Spring Security基于数据库实现认证过程解析

Spring Security基于数据库实现认证过程解析

创建数据库

SET FOREIGN_KEY_CHECKS=0;

-- ----------------------------

-- Table structure for role

-- ----------------------------

DROP TABLE IF EXISTS `role`;

CREATE TABLE `role` (

`id` int(11) NOT NULL AUTO_INCREMENT,

`name` varchar(32) DEFAULT NULL,

`nameZh` varchar(32) DEFAULT NULL,

PRIMARY KEY (`id`)

) ENGINE=InnoDB AUTO_INCREMENT=4 DEFAULT CHARSET=utf8;

-- ----------------------------

-- Records of role

-- ----------------------------

INSERT INTO `role` VALUES ('1', 'dba', '数据库管理员');

INSERT INTO `role` VALUES ('2', 'admin', '系统管理员');

INSERT INTO `role` VALUES ('3', 'user', '用户');

-- ----------------------------

-- Table structure for user

-- ----------------------------

DROP TABLE IF EXISTS `user`;

CREATE TABLE `user` (

`id` int(11) NOT NULL AUTO_INCREMENT,

`username` varchar(32) DEFAULT NULL,

`password` varchar(255) DEFAULT NULL,

`enabled` tinyint(1) DEFAULT NULL,

`locked` tinyint(1) DEFAULT NULL,

PRIMARY KEY (`id`)

) ENGINE=InnoDB AUTO_INCREMENT=4 DEFAULT CHARSET=utf8;

-- ----------------------------

-- Records of user

-- ------------jTzrxvQhX----------------

INSERT INTO `user` VALUES ('1', 'root', '$2a$10$RMuFXGQ5AtH4wOvkUqyvuecpqUSeoxZYqilXzbz50dceRsga.WYiq', '1', '0');

INSERT INTO `user` VALUES ('2', 'admin', '$2a$10$RMuFXGQ5AtH4wOvkUqyvuecpqUSeoxZYqilXzbz50dceRsga.WYiq', '1', '0');

INSERT INTO `user` VALUES ('3', 'sang', '$2a$10$RMuFXGQ5AtH4wOvkUqyvuecpqUSeoxZYqilXzbz50dceRsjTzrxvQhXga.WYiq', '1', '0');

-- ----------------------------

-- Table structure for user_role

-- ----------------------------

DROP TABLE IF EXISTS `user_role`;

CREATE TABLE `user_role` (

`id` int(11) NOT NULL AUTO_INCREMENT,

`uid` int(11) DEFAULT NULL,

`rid` int(11) DEFAULT NULL,

PRIMARY KEY (`id`)

) ENGINE=InnoDB AUTO_INCREMENT=5 DEFAULT CHARSET=utf8;

-- ----------------------------

-- Records of user_role

-- ----------------------------

INSERT INTO `user_role` VALUES ('1', '1', '1');

INSERT INTO `user_role` VALUES ('2', '1', '2');

INSERT INTO `user_role` VALUES ('3', '2', '2');

INSERT INTO `user_role` VALUES ('4', '3', '3');

SET FOREIGN_KEY_CHECKS=1;

导入依赖

org.springframework.boot

spring-boot-starter-security

org.springframework.boot

spring-boot-starter-web

org.mybatis.spring.boot

mybatis-spring-boot-starter

2.1.3

mysql

mysql-connector-java

runtime

5.1.46

com.alibaba

druid-spring-boot-starter

1.1.22

spring.datasource.url=jdbc:mysql://127.0.0.1:3306/javaboy?useUnicode=true&characterEncoding=utf8

spring.datasource.username=root

spring.datasource.password=root

spring.datasource.type=com.alibaba.druid.pool.DruidDataSource

让bean实现UserDetails接口

public class User implements UserDetails {

private Integer id;

private String username;

private String password;

private Boolean enabled;

private Boolean locked;

private List roles;

public List getRoles() {

return roles;

}

public void setRoles(List roles) {

this.roles = roles;

}

public Integer getId() {

return id;

}

public void setId(Integer id) {

this.id = id;

}

public void setUsername(String username) {

this.username = username;

}

public void setPassword(String password) { this.password = password; }

public void setEnabled(Boolean enabled) {

this.enabled = enabled;

}

public void setLocked(Boolean locked) {

this.locked = locked;

}

@Override

public Collection extends GrantedAuthority> getAuthorities() {

List authorities = new ArrayList<>();

for (Role role : roles) {

authorities.add(new SimpleGrantedAuthority("ROLE_" + role.getName()));

}

return authorities;

}

@Override

public String getPassword() {

return password;

}

public String getUsername() {

return username;

}

//账户是否未过期

@Override

public boolean isAccountNonExpired() {

return true;

}

//账户是否未锁定

@Override

public boolean isAccountNonLocked() {

return !locked;

}

@Override

public boolean isCredentialsNonExhttp://pired() {

return true;

}

@Override

public boolean isEnabled() {

return enabled;

}

}

public class Role {

private Integer id;

private String name;

private String nameZh;

...

}

userMapper

在类上直接加@Mapper或者在SpringBoot启动类上配置全局的扫描@MapperScan(basePackages="")

@Mapper

public interface UserMapper {

User loadUserByUsername(String username);

List getUserRolesById(Integer id);

}

PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"

"http://mybatis.org/dtd/mybatis-3-mapper.dtd">

select * from user where username = #{username}

select * from role where id in(select rid from user_role where uid=#{id})

userService 同样也要继承UserServiceDetails接口

@Service

public class UserService implements UserDetailsService {

@Autowired

UserMapper userMapper;

@Override

public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {

User user =userMapper.loadUserByUsername(username);

if(user==null){

throw new UsernameNotFoundException("用户不存在");

}

user.setRoles(userMapper.getUserRolesById(user.getId()));

return user;

}

}

HelloController

@RestController

public class HelloController {

@GetMapping("/hello")

public String hello(){

return "hello security";

}

@GetMapping("/dba/hello")

public String dba(){

return "hello dba";

}

@GetMapping("/admin/hello")

public String admin(){

return "hello admin";

}

@GetMapping("/user/hello")

public String user(){

return "hello user";

}

}

SecurityConfig

SercurityConfig需要继承WebSecurityConfigurerAdapter类，并在类上加@Configuration

SpringSecurity5.0之后密码必须加密

把数据库查出的用户信息交给SpringSecurity处理

配置httpSercurity

@Configuration

public class SecurityConfig extends WebSecurityConfigurerAdapter {

@Autowired

UserService userService;

//把数据库查出的用户信息交给SpringSecurity处理

@Override

protected void configure(AuthenticationManagerBuilder auth) throws Exception {

auth.userDetailsService(userService);

}

@Bean

PasswordEncoder passwordEncoder(){

return new BCryptPasswordEncoder();

}

@Override

protected void configure(HttpSecurity http) throws Exception {

http.authorizeRequests()

.antMatchers("/dba/**").hasRole("dba")

.antMatchers("/admin/**").hasRole("admin")

.antMatchers("/user/**").hasRole("user")

.anyRequest().authenticated()

.and()

.formLogin()

.permitAll()

.and()

.csrf().disable();

}

}

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。