SpringBoot集成SpringSecurity步骤

SpringBoot集成SpringSecurity步骤

由于第一次使用SpringSecurity，经过研究学习，总结了以下 *** 作步骤：

1. 加载spring security扩展

	
        org.springframework.boot
        spring-boot-starter-security
    

2. 写sping security 的配置文件SecurityConfig.java

package com.htcasting.common.config;
import com.htcasting.common.handle.AuthenticationEntryPointImpl;
import com.htcasting.common.handle.LogoutSuccessHandleImpl;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

@EnableGlobalMethodSecurity(prePostEnabled = true,securedEnabled = true)

public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Autowired
    private UserDetailsService userDetailsService;
    @Autowired
    private AuthenticationEntryPointImpl unauthorizedHandler;
    @Autowired
    private LogoutSuccessHandleImpl logoutSuccessHandle;

    
    @Bean
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    @Bean
    public BCryptPasswordEncoder bCryptPasswordEncoder() {
        return new BCryptPasswordEncoder();
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .csrf().disable()
                // 认证失败处理类
                .exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()
                // 基于token 所以不需要session
                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
                // 过滤请求
                .authorizeRequests()
                // 对于login请求允许匿名访问
                .antMatchers("/login").anonymous()
                .antMatchers(
                    HttpMethod.GET,
                        "/",
                        "*.html",
                        "*.css",
                        "*.js"
                ).permitAll()
                // 除了上面的请求外都需要鉴权认证
                .anyRequest().authenticated()
                .and()
                .headers().frameOptions().disable();
        // 退出成功跳转地址以及退出成功处理类
        http.logout().logoutUrl("/logout").logoutSuccessHandler(logoutSuccessHandle);
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService).passwordEncoder(bCryptPasswordEncoder());
    }
}

3. 写用户实体类 实现 UserDetails接口

package com.htcasting.common.entry.model;

import com.fasterxml.jackson.annotation.JsonIgnore;
import com.htcasting.common.entry.SysUser;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;

import java.util.Collection;
import java.util.Set;

public class LoginUser implements UserDetails {
    private static final long serialVersionUID = 2427417409609127686L;

    private Long id;

    private String userName;

    private Long deptId;

    private String token;

    private Set permissions;

    private SysUser user;

    public LoginUser() {
    }

    public LoginUser(Set permissions, SysUser user) {
        this.permissions = permissions;
        this.user = user;
    }

    public LoginUser(Long id, Long deptId, SysUser user, Set permissions) {
        this.id = id;
        this.deptId = deptId;
        this.permissions = permissions;
        this.user = user;
    }

    public Long getId() {
        return id;
    }

    public void setId(Long id) {
        this.id = id;
    }

    public Long getDeptId() {
        return deptId;
    }

    public void setDeptId(Long deptId) {
        this.deptId = deptId;
    }

    public String getToken() {
        return token;
    }

    public void setToken(String token) {
        this.token = token;
    }

    public Set getPermissions() {
        return permissions;
    }

    public void setPermissions(Set permissions) {
        this.permissions = permissions;
    }

    public SysUser getUser() {
        return user;
    }

    public void setUser(SysUser user) {
        this.user = user;
    }

    @Override
    public Collection getAuthorities() {
        return null;
    }
    @JsonIgnore
    @Override
    public String getPassword() {
        return user.getPassword();
    }

    @Override
    public String getUsername() {
        return user.getUserName();
    }

    

    @JsonIgnore
    @Override
    public boolean isAccountNonExpired() {
        return true;
    }
    
    @JsonIgnore
    @Override
    public boolean isAccountNonLocked() {
        return true;
    }
    
    @JsonIgnore
    @Override
    public boolean isCredentialsNonExpired() {
        return true;
    }
    
    @JsonIgnore
    @Override
    public boolean isEnabled() {
        return true;
    }
}

4. 写UserDetailsService 的实现类UserDetailsServiceImpl

package com.htcasting.common.service;

import com.htcasting.common.entry.SysUser;
import com.htcasting.common.entry.model.LoginUser;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;

@Service
public class UserDetailsServiceImpl implements UserDetailsService {
    @Autowired
    private SysUserService userService;
    @Autowired
    private SysPermissionService sysPermissionService;

    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
        SysUser user = userService.findUserByUserName(username);

        UserDetails loginUser = createLoginUser(user);

        return loginUser;
    }

    private UserDetails createLoginUser(SysUser user) {
        return new LoginUser(user.getId(),user.getDeptId(),user,sysPermissionService.getMenuPermission(user));
    }
}

5. 登录 验证

package com.htcasting.common.service;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.stereotype.Component;
import javax.annotation.Resource;
@Component
public class LoginService {
    @Resource // 此处只能使用@Resource注入不能使用@Autowired
    private AuthenticationManager authenticationManager; 

    public String login(String username, String password) {
        Authentication authentication = null;

        // 该方法会去调用UserDetailsServiceImpl.loadUserByUsername
        try {
            authentication = authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(username,password));
        } catch (Exception e) {
            System.out.println(e);
        }
        return "123";
    }
}