API接口调试管理工具的选择与应用(提高调试效率的关键)
248
2022-11-05
Spring Security权限管理
Spring Security权限管理
1 Spring Security配置用户名和密码
方式一:在application.properties文件中配置方式二:代码配置
2 HttpSecurity的配置3 登录/注销表单详细配置4 多个HttpSecurity的配置5 密码加密6 方法安全7 基于数据库的认证8 角色继承(在securityConfig中加入代码段)9 动态配置权限
一、查询user用户所具有的角色二、配置SecurityConfig
1、在SecurityConfig类中配置登录权限2、配置角色(从数据库中动态加载)
1 在config包中创建MyFilter.java过滤器
补充:查询菜单及对应角色(使用Spring Cache作缓存)
2、在config包中创建MyAccessDecisionManager类3、在SecurityConfig引入myAccessDecisionManager + myFilter
1 Spring Security配置用户名和密码
方式一:在application.properties文件中配置
# 配置security用户名密码spring.security.user.password=LIFEILINspring.security.user.name=LIFEILINspring.security.user.roles=admin
方式二:代码配置
@Configurationpublic class securityConfig extends WebSecurityConfigurerAdapter { //暂且密码不加密 @Bean PasswordEncoder passwordEncoder(){ return NoOpPasswordEncoder.getInstance(); } @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth.inMemoryAuthentication() .withUser("LIFEILIN").password("LIFEILIN").roles("admin") //第一个 .and() .withUser("123").password("123").roles("user"); //第二个 }}
2 HttpSecurity的配置
//配置HttpSecurity拦截规则 @Override protected void configure(HttpSecurity throws Exception { //开启配置 .antMatchers("/admin/**").hasRole("admin") .antMatchers("/user/**").hasAnyRole("admin","user") .anyRequest().authenticated() //其他请求登录后即可访问 .and() .formLogin() .loginProcessingUrl("/doLogin") .permitAll() //跟登录相关接口直接访问 .and() .csrf().disable(); }
3 登录/注销表单详细配置
//配置HttpSecurity拦截规则 @Override protected void configure(HttpSecurity throws Exception { //开启配置 .antMatchers("/admin/**").hasRole("admin") .antMatchers("/user/**").hasAnyRole("admin", "user") .anyRequest().authenticated() //其他请求登录后即可访问 .and() .formLogin() .loginProcessingUrl("/doLogin")// .loginPage("login") //登录页面 //自定义用户名密码 .usernameParameter("uname") .passwordParameter("passwd") //登录成功的处理器(前后端分离) .successHandler(new AuthenticationSuccessHandler() { @Override public void onAuthenticationSuccess(HttpServletRequest req, HttpServletResponse resp, Authentication authentication) throws IOException, ServletException { //authentication为登录成功对象 //登录成功,返回json resp.setContentType("application/json;charset=utf-8"); PrintWriter out = resp.getWriter(); Map
4 多个HttpSecurity的配置
配置类不需要继承WebSecurityConfigurerAdapter方法,直接注入:configure方法
@Configurationpublic class MultiHttpSecurityConfig { //暂且密码不加密 @Bean PasswordEncoder passwordEncoder() { return NoOpPasswordEncoder.getInstance(); } //配置用户名和密码 @Autowired protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth.inMemoryAuthentication() .withUser("LIFEILIN").password("LIFEILIN").roles("admin") //第一个 .and() .withUser("123").password("123").roles("user"); //第二个 } @Configuration @Order(1) public static class AdminSecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity throws Exception { //admin角色访问 } } @Configuration public static class OtherSecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity throws Exception { .and() .formLogin() .loginProcessingUrl("/doLogin") .permitAll() .and() .csrf().disable(); } }}
5 密码加密
相同的明文可加密成不同的密文,不用维护原字段。
@Testvoid contextLoads() { for (int i=0;i<10;i++){ BCryptPasswordEncoder encoder = new BCryptPasswordEncoder(); System.out.println(encoder.encode("123")); }}
6 方法安全
在配置类中添加注解:@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
接口都能访问,但进了接口不一定能访问到接口里面的方法!! 【Controller层:】
@AutowiredMethodService methodService;@GetMapping("/hello1")public String hello1(){ return methodService.admin();}@GetMapping("/hello2")public String hello2(){ return methodService.user();}@GetMapping("/hello3")public String hello3(){ return methodService.hello();}
【Service层:】
@Servicepublic class MethodService { @PreAuthorize("hasRole('admin')") public String admin() { //需要admin角色才能访问 return "hello admin"; } @Secured("ROLE_user") public String user(){ //需要user角色才能访问 return "hello user"; } @PreAuthorize("hasAnyRole('admin','user')") //admin,user两种权限 public String hello(){ return "hello hello"; }}
7 基于数据库的认证
1、数据库中创建三张表user、role、user_role
2、设置配置文件
# 应用名称spring.application.name=SpringBoot_11_security# 应用服务 WEB 访问端口server.port=8080#下面这些内容是为了让MyBatis映射# 指定Mybatis的Mapper文件mybatis.mapper-locations=classpath:mappers/*xml# 指定Mybatis的实体目录mybatis.type-aliases-package=com.example.mybatis.entity# 数据库驱动:spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver# 数据源名称spring.datasource.name=defaultDataSource# 数据库连接地址spring.datasource.url=jdbc:mysql://localhost:3306/【数据库名称】?serverTimezone=UTCspring.datasource.type=com.alibaba.druid.pool.DruidDataSource# 数据库用户名&密码:spring.datasource.username=rootspring.datasource.password=【数据库密码】
3、创建实体User、Role
package com.example.bean;import org.springframework.security.core.GrantedAuthority;import org.springframework.security.core.authority.SimpleGrantedAuthority;import org.springframework.security.core.userdetails.UserDetails;import java.util.ArrayList;import java.util.Collection;import java.util.List;/** * @author 李飞林 * @ClassName User * @mail 1961785612@qq.com * @Description TODO * @date 2022/8/4 21:46 */public class User implements UserDetails { private Integer id; private String username; private String password; private Boolean enabled; private Boolean locked; private List
package com.example.bean;/** * @author 李飞林 * @ClassName Role * @mail 1961785612@qq.com * @Description TODO * @date 2022/8/4 21:49 */public class Role { private Integer id; private String name; private String nameZh; public Integer getId() { return id; } public void setId(Integer id) { this.id = id; } public String getName() { return name; } public void setName(String name) { this.name = name; } public String getNameZh() { return nameZh; } public void setNameZh(String nameZh) { this.nameZh = nameZh; }}
4、编写mapper层 UserMapper接口:
package com.example.mapper;import com.example.bean.Role;import com.example.bean.User;import org.apache.ibatis.annotations.Mapper;import java.util.List;/** * @author 李飞林 * @ClassName UserMapper * @mail 1961785612@qq.com * @Description TODO * @date 2022/8/4 22:01 */@Mapperpublic interface UserMapper { User loadUserByUsername(String username); List
UserMapper.xml:
5、编写service层:
package com.example.service;import com.example.bean.User;import com.example.mapper.UserMapper;import org.springframework.beans.factory.annotation.Autowired;import org.springframework.security.core.userdetails.UserDetails;import org.springframework.security.core.userdetails.UserDetailsService;import org.springframework.security.core.userdetails.UsernameNotFoundException;import org.springframework.stereotype.Service;/** * @author 李飞林 * @ClassName UserService * @mail 1961785612@qq.com * @Description TODO * @date 2022/8/4 22:01 */@Servicepublic class UserService implements UserDetailsService { @Autowired UserMapper userMapper; @Override public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { User user = userMapper.loadUserByUsername(username); if (user == null) { throw new UsernameNotFoundException("用户不存在"); } user.setRoles(userMapper.getUserRolesById(user.getId())); return user; }}
6、security安全配置:
package com.example.config;import com.example.service.UserService;import org.springframework.beans.factory.annotation.Autowired;import org.springframework.context.annotation.Bean;import org.springframework.context.annotation.Configuration;import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;import org.springframework.security.config.annotation.web.builders.HttpSecurity;import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;import org.springframework.security.crypto.password.PasswordEncoder;/** * @author 李飞林 * @ClassName SecurityConfig * @mail 1961785612@qq.com * @Description TODO * @date 2022/8/4 22:35 */@Configurationpublic class SecurityConfig extends WebSecurityConfigurerAdapter { @Autowired UserService userService; @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth.userDetailsService(userService); } @Bean PasswordEncoder passwordEncoder() { return new BCryptPasswordEncoder(); } @Override protected void configure(HttpSecurity throws Exception { .antMatchers("/dba/**").hasRole("dba") .antMatchers("/admin/**").hasRole("admin") .antMatchers("/user/**").hasRole("user") .anyRequest().authenticated()//其他可访问 .and() .formLogin() .permitAll() .and() .csrf().disable(); }}
7、controller层接口调试:
package com.example.controller;import org.springframework.web.bind.annotation.GetMapping;import org.springframework.web.bind.annotation.RestController;/** * @author 李飞林 * @ClassName HelloController * @mail 1961785612@qq.com * @Description TODO * @date 2022/8/4 22:40 */@RestControllerpublic class HelloController { @GetMapping("/hello") public String hello() { return "hello security"; } @GetMapping("/dba/hello") public String dba() { return "hello dba"; } @GetMapping("/admin/hello") public String admin() { return "hello admin"; } @GetMapping("/user/hello") public String user() { return "hello user"; }}
8 角色继承(在securityConfig中加入代码段)
//角色继承@BeanRoleHierarchy roleHierarchy() { RoleHierarchyImpl roleHierarchy = new RoleHierarchyImpl(); String hierarchy = "ROLE_dba > ROLE_admin > ROLE_user"; //dba > admin > user roleHierarchy.setHierarchy(hierarchy); return roleHierarchy;}
9 动态配置权限
数据库中的表结构如下:
其中菜单表中已经配置好对应的路径,后面需要从数据库中加载:
一、查询user用户所具有的角色
1、编写实体类User、Role、Menu: User实现UserDetails接口,实现如下方法:
@Overridepublic Collection extends GrantedAuthority> getAuthorities() { List
2、编写UserService:继承UserDetailsService接口,实现loadUserByUsername方法
@Servicepublic class UserServiceImpl extends ServiceImpl
3、编写UserMapper接口:
@Mapperpublic interface UserMapper extends BaseMapper
4、编写UserMapper.xml:
至此,已经从数据库中获取到登录用户user所具备的角色
二、配置SecurityConfig
1、在SecurityConfig类中配置登录权限
@Configurationpublic class SecurityConfig extends WebSecurityConfigurerAdapter { @Autowired UserServiceImpl userService; @Bean PasswordEncoder passwordEncoder(){ return new BCryptPasswordEncoder(); } //配置登录 @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth.userDetailsService(userService); }}
2、配置角色(从数据库中动态加载)
1 在config包中创建MyFilter.java过滤器
在config包中创建MyFilter.java过滤器,实现FilterInvocationSecurityMetadataSource接口,其主要作用是分析请求地址,请求地址必然是menu表中给出的标准地址(如果不是则进行其他操作),根据请求地址分析出需要哪些角色
注意:这里需要提前从数据库查询出所有菜单以及对应的角色。
补充:查询菜单及对应角色(使用Spring Cache作缓存)
1、导入缓存相关依赖
2、需要简单配置一下Redis,Redis的基本信息,另外,这里要用到Cache,因此还需要稍微配置一下Cache,如下:
## 配置redis#基本属性spring.redis.host=localhostspring.redis.port=6379spring.redis.database=0spring.redis.password=#配置cache名称spring.cache.cache-names=c1
另外,还需要在配置类上添加如下代码,表示开启缓存:
3、Service层缓存的使用
(1)在MenuServiceImpl类上使用@CacheConfig(cacheNames = “c1”)
这个注解在类上使用,用来描述该类中所有方法使用的缓存名称,当然也可以不使用该注解,直接在具体的缓存注解上配置名称。
(2)在MenuServiceImpl类下getAllMenus()方法使用@Cacheable
这个注解一般加在查询方法上,表示将一个方法的返回值缓存起来,默认情况下,缓存的key就是方法的参数,缓存的value就是方法的返回值。
@Service@CacheConfig(cacheNames = "c1")public class MenuServiceImpl extends ServiceImpl
@Mapperpublic interface MenuMapper extends BaseMapper
发表评论
暂时没有评论,来抢沙发吧~