springboot集成springsecurity

版权声明：本文为博主原创文章，未经博主允许不得转载。 https://blog.csdn.net/u014161595/article/details/87183883

https://www.cnblogs.com/ealenxie/p/9293768.html

https://blog.csdn.net/u013435893/article/details/79596628

https://blog.csdn.net/qq_35508033/article/details/79046441

http://www.cnblogs.com/softidea/p/7068149.html

框架：springboot+mybatis+mysql+html+jquery

1.pom添加dependency

<!-- spring security -->
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-security</artifactId>
    </dependency>

2.继承WebSecurityConfigurerAdapter，重写protected void configure(HttpSecurity http) 和protected void configure(AuthenticationManagerBuilder auth) 方法；实现UserDetailsService 接口。或jdbc方式详见如下（2）

（1）

import org.apache.commons.codec.digest.Md5Crypt;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.password.MessageDigestPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
@Configuration
@EnableWebSecurity
public class PitWebSecutiryConfig extends WebSecurityConfigurerAdapter{
    @Bean
    MyUserDetailsService myUserDetailsService(){
        return new MyUserDetailsService();
    }
    protected void configure(HttpSecurity http) throws Exception {
        http
            .authorizeRequests()
                .antMatchers("/js/**","/css/**").permitAll()
                .anyRequest().authenticated()
                .and()
            .formLogin()
            .and()
            .logout().logoutUrl("/logout").logoutSuccessUrl("/login").invalidateHttpSession(true).deleteCookies("JSESSIONID")
            .and()
            .csrf().disable();
    }
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(myUserDetailsService()).passwordEncoder(new MessageDigestPasswordEncoder("MD5"));
    }
}

（2）

package pit.security;

import javax.annotation.Resource;
import javax.sql.DataSource;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.password.MessageDigestPasswordEncoder;
@Configuration
@EnableWebSecurity
public class PitWebSecutiryConfig extends WebSecurityConfigurerAdapter{
    @Bean
    MyUserDetailsService myUserDetailsService(){
        return new MyUserDetailsService();
    }
    @Resource
    private DataSource dataSource;
    protected void configure(HttpSecurity http) throws Exception {
        http
            .authorizeRequests()
                .antMatchers("/js/**","/css/**").permitAll()
                .anyRequest().authenticated()
                .and()
            .formLogin()
            .and()
            .logout().logoutUrl("/logout").logoutSuccessUrl("/login").invalidateHttpSession(true).deleteCookies("JSESSIONID")
            .and()
            .csrf().disable();
    }
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
//        auth.userDetailsService(myUserDetailsService()).passwordEncoder(new MessageDigestPasswordEncoder("MD5"));
        auth.jdbcAuthentication().dataSource(dataSource)
            .usersByUsernameQuery("SELECT username,LOWER(User_Password),true FROM UserTable where username= ?")
            .authoritiesByUsernameQuery("SELECT username,RESOURCE FROM T_USER_RESOURCES WHERE username= ?")
            .passwordEncoder(new MessageDigestPasswordEncoder("MD5"));
    }
}

3.登出，注意：2中的.csrf().disable()如果没有此语句，注销不成功，get 404 ，post 403.

<form action="/logout" method="get">
    <input type="submit" value="注销"/>
</form>

import java.util.ArrayList;
import java.util.List;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Component;

import pit.dao.UserTMapper;
import pit.model.UserT;
@Component
public class MyUserDetailsService implements UserDetailsService {
    @Autowired
    private UserTMapper utMapper;
    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
        List<SimpleGrantedAuthority> authorities = new ArrayList<>();
        //对应的权限添加
        authorities.add(new SimpleGrantedAuthority("ROLE_USER"));
        UserT usert=utMapper.selectByComnum(username);
        User user=new User(username, usert.getUserPassword().toLowerCase(), authorities);
        return user;
    }

}
4.调用

@RequestMapping(value="/selectCompanyAll")
    public List<Pit_company> selectCompanyAll(){
        SecurityContext securityContext=SecurityContextHolder.getContext();
        System.out.println("=========="+securityContext.getAuthentication().toString());
        List<Pit_company> list=pitCompanyMapper.selectAll();
        return list;
    }

5.数据库连接池

package pit.config;

import javax.sql.DataSource;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.boot.jdbc.DataSourceBuilder;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Primary;

@Configuration
public class DatasourceConfiguration {
    @Bean(name = "dataSource")
    @Qualifier(value = "dataSource")
    @Primary
    @ConfigurationProperties(prefix = "c3p0")
    public DataSource dataSource() {
        return DataSourceBuilder.create().type(com.mchange.v2.c3p0.ComboPooledDataSource.class).build();
    }
}

application.properties:

server.port=8080
#写法不起作用security.basic.enabled = false

c3p0.jdbcUrl=jdbc:mysql://ip:3306/数据库名称
c3p0.user=username
c3p0.password=password
c3p0.driverClass=com.mysql.jdbc.Driver
c3p0.minPoolSize=2
c3p0.maxPoolSize=10
c3p0.initialPoolSize=3
c3p0.maxIdleTime=30000

#---------------------------------------------------------
# c3p0反空闲设置，防止8小时失效问题28800
#---------------------------------------------------------
#idleConnectionTestPeriod要小于MySQL的wait_timeout
jdbc.c3p0.testConnectionOnCheckout=false
jdbc.c3p0.testConnectionOnCheckin=true
jdbc.c3p0.idleConnectionTestPeriod=3600

mybatis.mapperLocations=classpath:pit/mapper/*Mapper.xml   
mybatis.typeAliasesPackage=pit.dao

spring.servlet.multipart.max-file-size=100MB
spring.servlet.multipart.max-request-size=1000MB