标签:return,spring,boot,用户,springsecurity,thymeleaf,jsp,org,public From: https://blog.csdn.net/Baizeh/article/details/140791359创建一个springboot工程导入依赖
<dependencies> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-thymeleaf</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> </dependency> <!--thymeleaf和springsecurity整合的依赖--> <dependency> <groupId>org.thymeleaf.extras</groupId> <artifactId>thymeleaf-extras-springsecurity5</artifactId> </dependency> <dependency> <groupId>org.projectlombok</groupId> <artifactId>lombok</artifactId> <optional>true</optional> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-test</artifactId> <scope>test</scope> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-test</artifactId> <scope>test</scope> </dependency> <dependency> <groupId>mysql</groupId> <artifactId>mysql-connector-java</artifactId> </dependency> <dependency> <groupId>com.baomidou</groupId> <artifactId>mybatis-plus-boot-starter</artifactId> <version>3.4.2</version> </dependency> </dependencies>
配置类
server.port=8088 #定义服务器端口号 spring.datasource.url=jdbc:mysql://localhost:3306/qy174_spring_boot_security03?useUnicode=true&characterEncoding=utf-8&useSSL=false&serverTimezone=Asia/Shanghai #连接数据库 spring.datasource.username=root #数据库账号 spring.datasource.password=root #数据库密码 spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver #数据源 mybatis-plus.mapper-locations=classpath*:mapper/*Mapper.xml #mapper映射文件 mybatis-plus.configuration.log-impl=org.apache.ibatis.logging.stdout.StdOutImpl #日志
dao层
public interface PermissionMapper extends BaseMapper<Permission> { //继承BaseMapper使用其自带的单表查询方法 public List<Permission> selectByUserId(Integer userId); //因为权限表需要多表查询,所以要自己写方法 }
service类
@Service public class MyUserDetailService implements UserDetailsService { @Autowired private UserMapper userMapper; //注入对应mapper使用sql进行数据库操作 @Autowired private PermissionMapper permissionMapper; //注入权限表mapper进行数据库操作 @Override public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { //根据账号查询用户信息,username必须唯一 QueryWrapper<User> wrapper=new QueryWrapper<>(); wrapper.eq("username",username); User user = userMapper.selectOne(wrapper); //在数据库根据username查询该用户新 if(Objects.nonNull(user)){ //判断用户是否存在 //如果存在查询该用户具有的权限 List<Permission> permissions = permissionMapper.selectByUserId(user.getUserid()); //将存放权限的集合转化为返回值要求的集合类型 List<SimpleGrantedAuthority> collect = permissions.stream().map(item -> new SimpleGrantedAuthority(item.getPercode())).collect(Collectors.toList()); //转换集合方法等价于该遍历的方法(两个方法存在一个即可) List<SimpleGrantedAuthority> list=new ArrayList<>() ; for(Permission p:permissions){ SimpleGrantedAuthority simpleGrantedAuthority = new SimpleGrantedAuthority(p.getPercode()); list.add(simpleGrantedAuthority); } return new org.springframework.security.core.userdetails.User(username,user.getUserpwd(),collect); } return null; } }
security配置类
@Configuration public class SecurityConfig extends WebSecurityConfigurerAdapter{ @Bean //设置密码加密器 使用:先new出该对象PasswordEncoder passwordEncoder=new BCryptPasswordEncoder(); public PasswordEncoder passwordEncoder() { //passwordEncoder.encode("密码")进行加密 return new BCryptPasswordEncoder(); //passwordEncoder.matches("密码", 加密后的密码)比较密码是否一致 } @Autowired private MyUserDetailService userDetailService; //注入自定义的service类,用于基于数据库进行用户验证 @Override //基于数据库定义用户,使用该方法后不需要基于内存定义的代码 protected void configure(AuthenticationManagerBuilder auth) throws Exception{ auth.userDetailsService(userDetailService); } @Override //一些额外的配置 protected void configure(HttpSecurity http) throws Exception { http.formLogin() .loginPage("/login.html") //未登录时跳转的登录页面 .loginProcessingUrl("/login") //登录页面提交的处理路径 默认为/login .successForwardUrl("/success") //登录成功跳转的路径 必须为post请求 .failureForwardUrl("/fail") //登录失败跳转的路径 必须为post请求 .permitAll(); //上面的请求路径无需登录 http.exceptionHandling().accessDeniedPage("/403.html");//权限不足时跳转的页面 http.csrf().disable(); //禁用跨域伪造请求的过滤器(必带) http.authorizeRequests().anyRequest().authenticated(); //除了其之上的请求,其他请求都需要登录验证 } }
controller层(在启动类application中使用EnableGlobalMethodSecurity(prePostEnabled=true)开启权限绑定的注解驱动 )
@GetMapping("info") @PreAuthorize("hasAuthority('user:info')") //资源执行前判断当前用户是否拥有user:info权限 public Authentication info(){ //获取当前用户信息 SecurityContext context = SecurityContextHolder.getContext(); //获取SecurityContext对象 Authentication authentication = context.getAuthentication(); //把用户信息封装到Authontication中 UserDetails principal = (UserDetails) authentication.getPrincipal(); //获取用户账号密码等信息 return authentication; } @GetMapping("insert") @PreAuthorize("hasAuthority('user:select')") //资源执行前判断当前用户是否拥有user:select权限 public String insert(){ System.out.println("添加用户"); return "添加用户"; } @GetMapping("delete") public String delete(){ System.out.println("删除用户"); return "删除用户"; } @GetMapping("update") public String update(){ System.out.println("修改用户"); return "修改用户"; } @GetMapping("select") public String select(){ System.out.println("查询用户"); return "查询用户"; }