Spring Security
2021-03-02 22:28
标签:runner handle namespace demo lse create java ssr rri 添加parent和web依赖 SpringBootApplication MyTest DemoController 添加依赖,官方地址:https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-starter-security 进入http://localhost:8080/login.html 接口方法 UserDetailServiceimpl SecurityConfig UserMapper application.yml UserMapper.xml 在启动类中添加注解 在controller中添加注解 ConfigureAdapter中添加 启动类 controller 添加mybatis依赖,官方地址:https://mvnrepository.com/artifact/org.mybatis.spring.boot/mybatis-spring-boot-starter 添加mysql依赖,官方地址:https://mvnrepository.com/artifact/mysql/mysql-connector-java applicaiton.yml RememberMeConfig WebSecurityConfigureAdapter 修改SecurityConfig 在客户端页面添加复选框 添加依赖,官方地址:https://mvnrepository.com/artifact/org.thymeleaf.extras/thymeleaf-extras-springsecurity5 添加依赖,官方地址:https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-starter-thymeleaf MyWebSecurityconfigurerAdapter application.ymml Spring Security 标签:runner handle namespace demo lse create java ssr rri 原文地址:https://www.cnblogs.com/YC-L/p/14397571.htmlSpring Security简介
历史
@MapperScan
@SpringBootApplication
public class SpringSecurityApplication{
public static void main(String[] args){
SpringApplication.run(SpringSecurityApplication.class, args);
}
}SpringBootTest(classes = SpringSecurityApplication.class)
@RunWith(SpringJUnit4ClassRunner.class)
public class MyTest{
@Test
public void test(){
PasswordEncoder encoder = new BCryptPasswordEncoder();
String result = encoder.encode("pwd");
System.out.println(result);
boolean match = encode.matches("pwd", result);
System.out.println(match);
}
}@Controller
public class DemoController{
@RequestMapping("/");
@ResponseBody
public String demo(){
return "demo";
}
}
dependency>
groupId>org.springframework.bootgroupId>
artifactId>spring-boot-starter-securityartifactId>
dependency>
UserDetailService详解
public interface UserDetailService{
UserDetails loadUserByUserName(String var1) throws UsernameNotFoundException;
}
@Service
public class UserDetailsServiceImpl implements UserDetailsService{
@Autowired
private PasswordEncoder passwordEncoder;
@Overrride
public UserDetails loadUserByUserName(String username) throws UsernameNotFoundException{
if(!username.equals("admin")){
throw new UsernameNotFoundException("用户不存在!");
}
// 从数据库中获取密码
String password = "pwd";
String encodePassword = PasswordEncoder.encode(password);
UserDetails userDetails = new User(username, encodePassword, AuthorityUtils.commaSeparatedStringToAuthorityList("admin1, admin2"));
return userDetails;
}
}
@Configuration
public class SecurityConfig{
@Bean
protected PasswordEncoder passwrodEncoder(){
return new BCryptPasswordEncoder();
}
}
连接数据库实现自定义逻辑
public interface UserMapper{
public User selectByUserName(String username);
}
spring:
datasource:
username: root
password: root
driver-class-name: com.mysql.jdbc.Driver
url: jdbc:mysql://127.0.0.1:3306/test
mybatis:
mapper-locations: classpath:mybatis/*.xml
mapper namespace="com.test.mapper.UserMapper">
select id="selectByUsername" resultType="com.test.pojo.User">
select id, username, password from t_user where username = #{param}
select>
mapper>
注解@Secured的使用
@EnaleGlobalMethodSecurity(securedEnabled = true)
@Secured("ROLE_ADMIN")
.antMatchers("/demo").permitAll()
@PreAuthorize/@PostAuthorize
@EnaleGlobalMethodSecurity(prePostEnabled = true)
@PreAuthorize("hasAuthority(‘demo:update‘)")
Remember me功能实现
配置数据源
spring:
datasource:
username: root
password: root
driver-class-name: com.mysql.jdbc.Driver
url: jdbc:mysql://127.0.0.1:3306/test
mybatis:
mapper-locations: classpath:mybatis/*.xml
@Configuration
public class RemeberMeConfig{
@Autowired
private Datasource dataSource;
@Bean
protected PersonTokenRepository persistentTokenRepository(){
JdbcTokenRepositoryImpl jdbcTokenRepository = new JdbcToeknRepositoryImpl();
jdbcTokenRepository.setCreateTableOnStartup(true);
jdbcTokenRepository.setDataSource(dataSource);
return jdbcTokenRepository;
}
}
@Autowire
private PersistentTokenRepository persistentTokenRepository;
http.rememberMe()
.userDetailsSevice(userDetailsService)// 登录逻辑对象
.tokenValiditySeconds(10)// 设置有效时间
.tokenRepository(persistentTokenRepository);// 持久层对象
dependency>
groupId>org.thymeleaf.extrasgroupId>
artifactId>thymeleaf-extras-springsecurity5artifactId>
version>3.0.4.RELEASEversion>
dependency>
dependency>
groupId>org.springframework.bootgroupId>
artifactId>spring-boot-starter-thymeleafartifactId>
version>2.3.4.RELEASEversion>
dependency>
获取属性
退出登录
http.logout()
.logoutSuccessUrl("/showLogin")
.logoutUrl("/test")
.logoutSuccesshandler(new LogoutSuccessHandler(){
@Override
public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse httpServletResponse, Authentication authentication) throws Exception{}
})
Spring Security中的CSRF详解
@SpringBootApplication
public class CsrfApplication{
public static void main(STring[] args){
SpringApplication.run(CsrfApplication.class, args);
}
}
server:
port: 8081
上一篇:狂神Java基础语法学习