spring boot整合scurity做简单的登录校验的实现
开发环境:springboot
maven引入:
org.springframework.security.oauth spring-security-oauth2 2.2.1.RELEASE org.springframework.security spring-security-jwt 1.0.10.RELEASE
1、先在数据库创建用户表,用户名为username,密码名为password。下面是我用户表的实体
privateIntegerid; /** *昵称 */ privateStringname; /** *职位 */ privateStringcode; /** *密码 */ privateStringpasswd; /** *用户名 */ privateStringusername; /** *手机号 */ privateStringphone; /** *创建时间 */ privateDatecreatedTime;
2、看项目是JPA、还是mybatis。我这边项目使用的是mybatis。需要有一个方法通过用户名获取用户信息。
3、创建一个用户验证类实现UserDetails继承用户实体
publicclassSecurityUserextendsSysUserimplementsUserDetails{ privatestaticfinallongserialVersiongUID=1l; publicSecurityUser(SysUsersysUser){ if(null!=sysUser){ this.setCode(sysUser.getCode()); this.setCreatedTime(sysUser.getCreatedTime()); this.setId(sysUser.getId()); this.setName(sysUser.getName()); this.setPasswd(sysUser.getPasswd()); this.setPhone(sysUser.getPhone()); this.setUsername(sysUser.getUsername()); } } @Override publicCollectiongetAuthorities(){ Collectionauthorities=newArrayList<>(); Stringusername=this.getUsername(); if(username!=null){ SimpleGrantedAuthorityauthority=newSimpleGrantedAuthority(username); authorities.add(authority); } returnauthorities; } @Override publicStringgetPassword(){ returnsuper.getPasswd(); } //账户是否未过期,过期无法验证 @Override publicbooleanisAccountNonExpired(){ returntrue; } //指定用户是否解锁,锁定的用户无法进行身份验证 @Override publicbooleanisAccountNonLocked(){ returntrue; } //指示是否已过期的用户的凭据(密码),过期的凭据防止认证 @Override publicbooleanisCredentialsNonExpired(){ returntrue; } //是否可用,禁用的用户不能身份验证 @Override publicbooleanisEnabled(){ returntrue; } }
4、重点!创建一个scurityconfig配置类
@Configuration @EnableWebSecurity publicclassUiSecurityConfigextendsWebSecurityConfigurerAdapter{ privatestaticfinalLoggerlogger=LoggerFactory.getLogger(UiSecurityConfig.class); @Override protectedvoidconfigure(HttpSecurityhttp)throwsException{//配置策略 http.csrf().disable(); http.authorizeRequests(). antMatchers("/static/**").permitAll().anyRequest().authenticated(). and().formLogin().loginPage("/login").permitAll().successHandler(loginSuccessHandler()). and().logout().permitAll().invalidateHttpSession(true). deleteCookies("JSESSIONID").logoutSuccessHandler(logoutSuccessHandler()). and().sessionManagement().maximumSessions(10).expiredUrl("/login"); } @Bean publicBCryptPasswordEncoderpasswordEncoder(){//密码加密 returnnewBCryptPasswordEncoder(4); } @Bean publicLogoutSuccessHandlerlogoutSuccessHandler(){//登出处理 returnnewLogoutSuccessHandler(){ @Override publicvoidonLogoutSuccess(HttpServletRequesthttpServletRequest,HttpServletResponsehttpServletResponse,Authenticationauthentication)throwsIOException,ServletException{ try{ SecurityUseruser=(SecurityUser)authentication.getPrincipal(); logger.info("USER:"+user.getUsername()+"LOGOUTSUCCESS!"); }catch(Exceptione){ logger.info("LOGOUTEXCEPTION,e:"+e.getMessage()); } httpServletResponse.sendRedirect("/login"); } }; } @Bean publicSavedRequestAwareAuthenticationSuccessHandlerloginSuccessHandler(){//登入处理 returnnewSavedRequestAwareAuthenticationSuccessHandler(){ @Override publicvoidonAuthenticationSuccess(HttpServletRequestrequest,HttpServletResponseresponse,Authenticationauthentication)throwsIOException,ServletException{ SysUseruserDetails=(SysUser)authentication.getPrincipal(); logger.info("USER:"+userDetails.getUsername()+"LOGINSUCCESS!"); //登录成功后重定向路径 response.sendRedirect("/"); } }; } //用户登录实现 @Bean publicUserDetailsServiceuserDetailsService(){ returnnewUserDetailsService(){ @Autowired privateSysUserDaosysUserDao;//这里是引入数据库连接dao @Override publicUserDetailsloadUserByUsername(Strings)throwsUsernameNotFoundException{ SysUseruserNmae=newSysUser(); userNmae.setUsername(s); ListlistUser=sysUserDao.queryAll(userNmae);//通过用户名获取个用户信息 SysUseruser=null; if(listUser.size()>0){ user=listUser.get(0); } if(user==null)thrownewUsernameNotFoundException("Username"+s+"notfound"); returnnewSecurityUser(user); } }; } }
5、基础工作准备完成开始写controller
@Controller publicclassLoginController{ @Resource privateSessionToolsessionTool; //获取登录页面 @RequestMapping(value="/login",method=RequestMethod.GET) publicStringlogin(){ return"login"; } @RequestMapping("/") publicStringlogin(ModelMapmap){ SysUsersysUser=sessionTool.getUser(); map.addAttribute("sysUser",sysUser); return"index"; } }
6、从session获取用户信息
@Component publicclassSessionTool{ publicSysUsergetUser(){//为了session从获取用户信息,可以配置如下 SysUseruser=newSysUser(); SecurityContextctx=SecurityContextHolder.getContext(); Authenticationauth=ctx.getAuthentication(); if(auth.getPrincipal()instanceofUserDetails)user=(SysUser)auth.getPrincipal(); returnuser; } publicHttpServletRequestgetRequest(){ return((ServletRequestAttributes)RequestContextHolder.getRequestAttributes()).getRequest(); } }
7、login.html页面(登录路径为login请求方式为post,scurity自带的登录路径)
Title 用户名: 密码: