springboot（2.0）配置spring security

版权声明：本文为博主原创文章，未经博主允许不得转载。 https://blog.csdn.net/c_royi/article/details/82996731

springboot（2.0）配置spring security

github：jpa多数据源配置
项目名：springboot-security

注意事项

1. spring security（5.0）去除了明文密码，统一需要对密码进行加密
2. 注意filter对静态资源（css,img,js）不进行过滤
3. spring security 的GrantedAuthority只能对role或permission进行授权，不能同时包含两种类型。所以需要重写接口PermissionEvaluator 对permission进行授权

配置流程

1. 配置实体类（user ）implements UserDetails并重写方法
2. 实现implements UserDetailsService接口（重写loadUserByUsername(String s)）获取数据库实例。
3. 配置WebSecurityConfig（extends WebSecurityConfigurerAdapter）重写configure(AuthenticationManagerBuilder auth)验证方式。和protected void configure(HttpSecurity http)拦截器链

代码展示(主要代码具体请看github)

user实体类

@Entity
public class SysUser implements UserDetails {
    @Id
    @GeneratedValue
    private Long id;
    private String username;
    private String password;

    @ManyToMany(cascade = {CascadeType.REFRESH},fetch = FetchType.EAGER)
    private List<SysRole> roles;
    //授权role
    @Override
    public Collection<? extends GrantedAuthority> getAuthorities() {
        List<GrantedAuthority> auths = new ArrayList<>();
        List<SysRole> roles = this.getRoles();
        for (SysRole role : roles) {
            auths.add(new SimpleGrantedAuthority(role.getName()));
        }
        return auths;
    }
    @Override
    public boolean isAccountNonExpired() {
        return true;
    }

    @Override
    public boolean isAccountNonLocked() {
        return true;
    }

    @Override
    public boolean isCredentialsNonExpired() {
        return true;
    }

    @Override
    public boolean isEnabled() {
        return true;
    }

MyUserDetailsService(获取数据库对象)

@Service
public class MyUserDetailsService implements UserDetailsService {

    @Autowired
    private SysUserRepository userRepository;
    @Override
    public UserDetails loadUserByUsername(String s) throws UsernameNotFoundException {
        SysUser user = userRepository.findByUsername(s);
        if (user == null) {
            throw new UsernameNotFoundException("用户名不存在");
        }
        return user;
    }
}

WebSecurityConfig(配置验证和http拦截链)

@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    @Autowired
    private MyUserDetailsService myUserDetailsService;

    //    配置用户验证
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(myUserDetailsService).passwordEncoder(new BCryptPasswordEncoder());
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
//            配置不拦截静态文件
            .antMatchers("/css/**").permitAll()
            .anyRequest().authenticated()
            .and().formLogin().loginPage("/login").failureUrl("/login?error").permitAll()
            .and()
            .logout()
            .permitAll();
    }
}

页面展示

输入localhost:8080/login
账号：root 密码：root