基于MyBatis的Spring Boot Security的操作实例
目录
1、创建Spring Boot Web应用
2、修改pom.xml文件
3、设置上下文路径和数据源配置信息
4、整理脚本样式静态文件
5、创建用户和权限持久化实体类
6、创建数据访问层接口
7、创建Mapper映射文件
8、创建业务层
9、创建控制器类
10、创建应用的安全控制相关实现
11、创建用于测试的视图页面
12、修改Application类
13、测试应用
14、附数据库脚本
详细过程:
1、创建Spring Boot Web应用
2、修改pom.xml文件
添加mysql连接器
完整POM文件内容:
<?xml version="1.0" encoding="UTF-8"?> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion>4.0.0</modelVersion> <parent> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-parent</artifactId> <version>2.6.4</version> <relativePath/> <!-- lookup parent from repository --> </parent> <groupId>com.mm</groupId> <artifactId>security_mybatis</artifactId> <version>0.0.1-SNAPSHOT</version> <name>security_mybatis</name> <description>Demo project for Spring Boot</description> <properties> <java.version>1.8</java.version> </properties> <dependencies> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-thymeleaf</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> </dependency> <dependency> <groupId>org.thymeleaf.extras</groupId> <artifactId>thymeleaf-extras-springsecurity5</artifactId> </dependency> <dependency> <groupId>mysql</groupId> <artifactId>mysql-connector-java</artifactId> <scope>runtime</scope> </dependency> <dependency> <groupId>org.mybatis.spring.boot</groupId> <artifactId>mybatis-spring-boot-starter</artifactId> <version>2.1.0</version> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-test</artifactId> <scope>test</scope> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-test</artifactId> <scope>test</scope> </dependency> </dependencies> <build> <plugins> <plugin> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-maven-plugin</artifactId> </plugin> </plugins> </build> </project>
3、设置上下文路径和数据源配置信息
server.servlet.context-path=/sm ##数据源信息配置 spring.datasource.url=jdbc:mysql://localhost:3306/springtest?serverTimezone=UTC&characterEncoding=utf8&useUnicode=true&useSSL=false spring.datasource.username=root spring.datasource.password=test.1234 #数据库驱动 spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver #设置包别名(在Mapper映射文件中直接使用实体类名) mybatis.type-aliases-package=com.mm.security_mybatis.entity #告诉系统到哪里去找mapper.xml文件(映射文件) mybatis.mapper-locations=classpath:mappers/*.xml #在控制台输出SQL语句日志 logging.level.com.mm.security_mybatis.repository=debug logging.level.org.springframework.security=trace spring.jackson.serialization.indent-output=true spring.thymeleaf.cache=false #放开不允许循环依赖的要求 spring.main.allow-circular-references=true
4、整理脚本样式静态文件
5、创建用户和权限持久化实体类
创建包:entity,并在该包中创建持久化实体类MyUser和Authrity。
MyUser:保存用户数据,用户名唯一。
Authrity:保存权限信息。
用户和权限是多对多关系。
package com.mm.security_mybatis.entity; import java.io.Serializable; import java.util.List; public class MyUser implements Serializable { private static final long serialVersionUID=1L; private int id; private String username; private String password; private String repassword; private List<Authority> authorityList; //省略set和get方法 }
package com.mm.security_mybatis.entity; import java.io.Serializable; import java.util.List; public class Authority implements Serializable { private static final long serialVersionUID=1L; private int id; private String name; private List<MyUser> userList; //省略set和get方法 }
6、创建数据访问层接口
创建包:repository,并在该包中创建接口:MyUserRepository。具体代码如下:
package com.mm.security_mybatis.repository; import com.mm.security_mybatis.entity.Authority; import com.mm.security_mybatis.entity.MyUser; import org.apache.ibatis.annotations.Mapper; import org.apache.ibatis.annotations.Param; import java.util.List; @Mapper public interface MyUserRepository { /** * 根据用户名查询用户信息 * @param username * @return */ MyUser findByUsername(String username); /** * 根据用户ID查询用户的权限列表 * @param id * @return */ List<Authority> findRoleByUser(Integer id); /** * 注册用户 * @param myUser * @return */ int save(MyUser myUser); /** * 保存用户权限 * @param user_id * @param authority_id * @return */ int saveUserAuthority(@Param("user_id") Integer user_id,@Param("authority_id") Integer authority_id); }
7、创建Mapper映射文件
在src/main/resource目录下,创建名为mappers的包,并在该包中创建SQL映射文件MyUserMapper.xml。
//@Repository
具体代码如下:
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd"> <mapper namespace="com.mm.security_mybatis.repository.MyUserRepository" > <!-- 根据用户名级联查询用户权限 --> <resultMap id="myResult" type="MyUser"> <id property="id" column="id"/> <result property="username" column="username"/> <result property="password" column="password"/> <collection property="authorityList" ofType="authority" column="id" fetchType="eager" select="com.mm.security_mybatis.repository.MyUserRepository.findRoleByUser"/> </resultMap> <!-- 根据用户名查询用户信息 --> <select id="findByUsername" parameterType="string" resultMap="myResult"> select * from user where username=#{username} </select> <!-- 根据用户ID查询用户的权限列表 --> <select id="findRoleByUser" parameterType="integer" resultType="Authority"> select id,name from authority a,user_authority ua where a.id=ua.authority_id and ua.user_id=#{id} </select> <!-- 注册用户,并将主键保存到MyUser对象的ID属性中 --> <insert id="save" parameterType="MyUser" keyProperty="id" useGeneratedKeys="true"> insert into user(id,username,password) values (null,#{username},#{password}) </insert> <!-- 添加用户权限 --> <insert id="saveUserAuthority"> insert into user_authority(user_id,authority_id) values (#{user_id},#{authority_id}) </insert> </mapper>
8、创建业务层
创建包:service。在该包中创建UserService接口和UserServiceImpl实现类。
UserService代码如下:
package com.mm.security_mybatis.service; import com.mm.security_mybatis.entity.MyUser; import org.springframework.ui.Model; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public interface UserService { public String register(MyUser userDomain); public String loginSuccess(Model model); public String main(Model model); public String deniedAccess(Model model); public String logout(HttpServletRequest request, HttpServletResponse response); }
UserServiceImpl代码如下:
package com.mm.security_mybatis.service; import com.mm.security_mybatis.entity.MyUser; import com.mm.security_mybatis.repository.MyUserRepository; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.core.Authentication; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler; import org.springframework.stereotype.Service; import org.springframework.ui.Model; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.util.ArrayList; import java.util.List; @Service public class UserServiceImpl implements UserService { @Autowired private MyUserRepository myUserRepository; @Override public String register(MyUser userDomain) { String username=userDomain.getUsername(); //加密密码 String secret=new BCryptPasswordEncoder().encode(userDomain.getPassword()); userDomain.setPassword(secret); int n=myUserRepository.save(userDomain); //管理员权限 if("admin".equals(username)){ myUserRepository.saveUserAuthority(userDomain.getId(),1); myUserRepository.saveUserAuthority(userDomain.getId(),2); } else { myUserRepository.saveUserAuthority(userDomain.getId(),3); } if(n!=0){ return "/login"; }else { return "/register"; } } /** * 用户登录成功 * @param model * @return */ @Override public String loginSuccess(Model model) { model.addAttribute("user",getUname()); model.addAttribute("role",getAuthorities()); return "/user/loginSuccess"; } /** * 管理员登录成功 * @param model * @return */ @Override public String main(Model model) { model.addAttribute("user",getUname()); model.addAttribute("role",getAuthorities()); return "/admin/main"; } /** * 没有权限访问 * @param model * @return */ @Override public String deniedAccess(Model model) { model.addAttribute("user",getUname()); model.addAttribute("role",getAuthorities()); return "/deniedAccess"; } /** * 注销用户 * @param request * @param response * @return */ @Override public String logout(HttpServletRequest request, HttpServletResponse response) { Authentication authentication=SecurityContextHolder.getContext().getAuthentication(); if(authentication!=null){ new SecurityContextLogoutHandler().logout(request,response,authentication); } return "redirect:/login?logout"; } /** * 获取当前用户名称 * @return */ private String getUname(){ return SecurityContextHolder.getContext().getAuthentication().getName(); } /** * 获取当前用户权限 * @return */ private String getAuthorities(){ Authentication authentication=SecurityContextHolder.getContext().getAuthentication(); List<String> roles=new ArrayList<>(); for(GrantedAuthority ga :authentication.getAuthorities()){ roles.add(ga.getAuthority()); } return roles.toString(); } }
9、创建控制器类
创建包:controller。在该包中创建控制器类TestSecurityController。具体代码如下。
package com.mm.security_mybatis.controller; import com.mm.security_mybatis.entity.MyUser; import com.mm.security_mybatis.service.UserService; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Controller; import org.springframework.ui.Model; import org.springframework.web.bind.annotation.ModelAttribute; import org.springframework.web.bind.annotation.RequestMapping; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @Controller public class TestSecurityController { @Autowired private UserService userService; @RequestMapping("/") public String index(){ return "/index"; } @RequestMapping("/toLogin") public String toLogin(){ return "/login"; } @RequestMapping("/toRegister") public String toRegister(@ModelAttribute("userDomain") MyUser userDomain){ return "/register"; } @RequestMapping("/register") public String register(@ModelAttribute("userDomain") MyUser userDomain){ return userService.register(userDomain); } @RequestMapping("/login") public String login(){ return "/login"; } @RequestMapping("/user/loginSuccess") public String loginSuccess(Model model){ return userService.loginSuccess(model); } @RequestMapping("/admin/main") public String main(Model model){ return userService.main(model); } @RequestMapping("/logout") public String logout(HttpServletRequest request, HttpServletResponse response){ return userService.logout(request, response); } @RequestMapping("/deniedAccess") public String deniedAccess(Model model){ return userService.deniedAccess(model); } }
10、创建应用的安全控制相关实现
创建包:security。在该包中创建MyUserSecurityService、MyAuthenticationSuccessHandler、MySecurityConfigurerAdapter类。
MyUserSecurityService实现了UserDetailsService接口,并通过重写loadUserByUsername(String username)方法查询对应的用户,并将用户名、密码、权限等认证相关的信息封装在UserDetails对象中。
MyUserSecurityService具体代码如下:
package com.mm.security_mybatis.security; import com.mm.security_mybatis.entity.Authority; import com.mm.security_mybatis.entity.MyUser; import com.mm.security_mybatis.repository.MyUserRepository; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UsernameNotFoundException; import org.springframework.stereotype.Service; import java.util.ArrayList; import java.util.List; @Service public class MyUserSecurityService implements UserDetailsService { //@Autowired(required = false) @Autowired private MyUserRepository myUserRepository; @Override public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { MyUser myUser=myUserRepository.findByUsername(username); if(myUser==null){ throw new UsernameNotFoundException("用户名不存在"); } List<GrantedAuthority> authorities=new ArrayList<>(); List<Authority> rules=myUser.getAuthorityList(); for(Authority authority :rules){ GrantedAuthority sg=new SimpleGrantedAuthority(authority.getName()); authorities.add(sg); } User su=new User(myUser.getUsername(),myUser.getPassword(),authorities); return su; } }
注意:如果注入数据层有红色下划线,并提示“Could not autowire. No beans of 'MyUserRepository' type found. ”,
如下报错:
解决方案一:可在数据层商加注解@Repository。
解决方案二:使用注解:@Autowired(required = false)
MyAuthenticationSuccessHandler继承了SimpleUrlAuthenticationSuccessHandler类,并重写了handle(HttpServletRequest request, HttpServletResponse response, Authentication authentication)方法,根据当前认证用户的角色指定对应的URL。
MyAuthenticationSuccessHandler具体代码如下:
package com.mm.security_mybatis.security; import org.springframework.security.core.Authentication; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.web.DefaultRedirectStrategy; import org.springframework.security.web.RedirectStrategy; import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler; import org.springframework.stereotype.Component; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; import java.util.ArrayList; import java.util.Collection; import java.util.List; @Component public class MyAuthenticationSuccessHandler extends SimpleUrlAuthenticationSuccessHandler { private RedirectStrategy redirectStrategy=new DefaultRedirectStrategy(); @Override protected void handle(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException { String tagerUrl=getTargetUrl(authentication); redirectStrategy.sendRedirect(request,response,tagerUrl); //super.handle(request, response, authentication); } protected String getTargetUrl(Authentication authentication){ String url=""; Collection<? extends GrantedAuthority> authorities=authentication.getAuthorities(); List<String> roles=new ArrayList<>(); for(GrantedAuthority au : authorities){ roles.add(au.getAuthority()); } if(roles.contains("ROLE_USER")){ url="/user/loginSuccess"; // url="/loginSuccess"; } else if(roles.contains("ROLE_ADMIN")){ url="/admin/main"; // url="/main"; }else{ url="/deniedAccess"; } return url; } }
MySecurityConfigurerAdapter 类继承了WebSecurityConfigurerAdapter类,并通过重写configure(AuthenticationManagerBuilder auth) 方法实现了用户认证,重写 configure(HttpSecurity http)方法实现用户授权操作。
MySecurityConfigurerAdapter具体代码如下:
package com.mm.security_mybatis.security; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.authentication.AuthenticationProvider; import org.springframework.security.authentication.dao.DaoAuthenticationProvider; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder; @Configuration public class MySecurityConfigurerAdapter extends WebSecurityConfigurerAdapter { @Autowired private MyUserSecurityService myUserSecurityService; @Autowired private PasswordEncoder passwordEncoder; @Autowired private AuthenticationProvider authenticationProvider; @Autowired private MyAuthenticationSuccessHandler myAuthenticationSuccessHandler; @Bean public PasswordEncoder passwordEncoder(){ return new BCryptPasswordEncoder(); } @Bean public AuthenticationProvider authenticationProvider(){ DaoAuthenticationProvider provider=new DaoAuthenticationProvider(); provider.setHideUserNotFoundExceptions(false); provider.setUserDetailsService(myUserSecurityService); provider.setPasswordEncoder(passwordEncoder); return provider; } @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { //super.configure(auth); System.out.println("configure(AuthenticationManagerBuilder auth)"); auth.authenticationProvider(authenticationProvider); } @Override protected void configure(HttpSecurity http) throws Exception { //super.configure(http); System.out.println(" configure(HttpSecurity http)"); http.authorizeRequests() .antMatchers("/toLogin","/toRegister","/","/login","/register","/css/**","/fonts/**","/js/**").permitAll() .antMatchers("/user/**").hasRole("USER") .antMatchers("/admin/**").hasAnyRole("ADMIN","DBA") // .antMatchers("/loginSuccess").hasRole("USER") // .antMatchers("/main").hasAnyRole("ADMIN","DBA") .anyRequest().authenticated() .and() .formLogin() .loginPage("/login").successHandler(myAuthenticationSuccessHandler) .usernameParameter("username").passwordParameter("password") .failureForwardUrl("/login?error") .and() .logout().permitAll() .and() .exceptionHandling().accessDeniedPage("/deniedAccess"); } }
11、创建用于测试的视图页面
在src/main/resources/templates目录下创建应用的首页、注册、登录以及拒绝访问页面;
在src/main/resources/templates/admin目录下创建应用的管理员用户认证成功后访问的页面;
在src/main/resources/templates/user目录下创建应用的普通用户认证成功后访问的页面。
首页index.html的代码如下:
<!DOCTYPE html> <html xmlns:th="http://www.thymeleaf.org"> <head> <meta charset="UTF-8"> <title>首页</title> <link rel="stylesheet" th:href="@{/css/bootstrap.min.css}" /> </head> <body> <div class="panel panel-primary"> <div class="panel-heading"> <h3 class="panel-title">Spring Security 测试首页</h3> </div> </div> <div class="container"> <div> <a th:href="@{/toLogin}">去登录</a><br><br> <a th:href="@{/toRegister}">去注册</a> </div> </div> </body> </html>
注册register.html的代码如下:
<!DOCTYPE html> <html xmlns:th="http://www.thymeleaf.org"> <head> <meta charset="UTF-8"> <title>注册页面</title> <link rel="stylesheet" th:href="@{/css/bootstrap.min.css}" /> <script th:src="@{/js/jquery.min.js}"></script> <script type="text/javascript" th:inline="javascript"> debugger; function checkBpwd() { if($("#username").val()==""){ alert("用户名必须输入"); $("#username").focus(); return false; } else if($("#password").val()==""){ alert("密码必须输入"); $("#password").focus(); return false; }else if($("#password").val()!=$("#repassword").val()){ alert("两次密码不一致"); $("#password").focus(); return false; }else{ document.myForm.submit(); } } </script> </head> <body> <div class="container"> <div class="bg-primary" style="width:100%;height:70px;padding-top: 10px"><h2 align="center">用户注册</h2></div> <br> <br> <form th:action="@{/register}" name="myForm" method="post" th:object="${userDomain}" class="form-horizontal" role="form"> <div class="form-group has-success"> <label class="col-sm-2 col-md-2 control-label">用户名</label> <div class="col-sm-4 col-md-4"> <input type="text" class="form-control" placeholder="请输入你的用户名" th:field="*{username}"> </div> </div> <div class="form-group has-success"> <label class="col-sm-2 col-md-2 control-label">密码</label> <div class="col-sm-4 col-md-4"> <input type="password" class="form-control" placeholder="请输入你的密码" th:field="*{password}"> </div> </div> <div class="form-group has-success"> <label class="col-sm-2 col-md-2 control-label">确认密码</label> <div class="col-sm-4 col-md-4"> <input type="password" class="form-control" placeholder="请再次输入你的密码" th:field="*{repassword}"> </div> </div> <br> <div class="form-group"> <div class="col-sm-offset-2 col-sm-10"> <button type="button" onclick="checkBpwd()" class="btn btn-success">注册</button> <button type="reset" class="btn btn-primary">重置</button> </div> </div> </form> </div> </body> </html>
登录login.html的代码如下:
<!DOCTYPE html> <html xmlns:th="http://www.thymeleaf.org"> <head> <meta charset="UTF-8"> <title>登录页面</title> <link rel="stylesheet" th:href="@{/css/bootstrap.min.css}" /> <script th:src="@{/js/jquery.min.js}"></script> <script type="text/javascript"> $(function () { $("#loginBtn").click(function () { var username=$("#username"); var password=$("#password"); var msg=""; if (username.val()==""){ msg="用户名不能为空"; username.focus(); } if (password.val()==""){ msg="密码不能为空"; password.focus(); } if(msg!=""){ alert(msg); return false; } //$("#myForm").submit(); document.myForm.submit(); }); }); </script> </head> <body> <div class="container"> <div class="bg-primary" style="width: 100%;height:70px;padding-top: 10px"><h2 align="center">用户登录</h2></div> <br> <br> <form th:action="@{/login}" name="myForm" method="post" class="form-horizontal" role="form"> <div th:if="${param.error!=null}"> <div class="alert alert-danger"> <p><font color="red">用户名或者密码错误</font></p> </div> </div> <div th:if="${param.logout!=null}"> <div class="alert alert-success"> <p><font color="red">注销成功</font></p> </div> </div> <div class="form-group has-success"> <label class="col-sm-2 col-md-2 control-label">用户名</label> <div class="col-sm-4 col-md-4"> <input type="text" class="form-control" placeholder="请输入你的用户名" name="username" id="username"> </div> </div> <div class="form-group has-success"> <label class="col-sm-2 col-md-2 control-label">密码</label> <div class="col-sm-4 col-md-4"> <input type="password" class="form-control" placeholder="请输入你的密码" name="password" id="password"> </div> </div> <br> <div class="form-group"> <div class="col-sm-offset-2 col-sm-10"> <button type="button" id="loginBtn" class="btn btn-success">登录</button> <button type="reset" class="btn btn-primary">重置</button> </div> </div> </form> </div> </body> </html>
拒绝访问deniedAccess.html的代码如下:
<!DOCTYPE html> <html xmlns:th="http://www.thymeleaf.org"> <head> <meta charset="UTF-8"> <title>首页</title> <link rel="stylesheet" th:href="@{/css/bootstrap.min.css}" /> </head> <body> <div class="panel panel-primary"> <div class="panel-heading"> <h3 class="panel-title">拒绝访问页面</h3> </div> </div> <div class="container"> <div> <h3><span th:text="${user}"></span>您没有权限访问该页面!您的权限是<span th:text="${role}"></span>。</h3> <a th:href="@{/logout}">安全退出</a> </div> </div> </body> </html>
管理员用户认证成功后访问的页面main.html的代码如下:
<!DOCTYPE html> <html xmlns:th="http://www.thymeleaf.org"> <head> <meta charset="UTF-8"> <title>首页</title> <link rel="stylesheet" th:href="@{/css/bootstrap.min.css}" /> </head> <body> <div class="panel panel-primary"> <div class="panel-heading"> <h3 class="panel-title">管理员页面</h3> </div> </div> <div class="container"> <div> <h3>欢迎<span th:text="${user}"></span>访问该页面!您的权限是<span th:text="${role}"></span>。</h3> <br><br> <a th:href="@{/user/loginSuccess}">去访问用户登录成功界面</a> <a th:href="@{/logout}">安全退出</a> </div> </div> </body> </html>
普通用户认证成功后访问的页面loginAccess.html的代码如下:
<!DOCTYPE html> <html xmlns:th="http://www.thymeleaf.org"> <head> <meta charset="UTF-8"> <title>首页</title> <link rel="stylesheet" th:href="@{/css/bootstrap.min.css}" /> </head> <body> <div class="panel panel-primary"> <div class="panel-heading"> <h3 class="panel-title">登录成功页面</h3> </div> </div> <div class="container"> <div> <h3>欢迎<span th:text="${user}"></span>登录成功!您的权限是<span th:text="${role}"></span>。</h3> <br><br> <a th:href="@{/admin/main}">去访问管理员功界面</a> <a th:href="@{/logout}">安全退出</a> </div> </div> </body> </html>
12、修改Application类
在SecurityMybatisApplication类头部使用@MapperScan注解扫描Mapper接口。
具体代码如下:
package com.mm.security_mybatis; import org.mybatis.spring.annotation.MapperScan; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; @SpringBootApplication @MapperScan("com.mm.security_mybatis.repository") public class SecurityMybatisApplication { public static void main(String[] args) { SpringApplication.run(SecurityMybatisApplication.class, args); } }
13、测试应用
运行SecurityMybatisApplication的主方法启动项目。
Spring Boot启动后,观察控制台,发现MySecurityConfigurerAdapter的两个config方法都已经被执行,说明自定义的用户认证和用户授权工作已经生效。
在浏览器输入“http://localhost:8080/sm”
http://localhost:8080/sm/toRegister、http://localhost:8080/sm/toregister:
http://localhost:8080/sm/toLogin、http://localhost:8080/sm/login:
管理员登录成功界面:用户:admin
普通用户登录界面:用户:mm
14、附数据库脚本
创建数据库:
CREATE DATABASE springtest CHARACTER SET utf8 COLLATE utf8_general_ci;
用户表user:
SET NAMES utf8mb4; SET FOREIGN_KEY_CHECKS = 0; -- ---------------------------- -- Table structure for user -- ---------------------------- DROP TABLE IF EXISTS `user`; CREATE TABLE `user` ( `id` int(11) NOT NULL AUTO_INCREMENT, `password` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL, `username` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL, PRIMARY KEY (`id`) USING BTREE ) ENGINE = InnoDB AUTO_INCREMENT = 3 CHARACTER SET = utf8 COLLATE = utf8_general_ci ROW_FORMAT = Dynamic; SET FOREIGN_KEY_CHECKS = 1;
权限表authority:
SET NAMES utf8mb4; SET FOREIGN_KEY_CHECKS = 0; -- ---------------------------- -- Table structure for authority -- ---------------------------- DROP TABLE IF EXISTS `authority`; CREATE TABLE `authority` ( `id` int(11) NOT NULL AUTO_INCREMENT, `name` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL, PRIMARY KEY (`id`) USING BTREE ) ENGINE = InnoDB AUTO_INCREMENT = 4 CHARACTER SET = utf8 COLLATE = utf8_general_ci ROW_FORMAT = Dynamic; -- ---------------------------- -- Records of authority -- ---------------------------- INSERT INTO `authority` VALUES (1, 'ROLE_ADMIN'); INSERT INTO `authority` VALUES (2, 'ROLE_DBA'); INSERT INTO `authority` VALUES (3, 'ROLE_USER'); SET FOREIGN_KEY_CHECKS = 1;
用户权限映射表user_authority:
SET NAMES utf8mb4; SET FOREIGN_KEY_CHECKS = 0; -- ---------------------------- -- Table structure for user_authority -- ---------------------------- DROP TABLE IF EXISTS `user_authority`; CREATE TABLE `user_authority` ( `user_id` int(11) NOT NULL, `authority_id` int(11) NOT NULL, INDEX `FKgvxjs381k6f48d5d2yi11uh89`(`authority_id`) USING BTREE, INDEX `FKpqlsjpkybgos9w2svcri7j8xy`(`user_id`) USING BTREE, CONSTRAINT `FKgvxjs381k6f48d5d2yi11uh89` FOREIGN KEY (`authority_id`) REFERENCES `authority` (`id`) ON DELETE RESTRICT ON UPDATE RESTRICT, CONSTRAINT `FKpqlsjpkybgos9w2svcri7j8xy` FOREIGN KEY (`user_id`) REFERENCES `user` (`id`) ON DELETE RESTRICT ON UPDATE RESTRICT ) ENGINE = InnoDB CHARACTER SET = utf8 COLLATE = utf8_general_ci ROW_FORMAT = Dynamic; SET FOREIGN_KEY_CHECKS = 1;
