前言
Spring Security官網(wǎng):https://spring.io/projects/spring-security
<https://spring.io/projects/spring-security>
Spring
Security是一個(gè)功能強(qiáng)大且高度可定制的身份驗(yàn)證和訪問(wèn)控制框架,側(cè)重于為Java應(yīng)用程序提供身份驗(yàn)證和授權(quán)。Security通過(guò)大量的攔截器進(jìn)行校驗(yàn)��,具體請(qǐng)看官網(wǎng)列出的列表:
https://docs.spring.io/spring-security/site/docs/4.2.4.RELEASE/reference/htmlsingle/#ns-custom-filters
<https://docs.spring.io/spring-security/site/docs/4.2.4.RELEASE/reference/htmlsingle/#ns-custom-filters>
本文記錄在SpringBoot項(xiàng)目中整合Spring Security進(jìn)行權(quán)限控制,配合Layui�,實(shí)現(xiàn)一套相對(duì)簡(jiǎn)單的權(quán)限管理后臺(tái)模板
?
效果演示?
登錄��,一個(gè)簡(jiǎn)單的登錄頁(yè)面��,沒(méi)登錄之前���,訪問(wèn)任意接口都會(huì)被攔截到登錄頁(yè)面(本例中��,密碼沒(méi)有進(jìn)行加密�����,存儲(chǔ)的是明文�����,大家自己再進(jìn)行加密存儲(chǔ)跟校驗(yàn)�����,我這樣就從簡(jiǎn)了)
我們可以利用配置文件的分支選擇�����,設(shè)置開(kāi)發(fā)環(huán)境不進(jìn)行驗(yàn)證碼校驗(yàn)�����,測(cè)試、生產(chǎn)環(huán)境再開(kāi)啟驗(yàn)證碼校驗(yàn)�����,這樣可以大大方便我們開(kāi)發(fā)調(diào)試
xxx_huanzi���,普通用戶權(quán)限登錄
xxx_sa����、xxx_admin���,管理員權(quán)限登錄
退出登錄
?
關(guān)鍵代碼
數(shù)據(jù)表
首先我們要確定下我們需要哪些表�,結(jié)構(gòu)跟測(cè)試數(shù)據(jù)我一起貼出來(lái)
系統(tǒng)用戶表
SET NAMES utf8mb4; SET FOREIGN_KEY_CHECKS = 0; -- ----------------------------
-- Table structure for sys_user -- ---------------------------- DROP TABLE IF
EXISTS `sys_user`; CREATE TABLE `sys_user` ( `user_id` varchar(255) CHARACTER
SET utf8 COLLATE utf8_general_ci NOT NULL COMMENT '用戶id', `login_name` varchar(
255) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL COMMENT '登錄名', `
user_name` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL
COMMENT'用戶名稱', `password` varchar(255) CHARACTER SET utf8 COLLATE
utf8_general_ciNOT NULL COMMENT '登錄密碼', `valid` char(1) CHARACTER SET utf8
COLLATE utf8_general_ciNOT NULL COMMENT '軟刪除標(biāo)識(shí)����,Y/N', `limited_ip` varchar(255)
CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT '
限制允許登錄的IP集合', `limited_mac` varchar(255) CHARACTER SET utf8 COLLATE
utf8_general_ciNULL DEFAULT NULL COMMENT '更高級(jí)別的安全限制,限制允許登錄的mac地址集合',
`expired_time`datetime NULL DEFAULT NULL COMMENT '賬號(hào)失效時(shí)間���,超過(guò)時(shí)間將不能登錄系統(tǒng)',
`last_change_pwd_time`datetime NOT NULL COMMENT '最近修改密碼時(shí)間�,超出時(shí)間間隔,提示用戶修改密碼',
`limit_multi_login`char(1) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL
COMMENT'是否允許賬號(hào)同一個(gè)時(shí)刻多人在線�,Y/N', `greate_time` datetime NOT NULL COMMENT '創(chuàng)建時(shí)間',
`update_time`datetime NOT NULL COMMENT '修改時(shí)間', PRIMARY KEY (`user_id`) USING
BTREE ) ENGINE= InnoDB CHARACTER SET = utf8 COLLATE = utf8_general_ci COMMENT =
'系統(tǒng)用戶表' ROW_FORMAT = Compact; -- ---------------------------- -- Records of
sys_user -- ---------------------------- INSERT INTO `sys_user` VALUES ('1', '
xxx_sa', 'sa', '123456', 'Y', NULL, NULL, '2020-09-01 16:35:16', '2019-07-19
16:35:46', 'N', '2019-07-19 16:36:03', '2019-07-19 16:36:07'); INSERT INTO
`sys_user`VALUES ('2', 'xxx_admin', 'admin', '123456', 'Y', NULL, NULL, '
2020-09-01 16:35:16', '2019-07-19 16:35:46', 'N', '2019-07-19 16:36:03', '
2019-07-19 16:36:07'); INSERT INTO `sys_user` VALUES ('3', 'xxx_huanzi', 'huanzi
', '123456', 'Y', NULL, NULL, '2020-09-01 16:35:16', '2019-07-19 16:35:46', 'N',
'2019-07-19 16:36:03', '2019-07-19 16:36:07'); SET FOREIGN_KEY_CHECKS = 1;
系統(tǒng)權(quán)限表
SET NAMES utf8mb4; SET FOREIGN_KEY_CHECKS = 0; -- ----------------------------
-- Table structure for sys_authority -- ---------------------------- DROP TABLE
IF EXISTS `sys_authority`; CREATE TABLE `sys_authority` ( `authority_id` varchar
(255) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL COMMENT '權(quán)限id',
`authority_name`varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL
COMMENT'權(quán)限名稱,ROLE_開(kāi)頭����,全大寫(xiě)', `authority_remark` varchar(255) CHARACTER SET utf8
COLLATE utf8_general_ciNOT NULL COMMENT '權(quán)限描述', PRIMARY KEY (`authority_id`)
USING BTREE ) ENGINE= InnoDB CHARACTER SET = utf8 COLLATE = utf8_general_ci
COMMENT= '系統(tǒng)權(quán)限表' ROW_FORMAT = Compact; -- ---------------------------- --
Records of sys_authority -- ---------------------------- INSERT INTO
`sys_authority`VALUES ('1', 'ROLE_SA', '超級(jí)管理員權(quán)限'); INSERT INTO `sys_authority`
VALUES ('2', 'ROLE_ADMIN', '管理員權(quán)限'); INSERT INTO `sys_authority` VALUES ('3', '
ROLE_USER', '普通用戶權(quán)限'); SET FOREIGN_KEY_CHECKS = 1;
系統(tǒng)菜單表
SET NAMES utf8mb4; SET FOREIGN_KEY_CHECKS = 0; -- ----------------------------
-- Table structure for sys_menu -- ---------------------------- DROP TABLE IF
EXISTS `sys_menu`; CREATE TABLE `sys_menu` ( `menu_id` varchar(255) CHARACTER
SET utf8 COLLATE utf8_general_ci NOT NULL COMMENT '菜單id', `menu_name` varchar(
255) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL COMMENT '菜單名稱',
`menu_path`varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL
COMMENT'菜單路徑', `menu_parent_id` varchar(255) CHARACTER SET utf8 COLLATE
utf8_general_ciNULL DEFAULT NULL COMMENT '上級(jí)id', PRIMARY KEY (`menu_id`) USING
BTREE ) ENGINE= InnoDB CHARACTER SET = utf8 COLLATE = utf8_general_ci COMMENT =
'系統(tǒng)菜單表' ROW_FORMAT = Compact; -- ---------------------------- -- Records of
sys_menu -- ---------------------------- INSERT INTO `sys_menu` VALUES ('1', '
系統(tǒng)管理', '/sys', NULL); INSERT INTO `sys_menu` VALUES ('2', '用戶管理', '/sys/user', '
1'); INSERT INTO `sys_menu` VALUES ('3', '權(quán)限管理', '/sys/authority', '1'); INSERT
INTO `sys_menu` VALUES ('4', '菜單管理', '/sys/menu', '1'); INSERT INTO `sys_menu`
VALUES ('5', 'XXX菜單', '/menu/xxx', ''); INSERT INTO `sys_menu` VALUES ('6', '
XXX菜單1', '/menu/xxx1', '5'); INSERT INTO `sys_menu` VALUES ('7', 'XXX菜單2', '
/menu/xxx2', '5'); SET FOREIGN_KEY_CHECKS = 1;
用戶與權(quán)限關(guān)聯(lián)表
SET NAMES utf8mb4; SET FOREIGN_KEY_CHECKS = 0; -- ----------------------------
-- Table structure for sys_user_authority -- ---------------------------- DROP
TABLE IF EXISTS `sys_user_authority`; CREATE TABLE `sys_user_authority` (
`user_authority_id`varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NOT
NULL COMMENT '用戶權(quán)限表id', `user_id` varchar(255) CHARACTER SET utf8 COLLATE
utf8_general_ciNOT NULL COMMENT '用戶id', `authority_id` varchar(255) CHARACTER
SET utf8 COLLATE utf8_general_ci NOT NULL COMMENT '權(quán)限id', PRIMARY KEY
(`user_authority_id`) USING BTREE ) ENGINE= InnoDB CHARACTER SET = utf8 COLLATE
= utf8_general_ci COMMENT = '用戶權(quán)限表' ROW_FORMAT = Compact; --
---------------------------- -- Records of sys_user_authority --
---------------------------- INSERT INTO `sys_user_authority` VALUES ('1', '1',
'1'); INSERT INTO `sys_user_authority` VALUES ('2', '2', '2'); INSERT INTO
`sys_user_authority`VALUES ('3', '3', '3'); SET FOREIGN_KEY_CHECKS = 1;
用戶與菜單關(guān)聯(lián)表
SET NAMES utf8mb4; SET FOREIGN_KEY_CHECKS = 0; -- ----------------------------
-- Table structure for sys_user_menu -- ---------------------------- DROP TABLE
IF EXISTS `sys_user_menu`; CREATE TABLE `sys_user_menu` ( `user_menu_id` varchar
(255) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL COMMENT '用戶菜單表id', `
user_id` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL
COMMENT'用戶id', `menu_id` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci
NOT NULL COMMENT '菜單id', PRIMARY KEY (`user_menu_id`) USING BTREE ) ENGINE =
InnoDBCHARACTER SET = utf8 COLLATE = utf8_general_ci COMMENT = '用戶菜單表'
ROW_FORMAT= Compact; -- ---------------------------- -- Records of sys_user_menu
-- ---------------------------- INSERT INTO `sys_user_menu` VALUES ('1', '1', '
1'); INSERT INTO `sys_user_menu` VALUES ('10', '3', '6'); INSERT INTO
`sys_user_menu`VALUES ('11', '3', '7'); INSERT INTO `sys_user_menu` VALUES ('2',
'1', '2'); INSERT INTO `sys_user_menu` VALUES ('3', '1', '3'); INSERT INTO
`sys_user_menu`VALUES ('4', '1', '4'); INSERT INTO `sys_user_menu` VALUES ('41',
'1', '5'); INSERT INTO `sys_user_menu` VALUES ('42', '1', '6'); INSERT INTO
`sys_user_menu`VALUES ('43', '1', '7'); INSERT INTO `sys_user_menu` VALUES ('5',
'2', '1'); INSERT INTO `sys_user_menu` VALUES ('51', '2', '5'); INSERT INTO
`sys_user_menu`VALUES ('52', '2', '6'); INSERT INTO `sys_user_menu` VALUES ('53'
,'2', '7'); INSERT INTO `sys_user_menu` VALUES ('6', '2', '2'); INSERT INTO
`sys_user_menu`VALUES ('7', '2', '3'); INSERT INTO `sys_user_menu` VALUES ('8',
'2', '4'); INSERT INTO `sys_user_menu` VALUES ('9', '3', '5'); SET
FOREIGN_KEY_CHECKS= 1;
用戶快捷菜單表
SET NAMES utf8mb4; SET FOREIGN_KEY_CHECKS = 0; -- ----------------------------
-- Table structure for sys_shortcut_menu -- ---------------------------- DROP
TABLE IF EXISTS `sys_shortcut_menu`; CREATE TABLE `sys_shortcut_menu` (
`shortcut_menu_id`varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NOT
NULL COMMENT '用戶快捷菜單id', `shortcut_menu_name` varchar(255) CHARACTER SET utf8
COLLATE utf8_general_ciNOT NULL COMMENT '用戶快捷菜單名稱', `shortcut_menu_path` varchar
(255) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL COMMENT '用戶快捷菜單路徑', `
user_id` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL
COMMENT'用戶id', `shortcut_menu_parent_id` varchar(255) CHARACTER SET utf8
COLLATE utf8_general_ciNULL DEFAULT NULL COMMENT '上級(jí)id', PRIMARY KEY
(`shortcut_menu_id`) USING BTREE ) ENGINE= InnoDB CHARACTER SET = utf8 COLLATE =
utf8_general_ci COMMENT= '用戶快捷菜單表' ROW_FORMAT = Compact; --
---------------------------- -- Records of sys_shortcut_menu --
---------------------------- INSERT INTO `sys_shortcut_menu` VALUES ('s1', '百度',
'https://www.baidu.com', '2', NULL); INSERT INTO `sys_shortcut_menu` VALUES ('s2
', 'layui', 'https://www.layui.com/', '3', NULL); SET FOREIGN_KEY_CHECKS = 1;
大家可能會(huì)發(fā)現(xiàn)我們的系統(tǒng)用戶表有很多字段,又是限制IP地址��、又是限制Mac地址����,這是基于安全性考慮����,系統(tǒng)可以能會(huì)限制用戶的登錄地址,?這些字段都是一下安全性方面相關(guān)�,但在這個(gè)例子了我并沒(méi)有實(shí)現(xiàn)這些功能,大家可以沿著我的這個(gè)思路實(shí)現(xiàn)一下系統(tǒng)安全性功能
?
maven引包
Spring Boot提供了一個(gè)spring-boot-starter-security啟動(dòng)程序�����,它將Spring
Security相關(guān)的依賴項(xiàng)聚合在一起��,使用maven引入
<!-- security安全校驗(yàn) --> <dependency> <groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId> </dependency>
生成后臺(tái)代碼
引好包后���,使用我們的通用后臺(tái)接口與代碼自動(dòng)生成工具�,運(yùn)行main方法直接生成這六個(gè)表的后臺(tái)代碼(不知道怎么操作的請(qǐng)看我之前的博客:
SpringBoot系列——Spring-Data-JPA(究極進(jìn)化版) 自動(dòng)生成單表基礎(chǔ)增、刪���、改����、查接口
<https://www.cnblogs.com/huanzi-qch/p/10281773.html>)
?
核心配置
核心配置在SecurityConfig
由此也擴(kuò)展出了用戶認(rèn)證處理�、密碼處理、登錄成功處理��、登錄失敗處理�����、驗(yàn)證碼處理����、errorPage處理,這些我就不貼出來(lái)了�����,大家自己去看代碼
package cn.huanzi.qch.springbootsecurity.config; import
org.springframework.beans.factory.annotation.Autowired;import
org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import
org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import
org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import
org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
@EnableWebSecuritypublic class SecurityConfig extends
WebSecurityConfigurerAdapter { @Autowiredprivate CaptchaFilterConfig
captchaFilterConfig; @Autowiredprivate UserConfig userConfig; @Autowired private
PasswordConfig passwordConfig; @Autowiredprivate LoginFailureHandlerConfig
loginFailureHandlerConfig; @Autowiredprivate LoginSuccessHandlerConfig
loginSuccessHandlerConfig; @Overrideprotected void
configure(AuthenticationManagerBuilder auth)throws Exception { auth //用戶認(rèn)證處理
.userDetailsService(userConfig)//密碼處理 .passwordEncoder(passwordConfig); }
@Overrideprotected void configure(HttpSecurity http) throws Exception { http //
關(guān)閉csrf防護(hù) .csrf().disable() .headers().frameOptions().disable() .and() //
定制url訪問(wèn)權(quán)限 .authorizeRequests() .antMatchers("/layui/**", "/css/**", "/js/**",
"/images/**", "/webjars/**", "/getVerifyCodeImage").permitAll() //
系統(tǒng)相關(guān)����、非業(yè)務(wù)接口只能是管理員以上有權(quán)限�����,例如獲取系統(tǒng)權(quán)限接口��、系統(tǒng)用戶接口��、系統(tǒng)菜單接口�、以及用戶與權(quán)限�、菜單關(guān)聯(lián)接口
.antMatchers("/sysUser/**","/sysAuthority/**","/sysMenu/**","/sysUserAuthority/**","/sysUserMenu/**").hasAnyAuthority("ROLE_ADMIN","ROLE_SA"
)//admin接口測(cè)試 .antMatchers("/admin/**").hasAnyAuthority("ROLE_ADMIN","ROLE_SA")
.anyRequest().authenticated() .and()//登錄處理
.addFilterBefore(captchaFilterConfig, UsernamePasswordAuthenticationFilter.class
) .formLogin() .loginProcessingUrl("/login") .loginPage("/loginPage")
.failureHandler(loginFailureHandlerConfig)
.successHandler(loginSuccessHandlerConfig) .permitAll() .and()//登出處理 .logout()
.logoutUrl("/logout") .logoutSuccessUrl("/loginPage") .permitAll() ; } }
SecurityConfig.java
后記
? 這只是一個(gè)簡(jiǎn)單的演示,數(shù)據(jù)都是直接在數(shù)據(jù)庫(kù)插入的�,應(yīng)該做成在頁(yè)面進(jìn)行管理,比如:
更多的功能我就不展開(kāi)了���,大家直接進(jìn)行擴(kuò)展,本文就記錄到這�,有什么問(wèn)題以后再進(jìn)行補(bǔ)充,具體的代碼已經(jīng)放到GitHub�����、碼云上了����,SQL文件我也放在了里面���,
?
大家可以搞下來(lái)跑一下,有什么建議或者問(wèn)題都可以評(píng)論留言
?
代碼開(kāi)源
代碼已經(jīng)開(kāi)源����、托管到我的GitHub、碼云:
GitHub:https://github.com/huanzi-qch/springBoot
<https://github.com/huanzi-qch/springBoot>
碼云:https://gitee.com/huanzi-qch/springBoot
<https://gitee.com/huanzi-qch/springBoot>
