【開源專案】Spring Security三大許可權框架案例講解01—專案初始化
阿新 • • 發佈:2018-12-10
GitHub
前言
大致簡介專案主要逐步迭代講解Spring Security + Spring Social + Spring Security OAuth + REST服務開發,通過實際的案例開發來講解,專案註解詳細適合作為教程案例,同時對程式碼的演進還有重構也會有對應的推文講解!
什麼是登入與賬戶安全!?
大多數初級的程式設計師可能理解的比較簡單,即普通的表單登入,資料查詢等等,但是真正的企業登入許可權系統是如何的呢?現在大多數主流的許可權系統一般都是使用Spring Security了,而我們的主題也是它,讓我們來深入瞭解這個許可權框架吧!
專案搭建
首先是專案的目錄,專案採用Maven多模組模式開發。
1、Myself-security:主模組(pom)
2、Myself-security-core:核心業務邏輯(jar)
3、Myself-security-browser:瀏覽器安全特定程式碼(jar)
4、Myself-security-app:app相關特定程式碼(jar)
5、Myself-security-demo:樣例程式(jar)
相關Pom檔案
讓我們來了解專案的主模組的pom檔案,這個的packaging要選擇為pom形式,我們選擇引入Spring IO來控制版本,還有配置Maven外掛,具體如下
<?xml version="1.0" encoding="UTF-8"?> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion>4.0.0</modelVersion> <groupId>com.myself.security</groupId> <artifactId>myself-security</artifactId> <version>1.0-SNAPSHOT</version> <packaging>pom</packaging> <!-- 配置版本引數 --> <properties> <myself.security.version>1.0-SNAPSHOT</myself.security.version> </properties> <!-- 幫助我們管理Maven依賴的版本,由spring IO 來指定版本 --> <dependencyManagement> <dependencies> <dependency> <groupId>io.spring.platform</groupId> <artifactId>platform-bom</artifactId> <version>Cairo-SR4</version> <type>pom</type> <scope>import</scope> </dependency> <dependency> <groupId>org.springframework.cloud</groupId> <artifactId>spring-cloud-dependencies</artifactId> <version>Finchley.SR1</version> <type>pom</type> <scope>import</scope> </dependency> </dependencies> </dependencyManagement> <!-- 配置Maven外掛 --> <build> <plugins> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-compiler-plugin</artifactId> <version>3.7.0</version> <configuration> <source>1.8</source> <target>1.8</target> <encoding>UTF-8</encoding> </configuration> </plugin> </plugins> </build> <!-- 子模組引入 --> <modules> <module>../myselfsecuritycore</module> <module>../myselfsecuritydemo</module> <module>../myselfsecuritybrowser</module> <module>../myselfsecurityapp</module> </modules> </project>
接下來是core的核心元件,這一塊的程式碼較多,我中間部分就省略了,具體可以去GitHub檢視
<?xml version="1.0" encoding="UTF-8"?> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <!-- 父模組資訊 --> <parent> <artifactId>myself-security</artifactId> <groupId>com.myself.security</groupId> <version>1.0-SNAPSHOT</version> <relativePath>../myselfsecurity</relativePath> </parent> <modelVersion>4.0.0</modelVersion> <artifactId>myself-security-core</artifactId> <dependencies> <!-- 引入所有與Spring Security相關的jar包 --> <dependency> <groupId>org.springframework.cloud</groupId> <artifactId>spring-cloud-starter-oauth2</artifactId> </dependency> <dependency> <groupId>...</groupId> <artifactId>...</artifactId> </dependency> </dependencies> </project>
而app模組是針對App的許可權,這一塊只要引入core元件即可
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<!-- 父模組資訊 -->
<parent>
<artifactId>myself-security</artifactId>
<groupId>com.myself.security</groupId>
<version>1.0-SNAPSHOT</version>
<relativePath>../myselfsecurity</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
<artifactId>myself-security-app</artifactId>
<!-- 引入core核心程式碼元件 -->
<dependencies>
<dependency>
<groupId>com.myself.security</groupId>
<artifactId>myself-security-core</artifactId>
<version>${myself.security.version}</version>
</dependency>
</dependencies>
</project>
對於browser瀏覽器模組,則需要加Session叢集管理,由於app是使用token,而瀏覽器則是session
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<!-- 父模組資訊 -->
<parent>
<artifactId>myself-security</artifactId>
<groupId>com.myself.security</groupId>
<version>1.0-SNAPSHOT</version>
<relativePath>../myselfsecurity</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
<artifactId>myself-security-browser</artifactId>
<dependencies>
<!-- 引入core核心程式碼元件 -->
<dependency>
<groupId>com.myself.security</groupId>
<artifactId>myself-security-core</artifactId>
<version>${myself.security.version}</version>
</dependency>
<!-- 叢集環境下的session管理 -->
<!-- 部分元件的版本還未在Spring IO更新,這裡要自己引入 -->
<dependency>
<groupId>org.springframework.session</groupId>
<artifactId>spring-session</artifactId>
<version>1.3.3.RELEASE</version>
</dependency>
</dependencies>
</project>
demo元件是我們的程式碼測試區,還有功能實現測試,我們暫時先引用browser模組。
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<!-- 父模組資訊 -->
<parent>
<artifactId>myself-security</artifactId>
<groupId>com.myself.security</groupId>
<version>1.0-SNAPSHOT</version>
<relativePath>../myselfsecurity</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
<artifactId>myself-security-demo</artifactId>
<dependencies>
<!-- 引入browser程式碼元件 -->
<dependency>
<groupId>com.myself.security</groupId>
<artifactId>myself-security-browser</artifactId>
<version>${myself.security.version}</version>
</dependency>
<!-- 用於介面測試 -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
</dependency>
</dependencies>
<!-- 用於打包 -->
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<version>2.0.5.RELEASE</version>
<executions>
<execution>
<goals>
<goal>repackage</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
<finalName>demo</finalName>
</build>
</project>
啟動類
接下來我們要編寫啟動類,我使用了Swagger外掛,還有初始化時我們先移除Security的登入驗證,當然yml配置檔案也要先關了Session管理
package com.myself;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;
import springfox.documentation.swagger2.annotations.EnableSwagger2;
/**
* @author MySelf
* @create 2018/9/15
* @desc Demo SpringBoot 啟動類
**/
@SpringBootApplication
@RestController
@EnableSwagger2
@EnableAutoConfiguration(exclude = {
org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration.class
})
public class DemoApplication {
/**
* 啟動類
* @param args {@link String}
*/
public static void main(String[] args) {
SpringApplication.run(DemoApplication.class,args);
}
/**
* 初始化建立介面服務
* @return {@link String}
*/
@GetMapping("/hello")
public String hello(){
return "Hello Spring Security";
}
}
結尾
好了,執行專案,我們就可以看到初始化成功的專案啦!
如果本文對你有幫助,歡迎關注個人技術公眾號,謝謝。