SpringSecurity + SpringBoot2.x +redis+多数据源

1. 多数据源配置(SQLServer,PostgreSQL)

2. 集群session 配置 外部存储(redis)

3.SpringSecurity 登录安全认证

4.SpringSecurity remembreMe  配置

5. SpringSecurity SessionManager 配置

6.增加了图片验证码登录

7.动态权限url 匹配认证

?

1 2 3 4 5 6 7 8 9 10

@Component @Order(Integer.MAX_VALUE) public class ThirdpartyAuthorizeConfigRole implements ThirdpartyAuthorizeConfigProvider {       @Override     public void config(ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry config) { //        config.antMatchers("/third/user").hasRole("Admin");         config.anyRequest().access("@rbacService.hasPermission(request,authentication)");     } }

　 

?

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47

package com.sy.thirdparty.authentication;   import com.sy.thirdparty.config.SpringSecurityProperties; import com.sy.thirdparty.zcoas.SysUserEntity; import com.sy.thirdparty.zcoas.repository.SysUserRepository; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.core.Authentication; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.stereotype.Component; import org.springframework.util.AntPathMatcher;   import javax.servlet.http.HttpServletRequest; import java.util.HashSet; import java.util.Set;   /**  * @Title: RbacServiceImpl  * @ProjectName thirdparty  * @date 2021-01-0711:34  */ @Component("rbacService") public class RbacServiceImpl implements RbacService {     private AntPathMatcher antPathMatcher = new AntPathMatcher();     @Autowired     private SysUserRepository sysUserRepository;       @Autowired     private SpringSecurityProperties springSecurityProperties;     @Override     public boolean hasPermission(HttpServletRequest request, Authentication authentication) {         Object principal = authentication.getPrincipal();         boolean hasPermission = false;         if (principal instanceof UserDetails) {             String username = ((UserDetails) principal).getUsername();             SysUserEntity user = sysUserRepository.findByLoginName(username);             if (user.getUserId() == springSecurityProperties.getAdminUserId()) return true;             Set<String> urls = new HashSet<>();             for (String url : urls) {                 if (antPathMatcher.match(url, request.getRequestURI())) {                     hasPermission = true;                     break;                 }             }         }         return hasPermission;     } }

　　

 

 

 

 

项目地址: https://github.com/qukaige/thirdDemo