查询数据库认证权限(未自定义页面)
整合mybatis-plus 完成数据库操作
1.引入相关依赖
再父工程中 增加 mybatis-plus lombok mysql 相关依赖及版本号
<dependencyManagement><dependencies><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-dependencies</artifactId><version>2.6.7</version><scope>import</scope><type>pom</type></dependency><!--引入mysql --><dependency><groupId>mysql</groupId><artifactId>mysql-connector-java</artifactId><version>8.0.28</version></dependency><!--引入 lombok --><dependency><groupId>org.projectlombok</groupId><artifactId>lombok</artifactId><version>1.18.24</version></dependency></dependencies></dependencyManagement>
再子项目中 引入
<dependencies><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-web</artifactId></dependency><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-security</artifactId></dependency><dependency><groupId>com.baomidou</groupId><artifactId>mybatis-plus-boot-starter</artifactId><version>3.4.2</version></dependency><dependency><groupId>mysql</groupId><artifactId>mysql-connector-java</artifactId></dependency><dependency><groupId>org.projectlombok</groupId><artifactId>lombok</artifactId></dependency></dependencies>2.创建表 user_info
3.创建实体类
package com.entity;import lombok.AllArgsConstructor;import lombok.Data;import lombok.NoArgsConstructor;@Data@NoArgsConstructor@AllArgsConstructorpublic class UserInfo {private Integer id;private String name;private String pwd;private String email;private String tel;}4.整合mybatis-plus ,创建接口 继承 BaseMapper
package com.mapper;import com.baomidou.mybatisplus.core.mapper.BaseMapper;import com.entity.UserInfo;public interface UserInfoMapper extends BaseMapper<UserInfo> {}5.创建service 即UserDetailsService 接口实现类
package com.service;import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;import com.entity.UserInfo;import com.mapper.UserInfoMapper;import org.springframework.beans.factory.annotation.Autowired;import org.springframework.security.core.GrantedAuthority;import org.springframework.security.core.authority.AuthorityUtils;import org.springframework.security.core.userdetails.User;import org.springframework.security.core.userdetails.UserDetails;import org.springframework.security.core.userdetails.UserDetailsService;import org.springframework.security.core.userdetails.UsernameNotFoundException;import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;import org.springframework.stereotype.Service;import java.util.ArrayList;import java.util.List;@Service("userDetailsService")public class MyUserDetailsService implements UserDetailsService {@Autowiredprivate UserInfoMapper userInfoMapper;@Overridepublic UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {//根据用户名 查询QueryWrapper<UserInfo> wrapper=new QueryWrapper<>();wrapper.eq("name",username); //查询 name列 的值 为 username的 数据UserInfo info = userInfoMapper.selectOne(wrapper);//判断if(info==null){ //没有用户 验证失败throw new UsernameNotFoundException("用户名不存在");}List<GrantedAuthority> list = AuthorityUtils.commaSeparatedStringToAuthorityList("admin");//返回数据库的用户名及密码return new User(info.getName(), new BCryptPasswordEncoder().encode(info.getPwd()),list);}}6. 再启动类增加 mapperscan 或 再 4的接口增加@Mapper
package com;import org.mybatis.spring.annotation.MapperScan;import org.springframework.boot.SpringApplication;import org.springframework.boot.autoconfigure.SpringBootApplication;@SpringBootApplication@MapperScan(basePackages = "com.mapper") //扫描mapper接口public class SSApp {public static void main(String[] args) {SpringApplication.run(SSApp.class,args);}}7.数据库配置
spring:datasource:driver-class-name: com.mysql.cj.jdbc.Driverurl: jdbc:mysql://localhost:3306/ssmusername: rootpassword: 自己的密码
启动项目 , 输入 错误的用户名及密码 显示
输入 正确的用户名与密码 即可 看到页面
查询数据库认证权限(自定义页面)
上面的内容 登录均采用 secutity的登录页面,而且经过认证才可以访问controller,
其实 可以自定义登陆页面 及 不需要认证也可以访问controller
下面 我们继续学习
1.在 配置类中 编写配置
重写protected void configure(HttpSecurity http) throws Exception 方法
package com.config;import org.springframework.beans.factory.annotation.Autowired;import org.springframework.context.annotation.Bean;import org.springframework.context.annotation.Configuration;import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;import org.springframework.security.config.annotation.web.builders.HttpSecurity;import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;import org.springframework.security.core.userdetails.UserDetailsService;import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;import org.springframework.security.crypto.password.PasswordEncoder;@Configuration //配置类public class SecurityConfig extends WebSecurityConfigurerAdapter {@AutowiredUserDetailsService userDetailsService;@Overrideprotected void configure(AuthenticationManagerBuilder auth) throws Exception {auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());}@BeanPasswordEncoder passwordEncoder(){return new BCryptPasswordEncoder();}@Overrideprotected void configure(HttpSecurity http) throws Exception {http.formLogin().loginPage("/login.html") // 自定义登录页面.loginProcessingUrl("/user/login") //登录访问路径.defaultSuccessUrl("/test/index").permitAll() //登录成功后 跳转路径.and().authorizeRequests().antMatchers("/","/user/login","/test/add").permitAll() //设置哪些路径可以不认证 直接访问.anyRequest().authenticated().and().csrf().disable() ; // 关闭csrf的防护}}2.编写页面及controller
在 resources下 建立static ,并创建 login.html
注意: 页面中 input的 名字 必须 为 username与password , 因为 security中过滤器 会 使用 这个参数名获取
form的action 的值 与 配置类的中 登录访问路径一致
<form action="/user/login" method="post"><input type="text" name="username" placeholder="输入用户名"/><br/><input type="password" name="password" placeholder="输入密码"/><br/><input type="submit" value="注册"/></form> @RestController@RequestMapping("/test")public class TestController {@GetMapping("/index") -----------------增加内容 配置类中配置 /test/indexpublic String index(){return "hello index";}@GetMapping("/add")public String add(){return "hello security";}}启动 运行
在地址栏输入: http://localhost:8080/test/index 则进入到登录页面
在上面的页面上 输入正确的 用户名及密码 , 可以进入页面
