前段时间学习了Spring Security,最近重学一次,同时整理一套笔记,方便后面遇错处理。
跟着慕课网视频学习的,加了点自己的思路以及解决方式,不喜勿喷。
项目依赖:
-
security-core
安全配置核心
-
security-app
APP安全配置
-
security-browser
浏览器安全配置核心
-
security-login
登录注册模块
-
demo
项目提供API接口
依赖关系:
因为我一直开发的都是APP模式的,同时APP模式支持浏览器,所以此后笔记重点可能在于APP方向的开发。
Spring Security初识
依赖添加
父工程pom.xml:
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.cong.security</groupId>
<artifactId>Security</artifactId>
<packaging>pom</packaging>
<version>1.0-SNAPSHOT</version>
<!--此处配置全局调用,方便版本升级-->
<properties>
<skipTests>true</skipTests>
<java.version>1.8</java.version>
<!-- 编码 -->
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<security.version>1.0-SNAPSHOT</security.version>
<commons-beanutils.version>1.9.3</commons-beanutils.version>
<commons-collections.version>3.2.2</commons-collections.version>
<!-- 第三方登录 -->
<spring-social.version>1.1.6.RELEASE</spring-social.version>
<!-- spring-session-->
<spring-session.version>1.3.5.RELEASE</spring-session.version>
<!-- 可视化页面 -->
<springfox-swagger.version>2.9.2</springfox-swagger.version>
<wiremock.version>2.18.0</wiremock.version>
<!-- 文件 -->
<commons-io.version>2.6</commons-io.version>
<!-- 解决项目打包时jackson-bom找不到问题 -->
<jackson-bom.version>2.9.9</jackson-bom.version>
<!-- JWT加密 -->
<jjwt.version>0.9.0</jjwt.version>
<!-- MySQL连接驱动 -->
<mysql-connector-java.version>5.1.24</mysql-connector-java.version>
<!-- Mybatis -->
<mybatis-spring-boot-starter.version>2.0.0</mybatis-spring-boot-starter.version>
<!-- MyBatis-generator插件 -->
<mybatis-generator-core.version>1.3.5</mybatis-generator-core.version>
<!-- 分页插件 -->
<pagehelper-spring-boot-starter.version>1.2.10</pagehelper-spring-boot-starter.version>
<!-- 分页插件版本 -->
<!-- <pagehelper.version>5.1.10</pagehelper.version> -->
<fastjson.version>1.2.58</fastjson.version>
</properties>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.1.6.RELEASE</version>
<relativePath/>
</parent>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-dependencies</artifactId>
<version>Greenwich.SR3</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
<!-- 编译版本 -->
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-resources-plugin</artifactId>
<configuration>
<encoding>UTF-8</encoding>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<configuration>
<source>1.8</source>
<target>1.8</target>
<encoding>UTF-8</encoding>
</configuration>
</plugin>
</plugins>
</build>
<modules>
<module>security-core</module>
<module>security-app</module>
<module>security-browser</module>
<module>security-login</module>
<module>demo</module>
</modules>
</project>
加的有点多,但是后面基本上都会遇到。
后面笔记版本升级到2.2.2.RELEASE
core.pom依赖:
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<parent>
<artifactId>Security</artifactId>
<groupId>com.cong.security</groupId>
<version>1.0-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
<artifactId>security-core</artifactId>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<!-- oauth2.0认证框架-->
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-oauth2</artifactId>
</dependency>
<!-- 缓存、短信过期、三方登录认证过期等-->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-redis</artifactId>
</dependency>
<!--使用lettuce作为连接池,需要引入commons-pool2包,否则会报错bean注入失败-->
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-pool2</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-cache</artifactId>
</dependency>
<!--数据库连接-->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-jdbc</artifactId>
</dependency>
<!-- 第三方登陆 -->
<dependency>
<groupId>org.springframework.social</groupId>
<artifactId>spring-social-config</artifactId>
<version>${spring-social.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.social</groupId>
<artifactId>spring-social-core</artifactId>
<version>${spring-social.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.social</groupId>
<artifactId>spring-social-security</artifactId>
<version>${spring-social.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.social</groupId>
<artifactId>spring-social-web</artifactId>
<version>${spring-social.version}</version>
</dependency>
<!--数据库连接驱动-->
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
</dependency>
<!-- 工具包 -->
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
<exclusions>
<exclusion>
<groupId>com.fasterxml.jackson</groupId>
<artifactId>jackson-bom</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson</groupId>
<artifactId>jackson-bom</artifactId>
<version>${jackson-bom.version}</version>
<type>pom</type>
</dependency>
<dependency>
<groupId>commons-collections</groupId>
<artifactId>commons-collections</artifactId>
<version>${commons-collections.version}</version>
</dependency>
<dependency>
<groupId>commons-beanutils</groupId>
<artifactId>commons-beanutils</artifactId>
<version>${commons-beanutils.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-configuration-processor</artifactId>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
</dependency>
<dependency>
<groupId>com.alibaba</groupId>
<artifactId>fastjson</artifactId>
<version>${fastjson.version}</version>
</dependency>
<dependency>
<groupId>io.undertow</groupId>
<artifactId>undertow-servlet</artifactId>
</dependency>
<dependency>
<groupId>javax.validation</groupId>
<artifactId>validation-api</artifactId>
<version>2.0.1.Final</version>
</dependency>
</dependencies>
</project>
browser和app依赖core模块:
<dependencies>
<dependency>
<groupId>com.cong.security</groupId>
<artifactId>security-core</artifactId>
<version>${security.version}</version>
</dependency>
</dependencies>
login模块pom.xml:
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<parent>
<artifactId>Security</artifactId>
<groupId>com.cong.security</groupId>
<version>1.0-SNAPSHOT</version>
</parent>
<packaging>jar</packaging>
<modelVersion>4.0.0</modelVersion>
<artifactId>security-demo</artifactId>
<dependencies>
<!--浏览器安全模块-->
<dependency>
<groupId>com.cong.security</groupId>
<artifactId>security-browser</artifactId>
<version>${security.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-aop</artifactId>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<version>1.3.3.RELEASE</version>
<executions>
<execution>
<goals>
<goal>repackage</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
<finalName>login</finalName>
</build>
</project>
demo模块放着不用,最后的最后才用到。
代码
启动类:
package com.cong.security;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
import org.springframework.context.annotation.ComponentScan;
/**
* 项目启动类
*
* @Author single-聪
* @Date 2020/1/6 15:08
* @Version 1.0.1
**/
@EnableAutoConfiguration
@ComponentScan("com.cong.security")
public class APP {
public static void main(String[] args) {
SpringApplication.run(APP.class, args);
}
}
提供一个借口供外访问
package com.cong.security.controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
/**
* @Description TODO
* @Author single-聪
* @Date 2020/1/6 15:11
* @Version 1.0.1
**/
@RestController
@RequestMapping("login")
public class LoginController {
/**
* @Description 测试接口
* @Param []
* @Author single-聪
* @Date 15:12 2020/1/6
* @Version 1.0.1
* @return java.lang.String
**/
@RequestMapping("hello")
public String hello() {
return "login/hello";
}
}
二级,方便借口快速查找
application-dev.yml:
spring:
datasource:
url: jdbc:mysql://localhost:3306/security?generateSimpleParameterMetadata=true&characterEncoding=utf8&useSSL=true&serverTimezone=Asia/Shanghai&allowMultiQueries=true
driver-class-name: com.mysql.jdbc.Driver
username: root
password: 123456
hikari:
connection-timeout: 30000
redis:
port: 6379
lettuce:
pool:
max-active: 500
max-wait: 50000
max-idle: 500
min-idle: 0
timeout: 50000
host: 101.133.174.111
password: cong
session:
store-type: none
security:
user:
name: name
password: pwd
# 日志
logging:
config: classpath:logback-dev.xml
##配置端口
server:
port: 8001
数据库,缓存,日志,端口。security.user.name配置是因为Spring Security升级到5.0之后,
security.basic.enabled=false
配置失效,在启动类
exclude
也没用,所以我才加的这个配置。
启动项目,浏览器输入访问地址
localhost:8001/login/hello
会自动跳转至一下界面:
输入yml配置文件中配置的用户名密码即可跳转到/login/hello接口
到这里安全框架已经配置上(未登录不能访问接口)。