【说明】
本文参考自:https://www.cnblogs.com/ealenxie/p/9293768.html
将项目升级为springboot2.x版本
【项目GitHub地址】
https://github.com/qidasheng2012/springboot2.x-security
【项目搭建】
- 始化SQL脚本
DROP TABLE IF EXISTS `user`;
CREATE TABLE `user`
(
`id` bigint(20) NOT NULL AUTO_INCREMENT COMMENT '主键',
`user_code` varchar(36) COMMENT '用户编号',
`username` varchar(20) COMMENT '用户名称',
`password` varchar(100) COMMENT '密码',
`email` varchar(100) COMMENT '邮箱',
`phone` varchar(11) COMMENT '手机号',
`role` int(10) COMMENT '角色',
`image` varchar(255) COMMENT '头像',
`last_ip` varchar(50) COMMENT '最后登录IP',
`last_time` varchar(50) COMMENT '最后登录时间',
PRIMARY KEY (`id`)
) ENGINE = InnoDB AUTO_INCREMENT = 1 CHARACTER SET = utf8mb4 COLLATE = utf8mb4_unicode_ci;
-- username: root password: 123456
INSERT INTO `USER`
VALUES (1, 'd242ae49-4734-411e-8c8d-d2b09e87c3c8', 'root',
'$2a$04$REdYt1gsbANkWtfhqjc9C.EqJM/k8qcQv2McNv/YGROZtOaFzzP4.', '[email protected]', '16666666666', 1, 'image',
'127.0.0.1', '2019-10-21 11:26:27');
- pom.xml
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.2.0.RELEASE</version>
</parent>
<groupId>com.it</groupId>
<artifactId>springboot2.x-security</artifactId>
<version>1.0</version>
<description>SpringBoot2.x整合SpringSecurity实现简单登录</description>
<properties>
<java.version>1.8</java.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-jpa</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-devtools</artifactId>
<scope>runtime</scope>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-configuration-processor</artifactId>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<optional>true</optional>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>
- application.yml
server:
port: 8080
error:
whitelabel:
enabled: true
spring:
resources:
static-locations: classpath:/
datasource:
url: jdbc:mysql://localhost:3306/db?useUnicode=true&characterEncoding=utf-8&useSSL=false&serverTimezone=Asia/Shanghai
username: root
password: 123456
- 配置
package com.it.config;
import com.it.dao.UserRepository;
import com.it.domain.User;
import com.it.security.SecurityUser;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
import org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
@Slf4j
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception { //配置策略
http.csrf().disable()
.authorizeRequests()
.antMatchers("/static/**").permitAll().anyRequest().authenticated()
.and()
.formLogin().loginPage("/login").permitAll().successHandler(loginSuccessHandler())
.and()
.logout().permitAll().invalidateHttpSession(true).deleteCookies("JSESSIONID").logoutSuccessHandler(logoutSuccessHandler())
.and()
.rememberMe()
.and().sessionManagement().maximumSessions(10).expiredUrl("/login");
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService()).passwordEncoder(passwordEncoder());
auth.eraseCredentials(false);
}
@Bean
public TokenBasedRememberMeServices tokenBasedRememberMeServices() {
return new TokenBasedRememberMeServices("springRocks", userDetailsService());
}
@Bean
public BCryptPasswordEncoder passwordEncoder() { //密码加密
return new BCryptPasswordEncoder(4);
}
@Bean
public LogoutSuccessHandler logoutSuccessHandler() { //登出处理
return (httpServletRequest, httpServletResponse, authentication) -> {
try {
SecurityUser user = (SecurityUser) authentication.getPrincipal();
log.info("USER : {} LOGOUT SUCCESS ! ", user.getUsername());
} catch (Exception e) {
log.error("printStackTrace", e);
}
httpServletResponse.sendRedirect("/login");
};
}
@Bean
public SavedRequestAwareAuthenticationSuccessHandler loginSuccessHandler() { //登入处理
return new SavedRequestAwareAuthenticationSuccessHandler() {
@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
User userDetails = (User) authentication.getPrincipal();
log.info("USER : {} LOGIN SUCCESS ! ", userDetails.getUsername());
super.onAuthenticationSuccess(request, response, authentication);
}
};
}
@Bean
@Override
public UserDetailsService userDetailsService() { //用户登录实现
return new UserDetailsService() {
@Autowired
private UserRepository userRepository;
@Override
public UserDetails loadUserByUsername(String s) throws UsernameNotFoundException {
User user = userRepository.findByUsername(s);
if (user == null) throw new UsernameNotFoundException("Username " + s + " not found");
return new SecurityUser(user);
}
};
}
}
