Spring Security入门2

Posted on In , ,

首先建立项目:

最后这是完成后的目录结构:

源代码:

SecurityConfig.java

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
package com.laisc.securitydemo003.config;

import com.laisc.securitydemo003.security.MyUserDetailsService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.web.SecurityFilterChain;


//@Configuration
//public class SecurityConfig {
//
//    // 创建内存中的用户
//    @Bean
//    public InMemoryUserDetailsManager userDetailsService() {
//        var user = User.withUsername("user")
//                .password("{noop}123456") // {noop} 表示不加密(仅用于演示)
//                .roles("USER")
//                .build();
//
//        var admin = User.withUsername("admin")
//                .password("{noop}admin123")
//                .roles("ADMIN")
//                .build();
//
//        return new InMemoryUserDetailsManager(user, admin);
//    }
//
//    // 配置授权规则
//    @Bean
//    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
//        http
//                .authorizeHttpRequests(auth -> auth
//                        .requestMatchers("/admin").hasRole("ADMIN")
//                        .requestMatchers("/hello").hasAnyRole("USER", "ADMIN")
//                        .anyRequest().authenticated()
//                )
//                .formLogin(); // 使用默认登录页面
//
//        return http.build();
//    }
//}

@EnableGlobalMethodSecurity(prePostEnabled = true) // 开启方法级权限控制
@Configuration
public class SecurityConfig {

    @Autowired
    private MyUserDetailsService userDetailsService;

    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        http
                .authorizeHttpRequests(auth -> auth
                        .requestMatchers("/admin","/test/**").hasRole("ADMIN")
                        .requestMatchers("/hello").hasAnyRole("USER", "ADMIN")
                        .anyRequest().authenticated()
                )
                .formLogin()
                .and()
                .userDetailsService(userDetailsService);

        return http.build();
    }
}

HelloController.java

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
package com.laisc.securitydemo003.controller;

import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;

@Controller
public class HelloController {

    @ResponseBody
    @RequestMapping("/hello")
    public String hello() {
        return "Hello, Spring Security!";
    }

    @ResponseBody
    @RequestMapping("/admin")
    public String admin() {
        return "Admin Area!";
    }
}

MyController.java

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
package com.laisc.securitydemo003.controller;

import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;


@Controller
public class MyController {

    @PreAuthorize("hasAnyRole('ADMIN', 'USER')")
    @ResponseBody
    @RequestMapping("/myhello")
    public String hello() {
        return "Hello, Spring Security!123";
    }

    @PreAuthorize("hasRole('ADMIN')")
    @ResponseBody
    @RequestMapping("/myadmin")
    public String admin() {
        return "Admin Area!123";
    }
}

UserController.java

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
package com.laisc.securitydemo003.controller;

import com.laisc.securitydemo003.entity.User;
import com.laisc.securitydemo003.service.UserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;

import java.util.HashMap;
import java.util.List;
import java.util.Map;

@Controller
@RequestMapping("/test")
public class UserController {

    @Autowired
    UserService userService;

    @ResponseBody
    @RequestMapping("/insert")
    public String insert() { // 插入数据
        User u = new User();
        u.setUsername("admin");
        u.setPassword("admin123");
        u.setRole("root");
        int num = userService.insertUser(u);
        return "成功添加" + num + "条记录";
    }

    @ResponseBody
    @RequestMapping("/findone")
    public String findone() { //仅搜索一条结果,结果多于一条时,会报错
        User u = new User();
        u.setUsername("admin");
        User ret = userService.findOneUser(u);
        if(ret==null){
            return "null";
        }
        return ret.toString();
    }

    @ResponseBody
    @RequestMapping("/findmany")
    public String findMany() { //搜索所有符合条件的结果
        User u = new User();
        u.setUsername("admin");
        List<User> ret = userService.findManyUser(u);
        return ret.toString();
    }

    @ResponseBody
    @RequestMapping("/findmany2")
    public String findMany2() { // 和 findMany() 方法一样,只是这次在mapper配置文件里的resultType属性上使用了User类
        User u = new User();
        u.setUsername("admin");
        List<User> ret = userService.findManyUser2(u);
        return ret.toString();
    }

    @ResponseBody
    @RequestMapping("/findmany3")
    public String findMany3() { // 和 findMany() 方法一样,只是这次ret的类型是List<Map>。
        User u = new User();
        u.setUsername("admin");
        List<Map> ret = userService.findManyUser3(u);
        return ret.toString();
    }

    @ResponseBody
    @RequestMapping("/findmany4")
    public String findMany4() { // 和 findMany() 方法一样,只是这次传入的参数的类型是Map,ret的类型也是List<Map>。
        Map<String, String> map = new HashMap<String, String>();
        map.put("username", "admin");

        List<Map> ret = userService.findManyUser4(map);
        return ret.toString();
    }

    @ResponseBody
    @RequestMapping("/update1")
    public String update1() { // 更新数据库
        User u = new User();
        u.setUsername("admin");
        u.setPassword("abcd1234");
        u.setRole("user");
        int num = userService.updateUserPasswordAndRole(u);
        return "成功更新" + num + "条记录";
    }

    @ResponseBody
    @RequestMapping("/update2")
    public String update2() { // 更新数据库,但是不更新对象u中值为空的数据
        User u = new User();
        u.setUsername("admin");
        //u.setPassword("abcd1234");
        u.setRole("user");
        int num = userService.updateUser(u);
        return "成功更新" + num + "条记录";
    }

    @ResponseBody
    @RequestMapping("/delete")
    public String delete() { // 删除记录
        int num = userService.deleteUser("admin");
        return "成功删除" + num + "条记录";
    }
}

User.java

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
package com.laisc.securitydemo003.entity;

public class User {
    private int id = -1;
    private String username= "";
    private String password= "";
    private String role= "";

    public User() {
    }

    public User(int id, String username, String password, String role) {
        this.id = id;
        this.username = username;
        this.password = password;
        this.role = role;
    }

    public int getId() {
        return id;
    }

    public void setId(int id) {
        this.id = id;
    }

    public String getUsername() {
        return username;
    }

    public void setUsername(String username) {
        this.username = username;
    }

    public String getPassword() {
        return password;
    }

    public void setPassword(String password) {
        this.password = password;
    }

    public String getRole() {
        return role;
    }

    public void setRole(String role) {
        this.role = role;
    }

    @Override
    public String toString() {
        return "User{" +
                "id=" + id +
                ", username='" + username + '\'' +
                ", password='" + password + '\'' +
                ", role='" + role + '\'' +
                '}';
    }
}

UserMapper.java

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
package com.laisc.securitydemo003.mapper;


import com.laisc.securitydemo003.entity.User;
import org.apache.ibatis.annotations.Mapper;

import java.util.List;
import java.util.Map;

@Mapper
public interface UserMapper {

    public int insertUser(User user);

    public User findOneUser(User user);//仅搜索一条结果,结果多于一条时,会报错

    public List<User> findManyUser(User user);

    public List<User> findManyUser2(User user);

    public List<Map> findManyUser3(User user);

    public List<Map> findManyUser4(Map map);

    public int updateUserPasswordAndRole(User user);

    public int updateUser(User user);

    public int deleteUser(String username);
}

MyUserDetailsService.java

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
package com.laisc.securitydemo003.security;

import com.laisc.securitydemo003.entity.User;
//import com.laisc.securitydemo003.repository.UserRepository;
import com.laisc.securitydemo003.service.UserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;

import java.util.Arrays;
import java.util.List;
import java.util.stream.Collectors;

@Service
public class MyUserDetailsService implements UserDetailsService {

//    @Autowired
//    private UserRepository userRepository;

    @Autowired
    UserService userService;

    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
//        User user = userRepository.findByUsername(username)
//                .orElseThrow(() -> new UsernameNotFoundException("用户不存在"));

        User u = new User();
        u.setUsername(username);
        User user = userService.findOneUser(u);
        List<GrantedAuthority> authorities = null;
        if (user != null) {
            // 写死权限
            authorities = Arrays.asList(
                    new SimpleGrantedAuthority("ROLE_MYADMIN"),
                    new SimpleGrantedAuthority("ROLE_MYUSER"),
                    new SimpleGrantedAuthority(user.getRole())
            );
        } else {
//            new UsernameNotFoundException("用户不存在123");
            throw new RuntimeException("用户不存在");
        }


        return new org.springframework.security.core.userdetails.User(
                user.getUsername(),
                user.getPassword(),
                true,
                true, true, true,
                authorities
        );
    }
}

UserServiceImpl.java

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
package com.laisc.securitydemo003.service.impl;

import com.laisc.securitydemo003.entity.User;
import com.laisc.securitydemo003.mapper.UserMapper;
import com.laisc.securitydemo003.service.UserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;

import java.util.List;
import java.util.Map;

@Service
public class UserServiceImpl implements UserService {

    @Autowired
    UserMapper userMapper;
    @Override
    public int insertUser(User user) {
        return userMapper.insertUser(user);
    }

    @Override
    public User findOneUser(User user) {
        return userMapper.findOneUser(user);
    }

    @Override
    public List<User> findManyUser(User user) {
        return userMapper.findManyUser(user);
    }

    @Override
    public List<User> findManyUser2(User user) {
        return userMapper.findManyUser2(user);
    }

    @Override
    public List<Map> findManyUser3(User user) {
        return userMapper.findManyUser3(user);
    }

    @Override
    public List<Map> findManyUser4(Map map) {
        return userMapper.findManyUser4(map);
    }

    @Override
    public int updateUserPasswordAndRole(User user) {
        return userMapper.updateUserPasswordAndRole(user);
    }

    @Override
    public int updateUser(User user) {
        return userMapper.updateUser(user);
    }

    @Override
    public int deleteUser(String username) {
        return userMapper.deleteUser(username);
    }
}

UserService.java

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
package com.laisc.securitydemo003.service;

import com.laisc.securitydemo003.entity.User;

import java.util.List;
import java.util.Map;

public interface UserService {
    public int insertUser(User user);

    public User findOneUser(User user);//仅搜索一条结果,结果多于一条时,会报错

    public List<User> findManyUser(User user);

    public List<User> findManyUser2(User user);

    public List<Map> findManyUser3(User user);

    public List<Map> findManyUser4(Map map);

    public int updateUserPasswordAndRole(User user);

    public int updateUser(User user);

    public int deleteUser(String username);
}

Securitydemo003Application.java

1
2
3
4
5
6
7
8
9
10
11
12
13
14
package com.laisc.securitydemo003;

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;

@SpringBootApplication
public class Securitydemo003Application {

    public static void main(String[] args) {
        SpringApplication.run(Securitydemo003Application.class, args);
        System.out.println("ok!");
    }

}

UserMapper.xml

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapper
        PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
        "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
<mapper namespace="com.laisc.securitydemo003.mapper.UserMapper">

    <insert id="insertUser" parameterType="com.laisc.securitydemo003.entity.User">
        insert into myuser (username, password, role)
        VALUES (#{username}, #{password}, #{role})
    </insert>


    <resultMap id="myfinduser" type="com.laisc.securitydemo003.entity.User">
        <id property="id" column="id"/>
        <result property="username" column="username"/>
        <result property="password" column="password"/>
        <result property="role" column="role"/>
    </resultMap>
    <select id="findOneUser" resultMap="myfinduser" parameterType="com.laisc.securitydemo003.entity.User">
        select myuser.id       id,
               myuser.username username,
               myuser.password password,
               myuser.role     role
        from myuser
        where username = #{username}
    </select>

    <select id="findManyUser" resultMap="myfinduser" parameterType="com.laisc.securitydemo003.entity.User">
        select myuser.id       id,
               myuser.username username,
               myuser.password password,
               myuser.role     role
        from myuser
        where username = #{username}
    </select>

    <select id="findManyUser2" resultType="com.laisc.securitydemo003.entity.User" parameterType="com.laisc.securitydemo003.entity.User">
        select myuser.id       id,
               myuser.username username,
               myuser.password password,
               myuser.role     role
        from myuser
        where username = #{username}
    </select>

    <select id="findManyUser3" resultType="Map" parameterType="com.laisc.securitydemo003.entity.User">
        select myuser.id       id,
               myuser.username username,
               myuser.password password,
               myuser.role     role
        from myuser
        where username = #{username}
    </select>

    <select id="findManyUser4" resultType="Map" parameterType="Map">
        select myuser.id       id,
               myuser.username username,
               myuser.password password,
               myuser.role     role
        from myuser
        where username = #{username}
    </select>

    <update id="updateUserPasswordAndRole" parameterType="com.laisc.securitydemo003.entity.User">
        update myuser
        <set>
            myuser.password=#{password},
            myuser.role=#{role}
        </set>
        where username = #{username}
    </update>


    <update id="updateUser" parameterType="com.laisc.securitydemo003.entity.User">-- 不更新值为空的数据
        update myuser
        <set>
            <if test="id != null and id != -1 ">id=#{id},</if>
            <if test="password != null and password != '' ">password=#{password},</if>
            <if test="role != null and role != '' ">role=#{role},</if>

        </set>
        where username = #{username}
    </update>


    <delete id="deleteUser" parameterType="String">
        delete
        from myuser
        where username = #{username}
    </delete>

</mapper>

application.properties

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
spring.application.name=securitydemo003


server.port=8001

#设置数据库名为testdata
spring.datasource.url=jdbc:mysql://127.0.0.1:3306/testdata?characterEncoding=utf-8&useSSL=false&allowPublicKeyRetrieval=true
spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver
#下面两行设置数据库用户名和密码
spring.datasource.username=root
spring.datasource.password=root123


mybatis.mapper-locations=classpath:mapper/*.xml
mybatis.configuration.map-underscore-to-camel-case=true

导入数据:

1
2
3
INSERT INTO `myuser` VALUES (NULL, 'admin', '{noop}123456', 'ROLE_ADMIN');
INSERT INTO `myuser` VALUES (NULL, 'laisc', '{noop}456789', 'ROLE_USER');
INSERT INTO `myuser` VALUES (NULL, 'test', '{noop}123456', 'user');