spring boot整合scurity做簡單的登錄校驗的實現
開發環境:springboot
maven引入:
<dependency> <groupId>org.springframework.security.oauth</groupId> <artifactId>spring-security-oauth2</artifactId> <version>2.2.1.RELEASE</version> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-jwt</artifactId> <version>1.0.10.RELEASE</version> </dependency>
1、先在數據庫創建用戶表,用戶名為username,密碼名為password。下面是我用戶表的實體
private Integer id;/*** 昵稱*/private String name;/*** 職位*/private String code;/*** 密碼*/private String passwd;/*** 用戶名*/private String username;/*** 手機號*/private String phone;/*** 創建時間*/private Date createdTime;
2、看項目是JPA、還是mybatis。我這邊項目使用的是mybatis。需要有一個方法通過用戶名獲取用戶信息。
3、創建一個用戶驗證類實現 UserDetails 繼承用戶實體
public class SecurityUser extends SysUser implements UserDetails {private static final long serialVersiongUID = 1l;public SecurityUser(SysUser sysUser) { if (null != sysUser) { this.setCode(sysUser.getCode()); this.setCreatedTime(sysUser.getCreatedTime()); this.setId(sysUser.getId()); this.setName(sysUser.getName()); this.setPasswd(sysUser.getPasswd()); this.setPhone(sysUser.getPhone()); this.setUsername(sysUser.getUsername()); }}@Overridepublic Collection<? extends GrantedAuthority> getAuthorities() { Collection<GrantedAuthority> authorities = new ArrayList<>(); String username = this.getUsername(); if (username != null) { SimpleGrantedAuthority authority = new SimpleGrantedAuthority(username); authorities.add(authority); } return authorities;}@Overridepublic String getPassword() { return super.getPasswd();}//賬戶是否未過期,過期無法驗證@Overridepublic boolean isAccountNonExpired() { return true;}//指定用戶是否解鎖,鎖定的用戶無法進行身份驗證@Overridepublic boolean isAccountNonLocked() { return true;}//指示是否已過期的用戶的憑據(密碼),過期的憑據防止認證@Overridepublic boolean isCredentialsNonExpired() { return true;}//是否可用 ,禁用的用戶不能身份驗證@Overridepublic boolean isEnabled() { return true;}}
4、重點!創建一個scurity config配置類
@Configuration @EnableWebSecurity public class UiSecurityConfig extends WebSecurityConfigurerAdapter { private static final Logger logger = LoggerFactory.getLogger(UiSecurityConfig.class); @Override protected void configure(HttpSecurity http) throws Exception { //配置策略 http.csrf().disable(); http.authorizeRequests(). antMatchers('/static/**').permitAll().anyRequest().authenticated(). and().formLogin().loginPage('/login').permitAll().successHandler(loginSuccessHandler()). and().logout().permitAll().invalidateHttpSession(true). deleteCookies('JSESSIONID').logoutSuccessHandler(logoutSuccessHandler()). and().sessionManagement().maximumSessions(10).expiredUrl('/login'); } @Bean public BCryptPasswordEncoder passwordEncoder() { //密碼加密 return new BCryptPasswordEncoder(4); } @Bean public LogoutSuccessHandler logoutSuccessHandler() { //登出處理 return new LogoutSuccessHandler() { @Override public void onLogoutSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException { try { SecurityUser user = (SecurityUser) authentication.getPrincipal(); logger.info('USER : ' + user.getUsername() + ' LOGOUT SUCCESS ! '); } catch (Exception e) { logger.info('LOGOUT EXCEPTION , e : ' + e.getMessage()); } httpServletResponse.sendRedirect('/login'); } }; } @Bean public SavedRequestAwareAuthenticationSuccessHandler loginSuccessHandler() { //登入處理 return new SavedRequestAwareAuthenticationSuccessHandler() { @Override public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException { SysUser userDetails = (SysUser) authentication.getPrincipal(); logger.info('USER : ' + userDetails.getUsername() + ' LOGIN SUCCESS ! '); //登錄成功后重定向路徑 response.sendRedirect('/'); } }; } //用戶登錄實現 @Bean public UserDetailsService userDetailsService() { return new UserDetailsService() { @Autowired private SysUserDao sysUserDao;//這里是引入數據庫連接dao @Override public UserDetails loadUserByUsername(String s) throws UsernameNotFoundException { SysUser userNmae = new SysUser(); userNmae.setUsername(s); List<SysUser> listUser = sysUserDao.queryAll(userNmae);//通過用戶名獲取個用戶信息 SysUser user = null; if (listUser.size() > 0) {user = listUser.get(0); } if (user == null) throw new UsernameNotFoundException('Username ' + s + ' not found'); return new SecurityUser(user); } }; }}
5、基礎工作準備完成開始寫controller
@Controllerpublic class LoginController { @Resourceprivate SessionTool sessionTool;// 獲取登錄頁面@RequestMapping(value = '/login', method = RequestMethod.GET)public String login() { return 'login';}@RequestMapping('/')public String login(ModelMap map){ SysUser sysUser = sessionTool.getUser(); map.addAttribute('sysUser', sysUser); return 'index';}}
6、從session獲取用戶信息
@Componentpublic class SessionTool {public SysUser getUser() { //為了session從獲取用戶信息,可以配置如下 SysUser user = new SysUser(); SecurityContext ctx = SecurityContextHolder.getContext(); Authentication auth = ctx.getAuthentication(); if (auth.getPrincipal() instanceof UserDetails) user = (SysUser) auth.getPrincipal(); return user;}public HttpServletRequest getRequest() { return ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();}}
7、login.html頁面(登錄路徑為login 請求方式為post,scurity自帶的登錄路徑)
<!DOCTYPE html><html lang='en'><head> <meta charset='UTF-8'> <title>Title</title></head><body><form action='/login' method='post'> 用戶名 : <input type='text' name='username'/> 密碼 : <input type='password' name='password'/> <input type='submit' value='登錄'></form></body></html>
總結一下思路:
引入依賴包-》創建用戶表-》創建用戶表數據庫查詢接口-》創建用戶校驗類實現UserDetails接口-》創建scurity配置類繼承 WebSecurityConfigurerAdapter 方法configure為配置校驗策略-》創建controller配置登錄頁面跳轉接口-》創建登陸頁面用戶名必須為username 密碼為password 登錄路徑為’/login’ 請求方式為post
由于scurity配置的密碼檢驗是加密的為了測試可以在Test模塊中獲取加密后的密碼然后存到用戶表的password字段中。
@Test public void encoder() { String password = '123123'; BCryptPasswordEncoder encoder = new BCryptPasswordEncoder(4); String enPassword = encoder.encode(password); System.out.println(enPassword); }
到此這篇關于spring boot整合scurity做簡單的登錄校驗的實現的文章就介紹到這了,更多相關springboot scurity登錄校驗內容請搜索好吧啦網以前的文章或繼續瀏覽下面的相關文章希望大家以后多多支持好吧啦網!
相關文章:
網公網安備