spring mvc和mybatis和spring security 整合详解
内容导读
互联网集市收集整理的这篇技术教程文章主要介绍了spring mvc和mybatis和spring security 整合详解,小编现在分享给大家,供广大互联网技能从业者学习和参考。文章包含8330字,纯文字阅读大概需要12分钟。
内容图文
重点是spring security 整合详解
数据库准备
#用户表
CREATE TABLE USER ( id VARCHAR(32) PRIMARY KEY, userName VARCHAR(20), PASSWORD VARCHAR(32) COMMENT '密码加密', salary DOUBLE COMMENT '薪资' , birthday DATE COMMENT '生日' , gender VARCHAR(10) COMMENT '性别', station VARCHAR(40) COMMENT '住址', telephone VARCHAR(11) COMMENT '电话', remark VARCHAR(255) COMMENT '备注' ); #角色表 CREATE TABLE role( rid VARCHAR(32)PRIMARY KEY, rname VARCHAR(25), rdesc VARCHAR(100) )
#用户和角色表的关系表 CREATE TABLE user_role( user_id VARCHAR(32), role_id VARCHAR(32) )
1.spring security 需要准备的依赖
<dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-web</artifactId> <version>5.4.2</version> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-config</artifactId> <version>5.4.2</version> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-core</artifactId> <version>5.4.2</version> </dependency> <!--权限控制_页面控制--> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-taglibs</artifactId> <version>5.4.2</version> </dependency>
2.配置我们的spring-security.xml
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:security="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd"> <!-- <security:global-method-security pre-post-annotations="enabled"/> <security:global-method-security jsr250-annotations="enabled"/> <security:global-method-security secured-annotations="enabled"/>--> <security:debug/> <!-- 配置不拦截的资源 --> <security:http pattern="/login.jsp" security="none"/> <security:http pattern="/statics/**" security="none"/> <security:http pattern="/user/zhuce" security="none"/> <security:http pattern="/isnetwork.jsp" security="none"/> <!-- <security:http pattern="/login.jsp" security="none"/> <security:http pattern="/user/zhuce" security="none"/>--> <!-- 配置具体的规则 auto-config="true" 不用自己编写登录的页面,框架提供默认登录页面 use-expressions="false" 是否使用SPEL表达式 --> <security:http auto-config="true" use-expressions="true"> <security:headers> <security:frame-options policy="SAMEORIGIN"/> </security:headers> <!-- 配置具体的拦截的规则 pattern="请求路径的规则" access="访问系统的人,必须有ROLE_USER的角色" --> <!--<security:intercept-url pattern="/userList" access="ROLE_ADMIN"/>--> <security:intercept-url pattern="/**" access="hasAnyRole('ROLE_ADMIN','ROLE_USER')"/> <!-- 定义跳转的具体的页面 --> <security:form-login login-page="/login.jsp" username-parameter="userName" password-parameter="password" login-processing-url="/login.do" default-target-url="/index.jsp" authentication-failure-forward-url="/login.jsp" authentication-success-forward-url="/WEB-INF/jsp/index.jsp" /> <!-- 关闭跨域请求 --> <security:csrf disabled="true"/> <!-- 退出 --> <security:logout invalidate-session="true" logout-url="/logout.do" logout-success-url="/login.jsp" /> </security:http> <!-- 切换成数据库中的用户名和密码 --> <security:authentication-manager> <security:authentication-provider user-service-ref="userService"> <!-- 配置加密的方式 --> <security:password-encoder ref="passwordEncoder"/> </security:authentication-provider> </security:authentication-manager> <!-- 配置加密类 --> <bean id="passwordEncoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"/> <bean id="userService" class="com.zjs.service.user.UserServiceImpl"/> </beans>
3.在我们的applicationContext-mybatis.xml加上 开启注解配置
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:context="http://www.springframework.org/schema/context" xmlns:tx="http://www.springframework.org/schema/tx" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:security="http://www.springframework.org/schema/security" xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd "> <context:component-scan base-package="com.zjs.service"/> <context:property-placeholder location="classpath:database.properties"/> <!--数据源--> <bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource" destroy-method="close" scope="singleton"> <!--4:--> <property name="driverClassName" value="${driverClassName}"/> <property name="url" value="${url}"></property> <property name="username" value="${user}"/> <property name="password" value="${password}"/> <!--数据源调优:7--> <property name="initialSize" value="${initialSize}"/> <property name="maxIdle" value="${maxIdle}"/> <property name="minIdle" value="${minIdle}"/> <property name="maxActive" value="${maxActive}"/> <property name="maxWait" value="${maxWait}"/> <property name="removeAbandoned" value="${removeAbandoned}"/> <property name="removeAbandonedTimeout" value="${removeAbandonedTimeout}"/> <!--sql 心跳--> <property name="testWhileIdle" value="${testWhileIdle}"/> <property name="testOnBorrow" value="${testOnBorrow}"/> <property name="testOnReturn" value="${testOnReturn}"/> <property name="validationQuery" value="${validationQuery}"/> <property name="numTestsPerEvictionRun" value="${numTestsPerEvictionRun}"/> <property name="timeBetweenEvictionRunsMillis" value="${timeBetweenEvictionRunsMillis}"/> </bean> <!--sqlSessionFactory--> <bean id="sqlSessionFactory" class="com.baomidou.mybatisplus.extension.spring.MybatisSqlSessionFactoryBean"> <property name="dataSource" ref="dataSource"/> <property name="configLocation" value="classpath:mybatis-config.xml"/> <!--配置mybatisplus 插件--> <property name="typeAliasesPackage" value="com.zjs.pojo"/> <property name="plugins"> <array> <bean class="com.github.pagehelper.PageInterceptor"> <property name="properties"> <value> helperDialect=mysql reasonable=true supportMethodsArguments=true params=count=countSql autoRuntimeDialect=true </value> </property> </bean> </array> </property> </bean> <!--mapperScannerConfiger--> <bean class="org.mybatis.spring.mapper.MapperScannerConfigurer"> <property name="basePackage" value="com.zjs.mapper"/> <property name="sqlSessionFactoryBeanName" value="sqlSessionFactory" /> </bean> <!--事务注解配置--> <bean class="org.springframework.jdbc.datasource.DataSourceTransactionManager"> <property name="dataSource" ref="dataSource"/> </bean> <tx:annotation-driven/> <!--开启spring-security注解在service层生效--> <security:global-method-security secured-annotations="enabled" pre-post-annotations="enabled" jsr250-annotations="enabled"/> <!--读取spring-security.xml 资源--> <import resource="classpath:spring-security.xml"/> </beans>
4.在我们的service 层接口中继承UserDetailsService
5.实现类UserServiceImpl 实现方法
@Override public User findByName(String userName) { System.out.println("用户名为:"+userName); return userMapper.findByName(userName); } @Override public UserDetails loadUserByUsername(String userName) throws UsernameNotFoundException { User byName = userMapper.findByName(userName); if (byName==null){ throw new UsernameNotFoundException("User等于空"); } String username=byName.getUserName(); String password = byName.getPassword(); List<Role> byUserId = roleMapper.findByUserId(byName.getId()); org.springframework.security.core.userdetails.User user= new org.springframework.security.core.userdetails.User(username,password,getAuthority(byUserId)); System.out.println("userdetails = " +user); return user; } //作用就是返回一个List集合,集合中装入的是角色描述 private Collection<? extends GrantedAuthority> getAuthority(List<Role> roles){ List<SimpleGrantedAuthority> list=new ArrayList<SimpleGrantedAuthority>(); for (Role role : roles) { System.out.println("role = " + role); list.add(new SimpleGrantedAuthority(role.getRolename()));//ROLE_+J ROLE_JICHU } return list; }
我们登陆也就不需要 controller ,因为在我们配置文件中 就配置了 登陆成功和失败所去的页面.
如果还要什么疑问的小伙伴 可以私信或留言在下方
内容总结
以上是互联网集市为您收集整理的spring mvc和mybatis和spring security 整合详解全部内容,希望文章能够帮你解决spring mvc和mybatis和spring security 整合详解所遇到的程序开发问题。 如果觉得互联网集市技术教程内容还不错,欢迎将互联网集市网站推荐给程序员好友。
内容备注
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 gblab@vip.qq.com 举报,一经查实,本站将立刻删除。
内容手机端
扫描二维码推送至手机访问。