springboot+springsecurity+mybatis plus之用户认证
生活随笔
收集整理的這篇文章主要介紹了
springboot+springsecurity+mybatis plus之用户认证
小編覺(jué)得挺不錯(cuò)的,現(xiàn)在分享給大家,幫大家做個(gè)參考.
一、權(quán)限管理的概念
另一個(gè)安全框架shiro:shiro之權(quán)限管理的描述
導(dǎo)入常用坐標(biāo)
<dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter</artifactId></dependency><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-test</artifactId><scope>test</scope></dependency><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-web</artifactId><version>2.3.6.RELEASE</version></dependency><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-security</artifactId><version>2.3.9.RELEASE</version></dependency>二、spring security用戶認(rèn)證
1.用戶認(rèn)證之a(chǎn)pplication.properties配置文件
spring.security.user.name=admin spring.security.user.password=admin2.用戶認(rèn)證之自定義配置文件
@Configuration public class SecurityConfig extends WebSecurityConfigurerAdapter {@Overrideprotected void configure(AuthenticationManagerBuilder auth) throws Exception {BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();String encode = passwordEncoder.encode("admin");auth.inMemoryAuthentication().withUser("admin").password(encode).roles();}@BeanPasswordEncoder passwordEncoder() {return new BCryptPasswordEncoder();} }3.數(shù)據(jù)庫(kù)查詢(這一種也是最常用的)
1.使用mybatis plus框架處理dao層
<dependency><groupId>org.projectlombok</groupId><artifactId>lombok</artifactId></dependency><dependency><groupId>mysql</groupId><artifactId>mysql-connector-java</artifactId></dependency><dependency><groupId>com.baomidou</groupId><artifactId>mybatis-plus-boot-starter</artifactId><version>3.4.1</version></dependency>2.創(chuàng)建數(shù)據(jù)庫(kù)表
3.編寫(xiě)mapper文件
@Repository public interface UserMapper extends BaseMapper<Users> {}4.編寫(xiě)service
package com.zsh.security.service;import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper; import com.zsh.security.mapper.UserMapper; import com.zsh.security.pojo.Users; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.AuthorityUtils; import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UsernameNotFoundException; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.stereotype.Service;import java.util.List;/*** @author:抱著魚(yú)睡覺(jué)的喵喵* @date:2021/3/12* @description:*/ @Service("userDetailsService") public class UserDetailServiceImpl implements UserDetailsService {@Autowiredprivate UserMapper userMapper;@Overridepublic UserDetails loadUserByUsername(String s) throws UsernameNotFoundException {QueryWrapper<Users> wrapper = new QueryWrapper<>();wrapper.eq("username", s);Users users = userMapper.selectOne(wrapper);if (users == null) {throw new UsernameNotFoundException("賬號(hào)或密碼錯(cuò)誤!");} else {List<GrantedAuthority> auths = AuthorityUtils.commaSeparatedStringToAuthorityList("role");return new User(users.getUsername(), new BCryptPasswordEncoder().encode(users.getPassword()), auths);}} }5.編寫(xiě)配置文件
package com.zsh.security.config;import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder;/*** @author:抱著魚(yú)睡覺(jué)的喵喵* @date:2021/3/12* @description:*/ @Configuration public class SecurityConfig2 extends WebSecurityConfigurerAdapter {@Autowiredprivate UserDetailsService userDetailsService;@Overrideprotected void configure(AuthenticationManagerBuilder auth) throws Exception {auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());}@BeanPasswordEncoder passwordEncoder() {return new BCryptPasswordEncoder();} }6.配置數(shù)據(jù)庫(kù)連接
spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver spring.datasource.url=jdbc:mysql://127.0.0.1:3306/springsecurity?serverTimezone=UTC spring.datasource.username=root spring.datasource.password=admin7.運(yùn)行
過(guò)濾器鏈
三、自定義登錄界面
1.在SecurityConfig2中加入有關(guān)http的實(shí)現(xiàn)方法
package com.zsh.security.config;import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder;/*** @author:抱著魚(yú)睡覺(jué)的喵喵* @date:2021/3/12* @description:*/ @Configuration public class SecurityConfig2 extends WebSecurityConfigurerAdapter {@Autowiredprivate UserDetailsService userDetailsService;@Overrideprotected void configure(AuthenticationManagerBuilder auth) throws Exception {auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());}@Overrideprotected void configure(HttpSecurity http) throws Exception {http.formLogin().loginPage("/login.html") //設(shè)置登錄界面.loginProcessingUrl("/user/login") //登錄界面url.defaultSuccessUrl("/test/index") //默認(rèn)登錄成功界面.and().authorizeRequests() //哪些資源可以直接訪問(wèn).antMatchers("/","/test/hello","/user/loin").permitAll() //不做處理.anyRequest().authenticated() //所有請(qǐng)求都可以訪問(wèn).and().csrf().disable(); //關(guān)閉CSRF}@BeanPasswordEncoder passwordEncoder() {return new BCryptPasswordEncoder();}}2.login.html
<!DOCTYPE html> <html lang="en"> <head><meta charset="UTF-8"><title>Title</title> </head> <body> <!--name必須是username和password --><form action="/user/login" method="post">username:<input type="text" name="username"> <br>password:<input type="password" name="password"><br><input type="submit" value="提交"></form> </body> </html>3.controller
@RestController @RequestMapping("/test") public class SecurityController {@RequestMapping("/hello")public String hello() {return "hello! Spring Security!";}@RequestMapping("/index")public String index() {return "hello index!";} }4.訪問(wèn)http://localhost:8080/test/hello
5.訪問(wèn)http://localhost:8080/login.html
總結(jié)
以上是生活随笔為你收集整理的springboot+springsecurity+mybatis plus之用户认证的全部?jī)?nèi)容,希望文章能夠幫你解決所遇到的問(wèn)題。
- 上一篇: springboot集成spring s
- 下一篇: springboot+springsec