您好,登錄后才能下訂單哦!
springsecurity數(shù)據(jù)庫(kù)如何認(rèn)證?很多新手對(duì)此不是很清楚,為了幫助大家解決這個(gè)難題,下面小編將為大家詳細(xì)講解,有這方面需求的人可以來(lái)學(xué)習(xí)下,希望你能有所收獲。
一、前期配置
1. 加入依賴
<dependency> <groupId>com.alibaba</groupId> <artifactId>druid-spring-boot-starter</artifactId> <version>1.1.10</version> </dependency> <dependency> <groupId>mysql</groupId> <artifactId>mysql-connector-java</artifactId> <scope>runtime</scope> <version>5.1.27</version> </dependency>
這里選定的 mysql-connector-java
連接版本是 5.1.27,對(duì)應(yīng)的 application.properties
為:
spring.datasource.url=jdbc:mysql://localhost:3306/yolo spring.datasource.type=com.alibaba.druid.pool.DruidDataSource spring.datasource.username=root spring.datasource.password=root
如果是 8.0以上版本則 application.properties
需要對(duì)于 spring.datasource.url
需要加入 serverTimezone
spring.datasource.username=root spring.datasource.password=root spring.datasource.type=com.alibaba.druid.pool.DruidDataSource spring.datasource.url=jdbc:mysql://localhost:3306/security?useUnicode=true&characterEncoding=UTF-8&serverTimezone=Asia/Shanghai
2. 數(shù)據(jù)庫(kù)腳本
SET FOREIGN_KEY_CHECKS=0; -- ---------------------------- -- Table structure for role -- ---------------------------- DROP TABLE IF EXISTS `role`; CREATE TABLE `role` ( `id` int(11) NOT NULL AUTO_INCREMENT, `name` varchar(32) DEFAULT NULL, `nameZh` varchar(32) DEFAULT NULL, PRIMARY KEY (`id`) ) ENGINE=InnoDB AUTO_INCREMENT=4 DEFAULT CHARSET=utf8; -- ---------------------------- -- Records of role -- ---------------------------- INSERT INTO `role` VALUES ('1', 'dba', '數(shù)據(jù)庫(kù)管理員'); INSERT INTO `role` VALUES ('2', 'admin', '系統(tǒng)管理員'); INSERT INTO `role` VALUES ('3', 'user', '用戶'); -- ---------------------------- -- Table structure for user -- ---------------------------- DROP TABLE IF EXISTS `user`; CREATE TABLE `user` ( `id` int(11) NOT NULL AUTO_INCREMENT, `username` varchar(32) DEFAULT NULL, `password` varchar(255) DEFAULT NULL, `enabled` tinyint(1) DEFAULT NULL, `locked` tinyint(1) DEFAULT NULL, PRIMARY KEY (`id`) ) ENGINE=InnoDB AUTO_INCREMENT=4 DEFAULT CHARSET=utf8; -- ---------------------------- -- Records of user -- ---------------------------- INSERT INTO `user` VALUES ('1', 'root', '$2a$10$RMuFXGQ5AtH4wOvkUqyvuecpqUSeoxZYqilXzbz50dceRsga.WYiq', '1', '0'); INSERT INTO `user` VALUES ('2', 'admin', '$2a$10$RMuFXGQ5AtH4wOvkUqyvuecpqUSeoxZYqilXzbz50dceRsga.WYiq', '1', '0'); INSERT INTO `user` VALUES ('3', 'sang', '$2a$10$RMuFXGQ5AtH4wOvkUqyvuecpqUSeoxZYqilXzbz50dceRsga.WYiq', '1', '0'); -- ---------------------------- -- Table structure for user_role -- ---------------------------- DROP TABLE IF EXISTS `user_role`; CREATE TABLE `user_role` ( `id` int(11) NOT NULL AUTO_INCREMENT, `uid` int(11) DEFAULT NULL, `rid` int(11) DEFAULT NULL, PRIMARY KEY (`id`) ) ENGINE=InnoDB AUTO_INCREMENT=5 DEFAULT CHARSET=utf8; -- ---------------------------- -- Records of user_role -- ---------------------------- INSERT INTO `user_role` VALUES ('1', '1', '1'); INSERT INTO `user_role` VALUES ('2', '1', '2'); INSERT INTO `user_role` VALUES ('3', '2', '2'); INSERT INTO `user_role` VALUES ('4', '3', '3'); SET FOREIGN_KEY_CHECKS=1;
二、定義實(shí)體類
1. 定義 User
實(shí)體類 User 需要實(shí)現(xiàn) UserDetails 接口,因?yàn)槊總€(gè)人都可以定義 User 對(duì)象,但是每個(gè)人定義的 User對(duì)象不一樣,這就造成每個(gè)人設(shè)置的屬性不一樣,當(dāng)系統(tǒng)需要判定用戶的登錄狀態(tài)時(shí),因?yàn)橛脩裘兔艽a的名稱設(shè)置的五花八門,造成無(wú)法確定調(diào)用哪個(gè)
所以這里要求所有的實(shí)體類實(shí)現(xiàn) UserDetails 接口,它就相當(dāng)于一個(gè)規(guī)范定義了登錄驗(yàn)證時(shí)需要的屬性名稱,所以的實(shí)體類都要符合這個(gè)規(guī)范。
public class User implements UserDetails { private Integer id; private String username; private String password; private Boolean enabled; private Boolean locked; private List<Role> roles; public List<Role> getRoles() { return roles; } public void setRoles(List<Role> roles) { this.roles = roles; } public Integer getId() { return id; } public void setId(Integer id) { this.id = id; } @Override public String getUsername() { return username; } @Override public boolean isAccountNonExpired() { return true; } @Override public boolean isAccountNonLocked() { return !locked; } @Override public boolean isCredentialsNonExpired() { return true; } @Override public boolean isEnabled() { return enabled; } public void setUsername(String username) { this.username = username; } @Override public Collection<? extends GrantedAuthority> getAuthorities() { List<SimpleGrantedAuthority> authorities = new ArrayList<>(); for (Role role : roles) { authorities.add(new SimpleGrantedAuthority("ROLE_"+role.getName())); } return authorities; } @Override public String getPassword() { return password; } public void setPassword(String password) { this.password = password; } public void setEnabled(Boolean enabled) { this.enabled = enabled; } public void setLocked(Boolean locked) { this.locked = locked; } }
(1) accountNonExpired、accountNonLocked、credentialsNonExpired、enabled 這四個(gè)屬性分別用來(lái)描述用戶的狀態(tài),表示賬戶是否沒(méi)有過(guò)期、賬戶是否沒(méi)有被鎖定、密碼是否沒(méi)有過(guò)期、以及賬戶是否可用。
(2)roles 屬性表示用戶的角色,User 和 Role 是多對(duì)多關(guān)系,用一個(gè) @ManyToMany 注解來(lái)描述。
(3)getAuthorities 方法返回用戶的角色信息,我們?cè)谶@個(gè)方法中把自己的 Role 稍微轉(zhuǎn)化一下即可。
(1)這個(gè)集合是返回用戶的所有角色,因?yàn)閺臄?shù)據(jù)庫(kù)得到是 roles,但是需要的是一個(gè)集合形式的 getAuthorities
,所以需要對(duì)其進(jìn)行處理。
@Override public Collection<? extends GrantedAuthority> getAuthorities() { List<SimpleGrantedAuthority> authorities = new ArrayList<>(); for (Role role : roles) { authorities.add(new SimpleGrantedAuthority("ROLE_"+role.getName())); } return authorities; }
這里注意springsecurity 角色的認(rèn)證有一個(gè)要求,必須是以 ROLE_
開始的,否則會(huì)出現(xiàn)問(wèn)題:
authorities.add(new SimpleGrantedAuthority("ROLE_"+role.getName()));
當(dāng)然也可以在數(shù)據(jù)中添加用戶時(shí),就讓用戶以 ROLE_
開始,這樣就不用二次添加了
(2)另外需要注意這里的 isAccountNonLocked()
,賬戶是否沒(méi)有被鎖定,數(shù)據(jù)庫(kù)中存儲(chǔ)的是:
所以這里是對(duì) locked 取的反
@Override public boolean isAccountNonLocked() { return !locked; }
2. 定義 Role
public class Role { private Integer id; private String name; private String nameZh; public Integer getId() { return id; } public void setId(Integer id) { this.id = id; } public String getName() { return name; } public void setName(String name) { this.name = name; } public String getNameZh() { return nameZh; } public void setNameZh(String nameZh) { this.nameZh = nameZh; } }
三、定義 Service
@Service public class UserService implements UserDetailsService { @Autowired UserMapper userMapper; @Override public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { User user = userMapper.loadUserByUsername(username); if (user == null) { throw new UsernameNotFoundException("用戶不存在!"); } user.setRoles(userMapper.getUserRolesById(user.getId())); return user; } }
我們自己定義的 UserService
需要實(shí)現(xiàn) UserDetailsService
接口,實(shí)現(xiàn)該接口,就要實(shí)現(xiàn)接口中的方法,也就是 loadUserByUsername
,這個(gè)方法的參數(shù)就是用戶在登錄的時(shí)候傳入的用戶名,根據(jù)用戶名去查詢用戶信息(查出來(lái)之后,系統(tǒng)會(huì)自動(dòng)進(jìn)行密碼比對(duì))。
四、定義 Mapper
1. UserMapper
@Mapper public interface UserMapper { User loadUserByUsername(String username); List<Role> getUserRolesById(Integer id); }
2. UserMapper.xml
<?xml version="1.0" encoding="UTF-8" ?> <!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd"> <mapper namespace="org.javaboy.securitydb.mapper.UserMapper"> <select id="loadUserByUsername" resultType="org.yolo.securitymybatis.bean.User"> select * from user where username=#{username} </select> <select id="getUserRolesById" resultType="org.yolo.securitymybatis.bean.Role"> select * from role where id in (select rid from user_role where uid=#{id}) </select> </mapper>
Mapper 的位置:
所以需要為其添加資源路徑:資源配置路徑添加到 pom 文件中
<resources> <resource> <directory>src/main/java</directory> <includes> <include>**/*.xml</include> </includes> </resource> <resource> <directory>src/main/resources</directory> </resource> </resources>
五、定義 SecurityConfig
@Configuration public class SecurityConfig extends WebSecurityConfigurerAdapter { @Autowired UserService userService; @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth.userDetailsService(userService); } @Bean PasswordEncoder passwordEncoder() { return new BCryptPasswordEncoder(); } @Bean RoleHierarchy roleHierarchy() { RoleHierarchyImpl roleHierarchy = new RoleHierarchyImpl(); String hierarchy = "ROLE_dba > ROLE_admin \n ROLE_admin > ROLE_user"; roleHierarchy.setHierarchy(hierarchy); return roleHierarchy; } @Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests() .antMatchers("/dba/**").hasRole("dba") .antMatchers("/admin/**").hasRole("admin") .antMatchers("/user/**").hasRole("user") .anyRequest().authenticated() .and() .formLogin() .permitAll() .and() .csrf().disable(); } }
測(cè)試訪問(wèn):成功
看完上述內(nèi)容是否對(duì)您有幫助呢?如果還想對(duì)相關(guān)知識(shí)有進(jìn)一步的了解或閱讀更多相關(guān)文章,請(qǐng)關(guān)注億速云行業(yè)資訊頻道,感謝您對(duì)億速云的支持。
免責(zé)聲明:本站發(fā)布的內(nèi)容(圖片、視頻和文字)以原創(chuàng)、轉(zhuǎn)載和分享為主,文章觀點(diǎn)不代表本網(wǎng)站立場(chǎng),如果涉及侵權(quán)請(qǐng)聯(lián)系站長(zhǎng)郵箱:is@yisu.com進(jìn)行舉報(bào),并提供相關(guān)證據(jù),一經(jīng)查實(shí),將立刻刪除涉嫌侵權(quán)內(nèi)容。