目录
1.代码结构
参照这个模式,core做成普通的maven jar,而browser和app做成spring boot 的starter ,做成了starter后starter 所依赖的jar包将被全部引入新的demo项目。
基础包是这样的一个结构:
父pom依赖:
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>org.lilly</groupId>
<artifactId>lilly-starter-parent</artifactId>
<version>1.0-SNAPSHOT</version>
<packaging>pom</packaging>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.1.6.RELEASE</version>
</parent>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<lilly.project.version>1.0-SNAPSHOT</lilly.project.version>
<java.version>1.8</java.version>
<spring-cloud.version>Greenwich.SR2</spring-cloud.version>
<maven.plugin.version>3.5.2</maven.plugin.version>
<gmavenplus.plugin.version>1.5</gmavenplus.plugin.version>
<maven.surefire.plugin.version>2.22.0</maven.surefire.plugin.version>
</properties>
<modules>
<module>lilly-starter-core</module>
<module>lilly-starter-browser</module>
<module>lilly-starter-app</module>
</modules>
<dependencyManagement>
<dependencies>
<!--统一控制Spring maven 依赖的版本 Spring io会指定版本,保证引入的包版本是兼容的-->
<dependency>
<groupId>io.spring.platform</groupId>
<artifactId>platform-bom</artifactId>
<version>Athens-SR2</version>
<type>pom</type>
<scope>import</scope>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-dependencies</artifactId>
<version>${spring-cloud.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>2.3.2</version>
<configuration>
<source>1.8</source>
<target>1.8</target>
<encoding>UTF-8</encoding>
</configuration>
</plugin>
</plugins>
</build>
</project>core依赖:引入了oauth ,redis, jdbc, spring social
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<parent>
<artifactId>lilly-starter-parent</artifactId>
<groupId>org.lilly</groupId>
<version>1.0-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
<artifactId>lilly-starter-core</artifactId>
<packaging>jar</packaging>
<dependencies>
<!--core依赖-->
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-oauth2</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-redis</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-jdbc</artifactId>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
</dependency>
<!--spring-social 用于第三方授权认证-->
<dependency>
<groupId>org.springframework.social</groupId>
<artifactId>spring-social-config</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.social</groupId>
<artifactId>spring-social-core</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.social</groupId>
<artifactId>spring-social-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.social</groupId>
<artifactId>spring-social-web</artifactId>
</dependency>
<!--工具包-->
<dependency>
<groupId>commons-lang</groupId>
<artifactId>commons-lang</artifactId>
</dependency>
<dependency>
<groupId>commons-collections</groupId>
<artifactId>commons-collections</artifactId>
</dependency>
<dependency>
<groupId>commons-beanutils</groupId>
<artifactId>commons-beanutils</artifactId>
</dependency>
<!--spring默认使用yml中的配置,但有时候要用传统的xml或properties配置,就需要使用spring-boot-configuration-processor了-->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-configuration-processor</artifactId>
</dependency>
</dependencies>
<build>
<finalName>lilly-starter-core</finalName>
</build>
</project>浏览器starter: 引入了core,session,然后做成starter包需要的依赖
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<parent>
<artifactId>lilly-starter-parent</artifactId>
<groupId>org.lilly</groupId>
<version>1.0-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
<artifactId>lilly-starter-browser</artifactId>
<packaging>jar</packaging>
<dependencies>
<dependency>
<groupId>org.lilly</groupId>
<artifactId>lilly-starter-core</artifactId>
<version>${lilly.project.version}</version>
</dependency>
<!--浏览器依赖比app项目还多一个集群的session管理-->
<dependency>
<groupId>org.springframework.session</groupId>
<artifactId>spring-session</artifactId>
</dependency>
<!-- https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-starter -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-configuration-processor</artifactId>
<optional>true</optional>
</dependency>
<!-- https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-autoconfigure -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-autoconfigure</artifactId>
<version>2.1.8.RELEASE</version>
</dependency>
</dependencies>
</project>然后加上META-INF,和自动配的类,那么stater包就做好了
自定配置类暂时是空的。
在我们的demo项目中引入浏览器的starer就可以了,引入starter包他会把该starter包所以来的包都给引入进去
因为引入了jdbc的starter和session的管理,所以先要配置数据库连接和关掉session配置
spring:
application:
name: hzero-iam
datasource:
url: ${SPRING_DATASOURCE_URL:jdbc:mysql://localhost:3306/hzero_platform?useUnicode=true&characterEncoding=utf-8&useSSL=false}
username: ${SPRING_DATASOURCE_USERNAME:root}
password: ${SPRING_DATASOURCE_PASSWORD:133309}
driver-class-name: com.mysql.jdbc.Driver
session:
store-type: none启动还是报错:NoClassDefFoundError: org/springframework/session/security/web/authentication/SpringSessionRememberM
Spring Session的包太陈旧了,所以跟新了一下包版本
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.1.6.RELEASE</version>
</parent>
<groupId>com.wx</groupId>
<artifactId>lilly-demo</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>lilly-demo</name>
<description>Demo project for Spring Boot</description>
<properties>
<java.version>1.8</java.version>
<lilly.project.version>1.0-SNAPSHOT</lilly.project.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter</artifactId>
</dependency>
<!-- https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-starter-web -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.lilly</groupId>
<artifactId>lilly-starter-browser</artifactId>
<version>1.0-SNAPSHOT</version>
<exclusions>
<exclusion>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
</exclusion>
<exclusion>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-redis</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>5.1.47</version>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>
正常启动,访问接口会弹出登录页面
默认的用户名为user,默认的密码在日志里面
现在我们想关掉Security的认证,该如何做呢?
通过yml配置的方式已经过时不可用了,配置多有路径不拦截验证。
2.自定义登录
- 用户的信息获取
把上面关掉的安全设置打开,用户的信息我们不能使用默认的,所以需要自己去重写获取用户的信息的接口,当重写了这个自己的认证逻辑后,日志里面的默认的登录密码就不在打印
还需要注入一个加密的Bean,不然会报There is no PasswordEncoder mapped for the id "null"
此时我们就可以使用admin admin来登录并且能成功了。
2.处理用户的校验逻辑
实现这个接口的逻辑就可以处理用户的校验
3.密码的加密
现在密码都是默认加密,所以不用处理这一步
3.个性化认证流程
1.自定义登录页面
页面:
<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org" >
<body>
<h1>This is My Login Page</h1>
<form th:action="@{/login}" method="post">
<p th:if="${error != null}">
<span>
<font>Invalid username and password.</font>
</span>
</p>
<p th:if="${logout != null}">
<span>You are logout.</span>
</p>
<p>
<label for="username">Username</label>
<input type="text" id="username" name="username"/>
</p>
<p>
<label for="password">Password</label>
<input type="password" id="password" name="password"/>
</p>
<input type="hidden"
th:name="${_csrf.parameterName}"
th:value="${_csrf.token}"/>
<button type="submit" class="btn">Log in</button>
</form>
</body>
</html>
security配置:
当我们访问受保护的请求的时候,页面会请求/login,所以我们要配置这样一个Controller.可以看到这是一个Get请求
到达登录页面后输入用户名和密码,点击登录
点击登录之后,页面会向security发起一个login的post请求,
表单登录会在UsernamePasswordAuthenticationFilter 这个过滤器中来处理,请求的路径的login,方式是POST,
然后会走到UserDetailsService去验证我们的用户名和密码,验证通过之后会访问到我们配置的默认的登录请求哪里,这里是一个post的请求
然后返回首页面
如果校验不成功,返回登录页面,打印错误信息
但是如果我不想让这个请求去访问默认的 UsernamePasswordAuthenticationFilter中的路径/login,那我们需要在配置中多加一行配置,相应的html页面也需要修改。
