springboot-28-security(一)用户角色控制

spring security 使用众多的拦截器实现权限控制的, 其核心有2个重要的概念: 认证(Authentication) 和授权 (Authorization)), 认证就是确认用户可以访问当前系统, 授权即确定用户有相应的权限, 

    现在先大概过一遍整个流程,用户登陆,会被AuthenticationProcessingFilter拦截,调用AuthenticationManager的实现,而且AuthenticationManager会调用ProviderManager来获取用户验证信息(不同的Provider调用的服务不同,因为这些信息可以是在数据库上,可以是在LDAP服务器上,可以是xml配置文件上等),如果验证通过后会将用户的权限信息封装一个User放到spring的全局缓存SecurityContextHolder中,以备后面访问资源时使用。
访问资源(即授权管理),访问url时,会通过AbstractSecurityInterceptor拦截器拦截,其中会调用FilterInvocationSecurityMetadataSource的方法来获取被拦截url所需的全部权限,在调用授权管理器AccessDecisionManager,这个授权管理器会通过spring的全局缓存SecurityContextHolder获取用户的权限信息,还会获取被拦截的url和被拦截url所需的全部权限,然后根据所配的策略(有:一票决定,一票否定,少数服从多数等),如果权限足够,则返回,权限不够则报错并调用权限不足页面 ( http://blog.csdn.net/u012367513/article/details/38866465)
 
  本例的用户和角色信息存储在mysql, 使用mybatis进行查询: http://www.cnblogs.com/wenbronk/p/7357996.html

 项目 使用 idea + gradle

dependencies {
    compile("org.springframework.boot:spring-boot-devtools")
    compile("org.springframework.boot:spring-boot-starter")
    compile("org.springframework.boot:spring-boot-starter-web")
    compile("org.springframework.boot:spring-boot-starter-log4j2")
    compile("com.fasterxml.jackson.dataformat:jackson-dataformat-yaml")
    compile("org.codehaus.groovy:groovy-all:2.4.12")

    compile("org.springframework.boot:spring-boot-starter-security")
    compile("org.springframework.boot:spring-boot-starter-thymeleaf")
    compile("org.thymeleaf.extras:thymeleaf-extras-springsecurity4")

    compile ("mysql:mysql-connector-java")
    compile 'com.alibaba:druid-spring-boot-starter:1.1.2'
    compile ("org.mybatis.spring.boot:mybatis-spring-boot-starter:1.1.1")

    compile 'com.alibaba:fastjson:1.1.15'
    compile 'javax.inject:javax.inject:1'
    testCompile group: 'junit', name: 'junit', version: '4.12'
    testCompile("org.springframework.boot:spring-boot-starter-test")

}

 

1, 导入基础数据, 调试mybatis

1) , 建表

/*
Navicat MySQL Data Transfer
Source Server         : 本地
Source Host           : localhost:3306
Source Database       : test
Target Server Type    : MYSQL
Date: 2017-8-14 22:17:33
*/

SET FOREIGN_KEY_CHECKS=0;

-- ----------------------------
-- Table structure for `sys_user`
-- ----------------------------
DROP TABLE IF EXISTS `sys_user`;
CREATE TABLE `sys_user` (
  `id` INT (32) NOT NULL AUTO_INCREMENT COMMENT '主键id',
  `username` varchar(32) DEFAULT NULL COMMENT '用户名',
  `password` varchar(32) DEFAULT NULL COMMENT '密码',
  PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=28 DEFAULT CHARSET=utf8;

-- ----------------------------
-- Table structure for `sys_role`
-- ----------------------------
DROP TABLE IF EXISTS `sys_role`;
CREATE TABLE `sys_role` (
  `id` INT (32) NOT NULL AUTO_INCREMENT COMMENT '主键id',
  `name` varchar(32) DEFAULT NULL COMMENT '用户名',
  PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=28 DEFAULT CHARSET=utf8;
-- ----------------------------
-- Table structure for `sys_role_user`
-- ----------------------------
DROP TABLE IF EXISTS `sys_role_user`;
CREATE TABLE `sys_role_user` (
  `id` bigint(20) NOT NULL AUTO_INCREMENT COMMENT '主键id',
  `sys_user_id` INT(32) NOT NULL COMMENT 'user_id',
  `sys_role_id` INT(32) NOT NULL COMMENT 'role_id',
  PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=28 DEFAULT CHARSET=utf8;

ALTER TABLE sys_role_user ADD CONSTRAINT sys_FK1 FOREIGN KEY(sys_user_id) REFERENCES sys_user(id);
ALTER TABLE sys_role_user ADD CONSTRAINT role_FK2 FOREIGN KEY(sys_role_id) REFERENCES sys_role(id);

导入数据

insert into SYS_USER (id,username, password) values (1,'vini', '123');
insert into SYS_USER (id,username, password) values (2,'bronk', '123');

insert into SYS_ROLE(id,name) values(1,'ROLE_ADMIN');
insert into SYS_ROLE(id,name) values(2,'ROLE_USER');

insert into SYS_ROLE_USER(SYS_USER_ID,sys_role_id) values(1,1);
insert into SYS_ROLE_USER(SYS_USER_ID,sys_role_id) values(2,2);

在 application.yml中配置如下, 可以在启动程序时自动执行

spring: 
  datasource:
    url: jdbc:mysql://localhost:3306/springboot
    username: root
    password: root
#    type: com.alibaba.druid.pool.DruidDataSource
    driver-class-name: com.mysql.jdbc.Driver
  # 一下2行 schema: classpath:security.sql data: classpath:security
-data.sql

2), mapper映射

package com.wenbronk.security.mapper

import com.wenbronk.security.entity.SysUser

/**
 * Created by wenbronk on 2017/8/14.
 */
interface SysUserMapper {
    SysUser findByUserName(String username)
}

在 resources/mybatis/mapper中添加: 

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
<mapper namespace="com.wenbronk.security.mapper.SysUserMapper">

    <resultMap id="sys_user_map" type="SysUser">
        <id property="id" column="id" />
        <result property="username" column="username" />
        <result property="password" column="password" />
        <collection property="roles" ofType="SysRole">
            <result column="name" property="name" />
        </collection>

    </resultMap>

    <select id="findByUserName" parameterType="string" resultMap="sys_user_map">
        select u.id, u.username, u.password, r.name
        from sys_user u
        LEFT JOIN sys_role_user s on u.id = s.sys_user_id
        LEFT JOIN sys_role r on r.id = s.sys_role_id
        WHERE username = #{username}
    </select>
</mapper>

在application.yml中配置

mybatis:
  config-location: classpath:mybatis/SqlMapConfig.xml
  mapper-locations: classpath:mybatis/mapper/*.xml

在main方法上添加mapper扫描: 

@SpringBootApplication
@MapperScan("com.wenbronk.security.mapper")
public class SecurityApplication {
    public static void main(String[] args) {
        SpringApplication.run(SecurityApplication.class);
    }
}

 3), 实体类

class Msg {
    String title
    String content
    String etraInfo

    Msg() {
    }

    Msg(String title, String content, String etraInfo) {
        this.title = title
        this.content = content
        this.etraInfo = etraInfo
    }
}

SysUser.groovy

package com.wenbronk.security.entity

/**
 * Created by wenbronk on 2017/8/14.
 */
class SysUser {
    int id
    def username
    def password
    List<SysRole> roles

    @Override
    public String toString() {
        return "SysUser{" +
                "id=" + id +
                ", username=" + username +
                ", password=" + password +
                ", roles=" + roles +
                '}';
    }
}

SysRole.groovy

package com.wenbronk.security.entity

/**
 * Created by wenbronk on 2017/8/14.
 */
class SysUser {
    int id
    def username
    def password
    List<SysRole> roles

    @Override
    public String toString() {
        return "SysUser{" +
                "id=" + id +
                ", username=" + username +
                ", password=" + password +
                ", roles=" + roles +
                '}';
    }
}

 

4) , 测试mybatis

    @Test
    void test2() {
        def name = sysUserMapper.findByUserName('vini')
        println name
    }

2, security相关配置

1), CustomerUserService.groovy
package com.wenbronk.security.security.service

import com.wenbronk.security.entity.SysRole
import com.wenbronk.security.entity.SysUser
import com.wenbronk.security.mapper.SysUserMapper
import org.springframework.security.core.authority.SimpleGrantedAuthority
import org.springframework.security.core.userdetails.User
import org.springframework.security.core.userdetails.UserDetails
import org.springframework.security.core.userdetails.UserDetailsService
import org.springframework.security.core.userdetails.UsernameNotFoundException
import org.springframework.stereotype.Service

import javax.inject.Inject
/**
 * Created by wenbronk on 2017/8/15.
 */
@Service
class CustomUserService implements UserDetailsService {

    @Inject
    SysUserMapper sysUserMapper;

    @Override
    UserDetails loadUserByUsername(String s) throws UsernameNotFoundException {
        def sysUser = sysUserMapper.findByUserName(s) as SysUser
        assert sysUser != null
        List<SimpleGrantedAuthority> authorities = new ArrayList<>()
        for(SysRole role : sysUser.getRoles()) {
            authorities.add(new SimpleGrantedAuthority(role.getName()))
            println role.getName();
        }
        return new User(sysUser.getUsername(), sysUser.getPassword(), authorities)
    }
}

2), WebSecurityConfig.groovy

package com.wenbronk.security.security.config

import com.wenbronk.security.security.service.CustomUserService
import org.springframework.context.annotation.Configuration
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder
import org.springframework.security.config.annotation.web.builders.HttpSecurity
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter

import javax.inject.Inject
/**
 * Created by wenbronk on 2017/8/15.
 */
@Configuration
@EnableWebSecurity
class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Inject
    CustomUserService customUserService;

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(customUserService);
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
            .anyRequest().authenticated()   // 任何请求都拦截
            .and()
            .formLogin()
            .loginPage("/login")
            .failureUrl("/login?error")
            .permitAll()        // 登陆后可访问任意页面
            .and()
            .logout().permitAll();  // 注销后任意访问

    }
}

3, 页面

1), 页面转向设置

package com.wenbronk.security.config

import org.springframework.context.annotation.Configuration
import org.springframework.web.servlet.config.annotation.ViewControllerRegistry
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter
/**
 * Created by wenbronk on 2017/8/15.
 */
@Configuration
class WebMvcConfig extends WebMvcConfigurerAdapter{

    @Override
    void addViewControllers(ViewControllerRegistry registry) {
        registry.addViewController("/login").setViewName("login")
    }
}

 controller.groovy

package com.wenbronk.security.controller

import com.wenbronk.security.entity.Msg
import org.springframework.stereotype.Controller
import org.springframework.ui.Model
import org.springframework.web.bind.annotation.RequestMapping
/**
 * Created by wenbronk on 2017/8/14.
 */
@Controller
class SecurityController {

    @RequestMapping("/")
    def index(Model model) {
        def msg = new Msg("测试标题", "测试内容", "额外信息, 只对管理员显示")
        model.addAttribute("msg", msg);
        "home"
    }
    
}

在resources下放入静态资源, bootstramp.min.css, 以及thymeleaf页面

login.html

<!DOCTYPE html>
<html xmlns:th="http://www.thymeleaf.org">
<head>
    <meta content="text/html;charset=UTF-8"/>
    <title>登录页面</title>
    <link rel="stylesheet" th:href="@{css/bootstrap.min.css}"/>
    <style type="text/css">
        body {
            padding-top: 50px;
        }
        .starter-template {
            padding: 40px 15px;
            text-align: center;
        }
    </style>
</head>
<body>

<nav class="navbar navbar-inverse navbar-fixed-top">
    <div class="container">
        <div class="navbar-header">
            <a class="navbar-brand" href="#">Spring Security演示</a>
        </div>
        <div id="navbar" class="collapse navbar-collapse">
            <ul class="nav navbar-nav">
                <li><a th:href="@{/}"> 首页 </a></li>

            </ul>
        </div><!--/.nav-collapse -->
    </div>
</nav>
<div class="container">

    <div class="starter-template">
        <p th:if="${param.logout}" class="bg-warning">已成功注销</p><!-- 1 -->
        <p th:if="${param.error}" class="bg-danger">有错误,请重试</p> <!-- 2 -->
        <h2>使用账号密码登录</h2>
        <form name="form" th:action="@{/login}" action="/login" method="POST"> <!-- 3 -->
            <div class="form-group">
                <label for="username">账号</label>
                <input type="text" class="form-control" name="username" value="" placeholder="账号" />
            </div>
            <div class="form-group">
                <label for="password">密码</label>
                <input type="password" class="form-control" name="password" placeholder="密码" />
            </div>
            <input type="submit" id="login" value="Login" class="btn btn-primary" />
        </form>
    </div>
</div>
</body>
</html>

home.html

<!DOCTYPE html>
<html xmlns:th="http://www.thymeleaf.org"
      xmlns:sec="http://www.thymeleaf.org/thymeleaf-extras-springsecurity4">
<head>
<meta content="text/html;charset=UTF-8"/>
<title sec:authentication="name"></title>
<link rel="stylesheet" th:href="@{css/bootstrap.min.css}" />
<style type="text/css">
body {
  padding-top: 50px;
}
.starter-template {
  padding: 40px 15px;
  text-align: center;
}
</style>
</head>
<body>
     <nav class="navbar navbar-inverse navbar-fixed-top">
      <div class="container">
        <div class="navbar-header">
          <a class="navbar-brand" href="#">Spring Security演示</a>
        </div>
        <div id="navbar" class="collapse navbar-collapse">
          <ul class="nav navbar-nav">
           <li><a th:href="@{/}"> 首页 </a></li>
          </ul>
        </div><!--/.nav-collapse -->
      </div>
    </nav>


     <div class="container">

      <div class="starter-template">
          <h1 th:text="${msg.title}"></h1>

        <p class="bg-primary" th:text="${msg.content}"></p>

        <div sec:authorize="hasRole('ROLE_ADMIN')"> <!-- 用户类型为ROLE_ADMIN 显示 -->
             <p class="bg-info" th:text="${msg.etraInfo}"></p>
        </div>

        <div sec:authorize="hasRole('ROLE_USER')"> <!-- 用户类型为 ROLE_USER 显示 -->
             <p class="bg-info">无更多信息显示</p>
        </div>

        <form th:action="@{/logout}" method="post">
            <input type="submit" class="btn btn-primary" value="注销"/>
        </form>
      </div>

    </div>
</body>


</html>

 

 
 参见: JavaEE颠覆者, springboot实战
  
posted @ 2017-08-17 13:13  bronk  阅读(3679)  评论(0编辑  收藏  举报