SpringBoot整合Spring Security,使用数据库鉴权(四)

╰半夏微凉° 2022-12-10 01:12 270阅读 0赞

一、实现UserDetails接口

  1. package com.example.securityzimug.config.auth;
  3. import org.springframework.security.core.GrantedAuthority;
  4. import org.springframework.security.core.userdetails.UserDetails;
  6. import java.util.Collection;
  8. public class MyUserDetails implements UserDetails {
  10.     String password; //密码
  11.     String username;  //用户名
  12.     boolean accountNonExpired;   //是否没过期
  13.     boolean accountNonLocked;   //是否没被锁定
  14.     boolean credentialsNonExpired;  //是否没过期
  15.     boolean enabled;  //账号是否可用
  16.     Collection<? extends GrantedAuthority> authorities;  //用户的权限集合
  18.     @Override
  19.     public Collection<? extends GrantedAuthority> getAuthorities() {
  20.         return authorities;
  21.     }
  23.     @Override
  24.     public String getPassword() {
  25.         return password;
  26.     }
  28.     @Override
  29.     public String getUsername() {
  30.         return username;
  31.     }
  33.     @Override
  34.     public boolean isAccountNonExpired() {
  35.         return true;
  36.     }
  38.     @Override
  39.     public boolean isAccountNonLocked() {
  40.         return true;
  41.     }
  43.     @Override
  44.     public boolean isCredentialsNonExpired() {
  45.         return true;
  46.     }
  48.     @Override
  49.     public boolean isEnabled() {
  50.         return enabled;
  51.     }
  53.     public void setPassword(String password) {
  54.         this.password = password;
  55.     }
  57.     public void setUsername(String username) {
  58.         this.username = username;
  59.     }
  61.     public void setAccountNonExpired(boolean accountNonExpired) {
  62.         this.accountNonExpired = accountNonExpired;
  63.     }
  65.     public void setAccountNonLocked(boolean accountNonLocked) {
  66.         this.accountNonLocked = accountNonLocked;
  67.     }
  69.     public void setCredentialsNonExpired(boolean credentialsNonExpired) {
  70.         this.credentialsNonExpired = credentialsNonExpired;
  71.     }
  73.     public void setEnabled(boolean enabled) {
  74.         this.enabled = enabled;
  75.     }
  77.     public void setAuthorities(Collection<? extends GrantedAuthority> authorities) {
  78.         this.authorities = authorities;
  79.     }
  80. }

二、编写mapper

在编写之前需要导入依赖。

  1. <dependency>
  2.             <groupId>org.mybatis.spring.boot</groupId>
  3.             <artifactId>mybatis-spring-boot-starter</artifactId>
  4.             <version>2.1.3</version>
  5.         </dependency>
  6.         <dependency>
  7.             <groupId>mysql</groupId>
  8.             <artifactId>mysql-connector-java</artifactId>
  9.         </dependency>
  11. package com.example.securityzimug.config.auth;
  13. import org.apache.ibatis.annotations.Mapper;
  14. import org.apache.ibatis.annotations.Param;
  15. import org.apache.ibatis.annotations.Select;
  17. import java.util.List;
  19. @Mapper
  20. public interface MyUserDetailsServiceMapper {
  22.     //根据userID查询用户信息
  23.     @Select("SELECT username,password,enabled\n" +
  24.             "FROM sys_user u\n" +
  25.             "WHERE u.username = #{userId} or u.phone = #{userId}")
  26.     MyUserDetails findByUserName(@Param("userId") String userId);
  28.     //根据userID查询用户角色列表
  29.     @Select("SELECT role_code\n" +
  30.             "FROM sys_role r\n" +
  31.             "LEFT JOIN sys_user_role ur ON r.id = ur.role_id\n" +
  32.             "LEFT JOIN sys_user u ON u.id = ur.user_id\n" +
  33.             "WHERE u.username = #{userId} or u.phone = #{userId}")
  34.     List<String> findRoleByUserName(@Param("userId") String userId);
  37.     //根据用户角色查询用户权限
  38.     @Select({
  39.       "<script>",
  40.          "SELECT url " ,
  41.          "FROM sys_menu m " ,
  42.          "LEFT JOIN sys_role_menu rm ON m.id = rm.menu_id " ,
  43.          "LEFT JOIN sys_role r ON r.id = rm.role_id ",
  44.          "WHERE r.role_code IN ",
  45.          "<foreach collection='roleCodes' item='roleCode' open='(' separator=',' close=')'>",
  46.             "#{roleCode}",
  47.          "</foreach>",
  48.       "</script>"
  49.     })
  50.     List<String> findAuthorityByRoleCodes(@Param("roleCodes") List<String> roleCodes);
  52. }

三、实现UserDetailsService接口

  1. package com.example.securityzimug.config.auth;
  3. import org.springframework.security.core.authority.AuthorityUtils;
  4. import org.springframework.security.core.userdetails.UserDetails;
  5. import org.springframework.security.core.userdetails.UserDetailsService;
  6. import org.springframework.security.core.userdetails.UsernameNotFoundException;
  7. import org.springframework.stereotype.Component;
  9. import javax.annotation.Resource;
  10. import java.util.List;
  11. import java.util.stream.Collectors;
  13. /**
  14.  * @author baikunlong
  15.  * @date 2020/9/22 23:14
  16.  */
  17. @Component
  18. public class MyUserDetailsService implements UserDetailsService {
  20.     @Resource
  21.     private MyUserDetailsServiceMapper myUserDetailsServiceMapper;
  23.     @Override
  24.     public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
  25.         MyUserDetails myUserDetails = myUserDetailsServiceMapper.findByUserName(username);
  26.         //角色集合
  27.         List<String> roleList = myUserDetailsServiceMapper.findRoleByUserName(username);
  28.         //资源权限集合
  29.         List<String> authorities = myUserDetailsServiceMapper.findAuthorityByRoleCodes(roleList);
  31.         //角色是特殊的权限,前缀规定为ROLE_
  32.         roleList=roleList.stream().map(role->"ROLE_"+role).collect(Collectors.toList());
  33.         authorities.addAll(roleList);
  34.         myUserDetails.setAuthorities(AuthorityUtils.commaSeparatedStringToAuthorityList(String.join(",",authorities)));
  35.         return myUserDetails;
  36.     }
  37. }

四、修改配置类

watermark_type_ZmFuZ3poZW5naGVpdGk_shadow_10_text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L2JhaWt1bmxvbmc_size_16_color_FFFFFF_t_70

注意这里的UserDetailsService一定要使用注入方式,我一开始手动new的,这会导致mapper为空,在service那排错了很久,后来才发现是这边的问题。

20200923090551627.png

五、修改配置文件

  1. spring:
  2.   security:
  3. #    用数据库后,内存模式的就先注释掉吧
  4. #    user:
  5. #      name: admin
  6. #      password: admin
  7.     loginType: JSON
  8.   datasource:
  9.     url: jdbc:mysql://localhost:3306/study_springboot_05_security_zimug?useUnicode=true&characterEncoding=utf-8&useSSL=false&serverTimezone=Asia/Shanghai
  10.     username: root
  11.     password: '123456'
  12.     driver-class-name: com.mysql.cj.jdbc.Driver
  14. #logging:
  15. #  level:
  16. #    root: debug

需要注意的是,配置文件如果是yml文件类型的,密码一定要加单引号或者双引号,不然连接不了数据库的,properties不存在这个问题。

六、动态鉴权

在一开始我们的鉴权都是写的静态的,当有新需求时可能会更改代码,所以需要动态的鉴权。

编写一个类来鉴权。

  1. package com.example.securityzimug.config.auth;
  3. import org.springframework.security.core.Authentication;
  4. import org.springframework.security.core.GrantedAuthority;
  5. import org.springframework.security.core.authority.AuthorityUtils;
  6. import org.springframework.security.core.userdetails.UserDetails;
  7. import org.springframework.stereotype.Component;
  9. import javax.servlet.http.HttpServletRequest;
  10. import java.util.List;
  12. @Component("rabcService")
  13. public class MyRBACService {
  15.     /**
  16.      * 判断某用户是否具有该request资源的访问权限
  17.      */
  18.     public boolean hasPermission(HttpServletRequest request, Authentication authentication){
  19.         //这个就是UserDetails
  20.         Object principal = authentication.getPrincipal();
  21.         if(principal instanceof UserDetails){
  22.             UserDetails userDetails = ((UserDetails)principal);
  23.             //这里的请求地址就是资源权限名
  24.             List<GrantedAuthority> authorityList =
  25.                     AuthorityUtils.commaSeparatedStringToAuthorityList(request.getRequestURI());
  26.             //判断当前用户是否有这个资源权限
  27.             return userDetails.getAuthorities().contains(authorityList.get(0));
  28.         }
  29.         return false;
  30.     }
  31. }

然后在配置类里更改下权限配置:

20200923100745395.png

发表评论

表情:
评论列表 (有 0 条评论,270人围观)

还没有评论,来说两句吧...

相关阅读