spring boot(学习笔记第十四课)
spring boot(学习笔记第十四课)[*] Spring Security的暗码加密,基于数据库认证
学习内容:
[*]Spring Security的暗码加密
[*]基于数据库认证
1. Spring Security的暗码加密
[*]假如用户的暗码保存在数据库中是以明文保存,对于公司的安全将是灾难性的,哪个公司也不会允许用户数据利用明文保存。这里练习利用加密之后的暗码进行认证。
留意,如许公司的数据库内里是没有用户的明文暗码,纵然数据库泄露,也不会暴漏用户的明文暗码https://i-blog.csdnimg.cn/direct/61adc6eea413480db109f1b8cabfa449.png#pic_center
[*]实现暗码加密
[*]配置passwordEncoder@Bean
PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder(10);
}
[*]手动根据明文暗码生成密文暗码
bcrypt转换工具
留意,每次生成的暗码都不一样,但是每个生成的都好用
https://i-blog.csdnimg.cn/direct/d290b0de908548f5898b5c235017fb61.png#pic_center
[*]利用生成的密文进行用户的创建。 @Bean
UserDetailsService userDetailsService() {
InMemoryUserDetailsManager users =
new InMemoryUserDetailsManager();
users.createUser(User.withUsername("finlay_user")
.password("$2a$10$uwwZ5EyWbFnnw3JG53rqQ.VJUm/.Pl9Ko1CUP5Aqc2kuBr2Bx7bc.")
.roles("USER")
.build());
[*]再次进行认证。
https://i-blog.csdnimg.cn/direct/10175d4ab4a24a3d9150f1c754e97f61.png#pic_center
2. 基于数据库认证
以上练习了基于内存的认证,实际上,正式的体系开辟都是利用数据库进行认证,在这里练习利用利用数据库的用户数据进行认证。这里利用postgresql。
[*]首先创建数据库需要的表
[*]创建USER表CREATE TABLE "USER"(
id int,
username varchar(32),
password varchar(255),
enabled int,
locked int,
PRIMARY KEY(id)
);
[*]创建ROLE表CREATE TABLE "ROLE"(
id int,
name varchar(32),
nameZh varchar(255),
PRIMARY KEY(id)
);
[*]创建USER_ROLE表(user和role的关系表)CREATE TABLE "USER_ROLE"(
id int,
uid int,
rid int,
PRIMARY KEY(id)
);
[*]用户数据如下:
[*]USER表
https://i-blog.csdnimg.cn/direct/c605b7e106fd4341ad46a32f7572a9ee.png#pic_center
[*]ROLE表
https://i-blog.csdnimg.cn/direct/7e3ed5556ca8493eb0515b75d9443f7f.png#pic_center
[*]USER_ROLE表
https://i-blog.csdnimg.cn/direct/ca052d9fa01a4a49b6fb258515343bc9.png#pic_center
[*]USER和ROLE的关系 with uur as (
select
*
from
"USER" u
inner join "USER_ROLE" ur
on u.id = ur.uid
)
select username,namezh,name as rolename from uur
inner join "ROLE" r
on uur.rid = r.id
https://i-blog.csdnimg.cn/direct/fc3211f4501846bcb63643c2c9a51dfe.png#pic_center
[*]引入须要的依赖 <dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.mybatis.spring.boot</groupId>
<artifactId>mybatis-spring-boot-starter</artifactId>
<version>3.0.3</version>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.postgresql</groupId>
<artifactId>postgresql</artifactId>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>com.alibaba</groupId>
<artifactId>druid</artifactId>
<version>1.2.9</version>
</dependency>
这里repository利用mybatis,所以引入mybatis的依赖包。
[*]在application.properties定义数据库毗连信息。spring.datasource.type=com.alibaba.druid.pool.DruidDataSource
spring.datasource.url=jdbc:postgresql://127.0.0.1:5432/springboot
spring.datasource.username=finlay
spring.datasource.password=123456
[*]定义mybatis的interface,以及xml文件
[*]定义User和Role的实体类@Data
public class Role {
private Integer id;
private String name;
private String nameZh;
}
@Data
public class User implements UserDetails {
private Integer id;
private String username;
private String password;
private Boolean enabled;
private Boolean locked;
private List<Role> roles;
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
List<SimpleGrantedAuthority> authorities = new ArrayList<>();
for (Role role : roles) {
authorities.add(new SimpleGrantedAuthority(role.getName()));
}
return authorities;
}
@Override
public String getPassword() {
return this.password;
}
@Override
public String getUsername() {
return this.username;
}
@Override
public boolean isAccountNonExpired() {
return true;
}
@Override
public boolean isAccountNonLocked() {
return !this.locked;
}
@Override
public boolean isCredentialsNonExpired(){
return true;
}
@Override
public boolean isEnabled(){
return this.enabled;
}
}
[*]配置mybatis@Mapper
public interface UserMapper {
User loadUserByUserName(String usernam);
List<Role> getUserRolesByUid(Integer id);
}
[*]配置mybatis的xml配置文件<!DOCTYPE mapper
PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
"http://mybatis.org/dtd/mybatis-3-mapper.dtd">
<mapper namespace="com.example.demo.repository.mybatis.UserMapper">
<select id="loadUserByUserName" resultType="com.example.demo.authentication.User">
select * from "USER" where username=#{username}
</select>
<select id="getUserRolesByUid" resultType="com.example.demo.authentication.Role">
select * from "ROLE" r, "USER_ROLE" ur where r.id=ur.rid and ur.uid=#{id}
</select>
</mapper>
[*]定义UserDetailsService@Service
public class UserService implements UserDetailsService {
@Autowired
public UserMapper userMapper;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
User user = userMapper.loadUserByUserName(username);
if (user == null) {
throw new UsernameNotFoundException("username is not found");
}
user.setRoles(userMapper.getUserRolesByUid(user.getId()));
return user;
}
}
留意,这里生成了UserDetailsService的bean,所以spring boot security的的认证处理,都会利用这个bean
[*]团体的架构
https://i-blog.csdnimg.cn/direct/e8c1dcac6ca44bc58732f90d20fd4e83.png#pic_center
[*]测试认证结果
https://i-blog.csdnimg.cn/direct/3d4d43d8ac7d4ad5becc4e5a65e51176.png#pic_center
免责声明:如果侵犯了您的权益,请联系站长,我们会及时删除侵权内容,谢谢合作!更多信息从访问主页:qidao123.com:ToB企服之家,中国第一个企服评测及商务社交产业平台。
页:
[1]