spring-security（四）java config-sample之jdbc

前言
本篇文章我们举例说明在spring-security中利用mysql来存储用户信息和权限信息，示例采用security默认提供的DDL。

环境：
spring-boot版本：1.5.4.RELEASE

1.项目工程结构

[img]http://dl2.iteye.com/upload/attachment/0128/9079/26c0ff3b-f7bc-3b9b-887a-e999a1542b22.png[/img]


2.配置类SecurityConfig.java

/**
 * 
 */
package nariis.chengf.security.samples.javaconfig.jdbc;

import javax.sql.DataSource;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;

import com.alibaba.druid.pool.DruidDataSource;

/**
 * @author: 作者： chengaofeng
 * @date: 创建时间：2018-01-09 08:31:44
 * @Description: TODO
 * @version V1.0
 */
@EnableWebSecurity
public class SecurityConfig {
	@Bean
	public DruidDataSource dataSource() {
		DruidDataSource dataSource = new DruidDataSource();
		dataSource.setDriverClassName("com.mysql.jdbc.Driver");
		dataSource.setUsername("root");
		dataSource.setPassword("sso");
		dataSource.setName("chengf");
		dataSource.setUrl("jdbc:mysql://localhost:3306/chengf?useUnicode=true&characterEncoding=UTF-8");
		dataSource.setMaxActive(20);
		dataSource.setInitialSize(1);
		dataSource.setMaxWait(60000);
		dataSource.setMinIdle(1);
		dataSource.setTimeBetweenEvictionRunsMillis(60000);
		dataSource.setMinEvictableIdleTimeMillis(300000);
		dataSource.setValidationQuery("select 'x'");
		dataSource.setPoolPreparedStatements(true);
		dataSource.setMaxPoolPreparedStatementPerConnectionSize(20);
		return dataSource;
	}

	@Autowired
	public void configureGlobal(AuthenticationManagerBuilder auth, DataSource dataSource) throws Exception {
		auth.jdbcAuthentication().dataSource(dataSource);
	}
}

数据源的配置用了druid。

3.数据库表结构，因为采用的是spring-security默认的ddl，所以要创建默认的user和authorities,spring 为我们提供了默认表对应的建表语句，在spring-security-core-*.jar包的org.springframework.security.core.userdetails.jdbc目录下

create table users(username varchar_ignorecase(50) not null primary key,password varchar_ignorecase(500) not null,enabled boolean not null);
create table authorities (username varchar_ignorecase(50) not null,authority varchar_ignorecase(50) not null,constraint fk_authorities_users foreign key(username) references users(username));
create unique index ix_auth_username on authorities (username,authority);

实际创建时，varchar_ignorecase类型时没有的，改成varchar即可

[img]http://dl2.iteye.com/upload/attachment/0128/9075/20b6b58a-ffe0-3cf9-bb1d-b0b4527f2df7.png[/img]

4.接着插入我们测试用的数据


[img]http://dl2.iteye.com/upload/attachment/0128/9081/fa675b77-31f7-37ba-b77f-bf4a3e7e243b.png[/img]

5.启动类SecurityJdbcApp.java

package nariis.chengf.security.samples.javaconfig.jdbc;

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;

/**
 * Hello world!
 *
 */
@SpringBootApplication
public class SecurityJdbcApp 
{
    public static void main( String[] args )
    {
        SpringApplication.run(SecurityJdbcApp.class, args);
    }
}

6.项目的pom.xml

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
	<modelVersion>4.0.0</modelVersion>

	<groupId>nariis.chengf</groupId>
	<artifactId>security-samples-javaconfig-jdbc</artifactId>
	<version>0.0.1-SNAPSHOT</version>
	<packaging>jar</packaging>

	<name>security-samples-javaconfig-jdbc</name>
	<url>http://maven.apache.org</url>

	<properties>
		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
	</properties>

	<dependencyManagement>

		<dependencies>
			<dependency>
				<groupId>org.springframework.boot</groupId>
				<artifactId>spring-boot-starter-parent</artifactId>
				<version>1.5.4.RELEASE</version>
				<type>pom</type>
				<scope>import</scope>
			</dependency>
		</dependencies>
	</dependencyManagement>
	<dependencies>
		<dependency>
			<groupId>junit</groupId>
			<artifactId>junit</artifactId>
			<scope>test</scope>
		</dependency>
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-web</artifactId>
		</dependency>
		<dependency>
			<groupId>org.springframework.security</groupId>
			<artifactId>spring-security-config</artifactId>
		</dependency>
		<dependency>
			<groupId>org.springframework.security</groupId>
			<artifactId>spring-security-web</artifactId>
		</dependency>
		<dependency>
			<groupId>org.springframework</groupId>
			<artifactId>spring-jdbc</artifactId>
		</dependency>
		<!-- https://mvnrepository.com/artifact/mysql/mysql-connector-java -->
		<dependency>
			<groupId>mysql</groupId>
			<artifactId>mysql-connector-java</artifactId>
			<scope>runtime</scope>
		</dependency>
		<dependency>
			<groupId>com.alibaba</groupId>
			<artifactId>druid</artifactId>
			<version>1.0.27</version>
		</dependency>
	</dependencies>
	<build>
		<plugins>
			<plugin>
				<groupId>org.springframework.boot</groupId>
				<artifactId>spring-boot-maven-plugin</artifactId>
				<executions>
					<execution>
						<goals>
							<goal>repackage</goal>
						</goals>
					</execution>
				</executions>
				<configuration>
					<mainClass>${start-class}</mainClass>
				</configuration>
			</plugin>
		</plugins>
	</build>
</project>

7.index.html代码

<!DOCTYPE html>
<html>
<head>
<title>Static</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
</head>
<body>
	hello jdbc!
</body>
</html>

8.启动项目
选中启动类，选择Run As -> Java Application
启动后在浏览器中输入 http://localhot:8080/index.html,如果一切正常，我们会被重定向到login页面，输入我们插入库中的测试用户名和密码

[img]http://dl2.iteye.com/upload/attachment/0128/9083/317ab3fa-6642-3143-ae73-b51f6253b174.png[/img]
点击login后就会重定向到index.html页面

[img]http://dl2.iteye.com/upload/attachment/0128/9085/d37378cc-83ff-39b2-9e91-fe6abf5af371.png[/img]

到此，我们jdbc的简单示例就完成了。后续我们还会进一步探讨采用jdbc来做认证存储，包括自定义数据表结构，用户权限继承等等功能。


[url=https://github.com/fengyilin/spring-security-sample/tree/master]下载源码[/url]