SpringSecurity中web权限方案认证(查询数据库认证)
【摘要】 @toc 1、引入依赖引入lombok、mybatis-plus、springsecurity、mysql相关依赖<dependencies> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter</artifactId> </dependency> <d...
@toc
1、引入依赖
引入lombok、mybatis-plus、springsecurity、mysql相关依赖
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<!--mybatis-plus-->
<dependency>
<groupId>com.baomidou</groupId>
<artifactId>mybatis-plus-boot-starter</artifactId>
<version>3.0.5</version>
</dependency>
<!--mysql-->
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>8.0.18</version>
</dependency>
<!--lombok 用来简化实体类-->
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
2、创建数据库和数据库表
就一张users表
3、创建users表对应的实体类
package com.atguigu.springsecuritydemo1.entity;
import lombok.Data;
@Data
public class Users {
private int id;
private String username;
private String password;
}
4、整合mapper,创建接口,继承BaseMapper接口
package com.atguigu.springsecuritydemo1.mapper;
import com.atguigu.springsecuritydemo1.entity.Users;
import com.baomidou.mybatisplus.core.mapper.BaseMapper;
import org.apache.ibatis.annotations.Mapper;
import org.springframework.stereotype.Repository;
@Repository
public interface UsersMapper extends BaseMapper<Users> {
}
5、在MyUserDetailsService调用mapper里面的方法查询数据库进行用户认证
package com.atguigu.springsecuritydemo1.service;
import com.atguigu.springsecuritydemo1.entity.Users;
import com.atguigu.springsecuritydemo1.mapper.UsersMapper;
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.stereotype.Service;
import java.util.List;
@Service("userDetailsService")
public class MyUserDetailService implements UserDetailsService {
@Autowired
private UsersMapper usersMapper;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
//调用userMapper中的方法,根据用户名查询数据库
QueryWrapper<Users> wrapper=new QueryWrapper<>();//条件构造器
//where username=?
wrapper.eq("username",username);
Users users= usersMapper.selectOne(wrapper);
//判断
if(users==null){ //数据库没有用户名,认证失败
throw new UsernameNotFoundException("用户名不存在!");
}
List<GrantedAuthority> auths= AuthorityUtils.commaSeparatedStringToAuthorityList("role");
//从查询数据库返回user对象,得到用户名和密码,返回
return new User(users.getUsername(),new BCryptPasswordEncoder().encode(users.getPassword()),auths);
}
}
6、在启动类添加注解MapperScan
注解后面括号的内容是mapper包的路径
package com.atguigu.springsecuritydemo1;
import org.mybatis.spring.annotation.MapperScan;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
@SpringBootApplication
@MapperScan("com.atguigu.springsecuritydemo1.mapper")
public class Springsecuritydemo1Application {
public static void main(String[] args) {
SpringApplication.run(Springsecuritydemo1Application.class, args);
}
}
7、配置数据库信息
这里每个人不一样,看着改下
server.port=8111
#通过配置文件设置用户名和密码
#数据库连接配置
spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver
spring.datasource.url=jdbc:mysql://localhost:3306/demo?&useSSL=false&serverTimezone=UTC&allowPublicKeyRetrieval=true
spring.datasource.username=root
spring.datasource.password=123456
8、测试用的controller
package com.atguigu.springsecuritydemo1.controller;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
@RestController
@RequestMapping("/test")
public class TestController {
@GetMapping("hello")
public String add(){
return "hello security";
}
}
9、以debug方式启动项目
断点的位置如下:
访问:http://localhost:8111/test/hello
结果重定向到:
我们先随便输入一个数据库中不存在的用户名和密码,查看debug窗口:
可以看到控制台的users对象为空,说明数据库中没有该用户
然后输入一个数据库中存在的,username=lucy,password=123
然后再查看debug控制台:
可以看到users对象不为空,数据库中确实存在该用户
10 正常运行项目
访问http://localhost:8111/test/hello,输入lucy 123
可以看到,controller层确实返回了数据。
【版权声明】本文为华为云社区用户原创内容,未经允许不得转载,如需转载请自行联系原作者进行授权。如果您发现本社区中有涉嫌抄袭的内容,欢迎发送邮件进行举报,并提供相关证据,一经查实,本社区将立刻删除涉嫌侵权内容,举报邮箱:
cloudbbs@huaweicloud.com
- 点赞
- 收藏
- 关注作者
评论(0)