Spring Security（2）

提示：文章写完后，目录可以自动生成，如何生成可参考右边的帮助文档

文章目录

• 前言
• 一、引jar和 application.yml配置：
• 二、 编写和用户角色权限相关的查询
• 三、编写Security配置
• 四、服务层
• 五、前台页面
• 六、在启动类添加配置及方法权限注释配置

---

前言

springboot+mybatisplus整合springsecurity
默认springboot+mybatisplus已经整合好
数据库表，我们使用标准权限系统表5张，分别为：
sys_user 用户表
sys_role 角色表
sys_menu 权限菜单表
sys_user_role 用户角色关联表
sys_role_menu 角色权限关联表

提示：以下是本篇文章正文内容，下面案例可供参考

一、引jar和 application.yml配置：

 <!--springboot整合security包-->
 		<dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency>

#配置整合druid
spring:
  datasource:
    druid:
      url: jdbc:mysql://localhost:3306/db_permission_system_security?useUnicode=true&characterEncoding=utf-8
      username: root
      password: root
      initial-size: 5
      max-active: 20
      min-idle: 10
      max-wait: 10
      #配置间隔多久才进行一次检测，检测需要关闭的空闲连接，单位是毫秒
      time-between-eviction-runs-millis: 60000
  web:
    resources:
      #配置静态资源位置
      static-locations: classpath:/static/,classpath:/templates/,
#配置日志输出
mybatis-plus:
  configuration:
    log-impl: org.apache.ibatis.logging.stdout.StdOutImpl
#开启扫描
  mapper-locations: mapper/*.xml
#配置访问端口号
server:
  port: 18888

二、 编写和用户角色权限相关的查询

package com.aaa.sbmp.mapper;
 
import com.aaa.sbmp.entity.Menu;
import com.aaa.sbmp.entity.Role;
import com.aaa.sbmp.entity.User;
import com.baomidou.mybatisplus.core.mapper.BaseMapper;
 
import java.util.List;
 
/**
 * @ fileName:UserMapper
 * @ description:
 * @ author:zhz
 * @ createTime:2022/1/14 9:53
 * @ version:1.0.0
 */
public interface UserMapper extends BaseMapper<User> {
 
    /**
     * 根据用户名称查询该用户对应的角色
     * @param userName
     * @return
     */
    List<Role> queryRoleListByUserName(String userName);
 
    /**
     * 根据用户名称查询该用户对应的权限
     * @param userName
     * @return
     */
    List<Menu> queryMenuListByUserName(String userName);
}
 

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
<mapper namespace="com.aaa.sbmp.mapper.UserMapper">
 
    <!--根据用户名称查询该用户对应的角色-->
    <select id="queryRoleListByUserName" resultType="com.aaa.sbmp.entity.Role">
         select role_Id roleId,role_Name roleName,role_Key roleKey from sys_role r where exists(
              select 1 from sys_user_role ur where ur.user_id=(
                  select user_id from sys_user  u where u.user_name=#{userName} and status=0 and del_flag=0
               ) and ur.role_id=r.role_id
            ) and status=0 and del_flag=0
    </select>
    <!--根据用户名称查询该用户对应的权限-->
    <select id="queryMenuListByUserName" resultType="com.aaa.sbmp.entity.Menu">
        select menu_Id menuId,menu_Name menuName,perms from sys_menu  m where  m.visible=0 and  exists(
         select menu_id from sys_role_menu rm where exists (
              select role_id from sys_user_role ur where ur.user_id=
             ( select user_id from sys_user  u where u.user_name=#{userName} and status=0 and del_flag=0)
              and rm.role_id=ur.role_id
          ) and m.menu_id=rm.menu_id
        )
    </select>
</mapper>
 

封装到工具控制层

 /**
     * 通用的获取登录用户信息方法
     * @return
     */
    protected User  currentLoadUser(){
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        return (User)authentication.getPrincipal();
    }

三、编写Security配置

package com.aaa.sbmp.config;
 
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 
import javax.annotation.Resource;
 
/**
 * @ fileName:SecurityConfig
 * @ description:
 * @ author:zhz
 * @ createTime:2022/2/15 10:58
 * @ version:1.0.0
 */
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
 
    @Resource
    private UserDetailsService userDetailsService;
 
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
    }
 
    @Bean
    public BCryptPasswordEncoder passwordEncoder(){
        return new BCryptPasswordEncoder();
    }
 
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        //配置登录页面信息
        http.formLogin() //总体form方式
                .loginPage("/html/login.html") //配置登录页面路径
                .loginProcessingUrl("/user/login")登录页面中form配置的请求地址
                .failureUrl("/html/login.html?error") //登录失败路径配置
                .defaultSuccessUrl("/html/index.html").permitAll()  //默认登录成功的请求地址,认证前没有其他请求的验证
                .and().authorizeRequests() //拦截所有的授权请求
                .antMatchers("/user/login","/","/css/**","/js/**").permitAll()//配置需要放行的路径
                .anyRequest().authenticated()//除了上面配置的，其他请求都需要认证
                .and().csrf().disable(); //关闭csrf功能  如果不关闭，你的form表单无法提交，必须配置
        //配置未授权跳转页面
        http.exceptionHandling().accessDeniedPage("/html/unauthorized.html");
        //注销配置   如果使用默认/logout可以不用配置
        http.logout().logoutUrl("/logout") //用户注销请求地址
                .logoutSuccessUrl("/html/login.html").permitAll();  //注销成功跳转地址
 
    }
}
 

四、服务层

package com.aaa.sbmp.service.impl;
 
import cn.hutool.core.collection.CollUtil;
import cn.hutool.core.util.StrUtil;
import com.aaa.sbmp.entity.Menu;
import com.aaa.sbmp.entity.Role;
import com.aaa.sbmp.entity.User;
import com.aaa.sbmp.service.IUserService;
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import lombok.extern.log4j.Log4j2;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.stereotype.Service;
 
import javax.annotation.Resource;
import java.util.ArrayList;
import java.util.List;
 
/**
 * @ fileName:UserDetailsServiceImpl
 * @ description:
 * @ author:zhz
 * @ createTime:2022/2/15 11:01
 * @ version:1.0.0
 */
@Service
@Log4j2
public class UserDetailsServiceImpl implements UserDetailsService {
 
    @Resource
    private IUserService iUserService;
 
    @Override
    public UserDetails loadUserByUsername(String userName) throws UsernameNotFoundException {
        //定义角色权限集合
        List<GrantedAuthority>  grantedAuthorityList =new ArrayList<>();
 
        //获取角色列表
        List<Role> roleList = iUserService.queryRoleListByUserName(userName);
        for (Role role : roleList) {
            log.info("角色："+role.getRoleKey());
            grantedAuthorityList.add(new SimpleGrantedAuthority(role.getRoleKey()));
        }
        //获取权限列表
        List<Menu> menuList = iUserService.queryMenuListByUserName(userName);
        for (Menu menu : menuList) {
            String perms = menu.getPerms();
            if(StrUtil.isNotEmpty(perms)) {
                log.info("权限：" + perms);
                grantedAuthorityList.add(new SimpleGrantedAuthority(perms));
            }
        }
        //获取数据库用户信息
        QueryWrapper<User> queryWrapper =new QueryWrapper<>();
        queryWrapper.eq("user_name",userName);
        List<User> userList = iUserService.list(queryWrapper);
        User user = null;
        //判断
        if(CollUtil.isNotEmpty(userList)){
              user = userList.get(0);
        }
        return new org.springframework.security.core.userdetails.User(user.getUserName(),
                //new BCryptPasswordEncoder().encode(user.getPassword()),//如果数据库是明文密码，这样写
                user.getPassword(),//加密密码
                grantedAuthorityList);
    }
}
 

package com.aaa.sbmp.service;
 
import com.aaa.sbmp.entity.Menu;
import com.aaa.sbmp.entity.Role;
import com.aaa.sbmp.entity.User;
import com.baomidou.mybatisplus.extension.service.IService;
 
import java.util.List;
 
/**
 * @ fileName:IUserService
 * @ description:
 * @ author:zhz
 * @ createTime:2022/2/15 10:52
 * @ version:1.0.0
 */
public interface IUserService extends IService<User> {
    /**
     * 根据用户名称查询该用户对应的角色1
     * @param userName
     * @return
     */
    List<Role> queryRoleListByUserName(String userName);
 
    /**
     * 根据用户名称查询该用户对应的权限
     * @param userName
     * @return
     */
    List<Menu> queryMenuListByUserName(String userName);
}
 

五、前台页面

index。html

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>成功首页</title>
</head>
<body>
     成功后的首页  <a href="/logout">用户注销</a>
</body>
</html>

login。html

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>员工登录</title>
    <script>
        function load(){
            var url = location.href;
            //判断url中是否含有?
             if(url.indexOf("?")!=-1){
                 //                          原始js       jquery
                 //原始JS赋值  <a>url</a>   .innerText    .text()
                  //          input     .value=          .val()
                 //            div      .innerHTML       .html
                 document.getElementById("errorInfo").innerHTML="用户名或者密码错误！！";
             }
 
        }
 
    </script>
</head>
<body onload="load()">
<center>
    <h3>登录页面</h3>
    <form action="/user/login" method="post">
        <div id="errorInfo" style="color: red"></div>
        <table border="1" >
            <!--用户名和密码的name一定是 username  password 大小写也有区分-->
            <tr><td>用户名</td><td><input type="text" name="username" value="admin"> </td></tr>
            <tr><td>密码</td><td><input type="text" name="password" value="tiger"> </td></tr>
            <tr><td colspan="2" align="center"><input type="submit" value="登录"></td></tr>
        </table>
    </form>
</center>
</body>
</html>

unauthorized.html

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>错误页面</title>
</head>
<body>
     访问了未授权的地址。。。。。。。。。。。
</body>
</html>

六、在启动类添加配置及方法权限注释配置

@EnableGlobalMethodSecurity(prePostEnabled = true)

控制层测试方法

/**
* 测试查询（讲解QueryWrapper用法）
* @param dept
* @return
*/
@PreAuthorize("hasRole('管理员')")
@GetMapping("queryList")
public List<Dept> queryList(Dept dept){
return iDeptService.queryList(dept);
}

测试登录用户名密码错误    测试角色权限相关功能