spring boot(学习笔记第十四课)
- Spring Security的暗码加密,基于数据库认证
学习内容:
- Spring Security的暗码加密
- 基于数据库认证
1. Spring Security的暗码加密
- 假如用户的暗码保存在数据库中是以明文保存,对于公司的安全将是灾难性的,哪个公司也不会允许用户数据利用明文保存。这里练习利用加密之后的暗码进行认证。
留意,如许公司的数据库内里是没有用户的明文暗码,纵然数据库泄露,也不会暴漏用户的明文暗码
- 实现暗码加密
- 配置passwordEncoder
- @Bean
- PasswordEncoder passwordEncoder() {
- return new BCryptPasswordEncoder(10);
- }
复制代码 - 手动根据明文暗码生成密文暗码
bcrypt转换工具
留意,每次生成的暗码都不一样,但是每个生成的都好用
- 利用生成的密文进行用户的创建。
- @Bean
- UserDetailsService userDetailsService() {
- InMemoryUserDetailsManager users =
- new InMemoryUserDetailsManager();
- users.createUser(User.withUsername("finlay_user")
- .password("$2a$10$uwwZ5EyWbFnnw3JG53rqQ.VJUm/.Pl9Ko1CUP5Aqc2kuBr2Bx7bc.")
- .roles("USER")
- .build());
复制代码 - 再次进行认证。
2. 基于数据库认证
以上练习了基于内存的认证,实际上,正式的体系开辟都是利用数据库进行认证,在这里练习利用利用数据库的用户数据进行认证。这里利用postgresql。
- 首先创建数据库需要的表
- 创建USER表
- CREATE TABLE "USER"(
- id int,
- username varchar(32),
- password varchar(255),
- enabled int,
- locked int,
- PRIMARY KEY(id)
- );
复制代码 - 创建ROLE表
- CREATE TABLE "ROLE"(
- id int,
- name varchar(32),
- nameZh varchar(255),
- PRIMARY KEY(id)
- );
复制代码 - 创建USER_ROLE表(user和role的关系表)
- CREATE TABLE "USER_ROLE"(
- id int,
- uid int,
- rid int,
- PRIMARY KEY(id)
- );
复制代码 - 用户数据如下:
- USER表
- ROLE表
- USER_ROLE表
- USER和ROLE的关系
- with uur as (
- select
- *
- from
- "USER" u
- inner join "USER_ROLE" ur
- on u.id = ur.uid
- )
- select username,namezh,name as rolename from uur
- inner join "ROLE" r
- on uur.rid = r.id
复制代码
- 引入须要的依赖
- <dependency>
- <groupId>org.springframework.boot</groupId>
- <artifactId>spring-boot-starter-security</artifactId>
- </dependency>
- <dependency>
- <groupId>org.mybatis.spring.boot</groupId>
- <artifactId>mybatis-spring-boot-starter</artifactId>
- <version>3.0.3</version>
- </dependency>
- <dependency>
- <groupId>org.projectlombok</groupId>
- <artifactId>lombok</artifactId>
- <scope>provided</scope>
- </dependency>
- <dependency>
- <groupId>org.postgresql</groupId>
- <artifactId>postgresql</artifactId>
- <scope>runtime</scope>
- </dependency>
- <dependency>
- <groupId>com.alibaba</groupId>
- <artifactId>druid</artifactId>
- <version>1.2.9</version>
- </dependency>
复制代码 这里repository利用mybatis,所以引入mybatis的依赖包。
- 在application.properties定义数据库毗连信息。
- spring.datasource.type=com.alibaba.druid.pool.DruidDataSource
- spring.datasource.url=jdbc:postgresql://127.0.0.1:5432/springboot
- spring.datasource.username=finlay
- spring.datasource.password=123456
复制代码 - 定义mybatis的interface,以及xml文件
- 定义User和Role的实体类
- @Data
- public class Role {
- private Integer id;
- private String name;
- private String nameZh;
- }
复制代码- @Data
- public class User implements UserDetails {
- private Integer id;
- private String username;
- private String password;
- private Boolean enabled;
- private Boolean locked;
- private List<Role> roles;
- @Override
- public Collection<? extends GrantedAuthority> getAuthorities() {
- List<SimpleGrantedAuthority> authorities = new ArrayList<>();
- for (Role role : roles) {
- authorities.add(new SimpleGrantedAuthority(role.getName()));
- }
- return authorities;
- }
- @Override
- public String getPassword() {
- return this.password;
- }
- @Override
- public String getUsername() {
- return this.username;
- }
- @Override
- public boolean isAccountNonExpired() {
- return true;
- }
- @Override
- public boolean isAccountNonLocked() {
- return !this.locked;
- }
- @Override
- public boolean isCredentialsNonExpired(){
- return true;
- }
- @Override
- public boolean isEnabled(){
- return this.enabled;
- }
- }
复制代码 - 配置mybatis
- @Mapper
- public interface UserMapper {
- User loadUserByUserName(String usernam);
- List<Role> getUserRolesByUid(Integer id);
- }
复制代码 - 配置mybatis的xml配置文件
- <!DOCTYPE mapper
- PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
- "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
- <mapper namespace="com.example.demo.repository.mybatis.UserMapper">
- <select id="loadUserByUserName" resultType="com.example.demo.authentication.User">
- select * from "USER" where username=#{username}
- </select>
- <select id="getUserRolesByUid" resultType="com.example.demo.authentication.Role">
- select * from "ROLE" r, "USER_ROLE" ur where r.id=ur.rid and ur.uid=#{id}
- </select>
- </mapper>
复制代码
- 定义UserDetailsService
- @Service
- public class UserService implements UserDetailsService {
- @Autowired
- public UserMapper userMapper;
- @Override
- public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
- User user = userMapper.loadUserByUserName(username);
- if (user == null) {
- throw new UsernameNotFoundException("username is not found");
- }
- user.setRoles(userMapper.getUserRolesByUid(user.getId()));
- return user;
- }
- }
复制代码 留意,这里生成了UserDetailsService的bean,所以spring boot security的的认证处理,都会利用这个bean
- 团体的架构
- 测试认证结果
免责声明:如果侵犯了您的权益,请联系站长,我们会及时删除侵权内容,谢谢合作!更多信息从访问主页:qidao123.com:ToB企服之家,中国第一个企服评测及商务社交产业平台。 |