Spring Security5.5.1

1. spring boot 2.3中如何禁用spring security

//环境 spring boot 2.3, 依赖spring security版本是5.5.1，增加配置文件

@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        //super.configure(http);所有的请求将全部通过
        http.authorizeRequests(au -> au.anyRequest().permitAll());
    }
}

 2.基于内存的认证登陆

@Configuration
@EnableWebSecurity//两个作用,1: 加载了WebSecurityConfiguration配置类, 配置安全认证策略。2: 加载了AuthenticationConfiguration, 配置了认证信息
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Bean
    PasswordEncoder passwordEncoder(){
        //如果加密 return new BCryptPasswordEncoder();
        return NoOpPasswordEncoder.getInstance();
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        //super.configure(auth);
        //如果加密  PasswordEncoder pa = passwordEncoder();
       
        auth.inMemoryAuthentication()
                .withUser("one").password("one").roles("admin").and()
                .withUser("two").password("two").roles("operator");
                //如果加密 .withUser("two").password(pa.encode("two")).roles("operator");

    }
}

 3.基于角色的访问

//1.配置类里定义用户与角色
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication()
                .withUser("one").password("one").roles("admin").and()
                .withUser("two").password("two").roles("normal");
    }

//2.在此类上加入注解
@EnableGlobalMethodSecurity(prePostEnabled = true) //启用方法级别认证
public class SecurityConfig extends WebSecurityConfigurerAdapter

//3.控制器里设置访问角色
    @GetMapping("/helloUser")
    @PreAuthorize(value = "hasAnyRole('admin','normal')")
    public String HelloCommonUser(){
        return "这是普通用户和管理员都可以访问";
    }
    @GetMapping("/helloAdmin")
    @PreAuthorize(value = "hasAnyRole('admin')")
    public String HelloAdmin(){
        return "这是管理员可以访问";
    }

 4.Hibernate引入数据库

//1.maven 中引入
        <dependency>
            <groupId>mysql</groupId>
            <artifactId>mysql-connector-java</artifactId>
            <version>5.1.29</version>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-data-jpa</artifactId>
            <version>2.5.4</version>
        </dependency>
    再定义配置文件 
    spring.datasource.url=jdbc:mysql://localhost:3306/bing
    spring.datasource.username=root
    spring.datasource.password=
    spring.datasource.driver-class-name=com.mysql.jdbc.Driver

    spring.jpa.generate-ddl=true
    spring.jpa.show-sql=true
    spring.jpa.database=mysql

//2.定义实体类entity->userinfo.java
@Data
@Entity
public class UserInfo { //类名自动存表名，大写会转成下划线
    @Id //指定当前属性为主键
    @GeneratedValue(strategy = GenerationType.IDENTITY) //自动递增
    private Long id;

    private String username;

    private String password;

    private String role;
}

//3.定义dao, dao->userInfoDao.java
public interface UserInfoDao extends JpaRepository<UserInfo,Long> { //传入实体类，与主键类型

    UserInfo findByUsername(String username);
    
}

4.创建service,与serviceImpl实现类
5.往数据库自定义填充一些数据进去 init/jdbcInit.java
@Component
public class JdbcInit {
    @Autowired
    private UserInfoDao dao;

    @PostConstruct //在服务器加载Servlet的时候运行，并且只会被服务器执行一次,只能修饰非静态的void
    public void init(){
        PasswordEncoder pa = new BCryptPasswordEncoder();
        UserInfo u = new UserInfo();
        u.setUsername("abing");
        u.setPassword(pa.encode("12345"));
        u.setRole("normal");
        dao.save(u);
        UserInfo u2 = new UserInfo();
        u2.setUsername("admin");
        u2.setPassword(pa.encode("admin"));
        u2.setRole("admin");
        dao.save(u2);

    }
}

 5.从数据库中获取用户信息和权限的认证

//1.定义provider/myUserdetailService.java 查询用户信息并实现security的userdetail.用户信息

@Component
public class MyUserDetailService implements UserDetailsService {

    @Autowired
    private UserInfoDao dao;

    @Override
    public UserDetails loadUserByUsername(String s) throws UsernameNotFoundException {
        User user = null;
        if(s != null){
            UserInfo userInfo = dao.findByUsername(s);
            List<GrantedAuthority> aut = new ArrayList<>();
            //这里一定要加ROLE_,不然用不了
            GrantedAuthority grantedAuthority = new SimpleGrantedAuthority("ROLE_"+userInfo.getRole());
            aut.add(grantedAuthority);
            if(userInfo != null){
                user = new User(userInfo.getUsername(),userInfo.getPassword(),aut);
            }
        }

        return user;
    }
}

//2.上面返回了用户对象后，再配置到SecurityConfig extends WebSecurityConfigurerAdapter的config里
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private MyUserDetailService myUserDetailService;


    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(myUserDetailService).passwordEncoder(new BCryptPasswordEncoder());
    }
//然后再进行登陆测试正常

TRANSLATE with x

English

Arabic	Hebrew	Polish
Bulgarian	Hindi	Portuguese
Catalan	Hmong Daw	Romanian
Chinese Simplified	Hungarian	Russian
Chinese Traditional	Indonesian	Slovak
Czech	Italian	Slovenian
Danish	Japanese	Spanish
Dutch	Klingon	Swedish
English	Korean	Thai
Estonian	Latvian	Turkish
Finnish	Lithuanian	Ukrainian
French	Malay	Urdu
German	Maltese	Vietnamese
Greek	Norwegian	Welsh
Haitian Creole	Persian

 

TRANSLATE with

COPY THE URL BELOW

Back

EMBED THE SNIPPET BELOW IN YOUR SITE

Enable collaborative features and customize widget: Bing Webmaster Portal

Back