本文主要是介绍Spring Boot 中集成 Spring Security,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!
Spring Boot 集成 Spring Security的简单应用,从数据库读取数据校验用户,页面使用Thymeleaf模板
项目地址 https://github.com/helloworlde/SpringSecurity
演示 http://project.hellowood.com.cn/Security/
创建 Spring Boot 应用
添加依赖
compile('org.springframework.boot:spring-boot-starter-security')compile('org.springframework.boot:spring-boot-starter-web')compile('org.mybatis.spring.boot:mybatis-spring-boot-starter:1.3.0')compile('org.springframework.boot:spring-boot-starter-thymeleaf')runtime('mysql:mysql-connector-java')runtime('org.springframework.boot:spring-boot-starter-tomcat')testCompile('org.springframework.boot:spring-boot-starter-test')testCompile('org.springframework.security:spring-security-test') 创建用户表并插入数据
CREATE TABLE user (id INT AUTO_INCREMENT PRIMARY KEY,username VARCHAR(45) NOT NULL,password VARCHAR(45) NOT NULL,enabled INT NOT NULL DEFAULT 1);INSERT INTO user (username, password, enabled) VALUES ('username', 'password', TRUE);添加配置信息
spring.datasource.url=jdbc:mysql://localhost:3306/security?useSSL=falsespring.datasource.username=securityspring.datasource.password=securityspring.datasource.driver-class-name=com.mysql.jdbc.Drivermybatis.type-aliases-package=cn.com.hellowood.springsecurity.mappermybatis.mapper-locations=mappers/**Mapper.xml添加 Security 配置文件
import cn.com.hellowood.springsecurity.security.CustomAuthenticationProvider;import org.springframework.beans.factory.annotation.Autowired;import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;import org.springframework.security.config.annotation.web.builders.HttpSecurity;import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;@EnableWebSecuritypublic class SecurityConfig extends WebSecurityConfigurerAdapter {@Autowiredprivate CustomAuthenticationProvider customAuthenticationProvider;@Overrideprotected void configure(HttpSecurity http) throws Exception {// 所有请求均可访问http.authorizeRequests().antMatchers("/", "/login", "/login-error", "/css/**", "/index").permitAll();// 其余所有请求均需要权限http.authorizeRequests().anyRequest().authenticated();// 配置登录页面的表单 action 必须是 '/login', 用户名和密码的参数名必须是 'username' 和 'password',// 登录失败的 url 是 '/login-error'http.formLogin().loginPage("/login").loginProcessingUrl("/login").usernameParameter("username").passwordParameter("password").failureUrl("/login-error");}/*** Configure global.** @param auth the auth* @throws Exception the exception*/@Autowiredpublic void configureGlobal(AuthenticationManagerBuilder auth) {// 使用自定义的 Authentication Providerauth.authenticationProvider(customAuthenticationProvider);}}
添加自定义的 Authentication Provider 类
import cn.com.hellowood.springsecurity.model.UserModel;import cn.com.hellowood.springsecurity.service.UserService;import org.slf4j.Logger;import org.slf4j.LoggerFactory;import org.springframework.beans.factory.annotation.Autowired;import org.springframework.security.authentication.AccountExpiredException;import org.springframework.security.authentication.AuthenticationProvider;import org.springframework.security.authentication.BadCredentialsException;import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;import org.springframework.security.core.Authentication;import org.springframework.security.core.AuthenticationException;import org.springframework.security.core.GrantedAuthority;import org.springframework.stereotype.Component;import javax.servlet.http.HttpSession;import java.util.ArrayList;import java.util.List;@Componentpublic class CustomAuthenticationProvider implements AuthenticationProvider {private final Logger logger = LoggerFactory.getLogger(getClass());@Autowiredprivate HttpSession session;@Autowiredprivate UserService userService;/*** Validate user info is correct form database** @param authentication* @return* @throws AuthenticationException*/@Overridepublic Authentication authenticate(Authentication authentication) throws AuthenticationException {String username = authentication.getName();String password = authentication.getCredentials().toString();List<GrantedAuthority> grantedAuthorities = new ArrayList<>();// 检查用户名密码是否正确UserModel user = userService.loadUserByUsernameAndPassword(username, password);if (user == null) {logger.error("{} login failed, username or password is wrong", username);throw new BadCredentialsException("Username or password is not correct");} else if (!user.getEnabled()) {throw new AccountExpiredException("Account had expired");}// 用户信息有效时将其放入 session 中session.setAttribute("user", user);Authentication auth = new UsernamePasswordAuthenticationToken(username, password, grantedAuthorities);return auth;}@Overridepublic boolean supports(Class<?> authentication) {return authentication.equals(UsernamePasswordAuthenticationToken.class);}}添加校验用户信息所需要的类
- 添加 UserModel.java
public class UserModel {private Integer id;private String username;private String password;private Boolean enabled;/*** Instantiates a new User model.*/public UserModel() {}/*** Instantiates a new User model.** @param id the id* @param username the username* @param password the password* @param enabled the enabled*/public UserModel(Integer id, String username, String password, Boolean enabled) {this.id = id;this.username = username;this.password = password;this.enabled = enabled;}/*** Gets id.** @return the id*/public Integer getId() {return id;}/*** Sets id.** @param id the id*/public void setId(Integer id) {this.id = id;}/*** Gets username.** @return the username*/public String getUsername() {return username;}/*** Sets username.** @param username the username*/public void setUsername(String username) {this.username = username;}/*** Gets password.** @return the password*/public String getPassword() {return password;}/*** Sets password.** @param password the password*/public void setPassword(String password) {this.password = password;}/*** Gets enabled.** @return the enabled*/public Boolean getEnabled() {return enabled;}/*** Sets enabled.** @param enabled the enabled*/public void setEnabled(Boolean enabled) {this.enabled = enabled;}@Overridepublic String toString() {return "UserModel{" +"id=" + id +", username='" + username + '\'' +", password='" + password + '\'' +", enabled=" + enabled +'}';}}- 添加 UserService.java
import cn.com.hellowood.springsecurity.mapper.UserMapper;import cn.com.hellowood.springsecurity.model.UserModel;import org.springframework.beans.factory.annotation.Autowired;import org.springframework.stereotype.Service;@Service("userService")public class UserService {@Autowiredprivate UserMapper userMapper;/*** Load user by username and password user model.** @param username the username* @param password the password* @return the user model*/public UserModel loadUserByUsernameAndPassword(String username, String password) {return userMapper.getUserByUsernameAndPassword(username, password);}}- 添加 UserMapper.java
import cn.com.hellowood.springsecurity.model.UserModel;import org.apache.ibatis.annotations.Mapper;import org.apache.ibatis.annotations.Param;@Mapperpublic interface UserMapper {/*** Gets user by username and password.** @param username the username* @param password the password* @return the user by username and password*/UserModel getUserByUsernameAndPassword(@Param("username") String username,@Param("password") String password);}- 添加 UserMapper.xml
<?xml version="1.0" encoding="UTF-8" ?><!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd" ><mapper namespace="cn.com.hellowood.springsecurity.mapper.UserMapper"><resultMap id="baseResultMap" type="cn.com.hellowood.springsecurity.model.UserModel"><id column="id" property="id" javaType="java.lang.Integer" jdbcType="INTEGER"></id><result column="username" property="username" javaType="java.lang.String" jdbcType="VARCHAR"></result><result column="password" property="password" javaType="java.lang.String" jdbcType="VARCHAR"></result><result column="enabled" property="enabled" javaType="java.lang.Boolean" jdbcType="INTEGER"></result></resultMap><select id="getUserByUsernameAndPassword" resultType="cn.com.hellowood.springsecurity.model.UserModel">SELECTid,username,password,enabledFROM userWHERE username = #{username, jdbcType=VARCHAR}AND password = #{password, jdbcType=VARCHAR}</select></mapper>添加页面
- index.html
<!DOCTYPE html><html xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org"><head><title>Spring Security</title><meta charset="utf-8"/><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"/><link rel="stylesheet" href="/css/main.css" th:href="@{/css/main.css}"/><link rel="stylesheet" href="/css/bootstrap.min.css" th:href="@{/css/bootstrap.min.css}"/></head><body><div class="container"><form action="#" class="form-signin"><h2 class="form-signin-heading">Hello Spring Security</h2><h5 class="form-signin-heading content-adjust">Anyone can access this page</h5><div th:if="${session.user} != null"><h5 class="form-signin-heading content-adjust">Your username is <span th:text="${session.user.username}"></span></h5><a href="/user/index" th:href="@{/user/index}" class="btn btn-success btn-block">To Security page</a></div><div th:if="${session.user} == null"><a href="/index" th:href="@{/login}" class="btn btn-primary btn-block">To Login page</a></div></form><div th:fragment="logout" class="logout" th:if="${session.user} != null"><form action="#" th:action="@{/logout}" method="post" class="form-signin"><button class="btn btn-warning btn-block" type="submit">Log out</button></form></div></div></body></html>- login.html
<!DOCTYPE html><html xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org"><head><title>Login page</title><meta charset="utf-8"/><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"/><link rel="stylesheet" href="/css/main.css" th:href="@{/css/main.css}"/><link rel="stylesheet" href="/css/bootstrap.min.css" th:href="@{/css/bootstrap.min.css}"/></head><body><div class="container"><form th:action="@{/login}" method="post" class="form-signin"><h2 class="form-signin-heading">Please sign in</h2><div><label for="username" class="sr-only">Username</label><input type="text" id="username" name="username"th:class="${loginError} ? 'form-control is-invalid' : 'form-control'" placeholder="Username"required="required"autofocus="autofocus"/><div class="invalid-feedback" th:if="${loginError}">Wrong username or password</div></div><div><label for="password" class="sr-only">Password</label><input type="password" id="password" name="password" class="form-control" placeholder="Password"required="required"/></div><button class="btn btn-success btn-block" type="submit">Sign in</button><a href="/index" th:href="@{/index}" class="btn btn-primary btn-block">Back to Home page</a></form></div></body></html>- user/index.html
<!DOCTYPE html><html xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org"><head><title>Spring Security</title><meta charset="utf-8"/><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"/><link rel="stylesheet" href="/css/main.css" th:href="@{/css/main.css}"/><link rel="stylesheet" href="/css/bootstrap.min.css" th:href="@{/css/bootstrap.min.css}"/></head><body><div class="container"><form action="#" class="form-signin"><h2 class="form-signin-heading">Hello Spring Security</h2><h5 class="form-signin-heading content-adjust">Only logged in user can access this page</h5><div th:if="${session.user} != null"><h5 class="form-signin-heading content-adjust">Logged user is <span th:text="${session.user.username}"></span></h5><a href="/index" th:href="@{/index}" class="btn btn-primary btn-block">Back to Home page</a></div></form><div th:substituteby="index::logout"></div></div></body></html>添加 Controller
import org.springframework.stereotype.Controller;import org.springframework.ui.Model;import org.springframework.web.bind.annotation.RequestMapping;@Controllerpublic class MainController {/*** Root page.** @return the index page url*/@RequestMapping("/")public String root() {return "redirect:/index";}/*** Index page.** @return the index page url*/@RequestMapping("/index")public String index() {return "index";}/*** User index page.** @return the user index page url*/@RequestMapping("/user/index")public String userIndex() {return "user/index";}/*** Login page.** @return the login page url*/@RequestMapping("/login")public String login() {return "login";}/*** Login error page.** @param model the model* @return the login error page url*/@RequestMapping("/login-error")public String loginError(Model model) {model.addAttribute("loginError", true);return "login";}}启动应用,访问http://localhost:8080/user/index,此时没有登录,会被拦截并重定向到登录页面http://localhost:8080/login,输入用户名
username和密码password,登录成功后再次访问http://localhost:8080/user/index,此时该 url 可以正常访问,当输入错误的用户名或密码时会提示错误信息,说明 Spring Security 配置正确
这篇关于Spring Boot 中集成 Spring Security的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!
