• springboot security

    开启security过滤支持:

    创建一个初始化类继承

    AbstractSecurityWebApplicationInitializer

    在配置类中添加@EnableWebSecutity 注解。

    配置认证与授权:

    继承 WebSecurityConfigurerAdapter

    实现configure 方法

    configure(AuthenticationManagerBuilder auth)

    针对用户管理(用户来源,用户密码效验规则)

    configure(HttpSecurity http)

    请求拦截。

    自定义数据源:

    实现 UserDetailsService 接口

    重写加载用户的方法:

    @Service
public class SysUserServiceImpl implements UserDetailsService, SysUserService {
    @Autowired
    SysUserRepo repo;

    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
        SysUser user = repo.findByName(username);
     
        if(user==null){
            throw  new UsernameNotFoundException("用户不存在");
        }
        return user;
    }
}

    注册bean

    @Bean
    public UserDetailsService userDetailsService(){
        return new SysUserServiceImpl();
    }

    用户授权配置

    @Override
    protected void configure(HttpSecurity http) throws Exception {
//        super.configure(http);
        // http 用户授权请求
        http.authorizeRequests()
//                .antMatchers("/admin/**")
//                .hasAnyRole("ROLE_ADMIN")
                // 任何请求进行授权验证
                .anyRequest().authenticated()
                .and()
                // 登录注册
                .formLogin()
                .loginPage("/login")
                .failureUrl("/login?error")
                .permitAll()
                .and()
                .logout().permitAll();
    }

    springboot 添加依赖:

    implementation 'org.springframework.boot:spring-boot-starter-security'

    通过实体类实现UserDetails接口,并重写获取授权方法,并且新建一个实现UserDetailsService 的类,并注册bean

    getAuthorities
    package com.duoke.demo.pojo;

import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;

import javax.persistence.*;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;

/**
 * 定义系统用户
 */
@Entity
public class SysUser implements UserDetails{
    @Id
    private String id;

    private String name;

    private String password;

    @ManyToMany(cascade = {CascadeType.REFRESH},fetch = FetchType.EAGER)
    private List<SysRole> roles;

    public String getId() {
        return id;
    }

    public void setId(String id) {
        this.id = id;
    }

    public String getName() {
        return name;
    }

    public void setName(String name) {
        this.name = name;
    }

    public void setPassword(String password) {
        this.password = password;
    }

    public List<SysRole> getRoles() {
        return roles;
    }

    public void setRoles(List<SysRole> roles) {
        this.roles = roles;
    }

    @Override
    // 添加用户叫角色授权信息
    public Collection<? extends GrantedAuthority> getAuthorities() {
        List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
        List<SysRole> roles = this.getRoles();
        for (SysRole role:roles) {
            authorities.add(new SimpleGrantedAuthority(role.getName()));
        }
        return authorities;
    }

    @Override
    public String getPassword() {
        return password;
    }

    @Override
    public String getUsername() {
        return null;
    }

    @Override
    public boolean isAccountNonExpired() {
        return true;
    }

    @Override
    public boolean isAccountNonLocked() {
        return true;
    }

    @Override
    public boolean isCredentialsNonExpired() {
        return true;
    }

    @Override
    public boolean isEnabled() {
        return true;
    }
}
  • 相关阅读:
    提权函数之RtlAdjustPrivilege()
    用C#写外挂或辅助工具必须要的WindowsAPI
    ASP.net中保持页面中滚动条状态
    asp.net窗体的打开和关闭
    界面原型设计工具 Balsamiq Mockups
    在List(T)中查找数据的两种方法
    P2158 [SDOI2008]仪仗队 题解
    P1531 I Hate It 题解
    C#
    破解网站防盗链
  • 原文地址:https://www.cnblogs.com/jony-it/p/11490141.html
Copyright © 2020-2023  润新知