springboot——security基于自定义数据库模型的认证

本文详细介绍了如何在SpringBoot项目中集成SpringSecurity进行权限管理,包括Maven依赖配置、application.properties配置、数据库创表语句、Security代码实现及测试接口。通过示例展示了基于角色的权限控制和用户认证流程。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >

一、Maven配置

本示例基于security5 + mybatis-plus + lombok

<dependencies>
	<dependency>
		<groupId>org.springframework.boot</groupId>
		<artifactId>spring-boot-starter-web</artifactId>
	</dependency>
	<dependency>
		<groupId>org.springframework.boot</groupId>
		<artifactId>spring-boot-starter-data-jdbc</artifactId>
	</dependency>
	<dependency>
		<groupId>org.springframework.boot</groupId>
		<artifactId>spring-boot-starter-security</artifactId>
	</dependency>
	<dependency>
		<groupId>org.springframework.boot</groupId>
		<artifactId>spring-boot-starter-actuator</artifactId>
	</dependency>
	<dependency>
		<groupId>com.baomidou</groupId>
		<artifactId>mybatis-plus-boot-starter</artifactId>
		<version>3.2.0</version>
	</dependency>
	<dependency>
		<groupId>mysql</groupId>
		<artifactId>mysql-connector-java</artifactId>
		<scope>runtime</scope>
	</dependency>
	<dependency>
		<groupId>org.projectlombok</groupId>
		<artifactId>lombok</artifactId>
		<optional>true</optional>
	</dependency>
	<dependency>
		<groupId>org.springframework.boot</groupId>
		<artifactId>spring-boot-starter-test</artifactId>
		<scope>test</scope>
	</dependency>
	<dependency>
		<groupId>org.springframework.security</groupId>
		<artifactId>spring-security-test</artifactId>
		<scope>test</scope>
	</dependency>
</dependencies>

二、application.properties配置

spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver
spring.datasource.url=jdbc:mysql://localhost:3306/test?useUnicode=true&characterEncoding=utf8&serverTimezone=UTC
spring.datasource.username=root
spring.datasource.password=123456

三、数据库创表语句

CREATE TABLE `org_member` (
	`id` VARCHAR(64) NOT NULL PRIMARY key,
	`username` VARCHAR(128) NULL DEFAULT NULL,
	`password` VARCHAR(128) NULL DEFAULT NULL,
	`enable` BIT(1) NULL DEFAULT NULL,
	`roles` VARCHAR(128) NULL DEFAULT NULL
)

四、security代码

@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                .antMatchers("/admin/api/**").hasRole("ADMIN")
                .antMatchers("/user/api/**").hasRole("USER")
                .antMatchers("/app/api/**").permitAll()
                .anyRequest().authenticated()
                .and()
                .formLogin()
                .and()
                .csrf().disable();
    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new MessageDigestPasswordEncoder("MD5");
    }
}

@Service
public class UserDetailsService implements org.springframework.security.core.userdetails.UserDetailsService, InitializingBean {
    @Autowired
    private PasswordEncoder passwordEncoder;
    @Autowired
    private SnakeFakeId snakeFakeId;
    @Autowired
    private OrgMemberManager orgMemberManager;

    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
        OrgMember orgMember = orgMemberManager.getOrgMemberByUsername(username);
        if (orgMember == null) {
            throw new UsernameNotFoundException("用户不存在!");
        }
        List<GrantedAuthority> grantedAuthorities = AuthorityUtils.commaSeparatedStringToAuthorityList(orgMember.getRoles());
        return User.withUsername(orgMember.getUsername()).password(orgMember.getPassword()).authorities(grantedAuthorities).build();
    }

    @Override
    public void afterPropertiesSet() throws Exception {
        OrgMember root = orgMemberManager.getOrgMemberByUsername("root");
        if (root == null) {
            OrgMember orgMember = new OrgMember();
            orgMember.setId(String.valueOf(snakeFakeId.nextId()));
            orgMember.setUsername("root");
            orgMember.setPassword(passwordEncoder.encode("root"));
            orgMember.setEnable(true);
            orgMember.setRoles("ROLE_ADMIN");
            orgMemberManager.saveOrgMember(orgMember);
        }

        OrgMember chopper = orgMemberManager.getOrgMemberByUsername("chopper");
        if (chopper == null) {
            OrgMember orgMember = new OrgMember();
            orgMember.setId(String.valueOf(snakeFakeId.nextId()));
            orgMember.setUsername("chopper");
            orgMember.setPassword(passwordEncoder.encode("123456"));
            orgMember.setEnable(true);
            orgMember.setRoles("ROLE_USER");
            orgMemberManager.saveOrgMember(orgMember);
        }
    }
}

五、测试接口

@RestController
public class AdminController {
    @RequestMapping("/admin/api/hello")
    public String hello() {
        return "hello, admin!";
    }
}
@RestController
public class AppController {
    @RequestMapping("/app/api/hello")
    public String hello() {
        return "hello, app!";
    }
}
@RestController
public class UserController {
    @RequestMapping("/user/api/hello")
    public String hello() {
        return "hello, user!";
    }
}

六、参考示例

  1. Springboot整合SpringSecurity 05-使用JDBC实现认证和授权
  2. Spring Security实现JDBC用户登录认证
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值