SpringBoot整合SpringSecurity简单实现登入登出从零搭建教程

   4.0.0com.wuxicloudspring-security-login1.0 org.springframework.bootspring-boot-starter-parent1.5.6.RELEASE EalenXieSpringBoot整合SpringSecurity实现简单登入登出  org.springframework.bootspring-boot-starter org.springframework.bootspring-boot-starter-web org.springframework.bootspring-boot-starter-data-jpa org.springframework.bootspring-boot-starter-test org.springframework.bootspring-boot-starter-security org.springframework.bootspring-boot-starter-freemarker org.springframework.bootspring-boot-starter-aop com.alibabadruid1.0.24 com.alibabafastjson1.2.31 mysqlmysql-connector-javaruntime

 DROP TABLE IF EXISTS `user`; CREATE TABLE `user` ( `id` int(11) NOT NULL AUTO_INCREMENT, `user_uuid` varchar(70) CHARACTER SET utf8 COLLATE utf8_general_ci DEFAULT NULL, `username` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci DEFAULT NULL, `password` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci DEFAULT NULL, `email` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci DEFAULT NULL, `telephone` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci DEFAULT NULL, `role` int(10) DEFAULT NULL, `image` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci DEFAULT NULL, `last_ip` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci DEFAULT NULL, `last_time` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci DEFAULT NULL, PRIMARY KEY (`id`) USING BTREE ) ENGINE = InnoDB AUTO_INCREMENT = 2 CHARACTER SET = utf8 COLLATE = utf8_general_ci ROW_FORMAT = Compact; SET FOREIGN_KEY_CHECKS = 1;

 import javax.persistence.*; /** * Created by EalenXie on 2018/7/5 15:17 */ @Entity @Table(name = "USER") public class User { @Id @GeneratedValue(strategy = GenerationType.AUTO) private Integer id; private String user_uuid; //用户UUID private String username; //用户名 private String password; //用户密码 private String email; //用户邮箱 private String telephone; //电话号码 private String role; //用户角色 private String image; //用户头像 private String last_ip; //上次登录IP private String last_time; //上次登录时间 public Integer getId() { return id; } public String getRole() { return role; } public void setRole(String role) { this.role = role; } public String getImage() { return image; } public void setImage(String image) { this.image = image; } public void setId(Integer id) { this.id = id; } public String getUsername() { return username; } public void setUsername(String username) { this.username = username; } public String getEmail() { return email; } public void setEmail(String email) { this.email = email; } public String getTelephone() { return telephone; } public void setTelephone(String telephone) { this.telephOne= telephone; } public String getPassword() { return password; } public void setPassword(String password) { this.password = password; } public String getUser_uuid() { return user_uuid; } public void setUser_uuid(String user_uuid) { this.user_uuid = user_uuid; } public String getLast_ip() { return last_ip; } public void setLast_ip(String last_ip) { this.last_ip = last_ip; } public String getLast_time() { return last_time; } public void setLast_time(String last_time) { this.last_time = last_time; } @Override public String toString() { return "User{" + "id=" + id + ", user_uuid=&＃039;" + user_uuid + &＃039;\&＃039;&＃039; + ", username=&＃039;" + username + &＃039;\&＃039;&＃039; + ", password=&＃039;" + password + &＃039;\&＃039;&＃039; + ", email=&＃039;" + email + &＃039;\&＃039;&＃039; + ", telephOne=&＃039;" + telephone + &＃039;\&＃039;&＃039; + ", role=&＃039;" + role + &＃039;\&＃039;&＃039; + ", image=&＃039;" + image + &＃039;\&＃039;&＃039; + ", last_ip=&＃039;" + last_ip + &＃039;\&＃039;&＃039; + ", last_time=&＃039;" + last_time + &＃039;\&＃039;&＃039; + &＃039;}&＃039;; } }

 spring: resources: static-locations: classpath:/ freemarker: template-loader-path: classpath:/templates/ suffix: .html content-type: text/html charset: UTF-8 datasource: url: jdbc:mysql://localhost:3306/yourdatabase username: yourname password: yourpass driver-class-name: com.mysql.jdbc.Driver type: com.alibaba.druid.pool.DruidDataSource server: port: 8083 error: whitelabel: enabled: true

 package com.wuxicloud.config; import com.alibaba.druid.pool.DruidDataSource; import com.alibaba.druid.pool.DruidDataSourceFactory; import com.alibaba.druid.support.http.StatViewServlet; import com.alibaba.druid.support.http.WebStatFilter; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.context.properties.ConfigurationProperties; import org.springframework.boot.web.servlet.FilterRegistrationBean; import org.springframework.boot.web.servlet.ServletRegistrationBean; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.core.env.*; import javax.sql.DataSource; import java.util.HashMap; import java.util.Map; import java.util.Properties; @Configuration public class DruidConfig { private static final String DB_PREFIX = "spring.datasource."; @Autowired private Environment environment; @Bean @ConfigurationProperties(prefix = DB_PREFIX) public DataSource druidDataSource() { Properties dbProperties = new Properties(); Map map = new HashMap(); for (PropertySource propertySource : ((AbstractEnvironment) environment).getPropertySources()) { getPropertiesFromSource(propertySource, map); } dbProperties.putAll(map); DruidDataSource dds; try { dds = (DruidDataSource) DruidDataSourceFactory.createDataSource(dbProperties); dds.init(); } catch (Exception e) { throw new RuntimeException("load datasource error, dbProperties is :" + dbProperties, e); } return dds; } private void getPropertiesFromSource(PropertySource propertySource, Map map) { if (propertySource instanceof MapPropertySource) { for (String key : ((MapPropertySource) propertySource).getPropertyNames()) { if (key.startsWith(DB_PREFIX)) map.put(key.replaceFirst(DB_PREFIX, ""), propertySource.getProperty(key)); else if (key.startsWith(DB_PREFIX)) map.put(key.replaceFirst(DB_PREFIX, ""), propertySource.getProperty(key)); } } if (propertySource instanceof CompositePropertySource) { for (Prop[email protected]#码网ertySource s : ((CompositePropertySource) propertySource).getPropertySources()) { getPropertiesFromSource(s, map); } } } @Bean public ServletRegistrationBean druidServlet() { return new ServletRegistrationBean(new StatViewServlet(), "/druid/*"); } @Bean public FilterRegistrationBean filterRegistrationBean() { FilterRegistrationBean filterRegistratiOnBean= new FilterRegistrationBean(); filterRegistrationBean.setFilter(new WebStatFilter()); filterRegistrationBean.addUrlPatterns("/*"); filterRegistrationBean.addInitParameter("exclusions", "*.js,*.gif,*.jpg-600,*.png-600,*.css,*.ico,/druid/*"); return filterRegistrationBean; } }

 package com.wuxicloud.config; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.scheduling.annotation.EnableAsync; import org.springframework.scheduling.concurrent.ThreadPoolTaskExecutor; import java.util.concurrent.Executor; import java.util.concurrent.ThreadPoolExecutor; @Configuration @EnableAsync public class ThreadPoolConfig { @Bean public Executor getExecutor() { ThreadPoolTaskExecutor executor = new ThreadPoolTaskExecutor(); executor.setCorePoolSize(5);//线程池维护线程的最少数量 executor.setMaxPoolSize(30);//线程池维护线程的最大数量 executor.setQueueCapacity(8); //缓存队列 executor.setRejectedExecutionHandler(new ThreadPoolExecutor.CallerRunsPolicy()); //对拒绝task的处理策略 executor.setKeepAliveSeconds(60);//允许的空闲时间 executor.initialize(); return executor; } }

 import com.wuxicloud.model.User; import org.springframework.data.jpa.repository.JpaRepository; /** * Created by EalenXie on 2018/7/11 14:23 */ public interface UserRepository extends JpaRepository { User findByUsername(String username); }

 package com.wuxicloud.security; import com.wuxicloud.model.User; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.core.userdetails.UserDetails; import java.util.ArrayList; import java.util.Collection; public class SecurityUser extends User implements UserDetails { private static final long serialVersiOnUID= 1L; public SecurityUser(User user) { if (user != null) { this.setUser_uuid(user.getUser_uuid()); this.setUsername(user.getUsername()); this.setPassword(user.getPassword()); this.setEmail(user.getEmail()); this.setTelephone(user.getTelephone()); this.setRole(user.getRole()); this.setImage(user.getImage()); this.setLast_ip(user.getLast_ip()); this.setLast_time(user.getLast_time()); } } @Override public Collection getAuthorities() { Collection authorities = new ArrayList(); String username = this.getUsername(); if (username != null) { SimpleGrantedAuthority authority = new SimpleGrantedAuthority(username); authorities.add(authority); } return authorities; } @Override public boolean isAccountNonExpired() { return true; } @Override public boolean isAccountNonLocked() { return true; } @Override public boolean isCredentialsNonExpired() { return true; } @Override public boolean isEnabled() { return true; } }

 package com.wuxicloud.config; import com.wuxicloud.dao.UserRepository; import com.wuxicloud.model.User; import com.wuxicloud.security.SecurityUser; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.core.Authentication; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UsernameNotFoundException; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler; import org.springframework.security.web.authentication.logout.LogoutSuccessHandler; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; /** * Created by EalenXie on 2018/1/11. */ @Configuration @EnableWebSecurity public class WebSecurityConfig extends WebSecurityConfigurerAdapter { private static final Logger logger = LoggerFactory.getLogger(WebSecurityConfig.class); @Override protected void configure(HttpSecurity http) throws Exception { //配置策略 http.csrf().disable(); http.authorizeRequests(). antMatchers("/static/**").permitAll().anyRequest().authenticated(). and().formLogin().loginPage("/login").permitAll().successHandler(loginSuccessHandler()). and().logout().permitAll().invalidateHttpSession(true). deleteCOOKIEs("JSESSIONID").logoutSuccessHandler(logoutSuccessHandler()). and().sessionManagement().maximumSessions(10).expiredUrl("/login"); } @Autowired public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { auth.userDetailsService(userDetailsService()).passwordEncoder(passwordEncoder()); auth.eraseCredentials(false); } @Bean public BCryptPasswordEncoder passwordEncoder() { //密码加密 return new BCryptPasswordEncoder(4); } @Bean public LogoutSuccessHandler logoutSuccessHandler() { //登出处理 return new LogoutSuccessHandler() { @Override public void onLogoutSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException { try { SecurityUser user = (SecurityUser) authentication.getPrincipal(); logger.info("USER : " + user.getUsername() + " LOGOUT SUCCESS ! "); } catch (Exception e) { logger.info("LOGOUT EXCEPTION , e : " + e.getMessage()); } httpServletResponse.sendRedirect("/login"); } }; } @Bean public SavedRequestAwareAuthenticationSuccessHandler loginSuccessHandler() { //登入处理 return new SavedRequestAwareAuthenticationSuccessHandler() { @Override public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException { User userDetails = (User) authentication.getPrincipal(); logger.info("USER : " + userDetails.getUsername() + " LOGIN SUCCESS ! "); super.onAuthenticationSuccess(request, response, authentication); } }; } @Bean public UserDetailsService userDetailsService() { //用户登录实现 return new UserDetailsService() { @Autowired private UserRepository userRepository; @Override public UserDetails loadUserByUsername(String s) throws UsernameNotFoundException { User user = userRepository.findByUsername(s); if (user == null) throw new UsernameNotFoundException("Username " + s + " not found"); return new SecurityUser(user); } }; } }

 package com.wuxicloud.web; import com.wuxicloud.model.User; import org.springframework.security.core.Authentication; import org.springframework.security.core.context.SecurityContext; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.context.request.RequestContextHolder; import org.springframework.web.context.request.ServletRequestAttributes; import javax.servlet.http.HttpServletRequest; /** * Created by EalenXie on 2018/1/11. */ @Controller public class LoginController { @RequestMapping(value = "/login", method = RequestMethod.GET) public String login() { return "login"; } @RequestMapping("/") public String root() { return "index"; } public User getUser() { //为了session从获取用户信息,可以配置如下 User user = new User(); SecurityContext ctx = SecurityContextHolder.getContext(); Authentication auth = ctx.getAuthentication(); if (auth.getPrincipal() instanceof UserDetails) user = (User) auth.getPrincipal(); return user; } public HttpServletRequest getRequest() { return ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest(); } }

 package com.wuxicloud; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; /** * Created by EalenXie on 2018/7/11 15:01 */ @SpringBootApplication public class Application { public static void main(String[] args) { SpringApplication.run(Application.class, args); } }

     用户名 :  密码 : 

    欢迎你,${user.username}
注销

 package com.wuxicloud.security; import org.junit.Test; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; /** * Created by EalenXie on 2018/7/11 15:13 */ public class TestEncoder { @Test public void encoder() { String password = "admin"; BCryptPasswordEncoder encoder = new BCryptPasswordEncoder(4); String enPassword = encoder.encode(password); System.out.println(enPassword); } }

 INSERT INTO `USER` VALUES (1, &＃039;d242ae49-4734-411e-8c8d-d2b09e87c3c8&＃039;, &＃039;EalenXie&＃039;, &＃039;$2a$04$petEXpgcLKfdLN4TYFxK0u8ryAzmZDHLASWLX/XXm8hgQar1C892W&＃039;, &＃039;SSSSS&＃039;, &＃039;ssssssssss&＃039;, 1, &＃039;g&＃039;, &＃039;0:0:0:0:0:0:0:1&＃039;, &＃039;2018-07-11 11:26:27&＃039;);