今日言语:
按照上一章的来做,会发现只有当账号为root,密码为123456,才能登陆成功,这种方式很不实用,一旦我们的用户增加,我们不可能把所有用户信息都列出来,所以我们需要采用数据库来验证用户,并授权
接下来我们来解决这个问题。
本人使用的是mybatisplus,所以写起来代码比较少
先建立Entity包
具体项目结构就不展示了,我们可以看package的目录就行了
package com.alumni_circle.entity.security;
import lombok.Data;
/**
* @author 龙小虬
* @since 2020-07-29 13:40
*/
@Data
public class UserSecurity {
private String username;
private String password;
}
Mapper包
package com.alumni_circle.mapper.security;
import com.alumni_circle.entity.security.UserSecurity;
import com.baomidou.mybatisplus.core.mapper.BaseMapper;
public interface UserSecurityMapper extends BaseMapper<UserSecurity> {
}
Service接口
package com.alumni_circle.service.security;
import org.springframework.security.core.userdetails.UserDetailsService;
public interface IUserSecurityService extends UserDetailsService {
}
service实现类
package com.alumni_circle.service.security.impl;
import com.alumni_circle.entity.security.UserSecurity;
import com.alumni_circle.mapper.security.UserSecurityMapper;
import com.alumni_circle.service.security.IUserSecurityService;
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;
import java.util.ArrayList;
import java.util.List;
/**
* @author 龙小虬
* @since 2020-07-29 13:42
*/
@Service
public class UserSecurityServiceImpl implements IUserSecurityService {
@Autowired
UserSecurityMapper userSecurityMapper;
@Override
public UserDetails loadUserByUsername(String name) throws UsernameNotFoundException {
QueryWrapper<UserSecurity> queryWrapper = new QueryWrapper<UserSecurity>();
queryWrapper.eq("username",name);
UserSecurity userSecurity = userSecurityMapper.selectOne(queryWrapper);
List<SimpleGrantedAuthority> authorities = new ArrayList<>();
authorities.add(new SimpleGrantedAuthority("ROLE_USER"));
System.out.println(name);
if(userSecurity!=null){
return new User(userSecurity.getUsername(),userSecurity.getPassword(),authorities);
}
System.out.println(name);
return null;
}
}
web包
package com.alumni_circle.controller.security;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.servlet.ModelAndView;
/**
* @author 龙小虬
* @since 2020-07-28 18:12
*/
@Controller
public class SecurityController {
@RequestMapping(value = "/admin**", method = RequestMethod.GET)
public ModelAndView adminPage() {
ModelAndView model = new ModelAndView();
model.addObject("title", "Spring Security Hello World");
model.addObject("message", "This is protected page!");
model.setViewName("admin");
System.out.println(model.toString());
return model;
}
}
基础工程就已经完成了,接下来我们更改一下spring-security.xml这个配置
我们上一篇文章使用的是注释掉的部分,现在需要在security:authentication-provider标签中加入
user-service-ref="userSecurityService"
但是这个时候可能汇报错,因为我们并没有把userSecurityService(UserSecurityServiceImpl)注入到security中,所以需要配置bean
<bean id="userSecurityService" class="com.alumni_circle.service.security.impl.UserSecurityServiceImpl"/>
这样我们就可以使用数据库来对用户进行验证和授权了。
当然还少不了我们在数据库中创建数据表。
这个数据库设置也可以添加权限列表,为了一点点来,所以就省略没写,而是在UserSecurityServiceImpl.java写死了。
注:上一篇文章中我们写了title,message这两个字符串,在这里我们就可以更改为 t i t l e , {title}, title,{message}了,然后在page标签中加入isELIgnored=“false”,在登录成功后就会显示成这样
学习上有问题,欢迎指出