spring boot整合scurity做簡單的登入校驗的實現
阿新 • • 發佈:2020-04-13
開發環境:springboot
maven引入:
<dependency>
<groupId>org.springframework.security.oauth</groupId>
<artifactId>spring-security-oauth2</artifactId>
<version>2.2.1.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-jwt</artifactId>
<version>1.0.10.RELEASE</version>
</dependency>
1、先在資料庫建立使用者表,使用者名稱為username,密碼名為password。下面是我使用者表的實體
private Integer id; /** * 暱稱 */ private String name; /** * 職位 */ private String code; /** * 密碼 */ private String passwd; /** * 使用者名稱 */ private String username; /** * 手機號 */ private String phone; /** * 建立時間 */ private Date createdTime;
2、看專案是JPA、還是mybatis。我這邊專案使用的是mybatis。需要有一個方法通過使用者名稱獲取使用者資訊。
3、建立一個使用者驗證類實現 UserDetails 繼承使用者實體
public class SecurityUser extends SysUser implements UserDetails {
private static final long serialVersiongUID = 1l;
public SecurityUser(SysUser sysUser) {
if (null != sysUser) {
this.setCode(sysUser.getCode());
this.setCreatedTime(sysUser.getCreatedTime());
this.setId(sysUser.getId());
this.setName(sysUser.getName());
this.setPasswd(sysUser.getPasswd());
this.setPhone(sysUser.getPhone());
this.setUsername(sysUser.getUsername());
}
}
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
Collection<GrantedAuthority> authorities = new ArrayList<>();
String username = this.getUsername();
if (username != null) {
SimpleGrantedAuthority authority = new SimpleGrantedAuthority(username);
authorities.add(authority);
}
return authorities;
}
@Override
public String getPassword() {
return super.getPasswd();
}
//賬戶是否未過期,過期無法驗證
@Override
public boolean isAccountNonExpired() {
return true;
}
//指定使用者是否解鎖,鎖定的使用者無法進行身份驗證
@Override
public boolean isAccountNonLocked() {
return true;
}
//指示是否已過期的使用者的憑據(密碼),過期的憑據防止認證
@Override
public boolean isCredentialsNonExpired() {
return true;
}
//是否可用,禁用的使用者不能身份驗證
@Override
public boolean isEnabled() {
return true;
}
}
4、重點!建立一個scurity config配置類
@Configuration
@EnableWebSecurity
public class UiSecurityConfig extends WebSecurityConfigurerAdapter {
private static final Logger logger = LoggerFactory.getLogger(UiSecurityConfig.class);
@Override
protected void configure(HttpSecurity http) throws Exception { //配置策略
http.csrf().disable();
http.authorizeRequests().
antMatchers("/static/**").permitAll().anyRequest().authenticated().
and().formLogin().loginPage("/login").permitAll().successHandler(loginSuccessHandler()).
and().logout().permitAll().invalidateHttpSession(true).
deleteCookies("JSESSIONID").logoutSuccessHandler(logoutSuccessHandler()).
and().sessionManagement().maximumSessions(10).expiredUrl("/login");
}
@Bean
public BCryptPasswordEncoder passwordEncoder() { //密碼加密
return new BCryptPasswordEncoder(4);
}
@Bean
public LogoutSuccessHandler logoutSuccessHandler() { //登出處理
return new LogoutSuccessHandler() {
@Override
public void onLogoutSuccess(HttpServletRequest httpServletRequest,HttpServletResponse httpServletResponse,Authentication authentication) throws IOException,ServletException {
try {
SecurityUser user = (SecurityUser) authentication.getPrincipal();
logger.info("USER : " + user.getUsername() + " LOGOUT SUCCESS ! ");
} catch (Exception e) {
logger.info("LOGOUT EXCEPTION,e : " + e.getMessage());
}
httpServletResponse.sendRedirect("/login");
}
};
}
@Bean
public SavedRequestAwareAuthenticationSuccessHandler loginSuccessHandler() { //登入處理
return new SavedRequestAwareAuthenticationSuccessHandler() {
@Override
public void onAuthenticationSuccess(HttpServletRequest request,HttpServletResponse response,ServletException {
SysUser userDetails = (SysUser) authentication.getPrincipal();
logger.info("USER : " + userDetails.getUsername() + " LOGIN SUCCESS ! ");
// 登入成功後重定向路徑
response.sendRedirect("/");
}
};
}
//使用者登入實現
@Bean
public UserDetailsService userDetailsService() {
return new UserDetailsService() {
@Autowired
private SysUserDao sysUserDao;//這裡是引入資料庫連線dao
@Override
public UserDetails loadUserByUsername(String s) throws UsernameNotFoundException {
SysUser userNmae = new SysUser();
userNmae.setUsername(s);
List<SysUser> listUser = sysUserDao.queryAll(userNmae);//通過使用者名稱獲取個使用者資訊
SysUser user = null;
if (listUser.size() > 0) {
user = listUser.get(0);
}
if (user == null) throw new UsernameNotFoundException("Username " + s + " not found");
return new SecurityUser(user);
}
};
}
}
5、基礎工作準備完成開始寫controller
@Controller
public class LoginController {
@Resource
private SessionTool sessionTool;
// 獲取登入頁面
@RequestMapping(value = "/login",method = RequestMethod.GET)
public String login() {
return "login";
}
@RequestMapping("/")
public String login(ModelMap map){
SysUser sysUser = sessionTool.getUser();
map.addAttribute("sysUser",sysUser);
return "index";
}
}
6、從session獲取使用者資訊
@Component
public class SessionTool {
public SysUser getUser() { //為了session從獲取使用者資訊,可以配置如下
SysUser user = new SysUser();
SecurityContext ctx = SecurityContextHolder.getContext();
Authentication auth = ctx.getAuthentication();
if (auth.getPrincipal() instanceof UserDetails) user = (SysUser) auth.getPrincipal();
return user;
}
public HttpServletRequest getRequest() {
return ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
}
}
7、login.html頁面(登入路徑為login 請求方式為post,scurity自帶的登入路徑)
<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>Title</title> </head> <body> <form action="/login" method="post"> 使用者名稱 : <input type="text" name="username"/> 密碼 : <input type="password" name="password"/> <input type="submit" value="登入"> </form> </body> </html>
總結一下思路:
引入依賴包-》建立使用者表-》建立使用者表資料庫查詢介面-》建立使用者校驗類實現UserDetails介面-》建立scurity配置類繼承 WebSecurityConfigurerAdapter 方法configure為配置校驗策略-》建立controller配置登入頁面跳轉介面-》建立登陸頁面使用者名稱必須為username 密碼為password 登入路徑為'/login' 請求方式為post
由於scurity配置的密碼檢驗是加密的為了測試可以在Test模組中獲取加密後的密碼然後存到使用者表的password欄位中。
@Test
public void encoder() {
String password = "123123";
BCryptPasswordEncoder encoder = new BCryptPasswordEncoder(4);
String enPassword = encoder.encode(password);
System.out.println(enPassword);
}
到此這篇關於spring boot整合scurity做簡單的登入校驗的實現的文章就介紹到這了,更多相關springboot scurity登入校驗內容請搜尋我們以前的文章或繼續瀏覽下面的相關文章希望大家以後多多支援我們!