入门
- 父工程依赖
<!-- 依赖版本号 -->
<properties>
<mybatis-plus.version>3.2.0</mybatis-plus.version>
<druid.version>1.1.12</druid.version>
<oauth2-autoconfigure.version>2.1.3.RELEASE</oauth2-autoconfigure.version>
<kaptcha.version>2.3.2</kaptcha.version>
<fastjson.version>1.2.8</fastjson.version>
<commons-lang.version>2.6</commons-lang.version>
<commons-collections.version>3.2.2</commons-collections.version>
<commons-io.version>2.6</commons-io.version>
</properties>
<!-- 集中式管理依赖版本号,并没有真实依赖 -->
<dependencyManagement>
<dependencies>
<!--mybatis-plus启动器-->
<dependency>
<groupId>com.baomidou</groupId>
<artifactId>mybatis-plus-boot-starter</artifactId>
<version>${mybatis-plus.version}</version>
</dependency>
<!--druid连接池-->
<dependency>
<groupId>com.alibaba</groupId>
<artifactId>druid</artifactId>
<version>${druid.version}</version>
</dependency>
<!--spring-security-oauth2、spring-security-jwt等-->
<dependency>
<groupId>org.springframework.security.oauth.boot</groupId>
<artifactId>spring-security-oauth2-autoconfigure</artifactId>
<version>${oauth2-autoconfigure.version}</version>
</dependency>
<!-- kaptcha 用于图形验证码 -->
<dependency>
<groupId>com.github.penggle</groupId>
<artifactId>kaptcha</artifactId>
<version>${kaptcha.version}</version>
</dependency>
<!-- 工具类依赖 -->
<dependency>
<groupId>com.alibaba</groupId>
<artifactId>fastjson</artifactId>
<version>${fastjson.version}</version>
</dependency>
<dependency>
<groupId>commons-lang</groupId>
<artifactId>commons-lang</artifactId>
<version>${commons-lang.version}</version>
</dependency>
<dependency>
<groupId>commons-collections</groupId>
<artifactId>commons-collections</artifactId>
<version>${commons-collections.version}</version>
</dependency>
<dependency>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
<version>${commons-io.version}</version>
</dependency>
</dependencies>
</dependencyManagement>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.7.0</version>
<configuration>
<source>1.8</source>
<target>1.8</target>
<encoding>UTF-8</encoding>
</configuration>
</plugin>
</plugins>
</build>
- base子模块依赖
<dependencies>
<!--类中setter/getter,使用注解-->
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
</dependency>
<!-- 工具类依赖 -->
<dependency>
<groupId>com.alibaba</groupId>
<artifactId>fastjson</artifactId>
</dependency>
<dependency>
<groupId>commons-lang</groupId>
<artifactId>commons-lang</artifactId>
</dependency>
<dependency>
<groupId>commons-collections</groupId>
<artifactId>commons-collections</artifactId>
</dependency>
<dependency>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
</dependency>
</dependencies>
- resources文件夹下编写logback.xml
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<!-- 彩色日志 -->
<!-- 彩色日志依赖的渲染类 -->
<conversionRule conversionWord="clr" converterClass="org.springframework.boot.logging.logback.ColorConverter" />
<conversionRule conversionWord="wex" converterClass="org.springframework.boot.logging.logback.WhitespaceThrowableProxyConverter" />
<conversionRule conversionWord="wEx" converterClass="org.springframework.boot.logging.logback.ExtendedWhitespaceThrowableProxyConverter" />
<!-- 彩色日志格式 -->
<property name="CONSOLE_LOG_PATTERN" value="${CONSOLE_LOG_PATTERN:-%clr(%d{HH:mm:ss.SSS}){faint} %clr(${LOG_LEVEL_PATTERN:-%5p}) %clr(${PID:- }){magenta} %clr(---){faint} %clr([%15.15t]){faint} %clr(%-40.40logger{39}){cyan} %clr(:){faint} %m%n${LOG_EXCEPTION_CONVERSION_WORD:-%wEx}}"/>
<!-- ch.qos.logback.core.ConsoleAppender 表示控制台输出 -->
<appender name="stdout" class="ch.qos.logback.core.ConsoleAppender">
<layout class="ch.qos.logback.classic.PatternLayout">
<pattern>${CONSOLE_LOG_PATTERN}</pattern>
</layout>
</appender>
<root level="info">
<appender-ref ref="stdout" />
</root>
</configuration>
- core子模块依赖
<dependencies>
<!--依赖base基础模块 -->
<dependency>
<groupId>com.ychen.security</groupId>
<version>1.0-SNAPSHOT</version>
<artifactId>base</artifactId>
</dependency>
<!-- 认证依赖 -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<!-- 解决过滤器错误 -->
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>servlet-api</artifactId>
<version>2.5</version>
</dependency>
</dependencies>
- 配置类
@Configuration
@EnableWebSecurity // 开启springsecurity过滤链 filter
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
Logger logger = LoggerFactory.getLogger(getClass());
@Bean
public PasswordEncoder passwordEncoder() {
// 明文+随机盐值》加密存储
return new BCryptPasswordEncoder();
}
/**
* 认证管理器:
* 1. 认证信息(用户名,密码)
* @param auth
* @throws Exception
*/
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
// 数据库存储的密码必须是加密后的,不然会报错:There is no PasswordEncoder mapped for the id "null"
String password = passwordEncoder().encode("admin");
logger.info("加密之后存储的密码:" + password);
auth.inMemoryAuthentication().withUser("admin")
.password(password).authorities("ADMIN");
}
/**
* 资源权限配置:
* 1. 被拦截的资源
* @param http
* @throws Exception
*/
@Override
protected void configure(HttpSecurity http) throws Exception {
http.formLogin()
// 登录的url
.loginProcessingUrl("/login")
// 登录成功后跳转url
.defaultSuccessUrl("/success").permitAll()
// 不需要认证就能访问
.and().authorizeRequests()
.antMatchers("/test").permitAll()
// 其他请求需要认证
.anyRequest().authenticated()
// 关闭csrf
.and().csrf().disable();
}
}
- web子模块依赖
<dependencies>
<!-- web启动器, 对springmvc, servlet等支持 -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<!--权限核心模块, 注意:要放到 web启动器下面-->
<dependency>
<groupId>com.ychen.security</groupId>
<version>1.0-SNAPSHOT</version>
<artifactId>core</artifactId>
</dependency>
<!-- application.yml 配置处理器-->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-configuration-processor</artifactId>
<optional>true</optional>
</dependency>
<!-- springboot 单元测试 -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
</dependency>
<!--热部署 ctrl+f9-->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-devtools</artifactId>
</dependency>
</dependencies>
- 启动类
@SpringBootApplication
public class WebApplication {
public static void main(String[] args) {
SpringApplication.run(WebApplication.class, args);
}
}
- 测试接口
@Controller
public class TestController {
// 需要认证才能访问的路径
@RequestMapping({"/index", "/", ""})
@ResponseBody
public String index() {
return "index";
}
// 不需要认证就能访问的路径
@RequestMapping("/test")
@ResponseBody
public String test() {
return "test";
}
// 认证成功后跳转的路径
@GetMapping("/success")
@ResponseBody
public String success(){
return "success";
}
}
-
未认证时,直接访问test接口,访问成功
-
未认证时,直接访问index接口,跳转到认证页面
-
输入用户名和密码,跳转到index
浙公网安备 33010602011771号