SpringSecurity入门案例——基本功能讲解
简介:本文讲解,SpringSecurity的快速入门案例,主要讲解基本功能,其他拦截器,与jwt的结合在后面的文章中讲解。
项目代码地址:https://gitee.com/geek-li-hua/code-in-blog.git
项目实现
项目准备
导入依赖
这些是这个项目需要的依赖
- Spring Boot Starter JDBC
- Project Lombok
- MySQL Connector/J
- mybatis-plus-boot-starter
- mybatis-plus-generator
- spring-boot-starter-security
<!-- Spring Boot Starter JDBC --><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-jdbc</artifactId></dependency><!-- Project Lombok --><dependency><groupId>org.projectlombok</groupId><artifactId>lombok</artifactId><scope>provided</scope></dependency><!-- MySQL Connector/J --><dependency><groupId>mysql</groupId><artifactId>mysql-connector-java</artifactId><version>8.0.32</version></dependency><!-- MyBatis Plus Boot Starter --><dependency><groupId>com.baomidou</groupId><artifactId>mybatis-plus-boot-starter</artifactId><version>3.5.2</version></dependency><!-- MyBatis Plus Generator --><dependency><groupId>com.baomidou</groupId><artifactId>mybatis-plus-generator</artifactId><version>3.5.3</version></dependency><!-- Spring Boot Starter Security --><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-security</artifactId></dependency>
- 完整的pom.xml
<?xml version="1.0" encoding="UTF-8"?><projectxmlns="http://maven.apache.org/POM/4.0.0"xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd"><modelVersion>4.0.0</modelVersion><parent><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-parent</artifactId><version>2.7.15</version><relativePath/><!-- lookup parent from repository --></parent><groupId>com.example</groupId><artifactId>springsecurity-back-demo</artifactId><version>0.0.1-SNAPSHOT</version><name>springsecurity-back-demo</name><description>springsecurity-back-demo</description><properties><java.version>1.8</java.version></properties><dependencies><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter</artifactId></dependency><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-web</artifactId></dependency><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-test</artifactId><scope>test</scope></dependency><!-- Spring Boot Starter JDBC --><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-jdbc</artifactId></dependency><!-- Project Lombok --><dependency><groupId>org.projectlombok</groupId><artifactId>lombok</artifactId><scope>provided</scope></dependency><!-- MySQL Connector/J --><dependency><groupId>mysql</groupId><artifactId>mysql-connector-java</artifactId><version>8.0.32</version></dependency><!-- MyBatis Plus Boot Starter --><dependency><groupId>com.baomidou</groupId><artifactId>mybatis-plus-boot-starter</artifactId><version>3.5.2</version></dependency><!-- MyBatis Plus Generator --><dependency><groupId>com.baomidou</groupId><artifactId>mybatis-plus-generator</artifactId><version>3.5.3</version></dependency><!-- Spring Boot Starter Security --><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-security</artifactId></dependency><!-- JJWT API --><dependency><groupId>io.jsonwebtoken</groupId><artifactId>jjwt-api</artifactId><version>0.11.2</version></dependency><!-- JJWT Implementation --><dependency><groupId>io.jsonwebtoken</groupId><artifactId>jjwt-impl</artifactId><version>0.11.2</version><scope>runtime</scope></dependency><!-- JJWT Jackson --><dependency><groupId>io.jsonwebtoken</groupId><artifactId>jjwt-jackson</artifactId><version>0.11.2</version><scope>runtime</scope></dependency></dependencies><build><plugins><plugin><groupId>org.springframework.boot</groupId><artifactId>spring-boot-maven-plugin</artifactId></plugin></plugins></build></project>
配置文件
spring.port = 8080
spring.datasource.username=root
spring.datasource.password=123456
spring.datasource.url=jdbc:mysql://localhost:3306/db?serverTimezone=Asia/Shanghai&useUnicode=true&characterEncoding=utf-8
spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver
springsecurity登录
当我们启动项目的时候,会出现一个密码,这是因为加入了springsecurity的依赖导致的。
当我们通过一个网页,访问其中一个端口时
会发现需要输入账号和密码,其中账号是
user
,密码是上面生成的,只有登录之后,我们才可以进行相关的调试。
实现加密
- 我们需要使用到一个类
importorg.springframework.context.annotation.Bean;importorg.springframework.context.annotation.Configuration;importorg.springframework.security.config.annotation.web.configuration.EnableWebSecurity;importorg.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;importorg.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;importorg.springframework.security.crypto.password.PasswordEncoder;@Configuration@EnableWebSecuritypublicclassSecurityConfigextendsWebSecurityConfigurerAdapter{@BeanpublicPasswordEncoderpasswordEncoder(){returnnewBCryptPasswordEncoder();}}
- 我们在测试类中演示它的使用
对密码进行加密
@TestvoidcontextLoads(){BCryptPasswordEncoder passwordEncoder =newBCryptPasswordEncoder();System.out.println(passwordEncoder.encode("123456"));}
对于同一字符串,每次加密的结果可能也不一样。
- 可以通过matchs方法检验,加密之后与之前是否匹配
可以通过结果看出来的是,虽然对于同一密码每次的加密都不一样,但是,都是可以匹配的。
@TestvoidcontextLoads(){BCryptPasswordEncoder passwordEncoder =newBCryptPasswordEncoder();System.out.println(passwordEncoder.encode("123456"));System.out.println(passwordEncoder.matches("123456","$2a$10$9dBGJIqaejarMaPSJZfzZumyyT4gjY8etzgp3warVCJw2GR6USbtC"));// trueSystem.out.println(passwordEncoder.encode("123456"));System.out.println(passwordEncoder.matches("123456","$2a$10$WPyb8qBc7DfPSD6l6nVnauiexFQ/MTF6nExLZid4Li5RINhBfr4pC"));// trueSystem.out.println(passwordEncoder.encode("123456"));System.out.println(passwordEncoder.matches("123456","$2a$10$U0M5Xap/aKo7ZBLiZEvfluZH8FQT10yD2PwInhyU/7W2bSXNoBcba"));// trueSystem.out.println(passwordEncoder.matches("1","$2a$10$U0M5Xap/aKo7ZBLiZEvfluZH8FQT10yD2PwInhyU/7W2bSXNoBcba"));// false}
让SpringSecurity的登录账号和密码与自己的数据中的用户的信息匹配
- 实现一个
UserDetailsServiceImpl
类
@ServicepublicclassUserDetailsServiceImplimplementsUserDetailsService{@AutowiredprivateUserMapper userMapper;@OverridepublicUserDetailsloadUserByUsername(String username)throwsUsernameNotFoundException{// 根据用户名查询用户信息QueryWrapper<User> queryWrapper =newQueryWrapper<>();
queryWrapper.eq("username", username);User user = userMapper.selectOne(queryWrapper);// 判断用户是否存在if(user ==null){thrownewUsernameNotFoundException("用户名不存在");}returnnewUserDetailsImpl(user);}}
- 再实现一个
UserDetailsImpl
类,实现UserDetails
里面的方法,并且重写,按照我下面的这样
@Data@AllArgsConstructor@NoArgsConstructorpublicclassUserDetailsImplimplementsUserDetails{privateUser user;@OverridepublicCollection<?extendsGrantedAuthority>getAuthorities(){// 返回拥有的权限returnnull;}@OverridepublicStringgetPassword(){// 返回密码return user.getPassword();}@OverridepublicStringgetUsername(){// 返回用户名return user.getUsername();}@OverridepublicbooleanisAccountNonExpired(){// 返回账户是否未过期returntrue;}@OverridepublicbooleanisAccountNonLocked(){// 返回账户是否未锁定returntrue;}@OverridepublicbooleanisCredentialsNonExpired(){// 返回凭据是否未过期returntrue;}@OverridepublicbooleanisEnabled(){// 返回账户是否可用returntrue;}}
- 当我们上面都配置正确之后,我们再次运行的时候,就不会生成一个随机密码了
- 配置完上面的之后,我们就可以用数据库里面的账号,进行登录了。 如果数据库里面存的是没有加密的数据,可以加上
{noop}
,这样就可以不用存密文。
两个用户使用
123456
都可以登录,第二个用户存储的是
123456
加密之后的密文
- 实现下面的方法,特别是
addUser
的方法,对用户进行添加,以后注册就是这个原理
@RestController@RequestMapping("/user")publicclassUserController{@AutowiredIUserService userService;/**
* 查询所有用户
*/@GetMapping("/all/")publicList<User>getAll(){return userService.list();}/**
* 查询单个用户
*/@GetMapping("/{userId}/")publicUsergetUser(@PathVariableint userId){QueryWrapper<User> queryWrapper =newQueryWrapper<>();
queryWrapper.eq("id",userId);return userService.getOne(queryWrapper);}/**
* 添加某个用户 直接输入 id name password
* @param userId
* @param username
* @param password
* @return Add User Sucessfully
*/@GetMapping("/add/{userId}/{username}/{password}/")publicStringaddUser(@PathVariableint userId,@PathVariableString username,@PathVariableString password){PasswordEncoder passwordEncoder =newBCryptPasswordEncoder();String encodedPassword = passwordEncoder.encode(password);User user =newUser(userId, username, encodedPassword);
userService.save(user);return"Add User Successfully";}/**
* 删除某个用户,直接输入 id
* @param userId
* @return Delete User Successfully
*/@GetMapping("/delete/{userId}/")publicStringdeleteUser(@PathVariableint userId){
userService.removeById(userId);return"Delete User Successfully";}}
版权归原作者 极客李华 所有, 如有侵权,请联系我们删除。