).passwordEncoder(new BCryptPasswordEncoder());
}
}

4 Constant

package com.fengyntec.constant;

public interface Constant {
public static String ROLE_USER = "ROLE_USER";
}

5 HomeController

package com.fengyntec.controller;

import com.fengyntec.service.UserService;
import com.google.gson.Gson;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.annotation.Secured;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController; import java.util.ArrayList;
import java.util.List; @RestController
@EnableGlobalMethodSecurity(securedEnabled = true)
public class HomeController { @Autowired
private UserService userService; @GetMapping("/hell")
public String hello(SecurityContextHolder holder){
System.out.println(holder.toString());
return new Gson().toJson(holder);
} @GetMapping("admin")
public String admin(){
return "admin";
} @GetMapping("/vip")
@Secured("ROLE_VIP")
public String vip(){
return "仅限于vip用户查看";
} @GetMapping("/openVip")
public boolean uodateVip(){
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
List<GrantedAuthority> updateAuthority = new ArrayList<>(auth.getAuthorities());
updateAuthority.add(new SimpleGrantedAuthority("ROLE_VIP"));
Authentication newAuth = new UsernamePasswordAuthenticationToken(auth.getPrincipal(),auth.getCredentials(),updateAuthority);
SecurityContextHolder.getContext().setAuthentication(newAuth);
return true;
}
}

6 UserEntity

package com.fengyntec.entity;

import lombok.Data;

@Data
public class UserEntity {
private Long id; /**
* 账号
*/
private String username; /**
* 密码
*/
private String password; /**
* 昵称
*/
private String nickname; /**
* 权限
*/
private String roles;
}

7 Mapper

package com.fengyntec.mapper;

import com.fengyntec.entity.UserEntity;
import org.apache.ibatis.annotations.Insert;
import org.apache.ibatis.annotations.Param;
import org.apache.ibatis.annotations.Select;
import org.springframework.stereotype.Component; @org.apache.ibatis.annotations.Mapper
@Component
public interface Mapper { @Insert("insert into user(username, password, nickname, roles) values(#{username}, #{password}, #{nickname}, #{roles})")
int insert(UserEntity userEntity); @Select("select * from user where username = #{username}")
UserEntity selectByUsername(@Param("username") String username);
}

8 UserService

package com.fengyntec.service;

import com.fengyntec.constant.Constant;
import com.fengyntec.entity.UserEntity;
import com.fengyntec.mapper.Mapper;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Primary; @org.springframework.stereotype.Service
@Primary
public class UserService { @Autowired
private Mapper mapper; public boolean insert(UserEntity userEntity){
String username = userEntity.getUsername();
if (exist(username)){
return false;
}
userEntity.setRoles(Constant.ROLE_USER);
int result = mapper.insert(userEntity);
return result == 1 ;
} private boolean exist(String username){
UserEntity userEntity = mapper.selectByUsername(username);
return userEntity != null;
} public UserEntity getByUsername(String username) {
return mapper.selectByUsername(username);
}
}

spring boot 中使用spring security阶段小结的更多相关文章

  1. Spring Boot中使用 Spring Security 构建权限系统

    Spring Security是一个能够为基于Spring的企业应用系统提供声明式的安全访问控制解决方案的安全框架.它提供了一组可以在Spring应用上下文中配置的Bean,为应用系统提供声明式的安全 ...

  2. Spring Boot中使用Spring Security进行安全控制

    我们在编写Web应用时,经常需要对页面做一些安全控制,比如:对于没有访问权限的用户需要转到登录表单页面.要实现访问控制的方法多种多样,可以通过Aop.拦截器实现,也可以通过框架实现(如:Apache ...

  3. 【swagger】1.swagger提供开发者文档--简单集成到spring boot中【spring mvc】【spring boot】

    swagger提供开发者文档 ======================================================== 作用:想使用swagger的同学,一定是想用它来做前后台 ...

  4. 在Spring Boot中使用Spring Security实现权限控制

    丢代码地址 https://gitee.com/a247292980/spring-security 再丢pom.xml <properties> <project.build.so ...

  5. Spring Boot中集成Spring Security 专题

    check to see if spring security is applied that the appropriate resources are permitted: @Configurat ...

  6. Spring Boot 中使用 Spring Security, OAuth2 跨域问题 (自己挖的坑)

    使用 Spring Boot 开发 API 使用 Spring Security + OAuth2 + JWT 鉴权,已经在 Controller 配置允许跨域: @RestController @C ...

  7. Spring Boot 中应用Spring data mongdb

    摘要 本文主要简单介绍下如何在Spring Boot 项目中使用Spring data mongdb.没有深入探究,仅供入门参考. 文末有代码链接 准备 安装mongodb 需要连接mongodb,所 ...

  8. spring boot中扩展spring mvc 源码分析

    首先,确认你是对spring boot的自动配置相关机制是有了解的,如果不了解请看我spring boot相关的源码分析. 通常的使用方法是继承自org.springframework.boot.au ...

  9. spring-boot-starter-security Spring Boot中集成Spring Security

    spring security是springboot支持的权限控制系统. security.basic.authorize-mode 要使用权限控制模式. security.basic.enabled ...

随机推荐

  1. Linux04 /创建虚拟环境、在linux环境运行Python项目

    Linux04 /创建虚拟环境.在linux环境运行Python项目 目录 Linux04 /创建虚拟环境.在linux环境运行Python项目 1. 大体流程 2. linux环境安装python3 ...

  2. POJ 1047 Round and Round We Go 最详细的解题报告

    题目链接:Round and Round We Go 解题思路:用程序实现一个乘法功能,将给定的字符串依次做旋转,然后进行比较.由于题目比较简单,所以不做过多的详解. 具体算法(java版,可以直接A ...

  3. gvim使用总结

    我的gvim配置 set nocompatible " 关闭vi兼容 " 显示相关 set go= set number set cursorline set nowrap set ...

  4. SQL中的多表联查(SELECT DISTINCT 语句)

    前言:(在表中,可能会包含重复值.这并不成问题,不过,有时你也许希望仅仅列出不同(distinct)的值. 关键词 DISTINCT 用于返回唯一不同的值.) 如果不加DISTINCT 的话,主表本来 ...

  5. md5加密密码

    using System.Security.Cryptography; public string GetStrMd5(string ConvertString) { MD5CryptoService ...

  6. system.out.println从什么方向执行

    从左向右执行,当“+”号前后有字符串出现时,就当做字符串连接符号处理了.

  7. DEX文件解析--7、类及其类数据解析(完结篇)

    一.前言    前置技能链接:       DEX文件解析---1.dex文件头解析       DEX文件解析---2.Dex文件checksum(校验和)解析       DEX文件解析--3.d ...

  8. P1433 吃奶酪(洛谷)状压dp解法

    嗯?这题竟然是个绿题. 这个题真的不(很)难,我们只是不会计算2点之间的距离,他还给出了公式,这个就有点…… 我们直接套公式去求出需要的值,然后普通的状压dp就可以了. 是的状压dp. 这个题的数据加 ...

  9. vue & 百度地图:在地图上绘制多边形

    <template> <div class="hello"> <div style="margin-bottom:10px"> ...

  10. mysqldump导出表结构及数据

    问题描述:有需要mysql某几张表的需求,某个数据库某几张表,导出先检查相应的数据库和表是否存在 数据泵用法:默认导出的是表结构以及表中的数据 mysqldump -uroot -p -S /data ...