開發(fā)環(huán)境：springboot

maven引入：

<dependency> <groupId>org.springframework.security.oauth</groupId> <artifactId>spring-security-oauth2</artifactId> <version>2.2.1.RELEASE</version> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-jwt</artifactId> <version>1.0.10.RELEASE</version> </dependency>

1、先在數(shù)據(jù)庫創(chuàng)建用戶表，用戶名為username，密碼名為password。下面是我用戶表的實體

private Integer id;/*** 昵稱*/private String name;/*** 職位*/private String code;/*** 密碼*/private String passwd;/*** 用戶名*/private String username;/*** 手機(jī)號*/private String phone;/*** 創(chuàng)建時間*/private Date createdTime;

2、看項目是JPA、還是mybatis。我這邊項目使用的是mybatis。需要有一個方法通過用戶名獲取用戶信息。

3、創(chuàng)建一個用戶驗證類實現(xiàn) UserDetails 繼承用戶實體

public class SecurityUser extends SysUser implements UserDetails {private static final long serialVersiongUID = 1l;public SecurityUser(SysUser sysUser) { if (null != sysUser) { this.setCode(sysUser.getCode()); this.setCreatedTime(sysUser.getCreatedTime()); this.setId(sysUser.getId()); this.setName(sysUser.getName()); this.setPasswd(sysUser.getPasswd()); this.setPhone(sysUser.getPhone()); this.setUsername(sysUser.getUsername()); }}@Overridepublic Collection<? extends GrantedAuthority> getAuthorities() { Collection<GrantedAuthority> authorities = new ArrayList<>(); String username = this.getUsername(); if (username != null) { SimpleGrantedAuthority authority = new SimpleGrantedAuthority(username); authorities.add(authority); } return authorities;}@Overridepublic String getPassword() { return super.getPasswd();}//賬戶是否未過期,過期無法驗證@Overridepublic boolean isAccountNonExpired() { return true;}//指定用戶是否解鎖,鎖定的用戶無法進(jìn)行身份驗證@Overridepublic boolean isAccountNonLocked() { return true;}//指示是否已過期的用戶的憑據(jù)(密碼),過期的憑據(jù)防止認(rèn)證@Overridepublic boolean isCredentialsNonExpired() { return true;}//是否可用 ,禁用的用戶不能身份驗證@Overridepublic boolean isEnabled() { return true;}}

4、重點！創(chuàng)建一個scurity config配置類

@Configuration @EnableWebSecurity public class UiSecurityConfig extends WebSecurityConfigurerAdapter { private static final Logger logger = LoggerFactory.getLogger(UiSecurityConfig.class); @Override protected void configure(HttpSecurity http) throws Exception { //配置策略 http.csrf().disable(); http.authorizeRequests(). antMatchers('/static/**').permitAll().anyRequest().authenticated(). and().formLogin().loginPage('/login').permitAll().successHandler(loginSuccessHandler()). and().logout().permitAll().invalidateHttpSession(true). deleteCookies('JSESSIONID').logoutSuccessHandler(logoutSuccessHandler()). and().sessionManagement().maximumSessions(10).expiredUrl('/login'); } @Bean public BCryptPasswordEncoder passwordEncoder() { //密碼加密 return new BCryptPasswordEncoder(4); } @Bean public LogoutSuccessHandler logoutSuccessHandler() { //登出處理 return new LogoutSuccessHandler() { @Override public void onLogoutSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException { try { SecurityUser user = (SecurityUser) authentication.getPrincipal(); logger.info('USER : ' + user.getUsername() + ' LOGOUT SUCCESS ! '); } catch (Exception e) { logger.info('LOGOUT EXCEPTION , e : ' + e.getMessage()); } httpServletResponse.sendRedirect('/login'); } }; } @Bean public SavedRequestAwareAuthenticationSuccessHandler loginSuccessHandler() { //登入處理 return new SavedRequestAwareAuthenticationSuccessHandler() { @Override public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException { SysUser userDetails = (SysUser) authentication.getPrincipal(); logger.info('USER : ' + userDetails.getUsername() + ' LOGIN SUCCESS ! '); //登錄成功后重定向路徑 response.sendRedirect('/'); } }; } //用戶登錄實現(xiàn) @Bean public UserDetailsService userDetailsService() { return new UserDetailsService() { @Autowired private SysUserDao sysUserDao;//這里是引入數(shù)據(jù)庫連接dao @Override public UserDetails loadUserByUsername(String s) throws UsernameNotFoundException { SysUser userNmae = new SysUser(); userNmae.setUsername(s); List<SysUser> listUser = sysUserDao.queryAll(userNmae);//通過用戶名獲取個用戶信息 SysUser user = null; if (listUser.size() > 0) {user = listUser.get(0); } if (user == null) throw new UsernameNotFoundException('Username ' + s + ' not found'); return new SecurityUser(user); } }; }}

5、基礎(chǔ)工作準(zhǔn)備完成開始寫controller

@Controllerpublic class LoginController { @Resourceprivate SessionTool sessionTool;// 獲取登錄頁面@RequestMapping(value = '/login', method = RequestMethod.GET)public String login() { return 'login';}@RequestMapping('/')public String login(ModelMap map){ SysUser sysUser = sessionTool.getUser(); map.addAttribute('sysUser', sysUser); return 'index';}}

6、從session獲取用戶信息

@Componentpublic class SessionTool {public SysUser getUser() { //為了session從獲取用戶信息,可以配置如下 SysUser user = new SysUser(); SecurityContext ctx = SecurityContextHolder.getContext(); Authentication auth = ctx.getAuthentication(); if (auth.getPrincipal() instanceof UserDetails) user = (SysUser) auth.getPrincipal(); return user;}public HttpServletRequest getRequest() { return ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();}}

7、login.html頁面（登錄路徑為login 請求方式為post，scurity自帶的登錄路徑）

<!DOCTYPE html><html lang='en'><head> <meta charset='UTF-8'> <title>Title</title></head><body><form action='/login' method='post'> 用戶名 : <input type='text' name='username'/> 密碼 : <input type='password' name='password'/> <input type='submit' value='登錄'></form></body></html>

總結(jié)一下思路：

引入依賴包-》創(chuàng)建用戶表-》創(chuàng)建用戶表數(shù)據(jù)庫查詢接口-》創(chuàng)建用戶校驗類實現(xiàn)UserDetails接口-》創(chuàng)建scurity配置類繼承 WebSecurityConfigurerAdapter 方法configure為配置校驗策略-》創(chuàng)建controller配置登錄頁面跳轉(zhuǎn)接口-》創(chuàng)建登陸頁面用戶名必須為username 密碼為password 登錄路徑為’/login’ 請求方式為post

由于scurity配置的密碼檢驗是加密的為了測試可以在Test模塊中獲取加密后的密碼然后存到用戶表的password字段中。

@Test public void encoder() { String password = '123123'; BCryptPasswordEncoder encoder = new BCryptPasswordEncoder(4); String enPassword = encoder.encode(password); System.out.println(enPassword); }

到此這篇關(guān)于spring boot整合scurity做簡單的登錄校驗的實現(xiàn)的文章就介紹到這了,更多相關(guān)springboot scurity登錄校驗內(nèi)容請搜索好吧啦網(wǎng)以前的文章或繼續(xù)瀏覽下面的相關(guān)文章希望大家以后多多支持好吧啦網(wǎng)！