亚洲乱码中文字幕综合,中国熟女仑乱hd,亚洲精品乱拍国产一区二区三区,一本大道卡一卡二卡三乱码全集资源,又粗又黄又硬又爽的免费视频

SpringBoot整合Security安全框架實(shí)現(xiàn)控制權(quán)限

 更新時(shí)間:2022年01月10日 10:42:59   作者:寧在春  
本文主要介紹了SpringBoot整合Security安全框架實(shí)現(xiàn)控制權(quán)限,文中通過示例代碼介紹的非常詳細(xì),具有一定的參考價(jià)值,感興趣的小伙伴們可以參考一下

我想每個(gè)寫項(xiàng)目的人,都肯定會(huì)遇到控制權(quán)限這個(gè)問題.
例如這個(gè)這個(gè)鏈接只能管理員訪問,那個(gè)鏈接丫只能超級(jí)管理員訪問等等,實(shí)現(xiàn)方式也有多種多樣,控制的粒度也不一樣。
以前剛學(xué)的時(shí)候,不會(huì)框架,大都是手寫注解+過濾器來進(jìn)行權(quán)限的控制,但這樣增加了過濾器的負(fù)擔(dān)。用起來也會(huì)稍微有些麻煩,粒度不太好控制。

用框架的話,就是封裝了更多的操作,讓一切更簡(jiǎn)單吧。當(dāng)然不局限于Security,還有像Shiro安全框架,這兩種非常常見。
一起加油吧!??!??

下面就開始吧!??!??

一、前言

介紹:

Spring Security是一個(gè)能夠?yàn)榛赟pring的企業(yè)應(yīng)用系統(tǒng)提供聲明式的安全訪問控制解決方案的安全框架。它提供了一組可以在Spring應(yīng)用上下文中配置的Bean,充分利用了Spring IoC,DI(控制反轉(zhuǎn)Inversion of Control ,DI:Dependency Injection 依賴注入)和AOP(面向切面編程)功能,為應(yīng)用系統(tǒng)提供聲明式的安全訪問控制功能,減少了為企業(yè)系統(tǒng)安全控制編寫大量重復(fù)代碼的工作。

官網(wǎng):

優(yōu)缺點(diǎn):

優(yōu)點(diǎn)

  • Spring Boot 官方提供了大量的非常方便的開箱即用的 Starter ,包括 Spring Security 的 Starter ,使得在 Spring Boot 中使用 Spring Security 變得更加容易。
  • Spring Security功能強(qiáng)大,比較好用。

缺點(diǎn)

  • Spring Security 是一個(gè)重量級(jí)的安全管理框架
  • Spring Security概念復(fù)雜,配置繁瑣(這個(gè)確實(shí),沒法逃開)

案例:

我們?cè)谠L問一個(gè)網(wǎng)站時(shí),大都都會(huì)設(shè)置普通用戶能有的權(quán)限,然后管理員有的權(quán)限,再就是超級(jí)管理員等等,這次就是實(shí)現(xiàn)這樣一個(gè)案例。

項(xiàng)目結(jié)構(gòu):

在這里插入圖片描述

二、環(huán)境準(zhǔn)備

2.1、數(shù)據(jù)庫表

CREATE TABLE `account`  (
  `id` int(10) NOT NULL AUTO_INCREMENT,
  `username` varchar(25) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL,
  `password` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL,
  `role` varchar(25) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL,
  PRIMARY KEY (`id`) USING BTREE
) ENGINE = InnoDB AUTO_INCREMENT = 5 CHARACTER SET = utf8 COLLATE = utf8_general_ci ROW_FORMAT = Dynamic;

INSERT INTO `account` VALUES (1, 'user', '$2a$10$1MHNdZS.oCICxLRVbnNBZe4CRn9Rk1MVQhasSMhHr0G4BCNQjPpna', 'ROLE_USER');
INSERT INTO `account` VALUES (2, 'admin', '$2a$10$dKkrkgVzaCPX74TvxOjwNuFJjIRJeAuDPKFntwNwRvRHkwIAHV5Q6', 'ROLE_ADMIN');
INSERT INTO `account` VALUES (3, 'super_admin', '$2a$10$CqOXnSp6oks9UTvsops4U.0vMGbUE2Bp28xKaPmlug4W8Mk59Sj8y', 'ROLE_SUPER_ADMIN');
INSERT INTO `account` VALUES (4, 'test', '$2a$10$SQsuH1XfxHdsVmf2nE75wOAE6GHm1nd/xDp/08KYJmtbzJt2J6xIG', 'TEST');

2.2、導(dǎo)入依賴

<parent>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-parent</artifactId>
    <version>2.5.2</version>
    <relativePath/> <!-- lookup parent from repository -->
</parent>   
<dependencies>
    <dependency>
        <groupId>mysql</groupId>
        <artifactId>mysql-connector-java</artifactId>
    </dependency>
    <dependency>
        <groupId>com.baomidou</groupId>
        <artifactId>mybatis-plus-boot-starter</artifactId>
        <version>3.4.1</version>
    </dependency>

    <dependency>
        <groupId>io.jsonwebtoken</groupId>
        <artifactId>jjwt</artifactId>
        <version>0.9.0</version>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-security</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-web</artifactId>
    </dependency>
    <dependency>
        <groupId>org.projectlombok</groupId>
        <artifactId>lombok</artifactId>
        <optional>true</optional>
    </dependency>
    <!--java版本太高  向下兼容的包-->
    <dependency>
        <groupId>javax.xml.bind</groupId>
        <artifactId>jaxb-api</artifactId>
        <version>2.3.0</version>
    </dependency>
</dependencies>

2.3、配置文件

# 應(yīng)用名稱
spring.application.name=demo
# 應(yīng)用服務(wù) WEB 訪問端口
server.port=8080

spring.datasource.name=defaultDataSource
# 數(shù)據(jù)庫連接地址
spring.datasource.url=jdbc:mysql://localhost:3306/security?serverTimezone=UTC
# 數(shù)據(jù)庫用戶名&密碼:
spring.datasource.username=root
spring.datasource.password=123456

mybatis-plus.mapper-locations=classpath:mapper/**/*.xml

logging.level.com.crush.security.mapper=DEBUG

# token 存活時(shí)間
token.expire=3600000
token.key=123456

2.4、WebSecurityConfig Security的主要配置類:

import com.crush.security.auth.filter.JwtAuthenticationFilter;
import com.crush.security.auth.filter.JwtAuthorizationFilter;
import com.crush.security.auth.handle.MacLoginUrlAuthenticationEntryPoint;
import com.crush.security.auth.handle.MyAccessDeniedHandler;
import com.crush.security.auth.handle.MyLogoutSuccessHandler;
import com.crush.security.auth.service.UserDetailServiceImpl;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;


/**
 * @author crush
 */
@Configuration
@EnableWebSecurity
//啟用全局配置
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    /**放行的路徑*/
    private final String[] PATH_RELEASE = {
            "/login",
            "/all"
    };
    /***根據(jù)用戶名找到用戶*/
    @Autowired
    private UserDetailServiceImpl userDetailService;

    @Autowired
    private MacLoginUrlAuthenticationEntryPoint macLoginUrlAuthenticationEntryPoint;

    @Autowired
    private MyAccessDeniedHandler myAccessDeniedHandler;

    @Autowired
    private MyLogoutSuccessHandler myLogoutSuccessHandler;

    
      @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.cors().and().csrf().disable();
        http.authorizeRequests()
                /**antMatchers (這里的路徑)   permitAll 這里是允許所有人 訪問*/
                .antMatchers(PATH_RELEASE).permitAll()
                /** 映射任何請(qǐng)求 */
                .anyRequest()

                /** 指定任何經(jīng)過身份驗(yàn)證的用戶都允許使用URL。*/
                .authenticated()

                /** 指定支持基于表單的身份驗(yàn)證 */
                .and().formLogin().permitAll()

                /** 允許配置異常處理??梢宰约簜髦颠M(jìn)去 使用WebSecurityConfigurerAdapter時(shí),將自動(dòng)應(yīng)用此WebSecurityConfigurerAdapter 。*/
                .and().exceptionHandling()

                /** 設(shè)置要使用的AuthenticationEntryPoint。   macLoginUrlAuthenticationEntryPoint   驗(yàn)證是否登錄*/
                .authenticationEntryPoint(macLoginUrlAuthenticationEntryPoint)

                /** 指定要使用的AccessDeniedHandler   處理拒絕訪問失敗。*/
                .accessDeniedHandler(myAccessDeniedHandler)

                /** 提供注銷支持。 使用WebSecurityConfigurerAdapter時(shí),將自動(dòng)應(yīng)用此WebSecurityConfigurerAdapter 。
                 *  默認(rèn)設(shè)置是訪問URL “ / logout”將使HTTP會(huì)話無效,清理配置的所有rememberMe()身份驗(yàn)證,清除SecurityContextHolder ,
                 *  然后重定向到“ / login?success”,從而注銷用戶*/
                .and().logout().logoutSuccessHandler(myLogoutSuccessHandler)

                /** 處理身份驗(yàn)證表單提交。 授予權(quán)限 */
                .and().addFilter(new JwtAuthenticationFilter(authenticationManager()))
                /** 處理HTTP請(qǐng)求的BASIC授權(quán)標(biāo)頭,然后將結(jié)果放入SecurityContextHolder 。 */
                .addFilter(new JwtAuthorizationFilter(authenticationManager()))
                /**不需要session */
                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
    }

    @Override
    public void configure(WebSecurity web) throws Exception {
        super.configure(web);
    }

    /**
     * 
     * 因?yàn)槭褂昧薆CryptPasswordEncoder來進(jìn)行密碼的加密,所以身份驗(yàn)證的時(shí)候也的用他來判斷哈、,
     * @param auth
     * @throws Exception
     */
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailService).passwordEncoder(passwordEncoder());
    }

    /** * 密碼加密*/
    @Bean
    PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }
}

2.5、Security身份驗(yàn)證

import com.crush.security.entity.MyUser;
import com.crush.security.utils.JwtTokenUtils;
import com.fasterxml.jackson.databind.ObjectMapper;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.ArrayList;
import java.util.Collection;

/**
 * 處理身份驗(yàn)證表單提交。
 *
 * @author crush
 */
public class JwtAuthenticationFilter extends UsernamePasswordAuthenticationFilter {

    private AuthenticationManager authenticationManager;

    public JwtAuthenticationFilter(AuthenticationManager authenticationManager) {
        this.authenticationManager = authenticationManager;
    }

    /**
     * 執(zhí)行實(shí)際的身份驗(yàn)證。
     * 該實(shí)現(xiàn)應(yīng)執(zhí)行以下操作之一:
     * 返回已驗(yàn)證用戶的已填充驗(yàn)證令牌,指示驗(yàn)證成功
     * 返回null,表示身份驗(yàn)證過程仍在進(jìn)行中。 在返回之前,實(shí)現(xiàn)應(yīng)執(zhí)行完成該過程所需的任何其他工作。
     * 如果身份驗(yàn)證過程失敗,則拋出AuthenticationException
     */
    @Override
    public Authentication attemptAuthentication(HttpServletRequest request,
                                                HttpServletResponse response) throws AuthenticationException {
        //輸入流中獲取到登錄的信息
        try {
            MyUser loginUser = new ObjectMapper().readValue(request.getInputStream(), MyUser.class);
            logger.info("loginUser===>" + loginUser);
            /**
             * authenticate
             * 嘗試對(duì)傳遞的Authentication對(duì)象進(jìn)行身份Authentication ,
             * 如果成功,則返回完全填充的Authentication對(duì)象(包括授予的權(quán)限)
             * */
            return authenticationManager.authenticate(
                    new UsernamePasswordAuthenticationToken(loginUser.getUsername(), loginUser.getPassword(), new ArrayList<>())
            );
        } catch (IOException e) {
            e.printStackTrace();
            return null;
        }
    }

    /**
     * 成功驗(yàn)證后調(diào)用的方法
     * 如果驗(yàn)證成功,就生成token并返回
     */
    @Override
    protected void successfulAuthentication(HttpServletRequest request,
                                            HttpServletResponse response,
                                            FilterChain chain,
                                            Authentication authResult) throws IOException, ServletException {
        // 查看源代碼會(huì)發(fā)現(xiàn)調(diào)用getPrincipal()方法會(huì)返回一個(gè)實(shí)現(xiàn)了`UserDetails`接口的對(duì)象
        // 所以就是JwtUser啦
        MyUser user = (MyUser) authResult.getPrincipal();
        String role = "";
        // 因?yàn)樵贘wtUser中存了權(quán)限信息,可以直接獲取,由于只有一個(gè)角色就這么干了
        Collection<? extends GrantedAuthority> authorities = user.getAuthorities();
        for (GrantedAuthority authority : authorities) {
            role = authority.getAuthority();
        }
        // 根據(jù)用戶名,角色創(chuàng)建token并返回json信息
        String token = JwtTokenUtils.createToken(user.getUsername(), role, false);
        user.setPassword(null);
        user.setToken(JwtTokenUtils.TOKEN_PREFIX + token);
        response.setStatus(HttpServletResponse.SC_OK);
        response.setHeader("token", JwtTokenUtils.TOKEN_PREFIX + token);
        response.setContentType("application/json;charset=utf-8");
        PrintWriter writer = response.getWriter();
        writer.write(new ObjectMapper().writeValueAsString(user));
    }

    /**
     * 驗(yàn)證失敗時(shí)候調(diào)用的方法
     */
    @Override
    protected void unsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response, AuthenticationException failed) throws IOException, ServletException {
        response.setStatus(HttpServletResponse.SC_FORBIDDEN);
        response.setContentType("application/json;charset=utf-8");
        PrintWriter writer = response.getWriter();
        writer.write(new ObjectMapper().writeValueAsString( "登錄失敗,賬號(hào)或密碼錯(cuò)誤"));
    }
}

2.6、Security授權(quán)

import com.crush.security.utils.JwtTokenUtils;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.Collections;

/**
 * 處理HTTP請(qǐng)求的BASIC授權(quán)標(biāo)頭,然后將結(jié)果放入SecurityContextHolder 。
 */
public class JwtAuthorizationFilter extends BasicAuthenticationFilter {

    public JwtAuthorizationFilter(AuthenticationManager authenticationManager) {
        super(authenticationManager);
    }

    @Override
    protected void doFilterInternal(HttpServletRequest request,
                                    HttpServletResponse response,
                                    FilterChain chain) throws IOException, ServletException {

        String tokenHeader = request.getHeader(JwtTokenUtils.TOKEN_HEADER);
        // 如果請(qǐng)求頭中沒有Authorization信息則直接放行了
        if (tokenHeader == null || !tokenHeader.startsWith(JwtTokenUtils.TOKEN_PREFIX)) {
            chain.doFilter(request, response);
            return;
        }
        // 如果請(qǐng)求頭中有token,則進(jìn)行解析,并且設(shè)置認(rèn)證信息
        SecurityContextHolder.getContext().setAuthentication(getAuthentication(tokenHeader));
        super.doFilterInternal(request, response, chain);
    }

    /** * 這里從token中獲取用戶信息并新建一個(gè)token*/
    private UsernamePasswordAuthenticationToken getAuthentication(String tokenHeader) {
        String token = tokenHeader.replace(JwtTokenUtils.TOKEN_PREFIX, "");
        String username = JwtTokenUtils.getUsername(token.trim());
        String role = JwtTokenUtils.getUserRole(token);
        if (username != null) {
            return new UsernamePasswordAuthenticationToken(username, null,
                    Collections.singleton(new SimpleGrantedAuthority(role))
            );
        }
        return null;
    }
}

2.7、UserDetailsService

UserDetailServiceImpl 實(shí)現(xiàn)了UserDetailsService,用來加載用戶特定數(shù)據(jù)的核心接口。

import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.crush.security.entity.MyUser;
import com.crush.security.service.IMyUserService;
import lombok.extern.slf4j.Slf4j;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;

@Slf4j
@Service
public class UserDetailServiceImpl implements UserDetailsService {

    final
    IMyUserService userService;

    public UserDetailServiceImpl(IMyUserService userService) {
        this.userService = userService;
    }

    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
        MyUser user = userService.getOne(new QueryWrapper<MyUser>().eq("username", username));
        return user;
    }
}

2.7、MacLoginUrlAuthenticationEntryPoint

/**
 * 
 * 身份驗(yàn)證沒有通過回調(diào)
 */
@Component
public class MacLoginUrlAuthenticationEntryPoint implements AuthenticationEntryPoint {
    @Override
    public void commence(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException e) throws IOException, ServletException {
        httpServletResponse.setStatus(HttpServletResponse.SC_FORBIDDEN);
        httpServletResponse.setContentType("application/json;charset=utf-8");
        PrintWriter writer = httpServletResponse.getWriter();
        writer.write(new ObjectMapper().writeValueAsString("未登錄!"));
    }
}

2.8、MyAccessDeniedHandler

/**
 * 權(quán)限不足回調(diào)
 */
@Component
public class MyAccessDeniedHandler implements AccessDeniedHandler {

    @Override
    public void handle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AccessDeniedException e) throws IOException, ServletException {
        httpServletResponse.setContentType("application/json;charset=utf-8");
        httpServletResponse.setStatus(HttpServletResponse.SC_FORBIDDEN);
        PrintWriter writer = httpServletResponse.getWriter();
        writer.write(new ObjectMapper().writeValueAsString("不好意思,你的權(quán)限不足!"));
    }
}

2.9、MyLogoutSuccessHandler

/**
 * 退出回調(diào)
 */
@Component
public class MyLogoutSuccessHandler implements LogoutSuccessHandler {
    @Override
    public void onLogoutSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException {
        httpServletResponse.setStatus(HttpServletResponse.SC_OK);
        httpServletResponse.setContentType("application/json;charset=utf-8");
        PrintWriter writer = httpServletResponse.getWriter();
        writer.write(new ObjectMapper().writeValueAsString( "退出成功"));
    }
}

2.10、JWT的工具類

生成token

package com.crush.security.utils;

import io.jsonwebtoken.Claims;
import io.jsonwebtoken.ExpiredJwtException;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

import java.util.Date;
import java.util.HashMap;

public class JwtTokenUtils {

    public static final String TOKEN_HEADER = "Authorization";
    public static final String TOKEN_PREFIX = "Bearer ";

    private static final String SECRET = "jwtsecretdemo";
    private static final String ISS = "echisan";

    /**
     * 過期時(shí)間是3600秒,既是1個(gè)小時(shí)
     */
    private static final long EXPIRATION = 3600L;

    /**
     * 選擇了記住我之后的過期時(shí)間為7天
     */
    private static final long EXPIRATION_REMEMBER = 604800L;

    // 添加角色的key
    private static final String ROLE_CLAIMS = "rol";

    /**
     * 修改一下創(chuàng)建token的方法
     *
     * @param username
     * @param role
     * @param isRememberMe
     * @return
     */
    public static String createToken(String username, String role, boolean isRememberMe) {
        String token = null;
        try {
            long expiration = isRememberMe ? EXPIRATION_REMEMBER : EXPIRATION;
            HashMap<String, Object> map = new HashMap<>();
            map.put(ROLE_CLAIMS, role);
            token = Jwts.builder()
                    .signWith(SignatureAlgorithm.HS512, SECRET)
                    // 這里要早set一點(diǎn),放到后面會(huì)覆蓋別的字段
                    .setClaims(map)
                    .setIssuer(ISS)
                    .setSubject(username)
                    .setIssuedAt(new Date())
                    .setExpiration(new Date(System.currentTimeMillis() + expiration * 1000))
                    .compact();
        } catch (ExpiredJwtException e) {
            e.getClaims();
        }
        return token;
    }


    /**
     * 從token中獲取用戶名
     *
     * @param token
     * @return
     */
    public static String getUsername(String token) {
        return getTokenBody(token).getSubject();
    }

    /**
     * 從token中獲取roles
     *
     * @param token
     * @return
     */
    public static String getUserRole(String token) {
        return (String) getTokenBody(token).get(ROLE_CLAIMS);
    }

    /**
     * 是否已過期
     *
     * @param token
     * @return
     */
    public static boolean isExpiration(String token) {
        return getTokenBody(token).getExpiration().before(new Date());
    }

    private static Claims getTokenBody(String token) {
        return Jwts.parser()
                .setSigningKey(SECRET)
                .parseClaimsJws(token)
                .getBody();
    }

    public static void main(String[] args) {
        BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
        String user = encoder.encode("test");
        System.out.println(user);
    }
}

弄完上面這些,相關(guān)配置就都搞定了,剩下就是最簡(jiǎn)單的編碼啦。

三、代碼 entity

@Data
@EqualsAndHashCode(callSuper = false)
@TableName("account")
public class MyUser implements Serializable, UserDetails {

    private static final long serialVersionUID = 1L;

    private int id;

    private String username;

    private String password;

    // 1:啟用 , 0:禁用
    @TableField(exist = false)
    private Integer enabled = 1;

    // 1:鎖住 , 0:未鎖
    @TableField(exist = false)
    private Integer locked = 0;

    private String role;

    @TableField(exist = false)
    private String token;

    //授權(quán)
    @Override
    public Collection<? extends GrantedAuthority> getAuthorities() {
        List<SimpleGrantedAuthority> authorities = new ArrayList<>();
        SimpleGrantedAuthority authority = new SimpleGrantedAuthority(role);
        authorities.add(authority);
        return authorities;
    }

    @Override
    public boolean isAccountNonExpired() { return true; }

    @Override
    public boolean isAccountNonLocked() { return locked == 0; }

    @Override
    public boolean isCredentialsNonExpired() {  return true;  }

    @Override
    public boolean isEnabled() { return enabled == 1; }
}

mapper

import com.baomidou.mybatisplus.core.mapper.BaseMapper;
import com.crush.security.entity.MyUser;
import org.springframework.stereotype.Repository;

@Repository
public interface MyUserMapper extends BaseMapper<MyUser> {}

service、impl

import com.baomidou.mybatisplus.extension.service.IService;
import com.crush.security.entity.MyUser;

public interface IMyUserService extends IService<MyUser> {
    
}

import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
import com.crush.security.entity.MyUser;
import com.crush.security.mapper.MyUserMapper;
import com.crush.security.service.IMyUserService;
import org.springframework.stereotype.Service;

@Service
public class MyUserServiceImpl extends ServiceImpl<MyUserMapper, MyUser> implements IMyUserService {
}

controller

package com.crush.security.controller;


import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
public class UserController {

    @RequestMapping("/all")
    String all() {
        return "在WebSecurityConfig中配置了放行,任何人都可以進(jìn)行訪問";
    }

    @PreAuthorize("permitAll()")
    @RequestMapping("/test")
    String test() {
        return "所有登錄的人都可以訪問";
    }

    @PreAuthorize("hasRole('USER')")
    @RequestMapping("/user/userList")
    String userList() {
        return "role: user";
    }

    @PreAuthorize("hasRole('ADMIN')")
    @RequestMapping("/admin/updateUser")
    String updateUser() {
        return "role: admin";
    }

    @PreAuthorize("hasRole('SUPER_ADMIN')")
    @RequestMapping("/admin/superAdmin")
    String superAdmin() {
        return "role: superAdmin";
    }

    @PreAuthorize("hasAnyRole('ADMIN','USER')")
    @RequestMapping("/userAndAdmin")
    String userAndAdminTest() {
        return "role: admin and user";
    }

    @PreAuthorize("hasAnyRole('ADMIN')or hasAnyRole('SUPER_ADMIN')")
    @RequestMapping("/AdminAndSuperAdminTest")
    String AdminAndSuperAdminTest() {
        return "role: admin and super_admin";
    }

    // hasAnyAuthority() 也是可以多個(gè)字符串 權(quán)限驗(yàn)證,可以不跟ROLE_前綴
    @PreAuthorize("hasAuthority('TEST') ")
    @RequestMapping("/ceshi2")
    String ceshi2() {
        return "hasAuthority:權(quán)限驗(yàn)證,不過查的也是role那個(gè)字段,不過不用拼接上ROLE而已";
    }
}

四、測(cè)試

:我使用的測(cè)試工具是Postman,另外login接口接收的數(shù)據(jù)是需要JSON類型的。

1)登錄

注意這里的token,我們是需要把他記住,下次去請(qǐng)求要攜帶上。

在這里插入圖片描述

2)測(cè)試管理員

在這里插入圖片描述

3)測(cè)試hasAnyAuthority ()注解

hasAnyAuthority() 也是可以多個(gè)字符串 權(quán)限驗(yàn)證,可以不跟ROLE_前綴

在這里插入圖片描述

在這里插入圖片描述

五、總結(jié)

Security框架和SpringBoot集成,其實(shí)上手特別快,但是如果要想研究的比較深刻的話,我覺得是比較困難的,上文講過,security是屬于一個(gè)重量級(jí)的框架,里面很多東西特別多。使用方面肯定是沒有任何問題的。

你卷我卷,大家卷,什么時(shí)候這條路才是個(gè)頭啊。??(還是直接上天吧)

有時(shí)候也想停下來歇一歇,一直做一個(gè)事情,感覺挺難堅(jiān)持的。??

你好,如果你正巧看到這篇文章,并且覺得對(duì)你有益的話,就給個(gè)贊吧,讓我感受一下分享的喜悅吧,蟹蟹。??

如若有寫的有誤的地方,也請(qǐng)大家不嗇賜教!!

同樣如若有存在疑惑的地方,請(qǐng)留言或私信,定會(huì)在第一時(shí)間回復(fù)你。

持續(xù)更新中

源碼鏈接:Gitee

到此這篇關(guān)于SpringBoot整合Security安全框架實(shí)現(xiàn)控制權(quán)限的文章就介紹到這了,更多相關(guān)SpringBoot Security控制權(quán)限內(nèi)容請(qǐng)搜索腳本之家以前的文章或繼續(xù)瀏覽下面的相關(guān)文章希望大家以后多多支持腳本之家!

相關(guān)文章

  • VSCode新手教程之配置Java環(huán)境的詳細(xì)教程

    VSCode新手教程之配置Java環(huán)境的詳細(xì)教程

    這篇文章主要給大家介紹了關(guān)于VSCode新手教程之配置Java環(huán)境的詳細(xì)教程,工欲善其事必先利其器,想要工作順利我們先搭建好JAVA的開發(fā)環(huán)境,需要的朋友可以參考下
    2023-10-10
  • mybatis設(shè)置sql執(zhí)行時(shí)間超時(shí)時(shí)間的方法

    mybatis設(shè)置sql執(zhí)行時(shí)間超時(shí)時(shí)間的方法

    本文主要介紹了mybatis設(shè)置sql執(zhí)行時(shí)間超時(shí)時(shí)間的方法,文中通過示例代碼介紹的非常詳細(xì),具有一定的參考價(jià)值,感興趣的小伙伴們可以參考一下
    2022-02-02
  • 快速上手Java中的Properties集合類

    快速上手Java中的Properties集合類

    java.util.Properties集合繼承于Hashtable,來表示一個(gè)持久的屬性集,他使用鍵值結(jié)構(gòu)存儲(chǔ)數(shù)據(jù),每個(gè)鍵及其對(duì)應(yīng)的值都是一個(gè)字符串,該類被許多java類使用,下面這篇文章主要給大家介紹了關(guān)于如何快速上手Java中Properties集合類的相關(guān)資料,需要的朋友可以參考下
    2023-02-02
  • Java簡(jiǎn)易登錄注冊(cè)小程序

    Java簡(jiǎn)易登錄注冊(cè)小程序

    這篇文章主要為大家詳細(xì)介紹了Java圖形界面開發(fā),簡(jiǎn)易登錄注冊(cè)小程序,文中示例代碼介紹的非常詳細(xì),具有一定的參考價(jià)值,感興趣的小伙伴們可以參考一下
    2016-10-10
  • Java索引越界異常Exception java.lang.IndexOutOfBoundsException的解決

    Java索引越界異常Exception java.lang.IndexOutOfBoundsException

    本文主要介紹了Java索引越界異常Exception java.lang.IndexOutOfBoundsException的解決,文中通過示例代碼介紹的非常詳細(xì),對(duì)大家的學(xué)習(xí)或者工作具有一定的參考學(xué)習(xí)價(jià)值,需要的朋友們下面隨著小編來一起學(xué)習(xí)學(xué)習(xí)吧
    2023-06-06
  • 詳解Springboot應(yīng)用中設(shè)置Cookie的SameSite屬性

    詳解Springboot應(yīng)用中設(shè)置Cookie的SameSite屬性

    Chrome 51 開始,瀏覽器的 Cookie 新增加了一個(gè)SameSite屬性,用來防止 CSRF 攻擊和用戶追蹤。今天通過本文給大家介紹Springboot應(yīng)用中設(shè)置Cookie的SameSite屬性,感興趣的朋友一起看看吧
    2022-01-01
  • @GrpcServise?注解的作用和使用示例詳解

    @GrpcServise?注解的作用和使用示例詳解

    @GrpcService 是一個(gè) Spring Boot 處理器,它會(huì)查找實(shí)現(xiàn)了 grpc::BindableService 接口的類,并將其包裝成一個(gè) Spring Bean 對(duì)象,這篇文章主要介紹了@GrpcServise?注解的作用和使用,需要的朋友可以參考下
    2023-05-05
  • 使用Spring Cache設(shè)置緩存條件操作

    使用Spring Cache設(shè)置緩存條件操作

    這篇文章主要介紹了使用Spring Cache設(shè)置緩存條件操作,具有很好的參考價(jià)值,希望對(duì)大家有所幫助。如有錯(cuò)誤或未考慮完全的地方,望不吝賜教
    2021-09-09
  • Java使用GUI實(shí)現(xiàn)貪吃蛇游戲詳解

    Java使用GUI實(shí)現(xiàn)貪吃蛇游戲詳解

    小時(shí)候經(jīng)常在諾基亞上玩的一個(gè)小游戲-貪吃蛇,你還記得嗎?本篇帶你重溫一下把它實(shí)現(xiàn),做的比較簡(jiǎn)單,但還是可以玩的.感興趣的朋友快來看看吧
    2022-05-05
  • 基于Failed?to?load?ApplicationContext異常的解決思路

    基于Failed?to?load?ApplicationContext異常的解決思路

    這篇文章主要介紹了基于Failed?to?load?ApplicationContext異常的解決思路,具有很好的參考價(jià)值,希望對(duì)大家有所幫助。如有錯(cuò)誤或未考慮完全的地方,望不吝賜教
    2022-01-01

最新評(píng)論