• springboot11-01-security入门


    场景:

    有3个页面:首页、登录页、登录成功后的主页面,如下图:

       

    如果没有登录,点击“去主页”,会跳转到登录页

    如果已经登录,点击“去主页”,跳转到主页,显示“hello 用户名”

    下面用springboot + spring security简单实现:

    1.新建maven项目,添加pom支持:

     1 <?xml version="1.0" encoding="UTF-8"?>
     2 <project xmlns="http://maven.apache.org/POM/4.0.0"
     3          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
     4          xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
     5     <modelVersion>4.0.0</modelVersion>
     6 
     7     <groupId>com.mlxs.springboot11.security01</groupId>
     8     <artifactId>springboot11-security01</artifactId>
     9     <version>1.0-SNAPSHOT</version>
    10 
    11     <!--父依赖包-->
    12     <parent>
    13         <groupId>org.springframework.boot</groupId>
    14         <artifactId>spring-boot-starter-parent</artifactId>
    15         <version>1.4.2.RELEASE</version>
    16         <relativePath/>
    17     </parent>
    18 
    19     <properties>
    20         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
    21         <java.version>1.8</java.version>
    22     </properties>
    23 
    24     <dependencies>
    25         <dependency>
    26             <groupId>org.springframework.boot</groupId>
    27             <artifactId>spring-boot-starter</artifactId>
    28         </dependency>
    29         <!--测试-->
    30         <dependency>
    31             <groupId>org.springframework.boot</groupId>
    32             <artifactId>spring-boot-starter-test</artifactId>
    33             <scope>test</scope>
    34         </dependency>
    35         <!--mvc-->
    36         <dependency>
    37             <groupId>org.springframework.boot</groupId>
    38             <artifactId>spring-boot-starter-web</artifactId>
    39         </dependency>
    40         <!-- security -->
    41         <dependency>
    42             <groupId>org.springframework.boot</groupId>
    43             <artifactId>spring-boot-starter-security</artifactId>
    44         </dependency>
    45         <dependency>
    46             <groupId>org.springframework.boot</groupId>
    47             <artifactId>spring-boot-starter-thymeleaf</artifactId>
    48         </dependency>
    49     </dependencies>
    50 </project>
    View Code

    2.boot启动类

    @SpringBootApplication
    public class StartApp {
    
        public static void main(String[] args) {
            SpringApplication.run(StartApp.class, args);
        }
    }

    3.页面控制器类:

    import org.springframework.stereotype.Controller;
    import org.springframework.web.bind.annotation.RequestMapping;
    
    /**
     * UserController类描述:
     *
     * @author yangzhenlong
     * @since 2017/5/23
     */
    @Controller
    public class UserController {
    
        @RequestMapping(value = "/")
        public String index(){
            return "/index";
        }
    
        @RequestMapping(value = "/login")
        public String login(){
            return "/login";
        }
    
        @RequestMapping(value = "/home")
        public String home(){
            return "/home";
        }
    }
    View Code

    4.WebSecurityConfig配置类

     1 package com.mlxs.security.config;
     2 
     3 
     4 import com.mlxs.util.MD5Util;
     5 import org.springframework.beans.factory.annotation.Autowired;
     6 import org.springframework.context.annotation.Bean;
     7 import org.springframework.context.annotation.Configuration;
     8 import org.springframework.security.authentication.AuthenticationManager;
     9 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
    10 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
    11 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
    12 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
    13 import org.springframework.security.crypto.password.PasswordEncoder;
    14 
    15 /**
    16  * WebSecurityConfig类描述:
    17  *
    18  * @author yangzhenlong
    19  * @since 2017/5/18
    20  */
    21 @Configuration
    22 @EnableWebSecurity
    23 //@EnableGlobalMethodSecurity(prePostEnabled = true)//允许进入页面方法前检验
    24 public class WebSecurityConfig extends WebSecurityConfigurerAdapter{
    25 
    26     @Bean
    27     @Override
    28     protected AuthenticationManager authenticationManager() throws Exception {
    29         return super.authenticationManager();
    30     }
    31 
    32     @Override
    33     protected void configure(HttpSecurity httpSecurity) throws Exception {
    34 
    35         httpSecurity.authorizeRequests()
    36                 .antMatchers("/", "/login").permitAll() //无需验证权限
    37                 .anyRequest().authenticated() //其他地址的访问均需验证权限
    38                 .and().formLogin().loginPage("/login").defaultSuccessUrl("/home").permitAll()//指定登录页是"/login" //登录成功后默认跳转到"/home"
    39                 .and().logout().logoutSuccessUrl("/login").permitAll(); //退出登录后的默认url是"/login"
    40     }
    41 
    42     /**
    43      * 全局配置
    44      * @param builder
    45      * @throws Exception
    46      */
    47     @Autowired
    48     public void configure(AuthenticationManagerBuilder builder) throws Exception {
    49         builder
    50                 .userDetailsService(this.myUDService())
    51                 .passwordEncoder(this.passwordEncoder());
    52         //或者用下面的方式,直接配置固定的用户和对应的角色
    53         /*builder.inMemoryAuthentication().withUser("test").password("1234").roles("USER");
    54         builder.inMemoryAuthentication().withUser("admin").password("admin").roles("ADMIN");
    55         builder.inMemoryAuthentication().withUser("dba").password("root").roles("ADMIN","DBA");*/
    56     }
    57 
    58     /**
    59      * 设置用户密码的加密方式:MD5加密
    60      * @return
    61      */
    62     @Bean
    63     public PasswordEncoder passwordEncoder(){
    64         PasswordEncoder pe = new PasswordEncoder() {//自定义密码加密方式
    65             //加密
    66             @Override
    67             public String encode(CharSequence charSequence) {
    68                 return MD5Util.encode((String)charSequence);
    69             }
    70 
    71             //校验密码
    72             @Override
    73             public boolean matches(CharSequence charSequence, String s) {
    74                 return MD5Util.encode((String)charSequence).equals(s);
    75             }
    76         };
    77         return pe;
    78     }
    79 
    80     /**
    81      * 自定义用户服务,获取用户信息
    82      * @return
    83      */
    84     @Bean
    85     public MyUDService myUDService(){
    86         return new MyUDService();
    87     }
    88 }
    View Code

    5.MD5工具类:

     1 public class MD5Util {
     2 
     3     private static final String SALT = "test";//盐值
     4 
     5     public static String encode(String password) {
     6         password = password + SALT;
     7         MessageDigest md5 = null;
     8         try {
     9             md5 = MessageDigest.getInstance("MD5");
    10         } catch (Exception e) {
    11             throw new RuntimeException(e);
    12         }
    13         char[] charArray = password.toCharArray();
    14         byte[] byteArray = new byte[charArray.length];
    15 
    16         for (int i = 0; i < charArray.length; i++)
    17             byteArray[i] = (byte) charArray[i];
    18         byte[] md5Bytes = md5.digest(byteArray);
    19         StringBuffer hexValue = new StringBuffer();
    20         for (int i = 0; i < md5Bytes.length; i++) {
    21             int val = ((int) md5Bytes[i]) & 0xff;
    22             if (val < 16) {
    23                 hexValue.append("0");
    24             }
    25 
    26             hexValue.append(Integer.toHexString(val));
    27         }
    28         return hexValue.toString();
    29     }
    30 
    31     /*public static void main(String[] args) {
    32         System.out.println(MD5Util.encode("admin"));
    33 
    34         System.out.println("是否相等:" + MD5Util.encode("admin").equals("66d4aaa5ea177ac32c69946de3731ec0"));
    35     }*/
    36 }
    View Code

    6.用户信息服务类

     1 package com.mlxs.security.config;
     2 
     3 
     4 import org.springframework.security.core.authority.SimpleGrantedAuthority;
     5 import org.springframework.security.core.userdetails.User;
     6 import org.springframework.security.core.userdetails.UserDetails;
     7 import org.springframework.security.core.userdetails.UserDetailsService;
     8 import org.springframework.security.core.userdetails.UsernameNotFoundException;
     9 
    10 import java.util.ArrayList;
    11 import java.util.List;
    12 
    13 /**
    14  * MyUDService类描述: 用户服务类,用来从读取用户信息
    15  *
    16  * @author yangzhenlong
    17  * @since 2017/5/22
    18  */
    19 public class MyUDService implements UserDetailsService {
    20     @Override
    21     public UserDetails loadUserByUsername(String s) throws UsernameNotFoundException {
    22         if(s.equals("admin")) {
    23             List<SimpleGrantedAuthority> authorities = new ArrayList<SimpleGrantedAuthority>();
    24             authorities.add(new SimpleGrantedAuthority("ROLE_ADMIN"));
    25 
    26             User user = new User("admin", "66d4aaa5ea177ac32c69946de3731ec0", authorities);//用户名和通过MD5加密后的密码
    27             return user;
    28         }else{
    29             throw new UsernameNotFoundException("UserName " + s + " not found");
    30         }
    31     }
    32 
    33 
    34 }
    View Code

    启动app类,访问:http:localhost:8080

     登录用户名/密码: admin / admin

  • 相关阅读:
    ArcEngine 图层标注 (根据字段、角度)
    以Graphicslayer为管理组来管理Element.
    ServletContextAware、ServletRequestAware、ServletResponseAware、SessionAware
    web.xml配置错误页面,及输出错误信息
    ServletContextListener使用详解
    自定义异常类。
    Hibernate注解与JPA
    Spring事务管理-<tx:advice>标签
    Spring配置之OpenSessionInViewFilter
    巧用Ajax的beforeSend 提高用户体验
  • 原文地址:https://www.cnblogs.com/yangzhenlong/p/6894022.html
Copyright © 2020-2023  润新知