spring boot整合scurity做簡單的登錄校驗的實現(xiàn)

更新時間：2020年04月10日 09:43:43 作者：曾規(guī)則

這篇文章主要介紹了spring boot整合scurity做簡單的登錄校驗的實現(xiàn)，文中通過示例代碼介紹的非常詳細，對大家的學習或者工作具有一定的參考學習價值，需要的朋友們下面隨著小編來一起學習學習吧

開發(fā)環(huán)境：springboot

maven引入：

 <dependency>
  <groupId>org.springframework.security.oauth</groupId>
    <artifactId>spring-security-oauth2</artifactId>
    <version>2.2.1.RELEASE</version>
  </dependency>
  <dependency>
    <groupId>org.springframework.security</groupId>
    <artifactId>spring-security-jwt</artifactId>
    <version>1.0.10.RELEASE</version>
  </dependency>

1、先在數(shù)據(jù)庫創(chuàng)建用戶表，用戶名為username，密碼名為password。下面是我用戶表的實體

 private Integer id;
/**
* 昵稱
*/
private String name;
/**
* 職位
*/
private String code;
/**
* 密碼
*/
private String passwd;
/**
* 用戶名
*/
private String username;
/**
* 手機號
*/
private String phone;
/**
* 創(chuàng)建時間
*/
private Date createdTime;

2、看項目是JPA、還是mybatis。我這邊項目使用的是mybatis。需要有一個方法通過用戶名獲取用戶信息。

3、創(chuàng)建一個用戶驗證類實現(xiàn) UserDetails 繼承用戶實體

public class SecurityUser extends SysUser implements UserDetails {
private static final long serialVersiongUID = 1l;

public SecurityUser(SysUser sysUser) {
  if (null != sysUser) {
    this.setCode(sysUser.getCode());
    this.setCreatedTime(sysUser.getCreatedTime());
    this.setId(sysUser.getId());
    this.setName(sysUser.getName());
    this.setPasswd(sysUser.getPasswd());
    this.setPhone(sysUser.getPhone());
    this.setUsername(sysUser.getUsername());
  }
}


@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
  Collection<GrantedAuthority> authorities = new ArrayList<>();
  String username = this.getUsername();
  if (username != null) {
    SimpleGrantedAuthority authority = new SimpleGrantedAuthority(username);
    authorities.add(authority);
  }
  return authorities;
}

@Override
public String getPassword() {
  return super.getPasswd();
}

//賬戶是否未過期,過期無法驗證
@Override
public boolean isAccountNonExpired() {
  return true;
}

//指定用戶是否解鎖,鎖定的用戶無法進行身份驗證
@Override
public boolean isAccountNonLocked() {
  return true;
}

//指示是否已過期的用戶的憑據(jù)(密碼),過期的憑據(jù)防止認證
@Override
public boolean isCredentialsNonExpired() {
  return true;
}

//是否可用 ,禁用的用戶不能身份驗證
@Override
public boolean isEnabled() {
  return true;
}
}

4、重點！創(chuàng)建一個scurity config配置類

 @Configuration
 @EnableWebSecurity
 public class UiSecurityConfig extends WebSecurityConfigurerAdapter {

 private static final Logger logger = LoggerFactory.getLogger(UiSecurityConfig.class);

 @Override
 protected void configure(HttpSecurity http) throws Exception { //配置策略
   http.csrf().disable();
   http.authorizeRequests().
       antMatchers("/static/**").permitAll().anyRequest().authenticated().
       and().formLogin().loginPage("/login").permitAll().successHandler(loginSuccessHandler()).
       and().logout().permitAll().invalidateHttpSession(true).
       deleteCookies("JSESSIONID").logoutSuccessHandler(logoutSuccessHandler()).
       and().sessionManagement().maximumSessions(10).expiredUrl("/login");
 }

 

 @Bean
 public BCryptPasswordEncoder passwordEncoder() { //密碼加密
   return new BCryptPasswordEncoder(4);
 }

 @Bean
 public LogoutSuccessHandler logoutSuccessHandler() { //登出處理
   return new LogoutSuccessHandler() {
     @Override
     public void onLogoutSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException {
       try {
         SecurityUser user = (SecurityUser) authentication.getPrincipal();
         logger.info("USER : " + user.getUsername() + " LOGOUT SUCCESS ! ");
       } catch (Exception e) {
         logger.info("LOGOUT EXCEPTION , e : " + e.getMessage());
       }
       httpServletResponse.sendRedirect("/login");
     }
   };
 }

 @Bean
 public SavedRequestAwareAuthenticationSuccessHandler loginSuccessHandler() { //登入處理
   return new SavedRequestAwareAuthenticationSuccessHandler() {
     @Override
     public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
       SysUser userDetails = (SysUser) authentication.getPrincipal();
 logger.info("USER : " + userDetails.getUsername() + " LOGIN SUCCESS ! ");

 //        登錄成功后重定向路徑
       response.sendRedirect("/");
     }
   };
 }
 //用戶登錄實現(xiàn)
 @Bean
 public UserDetailsService userDetailsService() {  
   return new UserDetailsService() {
     @Autowired
     private SysUserDao sysUserDao;//這里是引入數(shù)據(jù)庫連接dao

     @Override
     public UserDetails loadUserByUsername(String s) throws UsernameNotFoundException {
       SysUser userNmae = new SysUser();
       userNmae.setUsername(s);
      List<SysUser> listUser = sysUserDao.queryAll(userNmae);//通過用戶名獲取個用戶信息
       SysUser user = null;
      if (listUser.size() > 0) {
        user = listUser.get(0);
      }
       if (user == null) throw new UsernameNotFoundException("Username " + s + " not found");
       return new SecurityUser(user);
     }
   };
 }
}

5、基礎(chǔ)工作準備完成開始寫controller

@Controller
public class LoginController {

 
@Resource
private SessionTool sessionTool;

//  獲取登錄頁面
@RequestMapping(value = "/login", method = RequestMethod.GET)
public String login() {
  return "login";
}

@RequestMapping("/")
public String login(ModelMap map){
  SysUser sysUser = sessionTool.getUser();
  map.addAttribute("sysUser", sysUser);
  return "index";
}
}

6、從session獲取用戶信息

@Component
public class SessionTool {
public SysUser getUser() { //為了session從獲取用戶信息,可以配置如下
  SysUser user = new SysUser();
  SecurityContext ctx = SecurityContextHolder.getContext();
  Authentication auth = ctx.getAuthentication();
  if (auth.getPrincipal() instanceof UserDetails) user = (SysUser) auth.getPrincipal();
  return user;
}

public HttpServletRequest getRequest() {
  return ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
}
}

7、login.html頁面（登錄路徑為login 請求方式為post，scurity自帶的登錄路徑）

<!DOCTYPE html>
<html lang="en">
<head>
 <meta charset="UTF-8">
 <title>Title</title>
</head>
<body>
<form action="/login" method="post">
 用戶名 : <input type="text" name="username"/>
 密碼 : <input type="password" name="password"/>
 <input type="submit" value="登錄">
</form>
</body>
</html>

總結(jié)一下思路：

引入依賴包-》創(chuàng)建用戶表-》創(chuàng)建用戶表數(shù)據(jù)庫查詢接口-》創(chuàng)建用戶校驗類實現(xiàn)UserDetails接口-》創(chuàng)建scurity配置類繼承 WebSecurityConfigurerAdapter 方法configure為配置校驗策略-》創(chuàng)建controller配置登錄頁面跳轉(zhuǎn)接口-》創(chuàng)建登陸頁面用戶名必須為username 密碼為password 登錄路徑為'/login' 請求方式為post

由于scurity配置的密碼檢驗是加密的為了測試可以在Test模塊中獲取加密后的密碼然后存到用戶表的password字段中。

  @Test
  public void encoder() {
    String password = "123123";
    BCryptPasswordEncoder encoder = new BCryptPasswordEncoder(4);
    String enPassword = encoder.encode(password);
    System.out.println(enPassword);
  }

到此這篇關(guān)于spring boot整合scurity做簡單的登錄校驗的實現(xiàn)的文章就介紹到這了,更多相關(guān)springboot scurity登錄校驗內(nèi)容請搜索腳本之家以前的文章或繼續(xù)瀏覽下面的相關(guān)文章希望大家以后多多支持腳本之家！

您可能感興趣的文章: