SpringBoot集成security（4）|（security基于JWT实现前后端分离自定义登录）

我会带着你远行 2023-10-03 21:59 8阅读 0赞

## SpringBoot集成security（4）|（security基于JWT实现前后端分离自定义登录） ##

--------------------

### 文章目录  SpringBoot集成security（4）|（security基于JWT实现前后端分离自定义登录）  @\[TOC\]  前言  一、项目依赖  二、自定义响应处理  三、自定义用户登录响应类  四、自定义登录实现  1、JwtAuthencationTokenFilter介绍  2、自定义用户名密码登录接口实现  3、security配置  4、自定义JwtAuthencationTokenFilter实现  4、JwtTokenUtils工具类  四、验证登录情况  1、编写测试接口  2、调用接口提示  总结 ###

章节  
第一章链接: [SpringBoot集成security（1）|（security入门）][SpringBoot_security_1_security]  
第二章链接: [SpringBoot集成security（2）|（security自定义配置）][SpringBoot_security_2_security]  
第三章链接: [SpringBoot集成security（3）|（security的前后端分离登录以及响应处理）][SpringBoot_security_3_security]  
第四章链接: [SpringBoot集成security（4）|（security基于JWT实现前后端分离自定义登录）][SpringBoot_security_4_security_JWT]

## 前言 ##

上一章节我们介绍了springboot基于security的用户配置，权限配置，资源配置。并且我们重写了login表单登录，且认证授权异常的报错都做了统一处理，但是这样还是有一些问题例如有的希望自己定义一个接口，并且实现token认证管理，实现前后端分离，鉴于现在大多项目都是前后端分离，我们这个章节来实现基于前后端分离的JWT登录.

本片文章是在上一篇基础上进行的扩展，如果大家对项目基础不是很清楚请查看上一篇文章

## 一、项目依赖 ##

> 主要包含security的依赖以及一些工具类的依赖

<parent>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-parent</artifactId>
            <version>2.5.7</version>
            <relativePath/>
        </parent>
       <dependencies>
           
           <dependency>
               <groupId>org.springframework.boot</groupId>
               <artifactId>spring-boot-starter</artifactId>
           </dependency>
           <dependency>
               <groupId>org.springframework.boot</groupId>
               <artifactId>spring-boot-starter-test</artifactId>
               <scope>test</scope>
           </dependency>
           <dependency>
               <groupId>org.springframework.boot</groupId>
               <artifactId>spring-boot-starter-web</artifactId>
           </dependency>
           
    
           
           <dependency>
               <groupId>com.github.xiaoymin</groupId>
               <artifactId>knife4j-spring-ui</artifactId>
               <version>3.0.3</version>
           </dependency>
           <dependency>
               <groupId>io.springfox</groupId>
               <artifactId>springfox-swagger2</artifactId>
               <version>3.0.0</version>
           </dependency>
    
           
           <dependency>
               <groupId>org.apache.commons</groupId>
               <artifactId>commons-lang3</artifactId>
               <version>3.12.0</version>
           </dependency>
    
           <dependency>
               <groupId>org.apache.commons</groupId>
               <artifactId>commons-collections4</artifactId>
               <version>4.1</version>
           </dependency>
    
           <dependency>
               <groupId>com.google.guava</groupId>
               <artifactId>guava</artifactId>
               <version>30.1.1-jre</version>
           </dependency>
    
           
           <dependency>
               <groupId>com.alibaba</groupId>
               <artifactId>fastjson</artifactId>
               <version>1.2.49</version>
           </dependency>
           <dependency>
               <groupId>org.projectlombok</groupId>
               <artifactId>lombok</artifactId>
               <optional>true</optional>
           </dependency>
           <dependency>
               <groupId>commons-codec</groupId>
               <artifactId>commons-codec</artifactId>
               <version>1.15</version>
           </dependency>
    
           
           <dependency>
               <groupId>org.springframework.boot</groupId>
               <artifactId>spring-boot-starter-security</artifactId>
           </dependency>
    
           
           <dependency>
               <groupId>org.springframework.boot</groupId>
               <artifactId>spring-boot-starter-data-jpa</artifactId>
           </dependency>
           <dependency>
               <groupId>mysql</groupId>
               <artifactId>mysql-connector-java</artifactId>
               <scope>runtime</scope>
           </dependency>
           
           <dependency>
               <groupId>io.jsonwebtoken</groupId>
               <artifactId>jjwt</artifactId>
               <version>0.9.1</version>
           </dependency>
    
           <dependency>
               <groupId>joda-time</groupId>
               <artifactId>joda-time</artifactId>
               <version>2.9.9</version>
           </dependency>
       </dependencies>

## 二、自定义响应处理 ##

> 自定义响应处理主要是定义好响应格式，方便前后端连调

1、定义响应体ResponseHandle

@Data
    public class ResponseHandle<T> {
        
        private String status;
        private String desc;
        private T data;
    
        // 成功 无参构成函数
        public static ResponseHandle SUCCESS(){
        
            ResponseHandle result = new ResponseHandle();
            result.setDesc("成功");
            result.setResultCode(HttpCode.SUCCESS);
            return result;
        }
        //成功 有返回数据构造函数
        public static ResponseHandle SUCCESS(Object data){
        
            ResponseHandle result = new ResponseHandle();
            result.setData(data);
            result.setResultCode(HttpCode.SUCCESS);
            return result;
        }
    
        /**
         * 失败，指定status、desc
         */
        public static ResponseHandle FAIL(String status, String desc) {
        
            ResponseHandle result = new ResponseHandle();
            result.setStatus(status);
            result.setDesc(desc);
            return result;
        }
    
        /**
         * 失败，指定ResultCode枚举
         */
        public static ResponseHandle FAIL(HttpCode resultCode) {
        
            ResponseHandle result = new ResponseHandle();
            result.setResultCode(resultCode);
            return result;
        }
        /**
         * 把ResultCode枚举转换为ResResult
         */
        private void setResultCode(HttpCode code) {
        
            this.status = code.code();
            this.desc = code.message();
        }
    }

2、定义响应枚举HttpCode

public enum HttpCode {
        
    
        // 成功状态码
        SUCCESS("00000", "成功"),
        UNKNOWN_ERROR("99999", "服务未知异常"),
        // 系统500错误
        SYSTEM_ERROR("10000", "系统异常，请稍后重试"),
    
    
        // 认证错误：20001-29999
        USER_NOAUTH("20000", "用户未登录"),
        TOKEN_ERROR("20001", "生成token失败"),
        LOGIN_ERROR("20002", "登录失败"),
        USER_LOCKED("20004", "账户已锁定"),
        USER_PASS_OUT("20005", "用户名或密码错误次数过多"),
        USER_NOTFIND_ERROR("20006", "没有找到用户"),
        USER_ERROR("20007", "用户名或密码不正确"),
        USER_CODE("20008", "验证码输入有误，请重新输入！"),
        USER_DISABLE("20009", "该账号也被禁用,请联系管理员!"),
        USER_INFOERROR("20010", "用户信息获取异常!"),
        USER_NOAUTHON("20011", "用户没有权限访问"),
    
        ;
    
    
        private String code;
    
        private String message;
    
        HttpCode(String code, String message) {
        
            this.code = code;
            this.message = message;
        }
    
        public String code() {
        
            return this.code;
        }
    
        public String message() {
        
            return this.message;
        }
    }

## 三、自定义用户登录响应类 ##

> 主要是用户访问资源时检查到该用户没有登录、和用户登录了没有访问权限场景下的返回前端信息格式

1、用户未登录提示

@Component
    public class RestfulAccessDeniedHandler implements AccessDeniedHandler {
        
        @Override
        public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException) throws IOException, ServletException {
        
            response.setCharacterEncoding("UTF-8");
            response.setContentType("application/json; charset=utf-8");
            response.setStatus(HttpServletResponse.SC_OK);
            ResponseHandle fail = ResponseHandle.FAIL(HttpCode.USER_NOAUTHON);
            response.getWriter().write(JSONObject.toJSONString(fail));
        }
    }

2、用户没有访问权限处理

@Component
    public class RestAuthorizationEntryPoint implements AuthenticationEntryPoint {
        
    
        @Override
        public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException, ServletException {
        
            response.setCharacterEncoding("UTF-8");
            response.setContentType("application/json; charset=utf-8");
            response.setStatus(HttpServletResponse.SC_OK);
            ResponseHandle fail = ResponseHandle.FAIL(HttpCode.USER_NOAUTH);
            response.getWriter().write(JSONObject.toJSONString(fail));
        }
    }

## 四、自定义登录实现 ##

### 1、JwtAuthencationTokenFilter介绍 ###

> BasicAuthenticationFilter过滤器和OncePerRequestFilter过滤器效果一样，是security实现用户登录认证的过滤器，改过滤器在用户访问的时候进行来接，我们可以继承该类，然后重写doFilterInternal方法，实现自定义的token拦截，这样每次接口访问资源都会对token进行来接，查看是否有效以及过期。

### 2、自定义用户名密码登录接口实现 ###

> 该处用户可以自定义自己的实现逻辑，例如用户密码加密，返回参数等。

1、登录接口

@Api(tags = {
        "登录相关接口"})
    @RestController
    @RequestMapping("/oak")
    public class LoginCtrl {
        
    
        @Autowired
        private LoginService loginService;
    
        @ApiOperation(value = "用户登录接口", notes = "登录")
        @PostMapping("/login")
        public ResponseHandle login(@RequestBody User user, HttpServletRequest request) {
        
            return loginService.login(user, request);
        }
    }

2、登录实现server

@Service
    public class LoginServiceImpl implements LoginService {
        
    
        @Autowired
        private UserServiceImpl userDetailsService;
    
        @Autowired
        private PasswordEncoder passwordEncoder;
    
    
        @Override
        public ResponseHandle login(User user, HttpServletRequest request) {
        
            String username = user.getUsername();
            String password = user.getPassword();
    
    //        String code = user.getCode();
    //        // 验证码
    //        String captcha = (String) request.getSession().getAttribute("captcha");
    //        // 判断验证码
    //        if ("".equals(code) || !captcha.equalsIgnoreCase(code)) {
        
    //            return ResponseHandle.FAIL(HttpCode.USER_CODE);
    //        }
            UserDetails userDetails = userDetailsService.loadUserByUsername(username);
            if (userDetails.isEnabled()) {
        
                if (null == userDetails || !passwordEncoder.matches(password, userDetails.getPassword())) {
        
                    return ResponseHandle.FAIL(HttpCode.USER_ERROR);
                }
                // 更新security登录用户对象
                UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
    //            authenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
                //将authenticationToken放入spring security全局中
                SecurityContextHolder.getContext().setAuthentication(authenticationToken);
                // 创建一个token
                String token = JwtTokenUtils.createToken(username, "", true);
                Map<String, String> tokenMap = new HashMap<>();
                tokenMap.put("token", "Bearer" + token);
                return ResponseHandle.SUCCESS(tokenMap);
            }
            return ResponseHandle.FAIL(HttpCode.USER_DISABLE);
        }
    }

3、根据用户名查询用户

@Service
    public class UserServiceImpl implements UserDetailsService {
        
    
        @Autowired
        private UserRepository userRepository;
    
        /**
         *
         * @param s
         * @return 实现loadUserByUsername方法，根据用户名查找用户信息
         * @throws UsernameNotFoundException
         */
        @Override
        public UserDetails loadUserByUsername(String s) throws UsernameNotFoundException {
        
            User user = userRepository.findByUsername(s);
            return new JwtUser(user);
        }
    }

4、JPA实现数据库查询用户

public interface UserRepository extends CrudRepository<User, Integer> {
        
        /**
         * 根据用户名查询用户
         * @param username
         * @return
         */
        User findByUsername(String username);
    }

5、User实体

@Data
    @Entity
    @Table(name = "t_user")
    public class User {
        
    
        @Id
        @GeneratedValue(strategy = GenerationType.IDENTITY)
        @Column(name = "id")
        private Integer id;
    
        @Column(name = "username")
        private String username;
    
        @Column(name = "password")
        private String password;
    
        @Column(name = "code")
        private String code;
    
        @Column(name = "role")
        private String role;
    
        @Override
        public String toString() {
        
            return "User{" +
                    "id=" + id +
                    ", username='" + username + '\'' +
                    ", password='" + password + '\'' +
                    ", role='" + role + '\'' +
                    '}';
        }
    }

### 3、security配置 ###

> 配置security用户来源、认证模式、过滤器等，这里我们使用了自己的登录接口，所以需要放行，并且不使用表单提交模式

@Configuration
    @EnableWebSecurity
    public class SecurityConfig extends WebSecurityConfigurerAdapter {
        
    
        @Autowired
        private UserServiceImpl userService;
    
        @Resource
        private RestAuthorizationEntryPoint restAuthorizationEntryPoint;
    
        @Resource
        private RestfulAccessDeniedHandler restfulAccessDeniedHandler;
    
    
    
        /**
         * 常用的三种存储方式，项目找那个用的最多的为，自定义用户存储
         *
         * @param auth
         * @throws Exception
         */
        @Override
        protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        
            //1、内存用户配置
    //        auth.inMemoryAuthentication().passwordEncoder(bCryptPasswordEncoder())
    //                .withUser("admin").password(bCryptPasswordEncoder().encode("123456")).authorities("ADMIN")
    //                .and()
    //                .withUser("test").password(bCryptPasswordEncoder().encode("123456")).authorities("TEST");
            //2、数据库用户配置
    //        auth.jdbcAuthentication().dataSource(dataSource).passwordEncoder(passwordEncoder())
    //                .usersByUsernameQuery(
    //                        "select username, password, status from Users where username = ?")
    //                .authoritiesByUsernameQuery(
    //                        "select username, authority from Authority where username = ?");
            //3、自定义用户存储
            auth.userDetailsService(userService)
                    .passwordEncoder(bCryptPasswordEncoder());
        }
    
        /**
         * configure(WebSecurity)用于影响全局安全性(配置资源，设置调试模式，通过实现自定义防火墙定义拒绝请求)的配置设置。
         * 一般用于配置全局的某些通用事物，例如静态资源等
         *
         * @param web
         */
        @Override
        public void configure(WebSecurity web) {
        
            web.ignoring()
                    .antMatchers(HttpMethod.OPTIONS, "/**")  ///跨域请求预处理
                    .antMatchers("/favicon.ico")
                    .antMatchers("/swagger**")   // 以下swagger静态资源、接口不拦截
                    .antMatchers("/doc.html")
                    .antMatchers("/swagger-resources/**")
                    .antMatchers("/v2/api-docs")
                    .antMatchers("/webjars/**")
    //                .antMatchers("/logout")
                    .antMatchers("/js/**", "/css/**", "/images/**");  // 排除html静态资源
        }
    
        /**
         * 配置接口拦截
         * configure(HttpSecurity)允许基于选择匹配在资源级配置基于网络的安全性，
         * 也就是对角色所能访问的接口做出限制
         *
         * @param httpSecurity 请求属性
         * @throws Exception
         */
        @Override
        protected void configure(HttpSecurity httpSecurity) throws Exception {
        
            httpSecurity
                    .authorizeRequests()
                    .antMatchers(HttpMethod.GET, "/demo/get").permitAll()
                    .antMatchers("/oak/login", "/oak/logout").permitAll()
                    //指定权限为ROLE_ADMIN才能访问，这里和方法注解配置效果一样，但是会覆盖注解
                    .antMatchers("/demo/delete").hasRole("ADMIN")
                    // 所有请求都需要验证
                    .anyRequest().authenticated()
                    .and()
                    .addFilterBefore(jwtAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class)
                    .exceptionHandling()
                    .accessDeniedHandler(restfulAccessDeniedHandler)
                    .authenticationEntryPoint(restAuthorizationEntryPoint)
                    .and()
                    .csrf().disable()
                    .sessionManagement()//禁用session
                    .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                    .and()
                    .logout().logoutUrl("/logout")
                    .and()
                    // 禁用缓存
                    .headers()
                    .cacheControl();
        }
    
    
        /**
         * 配置用户认证方式
         *
         * @return
         * @throws Exception
         */
        @Override
        @Bean
        public AuthenticationManager authenticationManagerBean() throws Exception {
        
            return super.authenticationManagerBean();
        }
    
    
        /**
         * 自定义过滤器，用来替换security的默认过滤器（UsernamePasswordAuthenticationFilter），
         * 实现自定义的login接口，接口路径为了区别默认的/login我们定义为/mylogin
         *
         * @return
         * @throws Exception
         */
    
        /**
         * 使用security 提供的加密规则（还有其他加密方式）
         *
         * @return
         */
        @Bean
        public BCryptPasswordEncoder bCryptPasswordEncoder() {
        
            return new BCryptPasswordEncoder();
        }
    
        /**
         * JWT token过滤器
         * @return
         * @throws Exception
         */
        @Bean
        public JwtAuthencationTokenFilter jwtAuthenticationFilter() throws Exception {
        
            JwtAuthencationTokenFilter jwtAuthenticationFilter = new JwtAuthencationTokenFilter(authenticationManager());
            return jwtAuthenticationFilter;
        }
    }

### 4、自定义JwtAuthencationTokenFilter实现 ###

> 配置security用户来源、认证模式、过滤器等，这里我们定义了自己的/mylogin登录接口

public class JwtAuthencationTokenFilter extends BasicAuthenticationFilter {
        
        private String tokenHeader = "Authorization";
        private String tokenHead = "Bearer";
    
        @Autowired
        private UserServiceImpl userService;
    
        public JwtAuthencationTokenFilter(AuthenticationManager authenticationManager) {
        
            super(authenticationManager);
        }
    
        /**
         * 自定义过滤器，用来校验token是否存在，token是否失效
         *
         * @param request
         * @param response
         * @param filterChain
         * @throws ServletException
         * @throws IOException
         */
        @Override
        protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
                throws ServletException, IOException {
        
            // 请求头中获取token信息
            String authheader = request.getHeader(tokenHeader);
            // 存在token
            if (null != authheader && authheader.startsWith(tokenHead)) {
        
                // 去除字段名称, 获取真正token
                String authToken = authheader.substring(tokenHead.length());
                // 利用token获取用户名
                String username = JwtTokenUtils.getUsername(authToken);
    
                System.out.println("自定义JWT过滤器获得用户名为" + username);
                Authentication a = SecurityContextHolder.getContext().getAuthentication();
    
                // token存在用户未登陆
                // SecurityContextHolder.getContext().getAuthentication() 获取上下文对象中认证信息
                if (null != username && null == SecurityContextHolder.getContext().getAuthentication()) {
        
                    // 自定义数据源获取用户信息
                    UserDetails userDetails = userService.loadUserByUsername(username);
                    // 验证token是否有效 验证token用户名和存储的用户名是否一致以及是否在有效期内, 重新设置用户对象
    //                if (JwtTokenUtils.isExpiration(authToken)) {
        
                    // 重新将用户信息封装到UsernamePasswordAuthenticationToken
                    if (JwtTokenUtils.checkToken(authToken)) {
        
                        System.out.println("token有效");
                        UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
                        authenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
                        SecurityContextHolder.getContext().setAuthentication(authenticationToken);
                    }
                }
            }
            //继续下一个拦截器
            filterChain.doFilter(request, response);
        }
    }

### 4、JwtTokenUtils工具类 ###

> 主要用于配置生成token，验证token等相关方法

public class JwtTokenUtils {
        
    
    
        private static final String SECRET = "oak-secret";
        private static final String ISS = "oak";
    
        /**
         * 角色的key
         */
        private static final String ROLE_CLAIMS = "rol";
    
        /**
         * 过期时间是3600秒，既是1个小时
         */
        private static final long EXPIRATION = 3600L;
    
        /**
         * 选择了记住我之后的过期时间为7天
         */
        private static final long EXPIRATION_REMEMBER = 604800L;
    
        /**
         * 创建token
         *
         * @param username
         * @param role
         * @param isRememberMe
         * @return
         */
        public static String createToken(String username, String role, boolean isRememberMe) {
        
            long expiration = isRememberMe ? EXPIRATION_REMEMBER : EXPIRATION;
            HashMap<String, Object> map = new HashMap<>();
            map.put(ROLE_CLAIMS, role);
            return Jwts.builder()
                    .signWith(SignatureAlgorithm.HS512, SECRET)
                    .setClaims(map)  //存放自定义信息，也可不放
                    .setIssuer(ISS)     //发行人
                    .setSubject(username)   //jwt主题
                    .setIssuedAt(new Date())   //当前时间
                    .setExpiration(new Date(System.currentTimeMillis() + expiration * 1000)) // 过期时间
                    .compact();
        }
    
        /**
         * 从token中获取用户名
         *
         * @param token
         * @return
         */
        public static String getUsername(String token) {
        
            return getTokenBody(token).getSubject();
        }
    
    
        /**
         * 获取用户角色
         *
         * @param token
         * @return
         */
        public static String getUserRole(String token) {
        
            return (String) getTokenBody(token).get(ROLE_CLAIMS);
        }
    
        /**
         * 是否已过期
         *
         * @param token
         * @return
         */
        public static boolean isExpiration(String token) {
        
            try {
        
                return getTokenBody(token).getExpiration().before(new Date());
            } catch (ExpiredJwtException e) {
        
                return true;
            }
        }
    
    
        /**
         * 根据token，判断token是否存在与有效
         *
         * @param jwtToken
         * @return
         */
        public static boolean checkToken(String jwtToken) {
        
            if (StringUtils.isEmpty(jwtToken)) return false;
            try {
        
                Jwts.parser().setSigningKey(SECRET).parseClaimsJws(jwtToken);
            } catch (Exception e) {
        
                e.printStackTrace();
                return false;
            }
            return true;
        }
    
        private static Claims getTokenBody(String token) {
        
            return Jwts.parser()
                    .setSigningKey(SECRET)
                    .parseClaimsJws(token)
                    .getBody();
        }
    }

## 四、验证登录情况 ##

### 1、编写测试接口 ###

@Api(tags = {
        "演示相关接口"})
    @RestController
    @RequestMapping("/demo")
    public class DemoCtrl {
        
    
        @Autowired
        private UserRepository userRepository;
    
        @Autowired
        private BCryptPasswordEncoder bCryptPasswordEncoder;
    
    
        @ApiOperation(value = "获取接口", notes = "获取接口")
        @GetMapping(value = "/get")
        public ResponseHandle get() {
        
            return ResponseHandle.SUCCESS("获取数据成功");
        }
    
        @ApiOperation(value = "更新接口(ADMIN可访问)", notes = "更新接口")
        @GetMapping(value = "/update1")
        @PreAuthorize("hasAnyRole('ROLE_ADMIN')")
        public ResponseHandle update1() {
        
            return ResponseHandle.SUCCESS("更新数据成功");
        }
    
        @ApiOperation(value = "查询接口(USER可访问)", notes = "查询接口")
        @GetMapping(value = "/find")
        @PreAuthorize("hasAnyRole('ROLE_USER')")
        public ResponseHandle find() {
        
            return ResponseHandle.SUCCESS("查询数据成功");
        }
    
        @ApiOperation(value = "删除用户(ADMIN配置可用)", notes = "修改")
        @GetMapping("/delete")
        public ResponseHandle delete() {
        
            return ResponseHandle.SUCCESS("删除成功");
        }
    
        @ApiOperation(value = "注册用户", notes = "注册")
        @PostMapping("/register")
        public String registerUser(@RequestBody Map<String, String> registerUser) {
        
            User user = new User();
            user.setUsername(registerUser.get("username"));
            user.setPassword(bCryptPasswordEncoder.encode(registerUser.get("password")));
            user.setRole("ROLE_USER");
            User save = userRepository.save(user);
            return save.toString();
        }
    }

### 2、调用接口提示 ###

> 1、调用登录调用接口  
> ![请添加图片描述][07e0e4cf8ad44602abf9378fc4c36541.png]  
> 可以看到接口返回了一个长串的token，下次我们访问服务资源只要带上改token就可以了

> 2、调用删除接口  
> ![请添加图片描述][76939890e1704272ae19292f3188f9fc.png]>3、换一个角色为USER的用户在调删除接口![请添加图片描述][b71fcbe6760e4862bcbc15c44c262ae9.png]

## 总结 ##

到此springboot集成了security完成了用户的数据库配置以及自定义登录，并且完善了登录相关的响应，这样方便前后端统一处理。这样的登录可以实现单一项目的需求，但是考虑到多项目间的登录认证，该方案还是有很多问题，接下来我们将继续完成基于OAuth2 token的认证方式

第一章链接: [SpringBoot集成security（1）|（security入门）][SpringBoot_security_1_security]  
第二章链接: [SpringBoot集成security（2）|（security自定义配置）][SpringBoot_security_2_security]  
第三章链接: [SpringBoot集成security（3）|（security的前后端分离登录以及响应处理）][SpringBoot_security_3_security]  
第四章链接: [SpringBoot集成security（4）|（security基于JWT实现前后端分离自定义登录）][SpringBoot_security_4_security_JWT]

[SpringBoot_security_1_security]: https://blog.csdn.net/Oaklkm/article/details/127904641
[SpringBoot_security_2_security]: https://blog.csdn.net/Oaklkm/article/details/127918927
[SpringBoot_security_3_security]: https://blog.csdn.net/Oaklkm/article/details/128144676
[SpringBoot_security_4_security_JWT]: https://blog.csdn.net/Oaklkm/article/details/128190531
[07e0e4cf8ad44602abf9378fc4c36541.png]: https://img-blog.csdnimg.cn/07e0e4cf8ad44602abf9378fc4c36541.png
[76939890e1704272ae19292f3188f9fc.png]: https://img-blog.csdnimg.cn/76939890e1704272ae19292f3188f9fc.png
[b71fcbe6760e4862bcbc15c44c262ae9.png]: https://img-blog.csdnimg.cn/b71fcbe6760e4862bcbc15c44c262ae9.png