Spring boot集成Spring security
本篇是使用spring security集成cas,因此,先得集成spring security
新建一个Spring boot项目,加入maven依赖,我这里是用的架构是Spring boot2.0.4+Spring mvc+Spring data jpa+Spring security5
pom.xml:
1 <?xml version="1.0" encoding="UTF-8"?> 2 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 3 xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> 4 <modelVersion>4.0.0</modelVersion> 5 6 <groupId>com.cas.client1</groupId> 7 <artifactId>cas-client1</artifactId> 8 <version>0.0.1-SNAPSHOT</version> 9 <packaging>jar</packaging> 10 11 <name>cas-client1</name> 12 <description>Demo project for Spring Boot</description> 13 14 <parent> 15 <groupId>org.springframework.boot</groupId> 16 <artifactId>spring-boot-starter-parent</artifactId> 17 <version>2.0.4.RELEASE</version> 18 <relativePath/> <!-- lookup parent from repository --> 19 </parent> 20 21 <properties> 22 <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> 23 <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding> 24 <java.version>1.8</java.version> 25 </properties> 26 27 <dependencies> 28 <dependency> 29 <groupId>org.springframework.boot</groupId> 30 <artifactId>spring-boot-starter-web</artifactId> 31 </dependency> 32 <dependency> 33 <groupId>org.springframework.boot</groupId> 34 <artifactId>spring-boot-starter-thymeleaf</artifactId> 35 </dependency> 36 37 <dependency> 38 <groupId>org.springframework.boot</groupId> 39 <artifactId>spring-boot-starter-tomcat</artifactId> 40 <scope>provided</scope> 41 </dependency> 42 <dependency> 43 <groupId>junit</groupId> 44 <artifactId>junit</artifactId> 45 <version>4.12</version> 46 <scope>test</scope> 47 </dependency> 48 <dependency> 49 <groupId>org.springframework.boot</groupId> 50 <artifactId>spring-boot-starter-test</artifactId> 51 <scope>test</scope> 52 </dependency> 53 <dependency> 54 <groupId>org.springframework.boot</groupId> 55 <artifactId>spring-boot-starter-security</artifactId> 56 </dependency> 57 <dependency> 58 <groupId>org.springframework.security</groupId> 59 <artifactId>spring-security-test</artifactId> 60 <scope>test</scope> 61 </dependency> 62 <!-- security taglibs --> 63 <dependency> 64 <groupId>org.springframework.security</groupId> 65 <artifactId>spring-security-taglibs</artifactId> 66 </dependency> 67 <dependency> 68 <groupId>org.springframework.security.oauth</groupId> 69 <artifactId>spring-security-oauth2</artifactId> 70 <version>RELEASE</version> 71 </dependency> 72 <dependency> 73 <groupId>org.springframework.boot</groupId> 74 <artifactId>spring-boot-starter-data-jpa</artifactId> 75 </dependency> 76 <dependency> 77 <groupId>org.springframework.boot</groupId> 78 <artifactId>spring-boot-starter-jdbc</artifactId> 79 </dependency> 80 <dependency> 81 <groupId>mysql</groupId> 82 <artifactId>mysql-connector-java</artifactId> 83 <version>5.1.46</version> 84 </dependency> 85 <!-- https://mvnrepository.com/artifact/com.alibaba/druid-spring-boot-starter --> 86 <dependency> 87 <groupId>com.alibaba</groupId> 88 <artifactId>druid-spring-boot-starter</artifactId> 89 <version>1.1.10</version> 90 </dependency> 91 <dependency> 92 <groupId>org.springframework.boot</groupId> 93 <artifactId>spring-boot</artifactId> 94 <version>2.0.2.RELEASE</version> 95 <scope>compile</scope> 96 </dependency> 97 </dependencies> 98 99 <build>100 <plugins>101 <plugin>102 <groupId>org.springframework.boot</groupId>103 <artifactId>spring-boot-maven-plugin</artifactId>104 </plugin>105 </plugins>106 </build>107 108 109 </project>
application.properties:
1 server.port=8083 2 #静态文件访问存放地址 3 spring.resources.static-locations=classpath:/html/ 4 # thymeleaf 模板存放地址 5 spring.thymeleaf.prefix=classpath:/html/ 6 spring.thymeleaf.suffix=.html 7 spring.thymeleaf.mode=LEGACYHTML5 8 spring.thymeleaf.encoding=UTF-8 9 10 # JDBC 配置(驱动类自动从url的mysql识别,数据源类型自动识别)11 # 或spring.datasource.url=12 spring.datasource.druid.url=jdbc:mysql://localhost:3306/vhr?useUnicode=true&characterEncoding=UTF813 # 或spring.datasource.username=14 spring.datasource.druid.username=root15 # 或spring.datasource.password=16 spring.datasource.druid.password=123417 #或 spring.datasource.driver-class-name=18 #spring.datasource.druid.driver-class-name=com.mysql.jdbc.Driver19 20 #连接池配置(通常来说,只需要修改initialSize、minIdle、maxActive21 # 如果用Oracle,则把poolPreparedStatements配置为true,mysql可以配置为false。分库分表较多的数据库,建议配置为false。removeabandoned不建议在生产环境中打开如果用SQL Server,建议追加配置)22 spring.datasource.druid.initial-size=123 spring.datasource.druid.max-active=2024 spring.datasource.druid.min-idle=125 # 配置获取连接等待超时的时间26 spring.datasource.druid.max-wait=6000027 #打开PSCache,并且指定每个连接上PSCache的大小28 spring.datasource.druid.pool-prepared-statements=true29 spring.datasource.druid.max-pool-prepared-statement-per-connection-size=2030 #spring.datasource.druid.max-open-prepared-statements=和上面的等价31 spring.datasource.druid.validation-query=SELECT 'x'32 #spring.datasource.druid.validation-query-timeout=33 spring.datasource.druid.test-on-borrow=false34 spring.datasource.druid.test-on-return=false35 spring.datasource.druid.test-while-idle=true36 #配置间隔多久才进行一次检测,检测需要关闭的空闲连接,单位是毫秒37 spring.datasource.druid.time-between-eviction-runs-millis=6000038 #配置一个连接在池中最小生存的时间,单位是毫秒39 spring.datasource.druid.min-evictable-idle-time-millis=30000040 #spring.datasource.druid.max-evictable-idle-time-millis=41 #配置多个英文逗号分隔42 #spring.datasource.druid.filters= stat43 44 # WebStatFilter配置,说明请参考Druid Wiki,配置_配置WebStatFilter45 #是否启用StatFilter默认值true46 spring.datasource.druid.web-stat-filter.enabled=true47 spring.datasource.druid.web-stat-filter.url-pattern=/*48 spring.datasource.druid.web-stat-filter.exclusions=*.js,*.gif,*.jpg,*.png,*.css,*.ico,/druid/*49 spring.datasource.druid.web-stat-filter.session-stat-enable=false50 spring.datasource.druid.web-stat-filter.session-stat-max-count=100051 spring.datasource.druid.web-stat-filter.principal-session-name=admin52 spring.datasource.druid.web-stat-filter.principal-cookie-name=admin53 spring.datasource.druid.web-stat-filter.profile-enable=true54 55 # StatViewServlet配置56 #展示Druid的统计信息,StatViewServlet的用途包括:1.提供监控信息展示的html页面2.提供监控信息的JSON API57 #是否启用StatViewServlet默认值true58 spring.datasource.druid.stat-view-servlet.enabled=true59 spring.datasource.druid.stat-view-servlet.url-pattern=/druid/*60 61 62 # JPA config63 spring.jpa.database=mysql64 spring.jpa.hibernate.ddl-auto=update65 spring.jpa.show-sql=true66 spring.jpa.generate-ddl=true67 spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.MySQL5Dialect68 spring.jpa.open-in-view=true69 # 解决jpa no session的问题70 spring.jpa.properties.hibernate.enable_lazy_load_no_trans=true
这里使用数据库存储角色权限信息,分三种实体:用户;角色;资源;用户对角色多对多;角色对资源多对多
创建几个实体类:
用户:这里直接使用用户持久化对象实现Spring security要求的UserDetails接口,并实现对应方法
1 package com.cas.client1.entity; 2 3 import org.springframework.security.core.GrantedAuthority; 4 import org.springframework.security.core.userdetails.UserDetails; 5 import org.springframework.util.CollectionUtils; 6 7 import javax.persistence.*; 8 import java.util.ArrayList; 9 import java.util.Collection; 10 import java.util.List; 11 12 @Entity 13 @Table(name = "s_user") 14 public class User implements UserDetails { 15 @Id 16 private String id; 17 @Column(name = "username") 18 private String username; 19 @Column(name = "password") 20 private String password; 21 22 @ManyToMany(fetch = FetchType.LAZY) 23 @JoinTable( 24 name = "s_user_role", 25 joinColumns = @JoinColumn(name = "user_id"), 26 inverseJoinColumns = @JoinColumn(name = "role_id") 27 ) 28 private List<Role> roles; 29 30 public User() { 31 } 32 33 public User(String id, String username, String password) { 34 this.id = id; 35 this.username = username; 36 this.password = password; 37 } 38 39 public String getId() { 40 return id; 41 } 42 43 public void setId(String id) { 44 this.id = id; 45 } 46 47 public List<Role> getRoles() { 48 return roles; 49 } 50 51 public void setRoles(List<Role> roles) { 52 this.roles = roles; 53 } 54 55 @Override 56 public String getUsername() { 57 return username; 58 } 59 60 @Override 61 public boolean isAccountNonExpired() { 62 return true; 63 } 64 65 @Override 66 public boolean isAccountNonLocked() { 67 return true; 68 } 69 70 @Override 71 public boolean isCredentialsNonExpired() { 72 return true; 73 } 74 75 @Override 76 public boolean isEnabled() { 77 return true; 78 } 79 80 public void setUsername(String username) { 81 this.username = username; 82 } 83 84 @Transient 85 List<GrantedAuthority> grantedAuthorities=new ArrayList<>(); 86 @Override 87 public Collection<? extends GrantedAuthority> getAuthorities() { 88 if (grantedAuthorities.size()==0){ 89 if (!CollectionUtils.isEmpty(roles)){ 90 for (Role role:roles){ 91 List<Resource> resources = role.getResources(); 92 if (!CollectionUtils.isEmpty(resources)){ 93 for (Resource resource:resources){ 94 grantedAuthorities.add(new SimpleGrantedAuthority(resource.getResCode())); 95 } 96 } 97 } 98 } 99 grantedAuthorities.add(new SimpleGrantedAuthority("AUTH_0"));100 }101 return grantedAuthorities;102 }103 @Override104 public String getPassword() {105 return password;106 }107 108 public void setPassword(String password) {109 this.password = password;110 }111 }
注意看这里:
扫描二维码关注公众号,回复:
2926624 查看本文章
我给每一位登录的用户都授予了AUTH_0的权限,AUTH_0在下面的SecurityMetaDataSource里被关联的url为:/**,也就是说除开那些机密程度更高的,这个登录用户能访问所有资源
角色:
1 package com.cas.client1.entity; 2 3 import javax.persistence.*; 4 import java.util.List; 5 6 /** 7 * @author Administrator 8 */ 9 @Entity10 @Table(name = "s_role")11 public class Role {12 @Id13 @Column(name = "id")14 private String id;15 @Column(name = "role_name")16 private String roleName;17 18 @ManyToMany(fetch = FetchType.LAZY)19 @JoinTable(20 name = "s_role_res",21 joinColumns = @JoinColumn(name = "role_id"),22 inverseJoinColumns = @JoinColumn(name = "res_id")23 )24 private List<Resource> resources;25 @ManyToMany(fetch = FetchType.LAZY)26 @JoinTable(27 name = "s_user_role",28 joinColumns = @JoinColumn(name = "role_id"),29 inverseJoinColumns = @JoinColumn(name = "user_id")30 )31 private List<User> users;32 33 public String getId() {34 return id;35 }36 37 public void setId(String id) {38 this.id = id;39 }40 41 public String getRoleName() {42 return roleName;43 }44 45 public void setRoleName(String roleName) {46 this.roleName = roleName;47 }48 49 public List<Resource> getResources() {50 return resources;51 }52 53 public void setResources(List<Resource> resources) {54 this.resources = resources;55 }56 57 public List<User> getUsers() {58 return users;59 }60 61 public void setUsers(List<User> users) {62 this.users = users;63 }64 }
权限:
1 package com.cas.client1.entity; 2 3 import javax.persistence.Column; 4 import javax.persistence.Entity; 5 import javax.persistence.Id; 6 import javax.persistence.Table; 7 8 @Entity 9 @Table(name = "s_resource")10 public class Resource {11 @Id12 @Column(name = "id")13 private String id;14 @Column(name = "res_name")15 private String resName;16 @Column(name = "res_code")17 private String resCode;18 @Column(name = "url")19 private String url;20 @Column(name = "priority")21 private String priority;22 23 public String getId() {24 return id;25 }26 27 public void setId(String id) {28 this.id = id;29 }30 31 public String getResName() {32 return resName;33 }34 35 public void setResName(String resName) {36 this.resName = resName;37 }38 39 public String getResCode() {40 return resCode;41 }42 43 public void setResCode(String resCode) {44 this.resCode = resCode;45 }46 47 public String getUrl() {48 return url;49 }50 51 public void setUrl(String url) {52 this.url = url;53 }54 55 public String getPriority() {56 return priority;57 }58 59 public void setPriority(String priority) {60 this.priority = priority;61 }62 }
建立几个DAO
UserDao:
1 package com.cas.client1.dao; 2 3 import com.cas.client1.entity.User; 4 import org.springframework.data.jpa.repository.JpaRepository; 5 import org.springframework.data.jpa.repository.Query; 6 import org.springframework.data.repository.query.Param; 7 import org.springframework.stereotype.Repository; 8 9 import java.util.List;10 11 @Repository12 public interface UserDao extends JpaRepository<User,String> {13 @Override14 List<User> findAll();15 16 List<User> findByUsername(String username);17 18 /**19 * 根据用户名like查询20 * @param username21 * @return22 */23 List<User> getUserByUsernameContains(String username);24 25 @Query("from User where id=:id")26 User getUserById(@Param("id") String id);27 28 }
ResourceDao:
1 package com.cas.client1.dao; 2 3 import com.cas.client1.entity.Resource; 4 import org.springframework.data.jpa.repository.JpaRepository; 5 import org.springframework.data.jpa.repository.Query; 6 import org.springframework.stereotype.Repository; 7 8 import java.util.List; 9 10 /**11 * @author Administrator12 */13 @Repository14 public interface ResourceDao extends JpaRepository<Resource,String> {15 16 @Query("from Resource order by priority")17 List<Resource> getAllResource();18 }
SPRING BOOT SECURITY权限管理集成CAS单点登录