前段時間學習了Spring Security,最近重學一次,同時整理一套筆記,友善後面遇錯處理。
跟着慕課網視訊學習的,加了點自己的思路以及解決方式,不喜勿噴。
項目依賴:
-
security-core
安全配置核心
-
security-app
APP安全配置
-
security-browser
浏覽器安全配置核心
-
security-login
登入注冊子產品
-
demo
項目提供API接口
依賴關系:
因為我一直開發的都是APP模式的,同時APP模式支援浏覽器,是以此後筆記重點可能在于APP方向的開發。
Spring Security初識
依賴添加
父工程pom.xml:
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.cong.security</groupId>
<artifactId>Security</artifactId>
<packaging>pom</packaging>
<version>1.0-SNAPSHOT</version>
<!--此處配置全局調用,友善版本更新-->
<properties>
<skipTests>true</skipTests>
<java.version>1.8</java.version>
<!-- 編碼 -->
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<security.version>1.0-SNAPSHOT</security.version>
<commons-beanutils.version>1.9.3</commons-beanutils.version>
<commons-collections.version>3.2.2</commons-collections.version>
<!-- 第三方登入 -->
<spring-social.version>1.1.6.RELEASE</spring-social.version>
<!-- spring-session-->
<spring-session.version>1.3.5.RELEASE</spring-session.version>
<!-- 可視化頁面 -->
<springfox-swagger.version>2.9.2</springfox-swagger.version>
<wiremock.version>2.18.0</wiremock.version>
<!-- 檔案 -->
<commons-io.version>2.6</commons-io.version>
<!-- 解決項目打包時jackson-bom找不到問題 -->
<jackson-bom.version>2.9.9</jackson-bom.version>
<!-- JWT加密 -->
<jjwt.version>0.9.0</jjwt.version>
<!-- MySQL連接配接驅動 -->
<mysql-connector-java.version>5.1.24</mysql-connector-java.version>
<!-- Mybatis -->
<mybatis-spring-boot-starter.version>2.0.0</mybatis-spring-boot-starter.version>
<!-- MyBatis-generator插件 -->
<mybatis-generator-core.version>1.3.5</mybatis-generator-core.version>
<!-- 分頁插件 -->
<pagehelper-spring-boot-starter.version>1.2.10</pagehelper-spring-boot-starter.version>
<!-- 分頁插件版本 -->
<!-- <pagehelper.version>5.1.10</pagehelper.version> -->
<fastjson.version>1.2.58</fastjson.version>
</properties>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.1.6.RELEASE</version>
<relativePath/>
</parent>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-dependencies</artifactId>
<version>Greenwich.SR3</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
<!-- 編譯版本 -->
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-resources-plugin</artifactId>
<configuration>
<encoding>UTF-8</encoding>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<configuration>
<source>1.8</source>
<target>1.8</target>
<encoding>UTF-8</encoding>
</configuration>
</plugin>
</plugins>
</build>
<modules>
<module>security-core</module>
<module>security-app</module>
<module>security-browser</module>
<module>security-login</module>
<module>demo</module>
</modules>
</project>
加的有點多,但是後面基本上都會遇到。
後面筆記版本更新到2.2.2.RELEASE
core.pom依賴:
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<parent>
<artifactId>Security</artifactId>
<groupId>com.cong.security</groupId>
<version>1.0-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
<artifactId>security-core</artifactId>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<!-- oauth2.0認證架構-->
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-oauth2</artifactId>
</dependency>
<!-- 緩存、短信過期、三方登入認證過期等-->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-redis</artifactId>
</dependency>
<!--使用lettuce作為連接配接池,需要引入commons-pool2包,否則會報錯bean注入失敗-->
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-pool2</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-cache</artifactId>
</dependency>
<!--資料庫連接配接-->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-jdbc</artifactId>
</dependency>
<!-- 第三方登陸 -->
<dependency>
<groupId>org.springframework.social</groupId>
<artifactId>spring-social-config</artifactId>
<version>${spring-social.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.social</groupId>
<artifactId>spring-social-core</artifactId>
<version>${spring-social.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.social</groupId>
<artifactId>spring-social-security</artifactId>
<version>${spring-social.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.social</groupId>
<artifactId>spring-social-web</artifactId>
<version>${spring-social.version}</version>
</dependency>
<!--資料庫連接配接驅動-->
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
</dependency>
<!-- 工具包 -->
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
<exclusions>
<exclusion>
<groupId>com.fasterxml.jackson</groupId>
<artifactId>jackson-bom</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson</groupId>
<artifactId>jackson-bom</artifactId>
<version>${jackson-bom.version}</version>
<type>pom</type>
</dependency>
<dependency>
<groupId>commons-collections</groupId>
<artifactId>commons-collections</artifactId>
<version>${commons-collections.version}</version>
</dependency>
<dependency>
<groupId>commons-beanutils</groupId>
<artifactId>commons-beanutils</artifactId>
<version>${commons-beanutils.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-configuration-processor</artifactId>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
</dependency>
<dependency>
<groupId>com.alibaba</groupId>
<artifactId>fastjson</artifactId>
<version>${fastjson.version}</version>
</dependency>
<dependency>
<groupId>io.undertow</groupId>
<artifactId>undertow-servlet</artifactId>
</dependency>
<dependency>
<groupId>javax.validation</groupId>
<artifactId>validation-api</artifactId>
<version>2.0.1.Final</version>
</dependency>
</dependencies>
</project>
browser和app依賴core子產品:
<dependencies>
<dependency>
<groupId>com.cong.security</groupId>
<artifactId>security-core</artifactId>
<version>${security.version}</version>
</dependency>
</dependencies>
login子產品pom.xml:
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<parent>
<artifactId>Security</artifactId>
<groupId>com.cong.security</groupId>
<version>1.0-SNAPSHOT</version>
</parent>
<packaging>jar</packaging>
<modelVersion>4.0.0</modelVersion>
<artifactId>security-demo</artifactId>
<dependencies>
<!--浏覽器安全子產品-->
<dependency>
<groupId>com.cong.security</groupId>
<artifactId>security-browser</artifactId>
<version>${security.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-aop</artifactId>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<version>1.3.3.RELEASE</version>
<executions>
<execution>
<goals>
<goal>repackage</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
<finalName>login</finalName>
</build>
</project>
demo子產品放着不用,最後的最後才用到。
代碼
啟動類:
package com.cong.security;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
import org.springframework.context.annotation.ComponentScan;
/**
* 項目啟動類
*
* @Author single-聰
* @Date 2020/1/6 15:08
* @Version 1.0.1
**/
@EnableAutoConfiguration
@ComponentScan("com.cong.security")
public class APP {
public static void main(String[] args) {
SpringApplication.run(APP.class, args);
}
}
提供一個借口供外通路
package com.cong.security.controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
/**
* @Description TODO
* @Author single-聰
* @Date 2020/1/6 15:11
* @Version 1.0.1
**/
@RestController
@RequestMapping("login")
public class LoginController {
/**
* @Description 測試接口
* @Param []
* @Author single-聰
* @Date 15:12 2020/1/6
* @Version 1.0.1
* @return java.lang.String
**/
@RequestMapping("hello")
public String hello() {
return "login/hello";
}
}
二級,友善借口快速查找
application-dev.yml:
spring:
datasource:
url: jdbc:mysql://localhost:3306/security?generateSimpleParameterMetadata=true&characterEncoding=utf8&useSSL=true&serverTimezone=Asia/Shanghai&allowMultiQueries=true
driver-class-name: com.mysql.jdbc.Driver
username: root
password: 123456
hikari:
connection-timeout: 30000
redis:
port: 6379
lettuce:
pool:
max-active: 500
max-wait: 50000
max-idle: 500
min-idle: 0
timeout: 50000
host: 101.133.174.111
password: cong
session:
store-type: none
security:
user:
name: name
password: pwd
# 日志
logging:
config: classpath:logback-dev.xml
##配置端口
server:
port: 8001
資料庫,緩存,日志,端口。security.user.name配置是因為Spring Security更新到5.0之後,
security.basic.enabled=false
配置失效,在啟動類
exclude
也沒用,是以我才加的這個配置。
啟動項目,浏覽器輸入通路位址
localhost:8001/login/hello
會自動跳轉至一下界面:
輸入yml配置檔案中配置的使用者名密碼即可跳轉到/login/hello接口
到這裡安全架構已經配置上(未登入不能通路接口)。