Java
javaTutorial
How to use SpringBoot+SpringSecurity to implement authorization authentication based on real data
How to use SpringBoot+SpringSecurity to implement authorization authentication based on real data
(1) Overview
Spring Security is a powerful and highly customizable authentication and access control framework. Spring Security mainly does two things, authentication and authorization. I have written a blog about SpringSecurity before, but at that time I only introduced a case based on mock data. In this issue, I will introduce the implementation of authentication and authorization based on real data.
(2) Preliminary project construction
In order to better demonstrate SpringSecurity, we first build a simple web project. Introduce thymeleaf dependency
<dependency> <groupid>org.springframework.boot</groupid> <artifactid>spring-boot-starter-thymeleaf</artifactid> </dependency> <dependency> <groupid>org.thymeleaf</groupid> <artifactid>thymeleaf-spring5</artifactid> </dependency> <dependency> <groupid>org.thymeleaf.extras</groupid> <artifactid>thymeleaf-extras-java8time</artifactid> </dependency>
Create a new login page, a homepage, and several different levels of display pages: login.html
nbsp;html> <meta> <title>登陆页</title> <div> <form> <h3 id="登陆页">登陆页</h3> <input> <input> <button>登陆</button> </form> </div>
index.html
nbsp;html> <meta> <title>首页</title> <div> <h3 id="首页">首页</h3> <a>登陆</a> <div> <div> <h4 id="level">level1</h4> <a>level-1-1</a> <hr> <a>level-1-2</a> </div> <div> <h4 id="level">level2</h4> <a>level-2-1</a> <hr> <a>level-2-2</a> </div> <div> <h4 id="level">level3</h4> <a>level-3-1</a> <hr> <a>level-3-2</a> </div> </div> </div>
In addition, there are Several different levels of pages
write their corresponding numbers in the body respectively.
nbsp;html> <meta> <title>Title</title> level-1-1
Finally write a controller to receive the request:
@Controller
public class RouteController {
@RequestMapping({"/","/index"})
public String index(){
return "index";
}
@RequestMapping("/login")
public String toLogin(){
return "login";
}
@RequestMapping("/level1/{id}")
public String level1(@PathVariable("id")String id){
return "level1/"+id;
}
@RequestMapping("/level2/{id}")
public String level2(@PathVariable("id")String id){
return "level2/"+id;
}
@RequestMapping("/level3/{id}")
public String level3(@PathVariable("id")String id){
return "level3/"+id;
}
}The final effect is as follows:
Finally realize level pages with different levels according to Jump with different permissions.
The background is implemented based on Mybatis and Mysql database, so in addition to introducing SpringSecurity dependencies, we also need to introduce Mybatis related dependencies:
<dependency> <groupid>org.springframework.boot</groupid> <artifactid>spring-boot-starter-security</artifactid> </dependency> <dependency> <groupid>org.springframework.boot</groupid> <artifactid>spring-boot-starter-jdbc</artifactid> </dependency> <dependency> <groupid>mysql</groupid> <artifactid>mysql-connector-java</artifactid> <scope>runtime</scope> </dependency> <dependency> <groupid>org.mybatis.spring.boot</groupid> <artifactid>mybatis-spring-boot-starter</artifactid> <version>2.1.3</version> </dependency>
In the configuration file Add data source related information and Mybatis configuration:
spring.datasource.url=jdbc:mysql://localhost:3306/security?serverTimezone=UTC&useUnicode=true&characterEncoding=utf-8 spring.datasource.username=root spring.datasource.password=123456 spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver mybatis.mapper-locations=classpath:mapper/*.xml
(3) Implementation of authentication and authorization
3.1 Table structure design
Authentication and authorization in table design It should be divided into two tables, one table stores user information including passwords, etc., and the other table stores authorization information. Another table is needed to establish the association between users and authorization, giving the final table structure:
CREATE TABLE `roles` ( `id` int(4) NOT NULL, `rolename` varchar(255) DEFAULT NULL, PRIMARY KEY (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4; CREATE TABLE `sysuser` ( `id` int(4) NOT NULL, `username` varchar(255) NOT NULL, `password` varchar(255) NOT NULL, PRIMARY KEY (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4; CREATE TABLE `user_role` ( `id` int(4) NOT NULL, `user_id` int(4) DEFAULT NULL, `role_id` int(4) DEFAULT NULL, PRIMARY KEY (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
Next is the entity class, Mapper interface and xml file for these three tables. You don’t need to look at the code. It mainly implements an operation of finding users and related permissions through user names:
@Data
public class Roles {
private Integer id;
private String roleName;
}
@Data
public class SysUser {
private Integer id;
private String userName;
private String password;
private List<roles> roles;
}</roles>Mapper interface:
public interface UserMapper {
public SysUser getUserByUserName(@Param("userName") String userName);
}xml implementation:
<?xml version="1.0" encoding="UTF-8" ?>
nbsp;mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
<mapper>
<resultmap>
<id></id>
<result></result>
<result></result>
<collection>
<result></result>
</collection>
</resultmap>
<select>
select sysuser.*,roles.rolename
from sysuser
LEFT JOIN user_role on sysuser.id= user_role.user_id
LEFT JOIN roles on user_role.role_id=roles.id
where username= #{userName}
</select>
</mapper>3.2 Authentication process
SpringSecurity’s authentication process is like this. First, find the user in the database through the user name or other unique ID. User The passwords are stored in asymmetric encryption. After obtaining the user, the password passed in from the front desk is encrypted and compared with the encrypted fields in the database to pass the authentication.
The first step in the above process is to find the user through the user name, which needs to be implemented through the Service service, and this Service service needs to inherit the UserDetailsService interface in SpringSecurity. This interface returns a SpringSecurity User object.
@Service
public class UserService implements UserDetailsService {
@Resource
private UserMapper userMapper;
//根据用户名找到对应的用户信息
@Override
public UserDetails loadUserByUsername(String s) throws UsernameNotFoundException {
SysUser sysUser = userMapper.getUserByUserName(s);
if (sysUser!=null){
List<grantedauthority> roles=new ArrayList();
sysUser.getRoles().stream().forEach(x->{
roles.add(new SimpleGrantedAuthority(x.getRoleName()));
});
return new User(sysUser.getUserName(),sysUser.getPassword(),roles);
}
throw new UsernameNotFoundException("用户未找到");
}
}</grantedauthority>3.3 Security interception configuration
After completing the above steps, start configuring Security. Write a configuration method SecurityConfig. The code level is very simple. The authentication is passed into the userService object and the database will be automatically Compare the password retrieved from the server with the password passed from the front end. At the same time, the roles collection is also passed in the userService, and different permissions can be attached to different pages at the authorization point.
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private UserService userService;
//授权
@Override
protected void configure(HttpSecurity http) throws Exception {
//首页所有人都能访问,level页面只有有权限的人才能访问
http.authorizeRequests()
.antMatchers("/").permitAll()
.antMatchers("/level1/**").hasRole("vip1")
.antMatchers("/level2/**").hasRole("vip2")
.antMatchers("/level3/**").hasRole("vip3");
//没有权限默认跳到登陆页,默认会重定向到/login
http.formLogin();
}
//认证
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userService).passwordEncoder(new BCryptPasswordEncoder());
}
}3.4 Other points to note
The password encryption method I use during authentication is BCryptPasswordEncoder, so the password stored in the database also needs to be encrypted. The common way is to pass it during registration Encrypt the password and store it in the database in the same way:
String password="xxx"; BCryptPasswordEncoder bCryptPasswordEncoder = new BCryptPasswordEncoder(); String encode=bCryptPasswordEncoder.encode(password);
The above is the detailed content of How to use SpringBoot+SpringSecurity to implement authorization authentication based on real data. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
How Springboot integrates Jasypt to implement configuration file encryption
Jun 01, 2023 am 08:55 AM
Introduction to Jasypt Jasypt is a java library that allows a developer to add basic encryption functionality to his/her project with minimal effort and does not require a deep understanding of how encryption works. High security for one-way and two-way encryption. , standards-based encryption technology. Encrypt passwords, text, numbers, binaries... Suitable for integration into Spring-based applications, open API, for use with any JCE provider... Add the following dependency: com.github.ulisesbocchiojasypt-spring-boot-starter2. 1.1Jasypt benefits protect our system security. Even if the code is leaked, the data source can be guaranteed.
How to use Redis to implement distributed locks in SpringBoot
Jun 03, 2023 am 08:16 AM
1. Redis implements distributed lock principle and why distributed locks are needed. Before talking about distributed locks, it is necessary to explain why distributed locks are needed. The opposite of distributed locks is stand-alone locks. When we write multi-threaded programs, we avoid data problems caused by operating a shared variable at the same time. We usually use a lock to mutually exclude the shared variables to ensure the correctness of the shared variables. Its scope of use is in the same process. If there are multiple processes that need to operate a shared resource at the same time, how can they be mutually exclusive? Today's business applications are usually microservice architecture, which also means that one application will deploy multiple processes. If multiple processes need to modify the same row of records in MySQL, in order to avoid dirty data caused by out-of-order operations, distribution needs to be introduced at this time. The style is locked. Want to achieve points
How SpringBoot integrates Redisson to implement delay queue
May 30, 2023 pm 02:40 PM
Usage scenario 1. The order was placed successfully but the payment was not made within 30 minutes. The payment timed out and the order was automatically canceled. 2. The order was signed and no evaluation was conducted for 7 days after signing. If the order times out and is not evaluated, the system defaults to a positive rating. 3. The order is placed successfully. If the merchant does not receive the order for 5 minutes, the order is cancelled. 4. The delivery times out, and push SMS reminder... For scenarios with long delays and low real-time performance, we can Use task scheduling to perform regular polling processing. For example: xxl-job Today we will pick
How to solve the problem that springboot cannot access the file after reading it into a jar package
Jun 03, 2023 pm 04:38 PM
Springboot reads the file, but cannot access the latest development after packaging it into a jar package. There is a situation where springboot cannot read the file after packaging it into a jar package. The reason is that after packaging, the virtual path of the file is invalid and can only be accessed through the stream. Read. The file is under resources publicvoidtest(){Listnames=newArrayList();InputStreamReaderread=null;try{ClassPathResourceresource=newClassPathResource("name.txt");Input
Comparison and difference analysis between SpringBoot and SpringMVC
Dec 29, 2023 am 11:02 AM
SpringBoot and SpringMVC are both commonly used frameworks in Java development, but there are some obvious differences between them. This article will explore the features and uses of these two frameworks and compare their differences. First, let's learn about SpringBoot. SpringBoot was developed by the Pivotal team to simplify the creation and deployment of applications based on the Spring framework. It provides a fast, lightweight way to build stand-alone, executable
How SpringBoot customizes Redis to implement cache serialization
Jun 03, 2023 am 11:32 AM
1. Customize RedisTemplate1.1, RedisAPI default serialization mechanism. The API-based Redis cache implementation uses the RedisTemplate template for data caching operations. Here, open the RedisTemplate class and view the source code information of the class. publicclassRedisTemplateextendsRedisAccessorimplementsRedisOperations, BeanClassLoaderAware{//Declare key, Various serialization methods of value, the initial value is empty @NullableprivateRedisSe
How to implement Springboot+Mybatis-plus without using SQL statements to add multiple tables
Jun 02, 2023 am 11:07 AM
When Springboot+Mybatis-plus does not use SQL statements to perform multi-table adding operations, the problems I encountered are decomposed by simulating thinking in the test environment: Create a BrandDTO object with parameters to simulate passing parameters to the background. We all know that it is extremely difficult to perform multi-table operations in Mybatis-plus. If you do not use tools such as Mybatis-plus-join, you can only configure the corresponding Mapper.xml file and configure The smelly and long ResultMap, and then write the corresponding sql statement. Although this method seems cumbersome, it is highly flexible and allows us to
How to get the value in application.yml in springboot
Jun 03, 2023 pm 06:43 PM
In projects, some configuration information is often needed. This information may have different configurations in the test environment and the production environment, and may need to be modified later based on actual business conditions. We cannot hard-code these configurations in the code. It is best to write them in the configuration file. For example, you can write this information in the application.yml file. So, how to get or use this address in the code? There are 2 methods. Method 1: We can get the value corresponding to the key in the configuration file (application.yml) through the ${key} annotated with @Value. This method is suitable for situations where there are relatively few microservices. Method 2: In actual projects, When business is complicated, logic
