安全认证服务框架Spring Security数据库读取用户信息

权限设计

用户
角色
角色绑定的权限

spring-security.xml配置

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:security="http://www.springframework.org/schema/security"
       xmlns:property="http://www.springframework.org/schema/security"
       xsi:schemaLocation="http://www.springframework.org/schema/beans
       http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">

    <!--
    有授权才可以访问
    授权的角色
    -->

    <security:http auto-config="true" use-expressions="true">



        <property:form-login
                login-page="http://localhost:8080/pages/login.html"

                login-processing-url="/sec/login.do"
                authentication-failure-forward-url="/user/loginFail.do"
                authentication-success-forward-url="/user/loginSuccess.do"
        />

        <!--
        使用自定义登录配置,必须关闭csrf过滤器
        -->
        <security:csrf disabled="true"/>
    </security:http>

    <!--
    构建加密对象
    -->
    <bean class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder" id="passwordEncoder"/>

    <!--构建UserDetailService对象-->
    <bean class="com.itheima.health.security.SecurityUserDetailsService" id="userDetailsService"/>

    <!--
    授权管理认证管理器
    认证管理者
    认证提供者
    认证对象
    -->
    <security:authentication-manager>
        <security:authentication-provider user-service-ref="userDetailsService">
            
            <!--
            引用构建加密对象id="passwordEncoder"
            -->
            <security:password-encoder ref="passwordEncoder"/>
        </security:authentication-provider>
    </security:authentication-manager>

    <!--
    开启注解方式权限控制
    -->
    <security:global-method-security pre-post-annotations="enabled"/>

</beans>

配置spring-mvc.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:context="http://www.springframework.org/schema/context"
       xmlns:mvc="http://www.springframework.org/schema/mvc" xmlns:dubbo="http://dubbo.apache.org/schema/dubbo"
       xsi:schemaLocation="http://www.springframework.org/schema/beans
       http://www.springframework.org/schema/beans/spring-beans.xsd
       http://www.springframework.org/schema/context
       http://www.springframework.org/schema/context/spring-context.xsd
       http://www.springframework.org/schema/mvc
       http://www.springframework.org/schema/mvc/spring-mvc.xsd http://dubbo.apache.org/schema/dubbo http://dubbo.apache.org/schema/dubbo/dubbo.xsd">
    <!--自动扫包-->
    <!--<context:component-scan base-package="com.itheima.health.controller"/>-->
    <context:component-scan base-package="com.itheima.health"/>

    <!--
    支持跨域
    allow-credentials="true"创建session对话
    -->
    <mvc:cors>
        <mvc:mapping path="/**"
                     allowed-origins="http://localhost:8080,http://127.0.0.1:8080"
                     allowed-methods="GET,POST,PUT,DELETE,"
                     allow-credentials="true"
                     max-age="3600"


        />
    </mvc:cors>

    <!-- 自动加载处理映射及处理适配器-->
    <mvc:annotation-driven>
        <!--自动换行json-->
        <mvc:message-converters>
            <bean class="com.alibaba.fastjson.support.spring.FastJsonHttpMessageConverter">
                <property name="supportedMediaTypes" value="application/json;charset=utf-8"/>
            </bean>
        </mvc:message-converters>
    </mvc:annotation-driven>
    <!--dubbo配置-->
    <dubbo:application name="dubbo-oms-consumer"/>
    <dubbo:registry address="zookeeper://127.0.0.1:2181"/>
    <!--<dubbo:annotation package="com.itheima.health.controller"/>-->
    <dubbo:annotation package="com.itheima.health"/>

    <!--文件上传组件-->
    <bean id="multipartResolver"
          class="org.springframework.web.multipart.commons.CommonsMultipartResolver">
        <property name="maxUploadSize" value="104857600" />
        <property name="maxInMemorySize" value="4096" />
        <property name="defaultEncoding" value="UTF-8"/>
    </bean>
</beans>

设置SecurityUserDetailsService类

package com.itheima.health.security;

import com.alibaba.dubbo.config.annotation.Reference;
import com.itheima.health.pojo.Permission;
import com.itheima.health.pojo.Role;
import com.itheima.health.pojo.User;
import com.itheima.health.service.UserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;

/**
 * @author :
 * @date :Created in 2019/7/22
 * @description :
 * @version: 1.0
 */
public class SecurityUserDetailsService implements UserDetailsService {

	@Reference
	private UserService userService;

	@Autowired
	private BCryptPasswordEncoder bCryptPasswordEncoder;
	// 模拟数据库的用户记录,如下User类是health_common中的自定义实体类User
	// 修改Role、Permission,为其增加不带参、带参构造方法
	
	@Override
	public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {

//        User user = userDb.get(username);

		User user = userService.findByUaerName(username);

		if (user == null){
            System.out.println("用户失败");
            return null;
        }

        //遍历角色
        List<GrantedAuthority> authorityList = new ArrayList<>();

        for (Role role : user.getRoles()) {
            //把角色关键词放入权限列表
            authorityList.add(new SimpleGrantedAuthority(role.getKeyword()));

            for (Permission permission : role.getPermissions()) {
                //把权限关键词放入权限列表
                authorityList.add(new SimpleGrantedAuthority(permission.getKeyword()));
            }

        }

        //封装UserDetail对象---security框架里的User
        //必须是加密的密码,无加密前面加{noop}
//        String autoPassword = "{noop}"+user.getPassword();
		String password = user.getPassword();


		/*
		类引入加密
		*/
//		String autoPassword = bCryptPasswordEncoder.encode(user.getPassword());


        UserDetails userDetails = new org.springframework.security.core.userdetails.User(username, password, authorityList);
        return userDetails;
	}
}

创建Dao

UserDao.class
RoleDao.class
PermissionDao.class
Dao读取mapper配置文件

版权声明:本文为u011918475原创文章,遵循CC 4.0 BY-SA版权协议,转载请附上原文出处链接和本声明。