1 项目结构图

2 AnyUserDetailsService

package com.fengyntec.config;

import com.fengyntec.entity.UserEntity;

import com.fengyntec.service.UserService;

import org.springframework.beans.factory.annotation.Autowired;

import org.springframework.security.core.authority.SimpleGrantedAuthority;

import org.springframework.security.core.userdetails.User;

import org.springframework.security.core.userdetails.UserDetails;

import org.springframework.security.core.userdetails.UserDetailsService;

import org.springframework.security.core.userdetails.UsernameNotFoundException;

import org.springframework.stereotype.Service;

import java.util.ArrayList;

import java.util.List;

@Service

public class AnyUserDetailsService implements UserDetailsService {

    @Autowired

    private UserService userService;

    @Override

    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {

        UserEntity userEntity = userService.getByUsername(username);

        if (userEntity == null){

            System.out.println("用户不存在");

        }

        List<SimpleGrantedAuthority> simpleGrantedAuthorities = createAuthorities(userEntity.getRoles());

        UserDetails userDetails = new User(userEntity.getUsername(),userEntity.getPassword(),simpleGrantedAuthorities);

        return userDetails;

    }

    private List<SimpleGrantedAuthority> createAuthorities(String roleStr){

        String[] roles = roleStr.split(",");

        List<SimpleGrantedAuthority> simpleGrantedAuthorities = new ArrayList<>();

        for (String role : roles) {

            simpleGrantedAuthorities.add(new SimpleGrantedAuthority(role));

        }

        return simpleGrantedAuthorities;

    }

}

3 WebSecurityConfig

package com.fengyntec.config;

import org.springframework.beans.factory.annotation.Autowired;

import org.springframework.context.annotation.Configuration;

import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;

import org.springframework.security.config.annotation.web.builders.HttpSecurity;

import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;

import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

@EnableWebSecurity

@Configuration

public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired

    private AnyUserDetailsService anyUserDetailsService;

    @Override

    protected void configure(HttpSecurity http) throws Exception {

        http

                .csrf().disable()

                .authorizeRequests()

                .antMatchers("/user/**").hasRole("USER")

                .antMatchers("/admin/**").hasRole("ADMIN")

                .anyRequest().authenticated()

                .and()

                .formLogin()

                .loginPage("/login.html")

                .permitAll()

               ;

    }

    /**

     * 添加 UserDetailsService, 实现自定义登录校验

     */

    @Override

    protected void configure(AuthenticationManagerBuilder builder) throws Exception{

        builder.userDetailsService(anyUserDetailsService).passwordEncoder(new BCryptPasswordEncoder());

    }

}

4 Constant

package com.fengyntec.constant;

public interface Constant {

    public static String ROLE_USER = "ROLE_USER";

}

5 HomeController

package com.fengyntec.controller;

import com.fengyntec.service.UserService;

import com.google.gson.Gson;

import org.springframework.beans.factory.annotation.Autowired;

import org.springframework.security.access.annotation.Secured;

import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;

import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;

import org.springframework.security.core.Authentication;

import org.springframework.security.core.GrantedAuthority;

import org.springframework.security.core.authority.SimpleGrantedAuthority;

import org.springframework.security.core.context.SecurityContextHolder;

import org.springframework.web.bind.annotation.GetMapping;

import org.springframework.web.bind.annotation.RestController;

import java.util.ArrayList;

import java.util.List;

@RestController

@EnableGlobalMethodSecurity(securedEnabled = true)

public class HomeController {

    @Autowired

    private UserService userService;

    @GetMapping("/hell")

    public String hello(SecurityContextHolder holder){

        System.out.println(holder.toString());

        return new Gson().toJson(holder);

    }

    @GetMapping("admin")

    public String admin(){

        return "admin";

    }

    @GetMapping("/vip")

    @Secured("ROLE_VIP")

    public String vip(){

        return "仅限于vip用户查看";

    }

    @GetMapping("/openVip")

    public boolean uodateVip(){

        Authentication auth = SecurityContextHolder.getContext().getAuthentication();

        List<GrantedAuthority> updateAuthority = new ArrayList<>(auth.getAuthorities());

        updateAuthority.add(new SimpleGrantedAuthority("ROLE_VIP"));

        Authentication newAuth = new UsernamePasswordAuthenticationToken(auth.getPrincipal(),auth.getCredentials(),updateAuthority);

        SecurityContextHolder.getContext().setAuthentication(newAuth);

        return true;

    }

}

6 UserEntity

package com.fengyntec.entity;

import lombok.Data;

@Data

public class UserEntity {

    private Long id;

    /**

     * 账号

     */

    private String username;

    /**

     * 密码

     */

    private String password;

    /**

     * 昵称

     */

    private String nickname;

    /**

     * 权限

     */

    private String roles;

}

7 Mapper

package com.fengyntec.mapper;

import com.fengyntec.entity.UserEntity;

import org.apache.ibatis.annotations.Insert;

import org.apache.ibatis.annotations.Param;

import org.apache.ibatis.annotations.Select;

import org.springframework.stereotype.Component;

@org.apache.ibatis.annotations.Mapper

@Component

public interface Mapper {

    @Insert("insert into user(username, password, nickname, roles) values(#{username}, #{password}, #{nickname}, #{roles})")

    int insert(UserEntity userEntity);

    @Select("select * from user where username = #{username}")

    UserEntity selectByUsername(@Param("username") String username);

}

8 UserService

package com.fengyntec.service;

import com.fengyntec.constant.Constant;

import com.fengyntec.entity.UserEntity;

import com.fengyntec.mapper.Mapper;

import org.springframework.beans.factory.annotation.Autowired;

import org.springframework.context.annotation.Primary;

@org.springframework.stereotype.Service

@Primary

public class UserService {

    @Autowired

    private Mapper mapper;

    public boolean insert(UserEntity userEntity){

        String username = userEntity.getUsername();

        if (exist(username)){

            return false;

        }

        userEntity.setRoles(Constant.ROLE_USER);

        int result = mapper.insert(userEntity);

        return result == 1 ;

    }

    private boolean exist(String username){

        UserEntity userEntity = mapper.selectByUsername(username);

        return userEntity != null;

    }

    public UserEntity getByUsername(String username) {

        return mapper.selectByUsername(username);

    }

}

spring boot 中使用spring security阶段小结的更多相关文章

  1. Spring Boot中使用 Spring Security 构建权限系统

    Spring Security是一个能够为基于Spring的企业应用系统提供声明式的安全访问控制解决方案的安全框架.它提供了一组可以在Spring应用上下文中配置的Bean,为应用系统提供声明式的安全 ...

  2. Spring Boot中使用Spring Security进行安全控制

    我们在编写Web应用时,经常需要对页面做一些安全控制,比如:对于没有访问权限的用户需要转到登录表单页面.要实现访问控制的方法多种多样,可以通过Aop.拦截器实现,也可以通过框架实现(如:Apache ...

  3. 【swagger】1.swagger提供开发者文档--简单集成到spring boot中【spring mvc】【spring boot】

    swagger提供开发者文档 ======================================================== 作用:想使用swagger的同学,一定是想用它来做前后台 ...

  4. 在Spring Boot中使用Spring Security实现权限控制

    丢代码地址 https://gitee.com/a247292980/spring-security 再丢pom.xml <properties> <project.build.so ...

  5. Spring Boot中集成Spring Security 专题

    check to see if spring security is applied that the appropriate resources are permitted: @Configurat ...

  6. Spring Boot 中使用 Spring Security, OAuth2 跨域问题 (自己挖的坑)

    使用 Spring Boot 开发 API 使用 Spring Security + OAuth2 + JWT 鉴权,已经在 Controller 配置允许跨域: @RestController @C ...

  7. Spring Boot 中应用Spring data mongdb

    摘要 本文主要简单介绍下如何在Spring Boot 项目中使用Spring data mongdb.没有深入探究,仅供入门参考. 文末有代码链接 准备 安装mongodb 需要连接mongodb,所 ...

  8. spring boot中扩展spring mvc 源码分析

    首先,确认你是对spring boot的自动配置相关机制是有了解的,如果不了解请看我spring boot相关的源码分析. 通常的使用方法是继承自org.springframework.boot.au ...

  9. spring-boot-starter-security Spring Boot中集成Spring Security

    spring security是springboot支持的权限控制系统. security.basic.authorize-mode 要使用权限控制模式. security.basic.enabled ...

随机推荐

  1. 数据可视化之 图表篇(二)如何用Power BI制作疫情地图?

    丁香园制作的这个地图可视化,相信大家每天都会看好几遍,这里不讨论具体数据,仅来探讨一下PowerBI地图技术. 这个地图很简洁,主要有三个特征: 1,使用着色地图,根据数据自动配色 2,只显示中国地图 ...

  2. java学习第七天2020/7/12

    一. java继承使用的关键字是  extend class 子类 extends 父类{} 举一个类的例子: public class person { public String name; pu ...

  3. kubernetes系列(十六) - Helm安装和入门

    1. helm简介 1.1 为什么需要helm 1.2 helm中几个概念 1.3 helm用途 2. helm安装 3. helm的基本使用 3.1 安装chart仓库里面的chart 3.2 创建 ...

  4. Sympy常用函数总结

    基础 from sympy import * 数学格式输出: init_printing() 添加变量: x, y, z, a, b, c = symbols('x y z a b c') 声明分数: ...

  5. 通过实现网站访问计数器带你理解 轻量级锁CAS原理,还学不会算我输!!!

    一.实现网站访问计数器 1.线程不安全的做法 1.1.代码 package com.chentongwei.concurrency; import static java.lang.Thread.sl ...

  6. 发布一个自己做的图片转Base64的软件,Markdown写文章时能用到

    markdownpic 介绍 Markdown编辑时图片生成base64 软件架构 使用了.netcore winform框架 安装教程 直接运行即可 使用说明 拖拽图片文件 双击选择文件 复制粘贴图 ...

  7. 关于maven的一份小笔记

    简介 项目里一直用的 maven,几乎天天和这个"熟知"的工具打交道,但是,最近我发觉自己对 maven 了解的还不够,例如,什么是 goal?什么是 phase?等等.趁着最近有 ...

  8. Git别名和配置文件

    目录 备注: 配置别名 配置文件 备注: 本文参考于廖雪峰老师的博客Git教程.依照其博客进行学习和记录,感谢其无私分享,也欢迎各位查看原文. 配置别名 如果,如果这么神器的Git版本控制系统,可以简 ...

  9. 黎曼函数ζ(2n)的几种求法

    \(\zeta (2n)\)的几种求法 目录 $\zeta (2n)$的几种求法 结论 欧拉的证明 进一步探索,$\zeta$ 函数.余切.伯努利数的关系 傅立叶分析证明 留数法证明 参考资料 结论 ...

  10. Bug--slfj4依赖冲突

    SLF4J: Class path contains multiple SLF4J bindings. SLF4J: Found binding in [jar:file:/F:/Spring%20p ...