Shulou(Shulou.com)06/02 Report--

This article mainly shows you "SpringBoot how to integrate Springsecurity to achieve database login and access control", the content is easy to understand, clear, hope to help you solve your doubts, the following let the editor lead you to study and learn "how SpringBoot integrates Springsecurity to achieve database login and access control" this article.

First of all, it is a SpringBoot project that connects to the database. Here I use mybaties.mysql. Here are the tables of the database.

DROP TABLE IF EXISTS `xy_ role`; CREATE TABLE `xy_ role` (`xyr_ id` int (11) NOT NULL AUTO_INCREMENT COMMENT 'primary key id', `xyr_ name` char (30) DEFAULT NULL COMMENT' role name', PRIMARY KEY (`xyr_ id`) ENGINE=InnoDB AUTO_INCREMENT=4 DEFAULT CHARSET=utf8 COMMENT=' role' / * Data for the table `xy_ role` * / insert into `role` (`xyr_ id`, `xyr_ name`) values (1) values (2), (2) 'webmaster'), (3) 'xy_'), (3) 'xy_' webadmin` CREATE TABLE `webadmin` (`xywb_ id` int (11) NOT NULL AUTO_INCREMENT COMMENT 'primary key id', `xywb_ username` char (30) DEFAULT NULL COMMENT' username', `xyr_ id`int (11) DEFAULT NULL COMMENT 'role', `xywb_ password` char (50) DEFAULT NULL COMMENT 'password', `xywb_ registertime`bigint (20) DEFAULT NULL COMMENT 'registration time', PRIMARY KEY (`xywb_ id`), KEY `FK_Reference_ 37` (`xyr_ id`) CONSTRAINT `FK_Reference_ 37` FOREIGN KEY (`xy_ id`) REFERENCES `xy_ role` (`xyr_ id`) ENGINE=InnoDB AUTO_INCREMENT=4 DEFAULT CHARSET=utf8 COMMENT=' webmaster' / * Data for the table `xy_ webadmin` * / insert into `webadmin` (`xywb_ id`, `xywb_ username`, `xyr_ id`, `xywb_ password`, `xywb_ registertime`) values

After the table was created, we began to write code.

The first step

We are going to create a configuration file for spring security. Because the code is too long, I will take a screenshot directly. Friends, don't think about the COPY code. Please write your own handwritten code.

Then there is a class that implements UserDetialsServer

This class mainly implements the loadUserByname method, and then we can inject our service or direct mapper interface into this class, and then get the user inside the method according to username, and then get the user's permission

The second step is to package a custom class

This class implements the UserDetials interface, and then there are user objects, role objects (which can also be a list collection of role generics), a custom class that implements these methods.

The most important thing is the first method, which will save the current user's role. I won't say much about only two pieces of code. here are some account passwords that are not available.

Going back to our loadUserByName method, we set the roles and users into this class and return.

This step is just to verify whether there is a user, or whether this account can be used.

Step three, we need to judge the password.

A class that implements AuthenticationProvider, injects our CustmUserService, then gets the account number and password from Authentication, calls the loadUserByName method to get the account information, compares it with the password entered on the page, throws an exception if it cannot be used, and returns the account, account password, account permissions (roles) as UsernamePasswordAuthenticationToken if it can be used.

Here is my login page code

This completes the login function, friends, be sure to follow my code first. Then write it yourself (because some things are not detailed)

And then we'll look at the permissions function.

/ test1 can only be accessed by super_admin, / test2 can only be accessed by shopping_admin (it is flawed)

Of course, if you write it this way, let's take a look at it on the page.

There is actually a hole here. Why? let's debug check the source code of hasRole.

Here where I mark the arrow, if the parameter written on your web page does not include ROLE_, it will be forced to add it to you, and then if the role in your database is admin and the page is also written as admin, it will match admin and ROLE_admin in this, and then it won't work.

At present, I have two solutions: 1. Add ROLE_ to the roles in the database

two。 Add ROLE_ when adding roles

Another problem is that the hasRole in the first picture cannot be added with ROLE_,. If you add it, you will report an error. The first one is right, and the second one is wrong.

The above is all the contents of this article "how to integrate SpringBoot with Springsecurity to achieve database login and access control". Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.