spring实战-Spring-security实现用户权限认证登录

第八篇：Spring-security实现用户权限认证登录

spring-security原本是Acegi Security组件，该组件是一个强大的安全框架，但是使用方式很繁琐，要配置几百行XML。集成进Spring后，就可以通过xml或者JavaConfig的方式，很容易的就实现了系统的集成。下面示例展示了通过JavaConfig的方式集成spring-security安全框架

1，实现AbstractSecurityWebApplicationInitializer，只用写好一个实现类就可以了，Spring系统会发现他，并用他在web容器中注册DelegetingFilterProxy。DelegetingFilterProxy会拦截发往应用中的请求。并将请求委托给一个ID为springSecurityFilterChain的bean，该bean可以连接一个或任意多个Filter，Spring security就是依赖着一系列servlet filter来提供不同的安全特性。这些细节我们不用管，当启用web安全性时，会自动创建这些filter。

package com.halfworlders.idat.security;

import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;

public class SecurityWebInitializer extends AbstractSecurityWebApplicationInitializer {
}

2，创建SecurityConfig

package com.halfworlders.idat.config;

import javax.sql.DataSource;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.password.StandardPasswordEncoder;

import com.halfworlders.idat.security.IdatUserDetailsService;
import com.halfworlders.idat.service.Userservice;

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
//	@Autowired
//	private DataSource dataSource;

@Autowired
private Userservice userservice;

@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
/*
* 可以通过内存设置的方式，来做用户登录验证，此种方式比较适合开发和测试阶段使用
*/
/*auth
.inMemoryAuthentication()
.withUser("admin")
.password("admin")
.roles("ADMIN");*/

/*
* 可以通过数据源设置的方式，直接基于数据库的验证，还可以设置密码加密，
* 但此种方式要求数据库的用户表结构必须符合spring-security的要求
* 一下配上sql
*/
/*auth
.jdbcAuthentication()
.dataSource(dataSource)
.passwordEncoder(new StandardPasswordEncoder("idatpwd"));*/

/*
* 最好的是基于UserDetailService的接口方式，这样spring-security并不知道系统通过什么样的方式来实现用户数据验证
* 开发人员可以在接口内以任意方式实现，增加了系统的灵活性
*/
auth.userDetailsService(new IdatUserDetailsService(userservice));
}
}

3，在TilesWebConfig中导入配置

@Configuration
@EnableWebMvc
@ComponentScan(basePackages = "com.halfworlders.idat.controller")
@Import(SecurityConfig.class)
public class TilesWebConfig extends WebMvcConfigurerAdapter {
。。。。。
}

只需这三步，就能轻松的启用了Spring security安全框架

另外再需要实现UserDetailsService

package com.halfworlders.idat.security;

import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;

import com.halfworlders.idat.service.Userservice;

public class IdatUserDetailsService implements UserDetailsService{

private final Userservice userservice;

public IdatUserDetailsService(Userservice userservice) {
this.userservice = userservice;
}
@Override
public UserDetails loadUserByUsername(String userName) throws UsernameNotFoundException {
User user = userservice.findUserByName(userName);
if (null != user) {
return user;
}
throw new UsernameNotFoundException("User name" + userName + "not find");
}

}

Use
ac7a
rService

package com.halfworlders.idat.service;

import org.springframework.security.core.userdetails.User;

public interface Userservice {
User findUserByName(String userName);
}

package com.halfworlders.idat.service.impl;

import java.util.ArrayList;
import java.util.List;

import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.stereotype.Service;

import com.halfworlders.idat.service.Userservice;

@Service
public class UserServiceImpl implements Userservice {

@Override
public User findUserByName(String userName) {
List<GrantedAuthority> grantedAuthorities = new ArrayList<GrantedAuthority>();
grantedAuthorities.add(new SimpleGrantedAuthority("ROLE_ADMIN"));
return new User(userName, "admin", grantedAuthorities);
}
}

mysql-sql

SET FOREIGN_KEY_CHECKS=0;

-- ----------------------------
-- Table structure for authorities
-- ----------------------------
DROP TABLE IF EXISTS `authorities`;
CREATE TABLE `authorities` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`username` varchar(20) DEFAULT NULL,
`authority` varchar(50) DEFAULT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=utf8;

-- ----------------------------
-- Table structure for groups
-- ----------------------------
DROP TABLE IF EXISTS `groups`;
CREATE TABLE `groups` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`groupName` varchar(50) DEFAULT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=3 DEFAULT CHARSET=utf8;

-- ----------------------------
-- Table structure for group_authorities
-- ----------------------------
DROP TABLE IF EXISTS `group_authorities`;
CREATE TABLE `group_authorities` (
`group_Id` int(11) NOT NULL AUTO_INCREMENT,
`authority` varchar(50) DEFAULT NULL,
PRIMARY KEY (`group_Id`)
) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=utf8;

-- ----------------------------
-- Table structure for group_members
-- ----------------------------
DROP TABLE IF EXISTS `group_members`;
CREATE TABLE `group_members` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`userName` varchar(20) DEFAULT NULL,
`group_Id` int(11) DEFAULT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=utf8;

-- ----------------------------
-- Table structure for users
-- ----------------------------
DROP TABLE IF EXISTS `users`;
CREATE TABLE `users` (
`id` int(8) NOT NULL AUTO_INCREMENT,
`userName` varchar(20) DEFAULT NULL,
`password` varchar(50) DEFAULT NULL,
`enabled` tinyint(4) DEFAULT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=utf8;