Springboot JPA+Security 完成簡單的登陸驗證和權限分配
前言
本文參考 汪雲飛《Java EE 顛覆者...》。css
- Security專門針對Spring項目安全的框架,提供安全方面的諸多功能,使用@EnableWebSecurity註解並使配置類繼承WebSecurityConfigurerAdapter並使用@ConfigurationProperties,把同類的配置信息自動封裝成實體類。
- Spring Security中進行身份驗證的是AuthenticationManager接口,ProviderManager是它的一個默認實現,但它並不用來處理身份認證,而是委託給配置好的AuthenticationProvider,每一個AuthenticationProvider會輪流檢查身份認證。檢查後或者返回Authentication對象或者拋出異常。驗證身份就是加載響應的UserDetails,看看是否和用戶輸入的帳號、密碼、權限等信息匹配。
- Thymeleaf也提供Security的安全支持
新建項目並引入依賴
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.thymeleaf.extras</groupId>
<artifactId>thymeleaf-extras-springsecurity4</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-jpa</artifactId>
</dependency>
配置application
spring.datasource.driver-class-name=com.mysql.jdbc.Driver spring.datasource.url=jdbc:mysql://localhost:3306/test?useSSL=false spring.datasource.username=root spring.datasource.password=123456 logging.level.org.springframework.security=info spring.thymeleaf.cache=false spring.jpa.hibernate.ddl-auto=update spring.jpa.show-sql=true spring.jpa.database-platform=org.hibernate.dialect.MySQL5Dialect spring.jpa.hibernate.dialect=org.hibernate.dialect.MySQL5Dialect server.port= 9090
定義角色
package com.jpaandsecurity.entity;
import javax.persistence.Entity;
import javax.persistence.GeneratedValue;
import javax.persistence.Id;
/**
* Created by Administrator on 2017/9/19.
*/
@Entity
public class SysRole {
@Id
@GeneratedValue
private Long id;
private String name;
public Long getId() {
return id;
}
public void setId(Long id) {
this.id = id;
}
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
}
定義用戶
package com.jpaandsecurity.entity;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import javax.persistence.*;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
/**
* Created by Administrator on 2017/9/19.
*/
@Entity
public class SysUser implements UserDetails {
@Id
@GeneratedValue
private Long id;
private String username;
private String password;
@ManyToMany(cascade = {CascadeType.REFRESH},fetch = FetchType.EAGER)
private List<SysRole> roles;
public Long getId() {
return id;
}
public void setId(Long id) {
this.id = id;
}
public void setUsername(String username) {
this.username = username;
}
public void setPassword(String password) {
this.password = password;
}
public List<SysRole> getRoles() {
return roles;
}
public void setRoles(List<SysRole> roles) {
this.roles = roles;
}
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
List<GrantedAuthority> auths = new ArrayList<>();
List<SysRole> roles = this.getRoles();
for (SysRole role : roles) {
auths.add(new SimpleGrantedAuthority(role.getName()));
}
return auths;
}
@Override
public String getPassword() {
return this.password;
}
@Override
public String getUsername() {
return this.username;
}
@Override
public boolean isAccountNonExpired() {
return true;
}
@Override
public boolean isAccountNonLocked() {
return true;
}
@Override
public boolean isCredentialsNonExpired() {
return true;
}
@Override
public boolean isEnabled() {
return true;
}
}
定義傳值對象
package com.jpaandsecurity.entity;
/**
* Created by Administrator on 2017/9/19.
*/
public class Msg {
private String title;
private String content;
private String extraInfo;
public Msg() {
}
public String getTitle() {
return title;
}
public void setTitle(String title) {
this.title = title;
}
public String getContent() {
return content;
}
public void setContent(String content) {
this.content = content;
}
public String getExtraInfo() {
return extraInfo;
}
public void setExtraInfo(String extraInfo) {
this.extraInfo = extraInfo;
}
public Msg(String title, String content, String extraInfo) {
this.title = title;
this.content = content;
this.extraInfo = extraInfo;
}
}
配置Security
package com.jpaandsecurity.config;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
/**
* Created by Administrator on 2017/9/19.
*/
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Bean
UserDetailsService customUserService() {
return new CustomUserService();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(customUserService());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.anyRequest()
.authenticated()
.and().formLogin()
.loginPage("/login")
.failureUrl("/login?error")
.permitAll().and()
.logout().permitAll();
}
}
配置WebMvc
package com.jpaandsecurity.config;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
/**
* Created by Administrator on 2017/9/19.
*/
@Configuration
public class WebMvcConfig extends WebMvcConfigurerAdapter {
@Override
public void addViewControllers(ViewControllerRegistry registry) {
registry.addViewController("/login").setViewName("login");
}
}
定義服務
package com.jpaandsecurity.config;
import com.jpaandsecurity.dao.SysUserRepository;
import com.jpaandsecurity.entity.SysUser;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
/**
* Created by Administrator on 2017/9/19.
*/
public class CustomUserService implements UserDetailsService {
@Autowired
SysUserRepository userRepository;
@Override
public UserDetails loadUserByUsername(String s) throws UsernameNotFoundException {
SysUser user = userRepository.findByUsername(s);
if (user == null) {
throw new UsernameNotFoundException("用戶名不存在");
}
System.out.println("s:"+s);
System.out.println("username:"+user.getUsername()+";password:"+user.getPassword());
return user;
}
}
定義接口
package com.jpaandsecurity.dao;
import com.jpaandsecurity.entity.SysUser;
import org.springframework.data.jpa.repository.JpaRepository;
/**
* Created by Administrator on 2017/9/19.
*/
public interface SysUserRepository extends JpaRepository<SysUser, Long> {
SysUser findByUsername(String username);
}
編寫控制器
package com.jpaandsecurity.controller;
import com.jpaandsecurity.entity.Msg;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;
/**
* Created by Administrator on 2017/9/19.
*/
@Controller
public class HomeController {
@RequestMapping("/")
public String index(Model model) {
Msg msg = new Msg("測試標題", "測試內容", "額外信息,只對管理員顯示");
model.addAttribute("msg", msg);
return "index";
}
}
login登陸頁
<!DOCTYPE html>
<html lang="en" xmlns:th="http://www.thymeleaf.org">
<head>
<title>登陸</title>
<link rel="stylesheet" th:href="@{static/css/bootstrap.css/bootstrap.min.css}"/>
<style type="text/css">
body {
padding-top: 50px;
}
.starter-template {
padding: 40px 15px;
text-align: center;
}
</style>
</head>
<body>
<div class="container">
<div class="starter-template">
<p th:if="${param.logout}" class="bg-warning">已註銷</p>
<p th:if="${param.error}" class="bg-danger">有錯誤,請重試</p>
<h2>使用帳號密碼登陸</h2>
<form class="form-signin" role="form" name="form" th:action="@{/login}" action="/login" method="post">
<div class="form-group">
<label for="username">帳號</label>
<input type="text" class="form-control" name="username" value="" placeholder="帳號"/>
</div>
<div class="form-group">
<label for="password">密碼</label>
<input type="password" class="form-control" name="password" placeholder="密碼"/>
</div>
<input type="submit" id="login" value="Login" class="btn btn-primary"/>
</form>
</div>
</div>
</body>
</html>
index 主頁
<!DOCTYPE html>
<html lang="en" xmlns:th="http://www.thymeleaf.org"
xmlns:sec="http://www.thymeleaf.org/thymeleaf-extras-springsecurity4">
<head>
<link rel="stylesheet" th:href="@{static/css/bootstrap/bootstrap.min.css}"/>
<title sec:authentication="name"></title>
<style type="text/css">
body {
padding-top: 50px;
}
.starter-template {
padding: 40px 15px;
text-align: center;
}
</style>
</head>
<body>
<div class="container">
<div class="starter-template">
<h1 th:text="${msg.title}"></h1>
<p class="bg-primary" th:text="${msg.content}"></p>
<div sec:authorize="hasRole('ROLE_ADMIN')">
<p class="bg-info" th:text="${msg.extraInfo}"></p>
</div>
<div sec:authorize="hasRole('ROLE_USER')">
<p class="bg-info">無更多顯示信息</p>
</div>
<form th:action="@{/logout}" method="post">
<input type="submit" class="btn btn-primary" value="註銷"/>
</form>
</div>
</div>
</body>
</html>
建立數據庫並運行
建立數據庫後,因爲配置了JPA 的Update屬性他會在數據庫中建立相應的表html
存入數據並運行
存入相匹配的數據到數據庫中後從新點擊運行,並訪問。java
相關文章
- 1. SpringBoot基於SpringSecurity表單登陸和權限驗證
- 2. 登陸權限驗證session
- 3. 登陸權限驗證token
- 4. Springboot 整合ApachShiro完成登錄驗證和權限管理
- 5. springboot-整合shiro和vue的驗證登陸和權限
- 6. springboot+shrio簡易登陸登出和用戶權限認證。
- 7. SpringBoot之Shiro整合登陸驗證、角色驗證和權限驗證
- 8. 簡單的登陸權限驗證明現
- 9. springboot + spring security + JWT 進行登陸驗證和權限管理
- 10. 使用SpringBoot+shiro完成簡單的登陸認證
- 更多相關文章...
- • PHP 表單驗證 - PHP教程
- • PHP 表單 - 驗證郵件和URL - PHP教程
- • TiDB 在摩拜單車在線數據業務的應用和實踐
- • IntelliJ IDEA 代碼格式化配置和快捷鍵
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
歡迎關注本站公眾號,獲取更多信息
相關文章
- 1. SpringBoot基於SpringSecurity表單登陸和權限驗證
- 2. 登陸權限驗證session
- 3. 登陸權限驗證token
- 4. Springboot 整合ApachShiro完成登錄驗證和權限管理
- 5. springboot-整合shiro和vue的驗證登陸和權限
- 6. springboot+shrio簡易登陸登出和用戶權限認證。
- 7. SpringBoot之Shiro整合登陸驗證、角色驗證和權限驗證
- 8. 簡單的登陸權限驗證明現
- 9. springboot + spring security + JWT 進行登陸驗證和權限管理
- 10. 使用SpringBoot+shiro完成簡單的登陸認證