Shulou(Shulou.com)06/02 Report--

This article is to share with you about how Spring Security uses database login authentication and authorization, the editor thinks it is very practical, so I share it with you to learn. I hope you can get something after reading this article.

1. Set up the project environment 1. Create five RBAC tables

RBAC, that is, role-based permission access control (Role-Based Access Control), is that users associate with permissions through roles.

In this model, there is generally a many-to-many relationship between users and roles and between roles and permissions.

In the MySQL database, create the following tables:

DROP TABLE IF EXISTS sys_user CREATE TABLE sys_user (id BIGINT NOT NULL AUTO_INCREMENT COMMENT 'primary key id', username VARCHAR (60) COMMENT' username', password VARCHAR (255) COMMENT 'password', status tinyint (1) COMMENT 'user status, 1-enable-0 disable', password_non_expired tinyint (1) COMMENT 'password invalid, 1-available 0-invalid', PRIMARY KEY (id)) COMMENT = 'user table' DROP TABLE IF EXISTS sys_role;CREATE TABLE sys_role (id BIGINT NOT NULL AUTO_INCREMENT COMMENT 'primary key id', role_name VARCHAR (64) NOT NULL COMMENT' role name', role_desc VARCHAR (64) NOT NULL COMMENT 'role description', PRIMARY KEY (id)) COMMENT = 'role table'; DROP TABLE IF EXISTS sys_permission CREATE TABLE sys_permission (id BIGINT NOT NULL AUTO_INCREMENT COMMENT 'primary key id', parent_id BIGINT COMMENT' parent id', permission_name VARCHAR (64) COMMENT 'menu name', permission_url VARCHAR (255) COMMENT 'menu address', PRIMARY KEY (id)) COMMENT = 'permission table'; DROP TABLE IF EXISTS sys_user_role CREATE TABLE sys_user_role (id BIGINT NOT NULL AUTO_INCREMENT COMMENT 'primary key id', user_id BIGINT NOT NULL COMMENT' user id', role_id BIGINT COMMENT 'role id', enabled tinyint (1) DEFAULT 1 COMMENT' valid', PRIMARY KEY (id)) COMMENT = 'user role association table'; DROP TABLE IF EXISTS sys_role_permission CREATE TABLE sys_role_permission (id BIGINT NOT NULL AUTO_INCREMENT COMMENT 'primary key id', role_id BIGINT NOT NULL COMMENT' role id', permission_id BIGINT COMMENT 'permission id', PRIMARY KEY (id)) COMMENT =' role permission table'

2. Create a project

Create Mavne project, Springboot + Spring Security + MyBatis + MySQL + jsp.

1) the configuration file is as follows

Server: port: 909 hours jsp configuration spring: mvc: view: prefix: / pages/ suffix: .jsp datasource: driver-class-name: com.mysql.cj.jdbc.Driver url: jdbc:mysql://localhost:3306/security_authority?useUnicode=true;characterEncoding=utf8;useSSL=true ServerTimezone=GMT username: root password: 12345 mybatis configuration mybatis: configuration: map-underscore-to-camel-case: true mapper-locations: classpath:mybatis/mapper/*.xmllogging: level: com.charge.learn.springsecurity.springboot.security.jsp.dao: debug

2) Startup class

@ SpringBootApplication@MapperScan ("com.charge.learn.springsecurity.springboot.security.jsp.dao") public class SpringSecurityApplication {public static void main (String [] args) {SpringApplication.run (SpringSecurityApplication.class, args);}}

Second, integrate Spring Security to realize user authentication. 1. Back-end integration

1.1 user

The user object of Spring Security is of type UserDetail, and Spring Security recognizes only UserDetail users in the authentication process.

Get the UserDetail user through the loadUserByUsername method of UserDetailsService.

After the authentication is successful, the UsernamePasswordAuthenticationToken constructor with three parameters is called to add the role information to the ArrayList collection.

In the successfulAuthentication method, the authentication information is stored in SecurityContext.

The method of the UserDetail interface (these values are handled according to the user's business).

Is the boolean enabled account available?

Is the boolean accountNonExpired account invalid?

Is the password of boolean credentialsNonExpired account invalid?

Is the boolean accountNonLocked account locked?

Collection

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.