boke例子:用户登录
boke例子:用户登录
1.首先创建user表,authority表(角色),user_authority,表(用户角色表)
Authority实体类,需要继承:GrantedAuthority类,
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.GeneratedValue;
import javax.persistence.GenerationType;
import javax.persistence.Id; import org.springframework.security.core.GrantedAuthority; /**
* 权限
* @author
*
*/
@Entity
public class Authority implements GrantedAuthority { private static final long serialVersionUID = 1L; @Id
@GeneratedValue(strategy=GenerationType.IDENTITY)
private Long id; @Column(nullable=false, length=20)
private String name; @Override
public String getAuthority() {
// TODO Auto-generated method stub
return name;
} public Long getId() {
return id;
} public void setId(Long id) {
this.id = id;
} public void setName(String name) {
this.name = name;
} }
User类.需要继承security的UserDetails类:
并复写:isAccountNonExpired,isAccountNonLocked,isCredentialsNonExpired, isEnabled返回true值
同事复写:
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
//需将 List<Authority> 转成 List<SimpleGrantedAuthority>,否则前端拿不到角色列表名称
List<SimpleGrantedAuthority> simpleGrantedAuthorities = new ArrayList<>();
for(GrantedAuthority authority: this.authorities)
{
simpleGrantedAuthorities.add(new SimpleGrantedAuthority(authority.getAuthority()));
}
return simpleGrantedAuthorities;
}
如下:
import java.io.Serializable;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List; import javax.persistence.CascadeType;
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.FetchType;
import javax.persistence.GeneratedValue;
import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.JoinColumn;
import javax.persistence.JoinTable;
import javax.persistence.ManyToMany;
import javax.validation.constraints.Size; import org.hibernate.validator.constraints.Email;
import org.hibernate.validator.constraints.NotEmpty;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails; @Entity
public class User implements UserDetails,Serializable { /**
*
*/
private static final long serialVersionUID = 1L; //private AtomicLong atomicLong = new AtomicLong(); @Id
@GeneratedValue(strategy=GenerationType.IDENTITY)
private Long id; @NotEmpty(message="姓名不能为空")
@Size(min=2, max=20)
@Column(nullable=false, length=20)
private String name; @NotEmpty(message="邮箱不能为空")
@Size(max=50)
@Email(message="邮箱格式不正确")
@Column(nullable=false, length=50, unique=true)
private String email; @NotEmpty(message="账号不能为空")
@Size(min=3, max=20)
@Column(nullable=false, length=20, unique=true)
private String username; @NotEmpty(message="密码不能为空")
@Size(min=3, max=20)
@Column(nullable=false, length=20)
private String password; @Column(length=200)
private String avatar; //权限多对多
@ManyToMany(cascade = CascadeType.DETACH, fetch = FetchType.EAGER)
@JoinTable(name = "user_authority", joinColumns = @JoinColumn(name = "user_id", referencedColumnName = "id"),
inverseJoinColumns = @JoinColumn(name = "authority_id", referencedColumnName = "id"))
private List<Authority> authorities; public User() { } public User(Long id, String name, String email, String username, String password) {
this.id = id;
this.name = name;
this.email = email;
this.username = username;
this.password = password;
} public Long getId() {
return id;
} public void setId(Long id) {
this.id = id;
} public String getName() {
return name;
} public void setName(String name) {
this.name = name;
} public String getEmail() {
return email;
} public void setEmail(String email) {
this.email = email;
} public String getUsername() {
return username;
} public void setUsername(String username) {
this.username = username;
} public String getPassword() {
return password;
} public void setPassword(String password) {
this.password = password;
} public String getAvatar() {
return avatar;
} public void setAvatar(String avatar) {
this.avatar = avatar;
} @Override
public String toString() {
return "User [id=" + id + ", name=" + name + ", email=" + email + ", username=" + username + "]";
} @Override
public Collection<? extends GrantedAuthority> getAuthorities() {
//需将 List<Authority> 转成 List<SimpleGrantedAuthority>,否则前端拿不到角色列表名称
List<SimpleGrantedAuthority> simpleGrantedAuthorities = new ArrayList<>();
for(GrantedAuthority authority: this.authorities)
{
simpleGrantedAuthorities.add(new SimpleGrantedAuthority(authority.getAuthority()));
}
return simpleGrantedAuthorities;
} public void setAuthorities(List<Authority> authorities) {
this.authorities = authorities;
} @Override
public boolean isAccountNonExpired() {
// TODO Auto-generated method stub
return true;
} @Override
public boolean isAccountNonLocked() {
// TODO Auto-generated method stub
return true;
} @Override
public boolean isCredentialsNonExpired() {
// TODO Auto-generated method stub
return true;
} @Override
public boolean isEnabled() {
// TODO Auto-generated method stub
return true;
} }
同事创建user的userservice及userserviceImpl实现类,serviceImple继承userService和security的UserDetailsService
UserService:
import org.springframework.data.domain.Page;
import org.springframework.data.domain.Pageable;
import com.muyang.boke2.entity.User; /**
* 用户服务接口
* @author feeyo
*
*/
public interface UserService { /**
* 保持用户
* @param user
* @return
*/
User saveOrUpdateUser(User user); /**
* 注册用户
* @param user
* @return
*/
User registerUser(User user); /**
* 删除用户
* @param id
*/
void removeUser(Long id); /**
* 根据id查找用户
* @param id
* @return
*/
User findById(Long id); /**
* 根据用户的姓名分页查找用户
* @param name
* @param pageable
* @return
*/
Page<User> listUsersByName(String name, Pageable pageable); /**
* 按分页查找数据
* @param pageable
* @return
*/
Page<User> findAll(Pageable pageable);
}
UserServiceImpl:
继承security的UserDetailsService ,复写loadUserByUsername方法
/**
* 用户服务接口实现
* @author feeyo
*
*/
@Service
public class UserServiceImpl implements UserService, UserDetailsService { @Autowired
UserRepository userRepository; @Transactional
@Override
public User saveOrUpdateUser(User user) {
// TODO Auto-generated method stub
return userRepository.save(user);
} @Transactional
@Override
public User registerUser(User user) {
// TODO Auto-generated method stub
return userRepository.save(user);
} @Transactional
@Override
public void removeUser(Long id) {
// TODO Auto-generated method stub
userRepository.delete(id);
} @Override
public User findById(Long id) {
// TODO Auto-generated method stub
return userRepository.findOne(id);
} @Override
public Page<User> listUsersByName(String name, Pageable pageable) {
// TODO Auto-generated method stub
name = "%" + name + "%";
Page<User> users = userRepository.findByNameLike(name, pageable);
return users;
} @Override
public Page<User> findAll(Pageable pageable) {
// TODO Auto-generated method stub Page<User> users = userRepository.findAll(pageable); return users;
} @Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
// TODO Auto-generated method stub
return userRepository.findByUsername(username);
} }
SecurityConfig网站全局配置/登录配置
@EnableWebSecurity
//启用全局post安全方法设置
@EnableGlobalMethodSecurity(prePostEnabled=true)
public class SecurityConfig extends WebSecurityConfigurerAdapter { private static final String key = "muyang.my"; @Autowired
private UserDetailsService userDetailsService; /**
* 加密方法
* @return
*/
@Bean
public PasswordEncoder passwordEncoder()
{
return new BCryptPasswordEncoder(); } @Bean
public AuthenticationProvider authenticationProvider() {
//从数据库获取信息
DaoAuthenticationProvider authenticationProvider = new DaoAuthenticationProvider();
authenticationProvider.setUserDetailsService(userDetailsService);
//密码加密方式
authenticationProvider.setPasswordEncoder(passwordEncoder());
return authenticationProvider; } @Override
protected void configure(HttpSecurity http) throws Exception {
// TODO Auto-generated method stub
//super.configure(http);
//关闭csrf验证:跨站攻击
//http.csrf().disable();
//权限设置
http.authorizeRequests() //定义那些url需要保护,哪些不需要保护
.antMatchers("/static/**").permitAll() //都可以访问
.antMatchers("/user/**").hasRole("ADMIN") //需要登陆才能访问
.and()
.headers().frameOptions().disable() //解决js跨站把x-frame-options disable即可
.and()
.formLogin() //基于FORM表单登陆验证
.loginPage("/login").failureUrl("/login-error") //自定义登陆界面//自定义登陆错误页面
.and().rememberMe().key(key) //记住我
.and().exceptionHandling().accessDeniedPage("/403"); // 处理异常,拒绝访问就重定向到 403 页面
} /**
* 认证信息管理
* @param auth
* @throws Exception
*/
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
// TODO Auto-generated method stub
//super.configure(auth);
//auth.inMemoryAuthentication().withUser("admin").password("123456").roles("ADMIN");
auth.userDetailsService(userDetailsService);
auth.authenticationProvider(authenticationProvider());
} /**
* 自动加载security-taglibs
* @return
*/
@Bean
@ConditionalOnMissingBean(ClassPathTldsLoader.class)
public ClassPathTldsLoader classPathTldsLoader(){
return new ClassPathTldsLoader();
} }
boke例子:用户登录的更多相关文章
- MVC4方法行为过滤器例子(用户登录)
在Model文件夹下添加一个类MyActionFilterAttribute继承于ActionFilterAttribute: using System; using System.Collectio ...
- python 全栈开发,Day119(Flask初识,Render Redirect HttpResponse,request,模板语言 Jinja2,用户登录例子,内置Session)
一.Flask初识 首先,要看你学没学过Django 如果学过Django 的同学,请从头看到尾,如果没有学过Django的同学,并且不想学习Django的同学,轻饶过第一部分 三大主流Web框架对比 ...
- JSP小例子——实现用户登录小例子(不涉及DB操作)
实现用户登录小例子用户名和密码都为"admin",登陆成功使用服务器内部转发到login_success.jsp页面,并且提示登陆成功的用户名.如果登陆失败则请求重定向到login ...
- PHP验证用户登录例子-学习笔记
1.基本流程: 2.UML类图: 3.PHP代码: 3.1 index.php <?php /** * Created by PhpStorm. * User: andy * Date: 16- ...
- C#语言Winform防SQl注入做用户登录的例子
using System;using System.Collections.Generic;using System.ComponentModel;using System.Data;using Sy ...
- Flask最强攻略 - 跟DragonFire学Flask - 第五篇 做一个用户登录之后查看学员信息的小例子
需求: 1. 用户名: oldboy 密码: oldboy123 2. 用户登录成功之后跳转到列表页面 3. 失败有消息提示,重新登录 4.点击学生名称之后,可以看到学生的详细信息 后端: from ...
- JSP小例子——以Model1的思想实现用户登录小例子(不涉及DB操作)
Model1简介现在比较流行的就是Model1和Model2,这里介绍Model1.在Model1模型出现前,整个Web应用的情况是:几乎全部由JSP页面组成,JSP页面接受处理客户端请求,对请求处理 ...
- Struts2整合Hibernate3实现用户登录功能
所用技术:struts2 ,hibernate,jsp,mysql 本DEMO仅仅实现用户登录功能,采用MVC思想,自己也觉得相对是比较简单,比较容易理解数据流向的一个例子,通过整合这个过程,能够清晰 ...
- javaweb学习总结(二十二)——基于Servlet+JSP+JavaBean开发模式的用户登录注册
一.Servlet+JSP+JavaBean开发模式(MVC)介绍 Servlet+JSP+JavaBean模式(MVC)适合开发复杂的web应用,在这种模式下,servlet负责处理用户请求,jsp ...
随机推荐
- ldap集成confluence
confluence ldap配置跟jira ldap集成一样,请参考:https://www.cnblogs.com/imcati/p/9378668.html
- scrapy - Request 中的回调函数不执行
在 scrapy 中, scrapy.Request(url, headers=self.header, callback=self.parse) 调试的时候,发现回调函数 parse_detail ...
- ODAC(V9.5.15) 学习笔记(四)TMemDataSet (3)
3.其他 名称 类型 说明 GetBlob TBlob 按照字段名获取当前数据集中某个Blob类型的字段值,并以TBlob对象形式返回 Prepared Boolean 检查Query的SQL是否已准 ...
- FireMonkey 源码学习(4)
(4)DoDrawLayout DoDrawLayout函数的源代码分析如下: procedure TTextLayoutNG.DoDrawLayout(const ACanvas: TCanvas) ...
- C# Math类简介运用
总结了一下几个常用的Math类 /* ######### ############ ############# ## ########### ### ###### ##### ### ####### ...
- Kettle 连接 Oracle 问题总结
一. Driver class 'oracle.jdbc.driver.OracleDriver' could not be found, make sure the 'Oracle' driver ...
- Windows操作系统下安装Ubuntu虚拟机
认识VMware虚拟机 VMware(虚拟机)是指通过软件模拟的具有完整硬件系统功能的.运行在一个完全隔离环境中的完整计算机系统,它能在Windows系统上虚拟出多个计算机,每个虚拟计算机可以独立运行 ...
- TI 多模雷达1843毫米波雷达做自动泊车(用了8个雷达)
http://e2e.ti.com/blogs_/b/behind_the_wheel/archive/2019/01/09/how-mmwave-sensors-enable-autonomous- ...
- SCU 4437 Carries(二分乱搞)题解
题意:问任意两对ai,aj相加的总进位数为多少.比如5,6,95分为(5,6)(5,95)(6,95),进位数 = 1 + 2 + 2 = 5 思路:显然暴力是会超时的.我们可以知道总进位数等于每一位 ...
- nowcoder 合并回文子串
链接:https://www.nowcoder.com/acm/contest/6/C来源:牛客网题目输入两个字符串A和B,合并成一个串C,属于A和B的字符在C中顺序保持不变.如"abc&q ...