Spring Security集成以及配置
挺多的。。。就直接放上来吧,就不解释什么了。反正有注释。
为的是有一天要用、但是忘了相关的配置可以看这篇文章想起来。
由于使用security配置,故不需要Redis储存session了,将此相关的全部去掉
yml:
#数据库连接属性配置
spring:
datasource:
driver-class-name: com.mysql.cj.jdbc.Driver
url: jdbc:mysql://localhost:3306/hospital?serverTimezone=Asia/Shanghai
username: root
password: 614
#security配置
jackson:
serialization:
indent_output: true
#mybatis实体类名
mybatis:
type-aliases-package: top.yibobo.hospital.domain
configuration:
#到下划线的表字段自动映射成驼峰命名法
map-underscore-to-camel-case: true
mapper-locations: classpath:mybatis/mapper/*.xml
#设置服务器端口号/session保存时长
server:
port: 8086
#定义日志文件路径
logging:
file: logs/all.log
level:
org.springframework.security: info
pom.xml要加的:
<!--security配置--> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency>
package top.yibobo.hospital.security.domain;
import com.fasterxml.jackson.annotation.JsonFormat;
import com.fasterxml.jackson.annotation.JsonIgnore;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import top.yibobo.hospital.domain.Authority;
import java.util.Collection;
import java.util.Date;
import java.util.List;
/*
Spring Security框架服务的用户类
*/
public class JwtUser implements UserDetails {
private final Integer id;//必须
private final String username;//必须
private final String password;//必须
private final Integer state;
private final String email;
private final Date lastPasswordResetDate;
private final boolean enabled;//必须
private final Date loginTime;
//授权的角色集合
private final Collection<? extends GrantedAuthority> authorities;//必须
public JwtUser(Integer id, String username, String password, Integer state, String email, Date lastPasswordResetDate, boolean enabled, Date loginTime, Collection<? extends GrantedAuthority> authorities) {
this.id = id;
this.username = username;
this.password = password;
this.state = state;
this.email = email;
this.lastPasswordResetDate = lastPasswordResetDate;
this.enabled = enabled;
this.loginTime = loginTime;
this.authorities = authorities;
}
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
return this.authorities;
}
@JsonIgnore
@Override
public String getPassword() {
return this.password;
}
@Override
public String getUsername() {
return this.username;
}
@JsonIgnore
@Override
public boolean isAccountNonExpired() {
return true;
}
@JsonIgnore
@Override
public boolean isAccountNonLocked() {
return true;
}
@JsonIgnore
@Override
public boolean isCredentialsNonExpired() {
return true;
}
@Override
public boolean isEnabled() {
return this.enabled;
}
@JsonIgnore
public Integer getId() {
return id;
}
public Integer getState() {
return state;
}
public String getEmail() {
return email;
}
@JsonIgnore
public Date getLastPasswordResetDate() {
return lastPasswordResetDate;
}
public Date getLoginTime() {
return loginTime;
}
}
package top.yibobo.hospital.security.domain;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import top.yibobo.hospital.domain.Admins;
import top.yibobo.hospital.domain.Authority;
import java.util.List;
import java.util.stream.Collectors;
public final class JwtUserFactory {
private JwtUserFactory(){}
public static JwtUser create(Admins user){
return new JwtUser(user.getAid(),
user.getAname(),
user.getPwd(),
user.getState(),
user.getEmail(),
user.getLastPasswordResetDate(),
user.getAexist()==1?true:false,
user.getLoginTime(),
mapToGrantedAuthorities(user.getAuthorities()));
}
/*
将查询的用户角色集合转化为security框架授权的角色集合
*/
private static List<GrantedAuthority> mapToGrantedAuthorities(List<Authority> authorities){
return authorities.stream().map(authority ->
new SimpleGrantedAuthority(authority.getName().name()))
.collect(Collectors.toList());
}
}
package top.yibobo.hospital.security.service;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;
import top.yibobo.hospital.domain.Admins;
import top.yibobo.hospital.mapper.AdminsMapper;
import top.yibobo.hospital.security.domain.JwtUserFactory;
@Service
public class JwtUserDetailsService implements UserDetailsService{
@Autowired
private AdminsMapper adminsMapper;
@Override
public UserDetails loadUserByUsername(String s) throws UsernameNotFoundException {
Admins user = adminsMapper.findByName(s);
if(user==null){
throw new UsernameNotFoundException("找不到用户呀呀呀呀呀呀呀呀!!!!");
}else {
return JwtUserFactory.create(user);
}
}
}
package top.yibobo.hospital.security.config;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
/**
* 安全配置类
* 配置哪些请求要经过安全检查
*
*/
@SuppressWarnings("SpringJavaAutowiringInspection")
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
@Qualifier("jwtUserDetailsService")
private UserDetailsService userUserDetailsService;
@Autowired
public void configureAuthentication(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
authenticationManagerBuilder
.userDetailsService(this.userUserDetailsService)
.passwordEncoder(passwordEncoder());
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
//安全配置
httpSecurity
// we don't need CSRF because our token is invulnerable
.csrf().disable()
// don't create session
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
.authorizeRequests()
//.antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
// allow anonymous resource requests
.antMatchers(
HttpMethod.GET,
"/",
"/*.html",
"/favicon.ico",
"/**/*.html",
"/**/*.css",
"/**/*.js"
).permitAll()
// 不需要进行安全效验的请求
.antMatchers(
"/auth/**",
"/api/users",
"/api/testError"
).permitAll()
// 其他api请求都必须做安全效验
.anyRequest().authenticated();
// disable page caching
httpSecurity
.headers()
.frameOptions().sameOrigin() // required to set for H2 else H2 Console will be blank.
.cacheControl();
}
}
1 COMMENT