springboot+springsecurity+mybatis plus之用户授权
生活随笔
收集整理的這篇文章主要介紹了
springboot+springsecurity+mybatis plus之用户授权
小編覺得挺不錯的,現在分享給大家,幫大家做個參考.
文章目錄
- 前言
- 一、導入坐標
- 二、Users實體類及其數據庫表的創建
- 三、controller,service,mapper層的實現
- 四、核心--編寫配置文件
- 五、無權限界面和登錄界面的實現
前言
即訪問控制,控制設能訪問哪些資源。主體進行身份認證后需要分配權限方可訪問系統的資源,對于某資源沒有權限是無法訪問的
一、導入坐標
<?xml version="1.0" encoding="UTF-8"?> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd"><modelVersion>4.0.0</modelVersion><parent><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-parent</artifactId><version>2.4.3</version><relativePath/> <!-- lookup parent from repository --></parent><groupId>com.zsh</groupId><artifactId>springsecurity</artifactId><version>0.0.1-SNAPSHOT</version><name>springsecurity</name><description>Demo project for Spring Boot</description><properties><java.version>1.8</java.version></properties><dependencies><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter</artifactId></dependency><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-test</artifactId><scope>test</scope></dependency><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-web</artifactId><version>2.3.6.RELEASE</version></dependency><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-security</artifactId><version>2.3.9.RELEASE</version></dependency><dependency><groupId>org.mybatis.spring.boot</groupId><artifactId>mybatis-spring-boot-starter</artifactId><version>2.1.4</version></dependency><dependency><groupId>org.projectlombok</groupId><artifactId>lombok</artifactId></dependency><dependency><groupId>mysql</groupId><artifactId>mysql-connector-java</artifactId></dependency><dependency><groupId>com.baomidou</groupId><artifactId>mybatis-plus-boot-starter</artifactId><version>3.4.1</version></dependency></dependencies><build><plugins><plugin><groupId>org.springframework.boot</groupId><artifactId>spring-boot-maven-plugin</artifactId></plugin></plugins></build></project>二、Users實體類及其數據庫表的創建
@Data public class Users {private int id;private String username;private String password; } spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver spring.datasource.url=jdbc:mysql://127.0.0.1:3306/springsecurity?serverTimezone=UTC spring.datasource.username=root spring.datasource.password=admin三、controller,service,mapper層的實現
package com.zsh.security.controller;import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RestController;/*** @author:抱著魚睡覺的喵喵* @date:2021/3/12* @description:*/ @RestController @RequestMapping("/test") public class SecurityController {@RequestMapping("/hello")public String hello() {return "hello! Spring Security!";}@RequestMapping("/index")public String index() {return "hello index!";} } package com.zsh.security.service;import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper; import com.zsh.security.mapper.UserMapper; import com.zsh.security.pojo.Users; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.AuthorityUtils; import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UsernameNotFoundException; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.stereotype.Service;import java.util.List;/*** @author:抱著魚睡覺的喵喵* @date:2021/3/12* @description:*/ @Service("userDetailsService") public class UserDetailServiceImpl implements UserDetailsService {@Autowiredprivate UserMapper userMapper;@Overridepublic UserDetails loadUserByUsername(String s) throws UsernameNotFoundException {QueryWrapper<Users> wrapper = new QueryWrapper<>();wrapper.eq("username", s);Users users = userMapper.selectOne(wrapper);if (users == null) {//throw new UsernameNotFoundException("賬號或密碼錯誤!");} else {//表示有user角色權限List<GrantedAuthority> auths = AuthorityUtils.commaSeparatedStringToAuthorityList("ROLE_user");return new User(users.getUsername(), new BCryptPasswordEncoder().encode(users.getPassword()), auths);}} } package com.zsh.security.mapper;import com.baomidou.mybatisplus.core.mapper.BaseMapper; import com.zsh.security.pojo.Users; import org.springframework.stereotype.Repository;/*** @author:抱著魚睡覺的喵喵* @date:2021/3/12* @description:*/ @Repository public interface UserMapper extends BaseMapper<Users> {}四、核心–編寫配置文件
package com.zsh.security.config;import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder;/*** @author:抱著魚睡覺的喵喵* @date:2021/3/12* @description:*/ @Configuration public class SecurityConfig2 extends WebSecurityConfigurerAdapter {@Autowiredprivate UserDetailsService userDetailsService;@Overrideprotected void configure(AuthenticationManagerBuilder auth) throws Exception {auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());}@Overrideprotected void configure(HttpSecurity http) throws Exception {//沒有權限時跳轉到403界面(無權限界面)http.exceptionHandling().accessDeniedPage("/noauth.html");http.formLogin().loginPage("/login.html") //設置登錄界面.loginProcessingUrl("/user/login") //登錄界面url.defaultSuccessUrl("/test/index").permitAll() //默認登錄成功界面.and().authorizeRequests() //哪些資源可以直接訪問.antMatchers("/","/test/hello","/user/loin").permitAll() //不做處理//.antMatchers("/test/index").hasAuthority("admin") // .antMatchers("/test/index").hasAnyAuthority("admin","manager")//.antMatchers("/test/index").hasRole("admin").antMatchers("/test/index").hasAnyRole("admin","user").anyRequest().authenticated() //所有請求都可以訪問.and().csrf().disable(); //關閉CSRF}@BeanPasswordEncoder passwordEncoder() {return new BCryptPasswordEncoder();}}分析核心的四個方法(其中給予某個角色權限在service層實現)
1、hasAuthority:是否有某個權限
2、hasAnyAuthority:是否擁有其中一個權限
3、hasRole:是否擁有某個角色
4、hasAnyRole:是否擁有其中一個角色
關于hasAuthority、hasAnyAuthority與hasRole、hasAnyRole的區別:
本質上沒有什么區別,只不過是設計的維度不同(角色是權限的集合)
根據底層可以得出,如果要使用hasRole和hasAnyRole必須在service層加上ROLE_的前綴
五、無權限界面和登錄界面的實現
<!DOCTYPE html> <html lang="en"> <head><meta charset="UTF-8"><title>Title</title> </head> <body><form action="/user/login" method="post">username:<input type="text" name="username"> <br>password:<input type="password" name="password"><br><input type="submit" value="提交"></form> </body> </html> <!DOCTYPE html> <html lang="en"> <head><meta charset="UTF-8"><title>Title</title> </head> <body><a style="background-color: red; margin-top: 100px; margin-left: 100px">no auth</a> </body> </html>總結
以上是生活随笔為你收集整理的springboot+springsecurity+mybatis plus之用户授权的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: springboot+springsec
- 下一篇: springboot+springsec