Spring 结合mybatis,以及Spring Security实现用户认证(Authentication)和授权(Authorization)功能.Spring Security是专门针对基于Spring项目的
安全框架,充分利用依赖注入和AOP来实现安全功能。Spring Boot针对Spring Security 的自动配置主要是靠SecurityAutoConfigation和SecurityProperties来
完成。页面模板Thymeleaf为我们提供了Spring Security的标签。
新建项目
新建Spring Boot的gradle项目,引入mysql,spring-mybatis,springboot-security,thymeleaf相关依赖。
dependencies {compile('org.springframework.boot:spring-boot-starter-web')compile('org.springframework.boot:spring-boot-starter-security')//视图依赖
compile('org.springframework.boot:spring-boot-starter-thymeleaf')//thymeleaf的Spring Security支持依赖
compile('org.thymeleaf.extras:thymeleaf-extras-springsecurity4')// spring-jdbc
compile "org.springframework:spring-jdbc:4.2.3.RELEASE"
//A high-performance JDBC connection pool.
compile "com.zaxxer:HikariCP"
// mysql
compile "mysql:mysql-connector-java"
//mybatis依赖
compile "org.mybatis:mybatis:3.3.1"
compile "org.mybatis:mybatis-spring:1.2.4"
compile "org.mybatis.generator:mybatis-generator-core:1.3.2"
//分页插件
compile "com.github.pagehelper:pagehelper:4.1.0"
}
server: port: 8081spring: datasource: driverClassName: com.mysql.jdbc.Driverurl: jdbc:mysql://localhost:3306/demo?useUnicode=true&characterEncoding=UTF-8username: rootpassword: 123456thymeleaf: cache: falsemybatis: mapperLocations: classpath:mapper/**.xmlconfig: mybatis-config.xmlrows_per_transaction: 500logging: level: org: springframework: security: debug配置数据库
首先创建一个Config配置文件,用来配置HikariCP连接池,项目暂不使用读写分离,如果需要分别创建read和write的DataSource bean.
@Configuration
public class MyBatisDataSourceConfig implements EnvironmentAware {private RelaxedPropertyResolver propertyResolver;
private static Logger log = LoggerFactory.getLogger(MyBatisDataSourceConfig.class);
@Override
public void setEnvironment(Environment env) {this.propertyResolver = new RelaxedPropertyResolver(env, "spring.dataSource.");
}@Bean(name = "dataSource")@Primary
public DataSource dataSource() {log.debug("Configruing Write DataSource");
HikariConfig datasource = new HikariConfig();
datasource.setDriverClassName(propertyResolver.getProperty("driverClassName"));
datasource.setJdbcUrl(propertyResolver.getProperty("url"));
datasource.setUsername(propertyResolver.getProperty("username"));
datasource.setPassword(propertyResolver.getProperty("password"));
datasource.setPoolName("dataSourcePool");
datasource.setAutoCommit(false);
return new HikariDataSource(datasource);
}
}
@Configuration
@AutoConfigureAfter({MyBatisDataSourceConfig.class})
@EnableTransactionManagement
public class MyBatisSessionFactoryConfig implements EnvironmentAware,TransactionManagementConfigurer {private static Logger logger = LoggerFactory.getLogger(MyBatisSessionFactoryConfig.class);
private RelaxedPropertyResolver propertyResolver;
@Resource(name = "dataSource")private DataSource dataSource;
@Override
public void setEnvironment(Environment environment) {this.propertyResolver = new RelaxedPropertyResolver(environment,"mybatis.");
}@Bean(name="sqlSessionFactory")@Primary
public SqlSessionFactory sqlSessionFactory() {try {SqlSessionFactoryBean sqlSessionFactory = new SqlSessionFactoryBean();
sqlSessionFactory.setDataSource(dataSource);
sqlSessionFactory.setConfigLocation(new DefaultResourceLoader().getResource(propertyResolver.getProperty("config")));
sqlSessionFactory.setMapperLocations(new PathMatchingResourcePatternResolver().getResources(propertyResolver.getProperty("mapperLocations")));
return sqlSessionFactory.getObject();
} catch (Exception e) {logger.error("Could not confiure mybatis session factory",e);
return null;
}}@Bean
@Override
public PlatformTransactionManager annotationDrivenTransactionManager() {logger.info("数据库事务开启~~~~~~~~~~~~~~~~~~~~~~~~~~");
return new DataSourceTransactionManager(dataSource);
}
}
@Configuration
//TODO 注意,由于MapperScannerConfigurer执行的比较早,所以必须有下面的注解 @AutoConfigureAfter({MyBatisSessionFactoryConfig.class})
public class MyBatisMapperScannerConfig {private static Logger logger = LoggerFactory.getLogger(MyBatisMapperScannerConfig.class);
@Bean(name="mapperScannerConfigurer")public MapperScannerConfigurer mapperScannerConfigurer() {logger.info("Database Scanner File ~~~~~~~~~~~~~~~~~~~");
MapperScannerConfigurer mapperScannerConfigurer = new MapperScannerConfigurer();
mapperScannerConfigurer.setSqlSessionFactoryBeanName("sqlSessionFactory");
mapperScannerConfigurer.setBasePackage(BaseMapper.class.getPackage().getName());
mapperScannerConfigurer.setMarkerInterface(BaseMapper.class);
return mapperScannerConfigurer;
}
}
package com.xjj.mapper;
public interface BaseMapper {
}定义用户和角色实体类
用户类:实现了UserDetails接口,我们的用户实体即为Srping Security所使用的用户。重写getAuthorities方法,将用户的角色作为权限。
public class SysUser implements UserDetails {private static final long serialVersionUID = -7071429258899138676L;
private Long id;
private String username;
private String password;
private List<SysRole> roles;
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {List<GrantedAuthority> auths = new ArrayList<>();
List<SysRole> roles = this.getRoles();
for (SysRole role:roles) {auths.add(new SimpleGrantedAuthority(role.getName()));
}return auths;
}@Override
public String getPassword() {return password;
}@Override
public String getUsername() {return username;
}@Override
public boolean isAccountNonExpired() {return true;
}@Override
public boolean isAccountNonLocked() {return true;
}@Override
public boolean isCredentialsNonExpired() {return true;
}@Override
public boolean isEnabled() {return true;
} //省略getset方法
public class SysRole {private Long id;
private String name;
}//省略getset方法用户表:sys_user
角色表:sys_role
用户角色关系表:sys_user_roles(用户与角色是多对多的关系)
初始化数据
insert into `sys_role`(`id`,`name`) values (1,'ROLE_ADMIN'),(2,'ROLE_USER');
insert into `sys_user`(`id`,`password`,`username`) values (1,'xjj','xjj'),(2,'xianjj','xianjj');
insert into `sys_user_roles`(`sys_user_id`,`roles_id`) values (1,1),(2,2),(1,2);
具体sql语句见项目resource下的sql.sql
定义传值实体
根据角色不同,页面显示不同内容。
public class Msg {private String title;
private String content;
private String etraInfo;
public Msg(String title, String content, String etraInfo) {super();
this.content = content;
this.etraInfo = etraInfo;
this.title = title;
}//省略get set 方法
}数据查询
自定义接口需要实现UserDetailsService接口,重写loadUserByUsername方法,查询用户信息。我们当前的用户实现了UserDetails接口,可直接返回给Spring Security使用。
public class CustomUserSevice implements UserDetailsService {@Autowired
SysUserMapper sysUserMapper;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {SysUser user = sysUserMapper.findByUsername(username);
if (user == null){throw new UsernameNotFoundException("用户名不存在");
}return user;
}
}
public interface SysUserMapper extends BaseMapper {SysUser findByUsername(String username);
List<SysRole> findRolesByUsername(String username);
}<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapper
PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
"http://mybatis.org/dtd/mybatis-3-mapper.dtd">
<mapper namespace="com.xjj.mapper.SysUserMapper">
<resultMap id="sysUserMap" type="com.xjj.domain.SysUser" >
<id column="id" property="id" jdbcType="INTEGER" />
<result column="id" property="id" jdbcType="VARCHAR" />
<result column="username" property="username" jdbcType="VARCHAR" />
<result column="password" property="password" jdbcType="VARCHAR" />
<collection property="roles" column="username" select="findRolesByUsername" />
</resultMap>
<select id="findByUsername" resultMap="sysUserMap">
SELECT * from sys_user WHERE username = #{0}</select>
<select id="findRolesByUsername" resultType="com.xjj.domain.SysRole">
SELECTsysrole.id,sysrole.nameFROMsys_user_roles rolesINNER JOIN sys_role sysroleON roles.roles_id = sysrole.idINNER JOIN sys_user sysuserON sysuser.id = roles.sys_user_idWHERE sysuser.username = #{0}</select>
</mapper>
配置
Spring MVC配置,注册访问/login转向login.html页面
@Configuration
public class WebMvcConfig extends WebMvcConfigurerAdapter {@Override
public void addViewControllers(ViewControllerRegistry registry) {registry.addViewController("/login").setViewName("login");
}
}扩展Spring Security配置,需要继承WebSecurityConfigurerAdapter类,添加自定义的UserDetailsService认证,重写configure方法。
前台页面
登录页面login.html
<!DOCTYPE html>
<html xmlns:th="http://www.thymeleaf.org">
<head>
<meta content="text/html;charset=UTF-8"/>
<title>登录页面</title>
<link rel="stylesheet" th:href="@{css/bootstrap.min.css}" />
<style>
body{padding-top: 50px;
}.starter-template{padding: 40px 15px;
text-align: center;
}</style>
</head>
<body>
<nav class="narbar navbar-inverse navbar-fixed-top">
<div class="container">
<div class="navbar-header">
<a class="navbar-brand" href="#">Spring Security 演示</a>
</div>
<div id="navbar" class="collapse navbar-collapse">
<ul class="nav navbar-nav">
<li><a th:href="@{/}">首页</a></li>
</ul>
</div>
</div>
</nav>
<div class="container">
<div class="starter-template">
<p th:if="${param.logout}" class="bg-warning">已成功注销</p>
<p th:if="${param.error}" class="bg-danger">有错误请重试</p>
<h2>使用账号密码登录</h2>
<form name="form" th:action="@{/login}" action="/login" method="post">
<div class="form-group">
<label for="username">账号</label>
<input type="text" class="form-control" name="username" value="" placeholder="账号"/>
</div>
<div class="form-group">
<label for="password">密码</label>
<input type="password" class="form-control" name="password" placeholder="密码"/>
</div>
<input type="submit" id="login" value="Login" class="btn btn-primary"/>
</form>
</div>
</div>
</body>
</html>首页
登录成功后跳转到首页
<!DOCTYPE html>
<html xmlns:th="http://www.thymeleaf.org"
xmlns:sec="http://www.thymeleaf.org/thymeleaf-extras-springsecurity4">
<head>
<meta content="text/html;charset=UTF-8"/>
<title sec:authentication="name"></title>
<link rel="stylesheet" th:href="@{css/bootstrap.min.css}" />
<style>
body{padding-top: 50px;
}.starter-template{padding: 40px 15px;
text-align: center;
}</style>
</head>
<body>
<nav class="narbar navbar-inverse navbar-fixed-top">
<div class="container">
<div class="navbar-header">
<a class="navbar-brand" href="#">Spring Security 演示</a>
</div>
<div id="navbar" class="collapse navbar-collapse">
<ul class="nav navbar-nav">
<li><a th:href="@{/}">首页</a></li>
</ul>
</div>
</div>
</nav>
<div class="container">
<div class="starter-template">
<h1 th:text="${msg.title}"></h1>
<p class="bg-primary" th:text="${msg.content}"></p>
<div sec:authorize="hasRole('ROLE_ADMIN')" >
<p class="bg-info" th:text="${msg.etraInfo}"></p>
</div>
<div sec:authorize="hasRole('ROLE_USER')" >
<p class="bg-info">无更多信息显示</p>
</div>
<form th:action="@{/logout}" method="post">
<input type="submit" class="btn btn-primary" value="注销"/>
</form>
</div>
</div>
</body>
</html>为首页准备显示数据
@Controller
public class HomeController {@RequestMapping("/")public String index(Model model){Msg msg = new Msg("测试标题", "测试内容", "额外信息,只对管理员显示");
model.addAttribute(msg);
return "index";
}
}运行结果
http://127.0.0.1:8081/
分别用管理员和普通用户登录,观察页面回显结果;
登录成功后点击注销,返回到登录页面;
用户名或密码不正确时,校验失败;
csdn源码下载:http://download.csdn.net/detail/jeofey/9883194
github下载:https://github.com/jeofey/SpringBootDemo
