实现效果:
实现用户登陆功能,与传统的登陆功能不同,用
Spring-Security
实现登陆,减少了开发者的代码,也提高了系统的安全性
技术栈:
- Lombok(@Data自动生成get和set方法)
- mybatis-plus(生成了多数简单的sql)
- mybatis-plus代码生成器(生成了基础的三层)
- Spring-Security安全框架(主要实现)
目录结构
实现(持久层)
- 根据用户名查询用户信息
@Select("select * from user where username=#{username}")
User finUserByUsername(String username);
- 根据用户id查询用户权限
@Select("select p.id,p.name,p.desc " +
"from user u " +
"left join user_role ur on u.id=ur.user_id " +
"left join role r on r.id=ur.role_id " +
"left join role_permission rp on r.id=rp.role_id " +
"left join permission p on p.id=rp.permission_id " +
"where u.id=#{id}")
List<Permission>findUserPermissionsById(Integer id);
实现(业务层)
1.业务层接口
IUserService
public interface IUserService extends IService<User> {
/**
* 根据username获取用户权限,username->UserDetails
* @param username
* @return
*/
UserDetails getUserDetails(String username);
}
2.业务层实现类
UserServiceImpl
@Service
@Slf4j
public class UserServiceImpl extends ServiceImpl<UserMapper, User> implements IUserService {
@Autowired
private UserMapper userMapper;
/**
* 根据username获取用户权限,username->UserDetails
* 涉及持久层操作(持久层)
* 1:根据用户名username查询User表是否存在
* 2:返回给Security安全框架
* @param username
* @return
*/
@Override
public UserDetails getUserDetails(String username) {
User user=userMapper.finUserByUsername(username);
if(user==null){
return null;
}
List<Permission> permissions = userMapper.findUserPermissionsById(user.getId());
String [] authorities=new String[permissions.size()];
int i=0;
for (Permission p : permissions) {
authorities[i++]=p.getName();
}
UserDetails u= org.springframework.security.core.userdetails.User
.builder()
.username(user.getUsername())
.password(user.getPassword())
.accountLocked(user.getLocked()==1)
.disabled(user.getEnabled()==0)
.authorities(authorities)
.build();
return u;
}
}
业务层实现类实现效果:根据
username
用户名返回一个
UserDetails
对象交给
UserDetailsServiceIml
实现类
3.UserDetailsServiceIml实现类
@Component
public class UserDetailsServiceImpl implements UserDetailsService {
@Autowired
private IUserService userService;
/**
* 通过UserService业务层验证返回UserDetails对象,作为权限验证信息
* @param username
* @return
* @throws UsernameNotFoundException
*/
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
return userService.getUserDetails(username);
}
}
4.
SercurityConfig
Spring-security配置类
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
UserDetailsServiceImpl userDetailsService;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable().
authorizeRequests().antMatchers(
"/css/*",
"/img/*",
"/js/*",
"/browser_components/**",
"/login.html",
"/register.html",
"/register"
).permitAll()
.anyRequest().authenticated()
.and().formLogin()
.loginPage("/login.html")
.loginProcessingUrl("/login")
.failureUrl("/login.html?error")
.defaultSuccessUrl("/index.html")
.and().logout()
.logoutUrl("/logout")
.logoutSuccessUrl("/login.html?logout");
}
}
实现(控制器)
@RestController
@Slf4j
public class SystemController {
@GetMapping("/login.html")
public ModelAndView loginForm(){
return new ModelAndView("login");
}
}
此时就已经实现了登陆,几乎都是配置信息,交给Spring-Security管理,开发者非常方便,系统又非常安全