03-SpringSecurity数据库用户登录

我不是女神ヾ 2022-01-22 03:15 356阅读 0赞

--------------------

这一节来看一下如何从数据库引入user到我们的spring-security中。

## 统一用户登录 ##

首先来实现一个不包含角色、权限的demo吧！

建表：

DROP TABLE IF EXISTS `user`;
    CREATE TABLE `user` (
      `id` int(11) NOT NULL AUTO_INCREMENT,
      `name` varchar(255) NOT NULL,
      `password` varchar(255) NOT NULL,
      PRIMARY KEY (`id`)
    ) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=utf8;
    
    -- ----------------------------
    -- Records of user
    -- ----------------------------
    INSERT INTO `user` VALUES ('1', 'eknown', '123');

添加mybatis配置，编写user对应的接口。

下面我们实现自己的UserDetailService，并加入spring-security配置：

package com.eknown.config;
    
    import com.eknown.model.beans.entity.User;
    import com.eknown.model.dao.UserDAO;
    import org.springframework.context.annotation.Configuration;
    import org.springframework.security.core.GrantedAuthority;
    import org.springframework.security.core.userdetails.UserDetails;
    import org.springframework.security.core.userdetails.UserDetailsService;
    import org.springframework.security.core.userdetails.UsernameNotFoundException;
    
    import javax.annotation.Resource;
    import java.util.ArrayList;
    import java.util.Collection;
    
    /** * 自定义用户角色和权限绑定配置 * * 一旦@Configuration生效，这个类就会自动替换默认的UserDetailService * @author eknown * @version 1.0 * @since 2019/5/30 10:30 */
    @Configuration
    public class MyUserDetailService implements UserDetailsService { 
    
        @Resource
        private UserDAO userDAO;
    
        @Override
        public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { 
    
            User user = userDAO.findByName(username);
            if (user == null) { 
                throw new UsernameNotFoundException("用户名不存在");
            }
    
            Collection<GrantedAuthority> authorities = new ArrayList<>(); // 暂时不添加权限
    
            return new org.springframework.security.core.userdetails.User(user.getName(), user.getPassword(), authorities);
        }
    }

package com.eknown.config;
    
    import org.springframework.beans.factory.annotation.Autowired;
    import org.springframework.context.annotation.Configuration;
    import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
    import org.springframework.security.config.annotation.web.builders.HttpSecurity;
    import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
    import org.springframework.security.crypto.password.PasswordEncoder;
    
    /** * @author eknown * @version 1.0 * @since 2019/5/29 14:44 */
    @Configuration
    public class MySecurityConfig extends WebSecurityConfigurerAdapter { 
    
        @Autowired
        private MyUserDetailService userDetailService;
    
        // ... 此处省略的是上一节说的基本配置
    
        @Override
        protected void configure(AuthenticationManagerBuilder auth) throws Exception { 
            auth.userDetailsService(userDetailService).passwordEncoder(new PasswordEncoder() { 
                @Override
                public String encode(CharSequence charSequence) { 
                    return charSequence.toString();
                }
    
                @Override
                public boolean matches(CharSequence charSequence, String s) { 
                    return s.equals(charSequence.toString());
                }
            });
        }
    }

运行项目：

![1559284151428][]

输入默认的用户名和密码：

![1559284179724][]

--------------------

这一节，我们实现基于数据库user表的登录功能，下面我们需要添加具体的角色、权限，对接口进行权限控制。之后，我们将实现一个用户权限管理模块的模板。

[1559284151428]: /images/20220122/e6d6bf06ce2745f182bdaefc109bb10c.png
[1559284179724]: /images/20220122/88b7c149cb664e1f8ad73687f30ff4e1.png