详解Springboot2.3集成Spring security 框架(原生集成)
作者:Jack方
这篇文章主要介绍了详解Springboot2.3集成Spring security 框架(原生集成),文中通过示例代码介绍的非常详细,对大家的学习或者工作具有一定的参考学习价值,需要的朋友们下面随着小编来一起学习学习吧
0、pom
<?xml version="1.0" encoding="UTF-8"?> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion>4.0.0</modelVersion> <parent> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-parent</artifactId> <version>2.3.0.RELEASE</version> <relativePath/> <!-- lookup parent from repository --> </parent> <groupId>com.jack</groupId> <artifactId>demo</artifactId> <version>0.0.1-SNAPSHOT</version> <packaging>war</packaging> <name>demo</name> <description>Demo project for Spring Security</description> <properties> <java.version>1.8</java.version> </properties> <dependencies> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-tomcat</artifactId> <scope>provided</scope> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-test</artifactId> <scope>test</scope> <exclusions> <exclusion> <groupId>org.junit.vintage</groupId> <artifactId>junit-vintage-engine</artifactId> </exclusion> </exclusions> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-test</artifactId> <scope>test</scope> </dependency> </dependencies> <build> <plugins> <plugin> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-maven-plugin</artifactId> </plugin> </plugins> </build> </project>
1、SpringSecurityConfig(security配置)
// 手动定义用户认证 和 // 关联用户Service认证 二者取一
这里测试用的是 手动定义用户认证!!!
package com.jack.demo; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.WebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; /** * @program: demo * @description: Security 配置 * @author: Jack.Fang * @date:2020-06-01 1541 **/ @Configuration @EnableWebSecurity public class SpringSecurityConfig extends WebSecurityConfigurerAdapter { @Autowired private MyUserService myUserService; @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { // 手动定义用户认证 auth.inMemoryAuthentication().passwordEncoder(new BCryptPasswordEncoder()).withUser("admin").password(new BCryptPasswordEncoder().encode("123456")).roles("ADMIN"); auth.inMemoryAuthentication().passwordEncoder(new BCryptPasswordEncoder()).withUser("jack").password(new BCryptPasswordEncoder().encode("fang")).roles("USER"); // 关联用户Service认证 //auth.userDetailsService(myUserService).passwordEncoder(new MyPasswordEncoder()); // 默认jdbc认证 // auth.jdbcAuthentication().usersByUsernameQuery("").authoritiesByUsernameQuery("").passwordEncoder(new MyPasswordEncoder()); } @Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests() .antMatchers("/").permitAll() .anyRequest().authenticated() .and() .logout().permitAll() .and() .formLogin(); http.csrf().disable(); } @Override public void configure(WebSecurity web) throws Exception { web.ignoring().antMatchers("/js/**","/css/**","/image/**"); } }
2、MyPasswordEncoder(自定义密码比较)
package com.jack.demo; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder; /** * @program: demo * @description: 密码加密 * @author: Jack.Fang * @date:2020-06-01 1619 **/ public class MyPasswordEncoder implements PasswordEncoder { @Override public String encode(CharSequence charSequence) { return new BCryptPasswordEncoder().encode(charSequence.toString()); } @Override public boolean matches(CharSequence charSequence, String s) { return new BCryptPasswordEncoder().matches(charSequence,s); } }
3、MyUserService(自行实现的用户登录接口)
具体内容 省略。这里测试用的是SpringSecurityConfig手动添加用户名与密码。
package com.jack.demo; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UsernameNotFoundException; import org.springframework.stereotype.Component; /** * @program: demo * @description: 用户 * @author: Jack.Fang * @date:2020-06-01 1617 **/ @Component public class MyUserService implements UserDetailsService { @Override public UserDetails loadUserByUsername(String s) throws UsernameNotFoundException { return null; } }
4、启动类(测试)
DemoApplication.java
package com.jack.demo; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; import org.springframework.security.access.prepost.PostAuthorize; import org.springframework.security.access.prepost.PostFilter; import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.security.access.prepost.PreFilter; import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; import org.springframework.security.core.userdetails.User; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RestController; import java.util.List; @EnableGlobalMethodSecurity(prePostEnabled = true) @RestController @SpringBootApplication public class DemoApplication { public static void main(String[] args) { SpringApplication.run(DemoApplication.class, args); } @RequestMapping("/") public String index(){ return "hello Spring Security!"; } @RequestMapping("/hello") public String hello(){ return "hello !"; } @PreAuthorize("hasRole('ROLE_ADMIN')") @RequestMapping("/roleAdmin") public String role() { return "admin auth"; } @PreAuthorize("#id<10 and principal.username.equals(#username) and #user.username.equals('abc')") @PostAuthorize("returnObject%2==0") @RequestMapping("/test") public Integer test(Integer id, String username, User user) { // ... return id; } @PreFilter("filterObject%2==0") @PostFilter("filterObject%4==0") @RequestMapping("/test2") public List<Integer> test2(List<Integer> idList) { // ... return idList; } }
测试hello接口(http://localhost:8080/hello)
未登录跳转登录页
登录SpringSecurityConfig配置的admin账号与密码123456
成功调用hello
测试roleAdmin(登录admin 123456成功,登录jack fang访问则失败)
登出 logout
到此这篇关于详解Springboot2.3集成Spring security 框架(原生集成)的文章就介绍到这了,更多相关Springboot2.3集成Spring security 内容请搜索脚本之家以前的文章或继续浏览下面的相关文章希望大家以后多多支持脚本之家!
您可能感兴趣的文章:
- springboot集成springsecurity 使用OAUTH2做权限管理的教程
- SpringBoot集成Spring Security的方法
- SpringBoot集成Spring Security用JWT令牌实现登录和鉴权的方法
- SpringBoot集成SpringSecurity和JWT做登陆鉴权的实现
- springboot+jwt+springSecurity微信小程序授权登录问题
- Springboot实现Shiro整合JWT的示例代码
- 利用Springboot实现Jwt认证的示例代码
- SpringBoot整合SpringSecurity和JWT的示例
- Springboot集成Spring Security实现JWT认证的步骤详解