大佬教程收集整理的这篇文章主要介绍了从零学习SpringSecurity,大佬教程大佬觉得挺不错的,现在分享给大家,也给大家做个参考。
SpringSecurity是一个功能强大且高度可定制的身份验证和访问控制框架,和spring项目整合更加方便。
@H_622_22@myspringsecurity
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
package com.zb.myspringsecurity.controller;
import org.springframework.web.bind.Annotation.requestMapping;
import org.springframework.web.bind.Annotation.RestController;
@RestController
@requestMapping("/demo")
public class DemoController {
@requestMapping("/Hello")
public String Hello() {
return "Hello world";
}
}
@H_622_22@myspringsecurityApplication.main();
http://localhost:8080/demo/Hello
我们会发现浏览器会跳转到login页面,如下图
我们可以在项目启动日志里面找到密码
2021-07-19 10:58:48.558 INFO 5244 --- [ main] .s.DelegaTingFilterProxyRegistrationBean : Mapping filter: 'springSecurityFilterChain' to: [/*]
2021-07-19 10:58:48.558 INFO 5244 --- [ main] o.s.b.w.servlet.ServletRegistrationBean : Servlet dispatcherServlet mapped to [/]
2021-07-19 10:58:48.684 INFO 5244 --- [ main] o.s.s.concurrent.ThreadPoolTaskExecutor : Initializing Executorservice 'applicationTaskExecutor'
2021-07-19 10:58:48.812 INFO 5244 --- [ main] .s.S.UserDetailsserviceAutoConfiguration :
Using generated security password: ced4127a-1677-438e-a65b-2ab219137083
2021-07-19 10:58:48.868 INFO 5244 --- [ main] o.s.s.web.DefaultSecurityFilterChain : CreaTing filter chain: any request, [org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@40021799, org.springframework.security.web.context.SecurityContextPersistenceFilter@2d7e1102, org.springframework.security.web.header.HeaderWriterFilter@3fbfa96, org.springframework.security.web.csrf.CsrfFilter@61533ae, org.springframework.security.web.authentication.logout.LogoutFilter@4a699efa, org.springframework.security.web.authentication.UsernamepasswordAuthenticationFilter@4482469c, org.springframework.security.web.authentication.ui.DefaultLoginPageGeneraTingFilter@4917d36b, org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneraTingFilter@4a1c0752, org.springframework.security.web.authentication.www.basicAuthenticationFilter@278f8425, org.springframework.security.web.savedrequest.requestCacheAwareFilter@2adddc06, org.springframework.security.web.servletapi.SecurityContextHolderAwarerequestFilter@4ebadd3d, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@332f25c8, org.springframework.security.web.session.SessionManagementFilter@466d49f0, org.springframework.security.web.access.ExceptionTranslationFilter@599f571f, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@7004e3d]
2021-07-19 10:58:48.911 INFO 5244 --- [ main] o.s.b.w.embedded.tomcat.tomcatWebServer : tomcat started on port(s): 8080 (http) with context path ''
2021-07-19 10:58:48.914 INFO 5244 --- [ main] c.z.m.MyspringsecurityApplication : Started MyspringsecurityApplication in 1.458 seconds (JVM running for 2.405)
登录成功如下图:
刚才的密码生成在日志里面了,实际使用很不方便,可以把密码用户名固定配置一下
spring.security.user.name=admin
spring.security.user.password=123
刚才是写在配置文件里面,我们还可以写到java类里面
package com.zb.myspringsecurity.config.security;
import org.springframework.context.Annotation.bean;
import org.springframework.security.config.Annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.Annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.Annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.bCryptpasswordEncoder;
import org.springframework.security.crypto.password.passwordEncoder;
@EnableWebSecurity
public class ZbWebSecurityConfigurer extends WebSecurityConfigurerAdapter {
@Bean
passwordEncoder passwordEncoder() {
return new BCryptpasswordEncoder();
}
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.withUser("zhangsan")
.password(passwordEncoder().encode("123"))
.roles("ADMIN")
.and()
.withUser("lisi")
.password(passwordEncoder().encode("123"))
.roles("ADMIN")
.and()
.withUser("wangwu")
.password(passwordEncoder().encode("123"))
.roles("ADMIN")
;
}
}
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers(
//"/**/*.html",
"/**/*.js",
"/**/*.css",
"/**/*.ico",
"/**/*.jpg",
"/**/*.png",
"/test/**" // 忽略test
);
}
@Override
protected void configure(httpSecurity httpSecurity) throws Exception {
httpSecurity
.authorizerequests()
.anyrequest().authenticated()
.and()
.formLogin()
.and()
.httpBasic();
}
package com.zb.myspringsecurity.controller;
import org.springframework.web.bind.Annotation.requestMapping;
import org.springframework.web.bind.Annotation.RestController;
@RestController
@requestMapping("/test")
public class TESTController {
@requestMapping("/test")
public String Hello() {
return "Hello test";
}
}
重启项目测试一下没问题
create database myspringsecurity CHARACTER SET = utf8mb4 COLLATE = utf8mb4_unicode_ci;
create user securityuser IDENTIFIED by 'securitypass';
grant all privileges on myspringsecurity.* to securityuser@localhost identified by 'securitypass';
flush privileges;
drop table IF EXISTS `tb_user`;
create table `tb_user` (
`id` bigint(20) NOT NULL AUTO_INCREMENT,
`user_name` varchar(50) DEFAULT NULL,
`password` varchar(100) DEFAULT NULL,
`mobile` int(11) DEFAULT NULL,
`sex` int(2) DEFAULT NULL,
`email` varchar(50) DEFAULT NULL,
`status` int(2) DEFAULT NULL,
`create_time` DATE DEFAULT NULL,
`create_id` int(11) DEFAULT NULL,
`update_time` date DEFAULT NULL,
`update_id` int(11) DEFAULT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=1 DEFAULT CHARSET=utf8;
drop table IF EXISTS `tb_role`;
create table `tb_role` (
`id` bigint(20) NOT NULL AUTO_INCREMENT,
`role_name` varchar(50) DEFAULT NULL,
`status` int(2) DEFAULT NULL,
`create_time` DATE DEFAULT NULL,
`create_id` int(11) DEFAULT NULL,
`update_time` date DEFAULT NULL,
`update_id` int(11) DEFAULT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=1 DEFAULT CHARSET=utf8;
drop table IF EXISTS `tr_user_role`;
create table `tr_user_role` (
`id` bigint(20) NOT NULL AUTO_INCREMENT,
`user_id` bigint(20) DEFAULT NULL,
`role_id` bigint(20) DEFAULT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=1 DEFAULT CHARSET=utf8;
insert into `tb_user` (id, user_name, password) values (1, 'zhangsan', '123');
insert into `tb_user` (id, user_name, password) values (2, 'lisi', '123');
insert into `tb_user` (id, user_name, password) values (3, 'wangwu', '123');
insert into `tb_role` (id, role_@R_772_8313@ values (1, '系统管理员');
insert into `tb_role` (id, role_@R_772_8313@ values (2, '一般操作员');
insert into `tr_user_role` (id, user_id, role_id) values (1, 1, 1);
insert into `tr_user_role` (id, user_id, role_id) values (2, 1, 2);
insert into `tr_user_role` (id, user_id, role_id) values (3, 2, 2);
我们这里用了mybatis-plus。
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>5.1.44</version>
</dependency>
<dependency>
<groupId>com.baomidou</groupId>
<artifactId>mybatis-plus-boot-starter</artifactId>
<version>3.1.2</version>
</dependency>
<!-- mybatis-plus代码生成 -->
<dependency>
<groupId>org.freemarker</groupId>
<artifactId>freemarker</artifactId>
<version>2.3.29</version>
</dependency>
<dependency>
<groupId>com.baomidou</groupId>
<artifactId>mybatis-plus-generator</artifactId>
<version>3.1.2</version>
</dependency>
package com.zb.myspringsecurity.config.mybatis;
import com.baomidou.mybatisplus.core.toolkit.StringPool;
import com.baomidou.mybatisplus.generator.AutoGenerator;
import com.baomidou.mybatisplus.generator.InjectionConfig;
import com.baomidou.mybatisplus.generator.config.*;
import com.baomidou.mybatisplus.generator.config.po.TableInfo;
import com.baomidou.mybatisplus.generator.config.rules.NamingStrategy;
import com.baomidou.mybatisplus.generator.ENGIne.FreemarkerTemplateENGIne;
import java.util.ArrayList;
import java.util.List;
public class MybatisGenerator {
public static void main(String[] args) {
AutoGenerator mpg = new AutoGenerator();
// 全局配置
GlobalConfig gc = new GlobalConfig();
final String projectPath = System.getProperty("user.dir");
gc.setOutputDir(projectPath + "/src/main/java");
gc.setAuthor("system");
gc.setOpen(false);
gc.setFiLeoverride(true);
gc.setBaseResultMap(true);
// gc.setSwagger2(true); 实体属性 Swagger2 注解
mpg.setGlobalConfig(gc);
// 数据源配置
DatasourceConfig dsc = new DatasourceConfig();
dsc.setUrl("jdbc:mysql://127.0.0.1:3306/myspringsecurity?useUnicode=true&useSSL=false&characterEncoding=utf8");
// dsc.setschemaname("public");
dsc.setDriverName("com.mysql.jdbc.Driver");
dsc.setUsername("securityuser");
dsc.setpassword("securitypass");
mpg.setDatasource(dsc);
// 包配置
PackageConfig pc = new PackageConfig();
pc.setParent("com.zb.myspringsecurity");
mpg.setPackageInfo(pc);
// 自定义配置
InjectionConfig cfg = new InjectionConfig() {
@Override
public void initMap() {
// to do nothing
}
};
// 如果模板引擎是 freemarker
String templatePath = "/templates/mapper.xml.ftl";
// 如果模板引擎是 velocity
// String templatePath = "/templates/mapper.xml.vm";
// 自定义输出配置
List<FiLeoutConfig> focList = new ArrayList<>();
// 自定义配置会被优先输出
focList.add(new FiLeoutConfig(templatePath) {
@Override
public String outputFile(TableInfo tableInfo) {
// 自定义输出文件名 , 如果你 Entity 设置了前后缀、此处注意 xml 的名称会跟着发生变化!!
return projectPath + "/src/main/@R_801_5550@es/mapper/" + tableInfo.getEntityName() + "Mapper" + StringPool.DOT_XML;
}
});
cfg.setFiLeoutConfigList(focList);
mpg.setCfg(cfg);
// 配置模板
TemplateConfig templateConfig = new TemplateConfig();
templateConfig.setXml(null);
mpg.setTemplate(templateConfig);
// 策略配置
StrategyConfig strategy = new StrategyConfig();
strategy.setNaming(NamingStrategy.underline_to_camel);
strategy.setcolumnNaming(NamingStrategy.underline_to_camel);
// strategy.setSuperEntityClass("com.baomidou.ant.common.baseEntity");
strategy.setEntityLombokmodel(true);
strategy.setRestControllerStyle(false);
// 公共父类
// strategy.setSuperControllerClass("com.baomidou.ant.common.baseController");
// 写于父类中的公共字段
// strategy.setSuperEntitycolumns("id");
strategy.seTinclude("tb_user","tb_role","tr_user_role");
// strategy.setControllerMappingHyphenStyle(true);
strategy.setTablePrefix("tb_", "tr_");
mpg.setStrategy(strategy);
mpg.setTemplateENGIne(new FreemarkerTemplateENGIne());
mpg.execute();
}
}
原先的:
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.withUser("zhangsan")
.password(passwordEncoder().encode("123"))
.roles("ADMIN")
.and()
.withUser("lisi")
.password(passwordEncoder().encode("123"))
.roles("ADMIN")
.and()
.withUser(passwordEncoder().encode("123"))
.password("123")
.roles("ADMIN")
;
}
改成新的:
@Autowired
ZxUserDetailsserviceImpl zxUserDetailsservice;
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsservice(zxUserDetailsservicE);
}
package com.zb.myspringsecurity.config.security;
import com.zb.myspringsecurity.entity.Role;
import com.zb.myspringsecurity.entity.User;
import com.zb.myspringsecurity.entity.UserRole;
import com.zb.myspringsecurity.service.IUserRoleservice;
import com.zb.myspringsecurity.service.IUserservice;
import org.springframework.beans.factory.Annotation.Autowired;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetailS.UserDetails;
import org.springframework.security.core.userdetailS.UserDetailsservice;
import org.springframework.security.core.userdetails.usernameNotFoundException;
import org.springframework.security.crypto.password.passwordEncoder;
import org.springframework.stereotype.Component;
import org.springframework.util.Assert;
import org.springframework.util.CollectionUtils;
import java.util.ArrayList;
import java.util.List;
@Component
public class ZxUserDetailsserviceImpl implements UserDetailsservice {
@Autowired
passwordEncoder passwordEncoder;
@Autowired
IUserservice iUserservice;
@Autowired
IUserRoleservice iUserRoleservice;
@Override
public UserDetails loadUserByUsername(String user@R_772_8313@ throws UsernameNotFoundException {
/**
// DEMO:
List<SimpleGrantedAuthority> authorityList = new ArrayList<>();
authorityList.add(new SimpleGrantedAuthority("Admin"));
ZxUser zxUser = new ZxUser();
zxUser.setUserName("zhangsanfeng");
zxUser.setpassword(passwordEncoder.encode("123"));
zxUser.setAuthorities(authorityList);
return zxUser;
*/
List<User> userList = iUserservice.lambdaQuery().eq(User::getUserName, user@R_772_8313@.list();
if (CollectionUtils.isEmpty(userList)) {
throw new UsernameNotFoundException("不存在的用户");
}
User user = userList.get(0);
ZxUser zxUser = new ZxUser();
zxUser.setUserName(user.getUserName());
zxUser.setpassword(passwordEncoder.encode(user.getpassword()));
zxUser.setId(user.getId());
List<UserRole> userRoleList = iUserRoleservice.lambdaQuery().eq(UserRole::getUserId, zxUser.getId()).list();
List<SimpleGrantedAuthority> authorityList = new ArrayList<>();
if (!CollectionUtils.isEmpty(userRoleList)) {
for (UserRole userRole : userRoleList) {
authorityList.add(new SimpleGrantedAuthority(String.valueOf(userRole.getRolEID())));
}
}
zxUser.setAuthorities(authorityList);
return zxUser;
}
}
package com.zb.myspringsecurity.config.security;
import com.zb.myspringsecurity.entity.User;
import lombok.Data;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetailS.UserDetails;
import java.util.Collection;
@Data
public class ZxUser extends User implements UserDetails {
private Collection<? extends GrantedAuthority> authorities;
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
return authorities;
}
@Override
public String getpassword() {
return super.getpassword();
}
@Override
public String getUsername() {
return super.getUserName();
}
@Override
public Boolean isaccountnonExpired() {
return true;
}
@Override
public Boolean isaccountnonLocked() {
return true;
}
@Override
public Boolean isCredentialsnonExpired() {
return true;
}
@Override
public Boolean isEnabled() {
return true;
}
}
重启服务,用数据库里面的用户和密码验证没问题。
/**
* 认证管理器
* @return
* @throws Exception
*/
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
package com.zb.myspringsecurity.controller;
import com.zb.myspringsecurity.config.security.ZxUser;
import com.zb.myspringsecurity.config.security.ZxUserDetailsserviceImpl;
import com.zb.myspringsecurity.config.vo.CommonResponse;
import com.zb.myspringsecurity.config.vo.LoginParamVo;
import com.zb.myspringsecurity.config.vo.TokenVo;
import com.zb.myspringsecurity.service.Tokenservice;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.Annotation.Autowired;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.UsernamepasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.bind.Annotation.requestBody;
import org.springframework.web.bind.Annotation.requestMapping;
import org.springframework.web.bind.Annotation.RestController;
import javax.Annotation.@R_801_5550@e;
@Slf4j
@RestController
@requestMapping("/login")
public class LoginController {
@Autowired
private AuthenticationManager authenticationManager;
@@R_801_5550@e
ZxUserDetailsserviceImpl userDetailsservice;
@@R_801_5550@e
Tokenservice tokenservice;
@requestMapping("/login-in")
public CommonResponse<TokenVo> login(@requestBody LoginParamVo loginParamVo) {
try {
// 1 创建UsernamepasswordAuthenticationToken
UsernamepasswordAuthenticationToken token
= new UsernamepasswordAuthenticationToken(loginParamVo.getUsername(), loginParamVo.getpassword());
// 2 认证
Authentication authentication = this.authenticationManager.authenticate(token);
// 3 保存认证信息
SecurityContextHolder.getContext().setAuthentication(authentication);
// 4 加载UserDetails
ZxUser zxUser = thiS.UserDetailsservice.loadUserByUsername(loginParamVo.getUsername());
// 5 生成自定义token
TokenVo tokenVo = tokenservice.createToken(zxUser);
return CommonResponse.successWithData(tokenVo);
} catch (Exception E) {
return CommonResponse.fail(401, e.getmessage());
}
}
}
package com.zb.myspringsecurity.service;
import com.zb.myspringsecurity.config.vo.TokenVo;
import org.springframework.security.core.userdetailS.UserDetails;
public interface Tokenservice {
TokenVo createToken(UserDetails details);
Boolean verifyToken(String token);
String getUserNameByToken(String token);
}
简单的实现:
package com.zb.myspringsecurity.service.impl;
import com.zb.myspringsecurity.config.vo.TokenVo;
import com.zb.myspringsecurity.service.Tokenservice;
import org.springframework.security.core.userdetailS.UserDetails;
import org.springframework.stereotype.service;
import java.util.HashMap;
import java.util.Map;
import java.util.UUID;
@service
public class TokenserviceImpl implements Tokenservice {
// todo 可以存redis, 设置过期时间
private static final Map<String, String> tokenMap = new HashMap<>();
@Override
public TokenVo createToken(UserDetails details) {
String token = UUID.randomUUID().toString();
tokenMap.put(token, details.getUsername());
TokenVo tokenVo = new TokenVo();
tokenVo.setToken(token);
tokenVo.setExpireTime(60*60);
return tokenVo;
}
@Override
public Boolean verifyToken(String token) {
return tokenMap.get(token) != null;
}
@Override
public String getUserNameByToken(String token) {
return tokenMap.get(token);
}
}
修改为:SessionCreationPolicy.STATELESS
@Override
protected void configure(httpSecurity httpSecurity) throws Exception {
httpSecurity
.csrf().disable()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizerequests()
.anyrequest().authenticated()
.and()
.formLogin()
.and()
.httpBasic()
;
}
@Autowired
ZbTokenAuthenticationFilter zbTokenAuthenticationFilter;
httpSecurity.addFilterBefore(zbTokenAuthenticationFilter, UsernamepasswordAuthenticationFilter.class);
filter:
package com.zb.myspringsecurity.config.security.customer;
import com.zb.myspringsecurity.config.security.ZxUser;
import com.zb.myspringsecurity.config.security.ZxUserDetailsserviceImpl;
import com.zb.myspringsecurity.service.IUserRoleservice;
import com.zb.myspringsecurity.service.Tokenservice;
import org.springframework.beans.factory.Annotation.Autowired;
import org.springframework.security.authentication.UsernamepasswordAuthenticationToken;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.WebAuthenticationDetailssource;
import org.springframework.stereotype.service;
import org.springframework.web.filter.oncePerrequestFilter;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.httpServletrequest;
import javax.servlet.http.httpServletResponse;
import java.io.IOException;
@service
public class ZbTokenAuthenticationFilter extends OncePerrequestFilter {
@Autowired
Tokenservice tokenservice;
@Autowired
IUserRoleservice iUserRoleservice;
@Autowired
ZxUserDetailsserviceImpl userDetailsservice;
@Override
protected void doFilterInternal(httpServletrequest request, httpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
logger.info("TokenAuthenticationFilter.doFilterInternal start ...");
String token = request.getHeader("token");
if (token == null || "".equals(token)) {
logger.info("token is null , return .");
filterChain.doFilter(request, responsE);
return;
}
if (SecurityContextHolder.getContext().getAuthentication() != null) {
filterChain.doFilter(request, responsE);
return;
}
Boolean result = tokenservice.verifyToken(token);
if (!result) {
logger.info("ssoservice.verifyToken not pass , return .");
filterChain.doFilter(request, responsE);
return;
}
ZxUser zxUser = userDetailsservice.loadUserByUsername(tokenservice.getUserNameByToken(token));
UsernamepasswordAuthenticationToken authentication = new UsernamepasswordAuthenticationToken(
zxUser, null, zxUser.getAuthorities());
authentication.setDetails(new WebAuthenticationDetailssource().buildDetails(request));
logger.info("token valid pass , username : " + zxUser.getUsername());
SecurityContextHolder.getContext().setAuthentication(authentication);
filterChain.doFilter(request, responsE);
}
}
我们上面已经把spring security的一个核心功能(认证)说完了,下面我们说授权。
drop table IF EXISTS `tb_permission`;
create table `tb_permission` (
`id` bigint(20) NOT NULL AUTO_INCREMENT,
`en_name` varchar(50) DEFAULT NULL,
`cn_name` varchar(50) DEFAULT NULL,
`create_time` DATE DEFAULT NULL,
`create_id` int(11) DEFAULT NULL,
`update_time` date DEFAULT NULL,
`update_id` int(11) DEFAULT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=1 DEFAULT CHARSET=utf8;
drop table IF EXISTS `tr_role_permission`;
create table `tr_role_permission` (
`id` bigint(20) NOT NULL AUTO_INCREMENT,
`role_id` bigint(20) DEFAULT NULL,
`permission_id` bigint(20) DEFAULT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=1 DEFAULT CHARSET=utf8;
insert into `tb_permission` (id, en_name, cn_@R_772_8313@ values (1, 'system:user:read', '可读');
insert into `tb_permission` (id, en_name, cn_@R_772_8313@ values (2, 'system:user:edit', '可修改');
insert into `tr_role_permission` (id, role_id, permission_id) values (1, 1, 1);
insert into `tr_role_permission` (id, role_id, permission_id) values (2, 1, 2);
insert into `tr_role_permission` (id, role_id, permission_id) values (3, 2, 1);
增加permissionSet
@Data
public class ZxUser extends User implements UserDetails {
...
private Set<String> permissionSet;
...
}
增加权限查询部分:
@Override
public ZxUser loadUserByUsername(String user@R_772_8313@ throws UsernameNotFoundException {
List<User> userList = iUserservice.lambdaQuery().eq(User::getUserName, user@R_772_8313@.list();
if (CollectionUtils.isEmpty(userList)) {
throw new UsernameNotFoundException("不存在的用户");
}
User user = userList.get(0);
ZxUser zxUser = new ZxUser();
zxUser.setUserName(user.getUserName());
zxUser.setpassword(passwordEncoder.encode(user.getpassword()));
zxUser.setId(user.getId());
List<SimpleGrantedAuthority> authorityList = new ArrayList<>();
// role
List<UserRole> userRoleList = iUserRoleservice.lambdaQuery().eq(UserRole::getUserId, zxUser.getId()).list();
if (!CollectionUtils.isEmpty(userRoleList)) {
for (UserRole userRole : userRoleList) {
authorityList.add(new SimpleGrantedAuthority(String.valueOf(userRole.getRolEID())));
}
// permission
List<Long> rolEIDList = userRoleList.stream().map(UserRole::getRolEID).collect(Collectors.toList());
List<RolePermission> rolePermissionList = iRolePermissionservice.lambdaQuery()
.in(RolePermission::getRolEID, rolEIDList).list();
if (!CollectionUtils.isEmpty(rolePermissionList)) {
Collection<Permission> permissionList = iPermissionservice
.listByIds(rolePermissionList.stream()
.map(RolePermission::getPermissionId).collect(Collectors.toList()));
Set<String> permissionSet = permissionList.stream().map(Permission::getEn@R_772_8313@.collect(Collectors.toSet());
zxUser.setPermissionSet(permissionSet);
}
}
zxUser.setAuthorities(authorityList);
return zxUser;
}
package com.zb.myspringsecurity.config.security.customer;
import com.zb.myspringsecurity.config.security.ZxUser;
import lombok.extern.slf4j.Slf4j;
import org.springframework.security.access.PermissionEvaluator;
import org.springframework.security.core.Authentication;
import org.springframework.stereotype.Component;
import java.io.serializable;
import java.util.Set;
@Slf4j
@Component
public class ZbPermissionEvaluator implements PermissionEvaluator {
@Override
public Boolean hasPermission(Authentication authentication, Object targetDomainObject, Object permission) {
ZxUser user = (ZxUser) authentication.getPrincipal();
Set<String> permissonSet = user.getPermissionSet();
if (permission == null) {
log.info("permission valid not pass , permission is null");
return false;
}
if (permissonSet.contains(permission.toString())) {
log.info("permission valid pass , permission : {}", permission.toString());
return true;
}
log.info("permission valid not pass , permission : {}", permission.toString());
return false;
}
@Override
public Boolean hasPermission(Authentication authentication, serializable targetId, String targetType, Object permission) {
return false;
}
}
@Autowired
ZbPermissionEvaluator zbPermissionEvaluator;
@Bean
public DefaultWebSecurityExpressionHandler defaultWebSecurityExpressionHandler() {
DefaultWebSecurityExpressionHandler defaultWebSecurityExpressionHandler = new DefaultWebSecurityExpressionHandler();
defaultWebSecurityExpressionHandler.setPermissionEvaluator(zbPermissionEvaluator);
return defaultWebSecurityExpressionHandler;
}
@Override
protected void configure(httpSecurity httpSecurity) throws Exception {
...
httpSecurity.authorizerequests().expressionHandler(defaultWebSecurityExpressionHandler());
...
}
package com.zb.myspringsecurity.controller;
import com.zb.myspringsecurity.entity.User;
import com.zb.myspringsecurity.service.IUserservice;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.Annotation.Autowired;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.Annotation.requestMapping;
import org.springframework.web.bind.Annotation.RestController;
import javax.servlet.http.httpServletrequest;
import java.util.List;
@Slf4j
@RestController
@requestMapping("/user")
public class UserController {
@Autowired
IUserservice iUserservice;
@PreAuthorize("hasPermission('UserController', 'system:user:read')")
@requestMapping("/list")
public List<User> list(httpServletrequest request) {
log.info("session id: {}" , request.getSession().getId());
return iUserservice.list();
}
}
先测试zhangsan:
POST http://localhost:8080/login/login-in
Accept: */*
Cache-Control: no-cache
content-type:application/json
{"username":"zhangsan", "password":"123"}
返回:
{
"data": {
"token": "e048ba23-7061-43d6-ab35-7c2eb93acda8",
"expireTime": 3600
},
"code": 200,
"msg": "ok"
}
用这个token去请求/user/list
GET http://localhost:8080/user/list
Accept: application/json
token: e048ba23-7061-43d6-ab35-7c2eb93acda8
返回:
[
{
"id": 1,
"userName": "zhangsan",
"password": "123",
"mobile": null,
"sex": null,
"email": null,
"status": null,
"createTime": null,
"creatEID": null,
"updatetiR_184_11845@e": null,
"updatEID": null
},
{
"id": 2,
"userName": "lisi",
"password": "123",
"mobile": null,
"sex": null,
"email": null,
"status": null,
"createTime": null,
"creatEID": null,
"updatetiR_184_11845@e": null,
"updatEID": null
},
{
"id": 3,
"userName": "wangwu",
"password": "123",
"mobile": null,
"sex": null,
"email": null,
"status": null,
"createTime": null,
"creatEID": null,
"updatetiR_184_11845@e": null,
"updatEID": null
}
]
{
"timestamp": "2021-07-19T06:53:38.833+0000",
"status": 500,
"error": "Internal Server Error",
"message": "No message available",
"path": "/user/list"
}
欢迎关注微信公众号:丰极,更多技术学习分享。
以上是大佬教程为你收集整理的从零学习SpringSecurity全部内容,希望文章能够帮你解决从零学习SpringSecurity所遇到的程序开发问题。
如果觉得大佬教程网站内容还不错,欢迎将大佬教程推荐给程序员好友。
本图文内容来源于网友网络收集整理提供,作为学习参考使用,版权属于原作者。
如您有任何意见或建议可联系处理。小编QQ:384754419,请注明来意。