In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-03-29 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Internet Technology >
Share
Shulou(Shulou.com)06/01 Report--
This article mainly explains "how to configure spring-security in SpringCloud". The content in the article is simple and clear, and it is easy to learn and understand. Please follow the editor's train of thought to study and learn "how to configure spring-security in SpringCloud".
I. brief introduction
The security management of Web application mainly includes two aspects: identity authentication and user authorization, which is explained by spring-cloud-security here.
Second, dependence management
Org.springframework.cloud spring-cloud-starter-security org.thymeleaf.extras thymeleaf-extras-springsecurity4
III. Security policy configuration
Spring Security is basically implemented, and we just need some configuration and references here.
one
two
three
four
five
six
seven
eight
nine
ten
eleven
twelve
thirteen
fourteen
fifteen
sixteen
seventeen
eighteen
nineteen
twenty
twenty-one
twenty-two
twenty-three
twenty-four
twenty-five
twenty-six
twenty-seven
twenty-eight
twenty-nine
thirty
thirty-one
thirty-two
thirty-three
thirty-four
thirty-five
thirty-six
thirty-seven
thirty-eight
thirty-nine
forty
forty-one
forty-two
forty-three
forty-four
forty-five
forty-six
forty-seven
forty-eight
forty-nine
fifty
fifty-one
fifty-two
fifty-three
fifty-four
fifty-five
fifty-six
fifty-seven
fifty-eight
fifty-nine
sixty
sixty-one
sixty-two
sixty-three
sixty-four
sixty-five
sixty-six
sixty-seven
sixty-eight
sixty-nine
seventy
seventy-one
seventy-two
seventy-three
seventy-four
seventy-five
seventy-six
seventy-seven
seventy-eight
seventy-nine
eighty
eighty-one
Package com.example.demo.config
Import com.example.demo.utils.security.CustomUserService
Import com.example.demo.utils.security.LoginSuccessHandler
Import com.example.demo.utils.security.MyFilterSecurityInterceptor
Import com.example.demo.utils.security.SecuritySettings
Import org.apache.commons.lang3.StringUtils
Import org.springframework.beans.factory.annotation.Autowired
Import org.springframework.context.annotation.Bean
Import org.springframework.context.annotation.Configuration
Import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder
Import org.springframework.security.config.annotation.web.builders.HttpSecurity
Import org.springframework.security.config.annotation.web.builders.WebSecurity
Import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
Import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
Import org.springframework.security.core.userdetails.UserDetailsService
Import org.springframework.security.web.access.intercept.FilterSecurityInterceptor
Import org.springframework.security.web.authentication.AuthenticationSuccessHandler
Import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler
/ * *
* Security security configuration
*
* @ Author: I love Da Jin
* @ Description: Security security configuration
* @ Date: Create in 15:20 2017-7-5
, /
@ Configuration
@ EnableWebSecurity
Public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@ Autowired
Private CustomFilterSecurityInterceptor customFilterSecurityInterceptor; / / Rights Management filter
@ Autowired
Private SecuritySettings securitySettings; / / Custom Security configuration Class
/ * * register the bean*/ of UserDetailsService
@ Bean
Public UserDetailsService customUserService () {
Return new CustomUserService ()
}
/ * * login authentication * /
@ Override
Protected void configure (AuthenticationManagerBuilder auth) throws Exception {
Auth.userDetailsService (customUserService ()); / / userDetailsService verification
}
/ * set non-intercept rule * /
@ Override
Public void configure (WebSecurity web) throws Exception {
Web.ignoring () .antMatchers ("/ js/**", "/ css/**", "/ images/**", / druid/** ")
}
/ * * Security Policy configuration * /
@ Override
Protected void configure (HttpSecurity http) throws Exception {
/ / set the URI that tourists can access
If (StringUtils.isNotBlank (securitySettings.getPermitall () {
Http.authorizeRequests (). AntMatchers (securitySettings.getPermitall (). Split (","). PermitAll ()
}
Http.authorizeRequests ()
.anyRequest () .authenticated () / / any request that can be accessed after login
/ / configure login URI, login failure jump URI, and default jump URI after login success
.and () .formLogin () .loginPage ("/ login") .failureUrl ("/ login?error") .permitAll () .defaultSuccessUrl ("/", true) .roomHandler (loginSuccessHandler ())
/ / logout behavior arbitrary access
.and () .logout () .permitAll ()
/ / set the prompt URI to deny access
.and () .exceptionHandling () .accessDeniedPage ("/ login?illegal")
Http.addFilterBefore (myFilterSecurityInterceptor, FilterSecurityInterceptor.class)
}
/ * * Log in to the processor successfully * /
Private AuthenticationSuccessHandler loginSuccessHandler () {
Return new LoginSuccessHandler ()
}
}
Description:
LoginPage: set a login URI customized by the experiment
LoginSuccessHandler: set a custom login processor
PermitAll: allow access
AccessDeniedPage: configure the prompt URI to deny access
AntMatchers: configuration of URI
To understand the springcloud architecture, please add: three, six, two, four, seven, two, 59
Suppose I need an administrator to access the contents of the admin folder, such as: .antMatrices ("/ admin/**") .hasRole ("ROLE_ADMIN")
You can also set that files under the admin folder can be accessed by multiple roles, such as .antMatrices ("/ admin/**") .hasAnyRole ("ROLE_ADMIN", "ROLE_USER")
You can also specify that an ip can access the resource through hasIpAddress, written as follows. AntMatch ("/ admin/**"). HasIpAddress ("210.210.210.210")
3.1. Custom security configuration class
To make it easier to use springSecurity, we customize a permission configuration class, such as configuration login URI, visitor access URI and other configuration items.
one
two
three
four
five
six
seven
eight
nine
ten
eleven
twelve
thirteen
fourteen
fifteen
sixteen
seventeen
eighteen
nineteen
twenty
twenty-one
twenty-two
twenty-three
twenty-four
twenty-five
twenty-six
Package com.example.demo.utils.security
Import org.springframework.boot.context.properties.ConfigurationProperties
Import org.springframework.context.annotation.Configuration
/ * *
* Custom security configuration class
*
* @ Author: I love Da Jin
* @ Description: custom security configuration class
* @ Date: Create in 9:45 2017-7-6
, /
@ Configuration
@ ConfigurationProperties (prefix = "securityConfig")
Public class SecuritySettings {
/ * * URL allowed to be accessed, separated by commas * /
Private String permitall
Public String getPermitall () {
Return permitall
}
Public void setPermitall (String permitall) {
This.permitall = permitall
}
}
3.2. Log in to the successful processor
After a successful login, if you need to record the user's behavior or perform other actions, you can use the login success processor.
one
two
three
four
five
six
seven
eight
nine
ten
eleven
twelve
thirteen
fourteen
fifteen
sixteen
seventeen
eighteen
nineteen
twenty
twenty-one
twenty-two
twenty-three
twenty-four
twenty-five
twenty-six
twenty-seven
Package com.example.demo.utils.security
Import com.example.demo.pojo.SysUser
Import org.springframework.security.core.Authentication
Import org.springframework.security.core.userdetails.User
Import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler
Import javax.servlet.ServletException
Import javax.servlet.http.HttpServletRequest
Import javax.servlet.http.HttpServletResponse
Import java.io.IOException
/ * *
* Log in to the successful processor
*
* @ Author: I love Da Jin
* @ Description: log in to the processor successfully
* @ Date: Create in 11:35 2017-7-6
, /
Public class LoginSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler {
@ Override
Public void onAuthenticationSuccess (HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws ServletException, IOException {
User userDetails = (User) authentication.getPrincipal ()
System.out.println ("Login user: username=" + userDetails.getUsername () + ", uri=" + request.getContextPath ())
Super.onAuthenticationSuccess (request, response, authentication)
}
}
3.3.The springMVC configuration (visit / login to login.html page)
one
two
three
four
five
six
seven
eight
nine
ten
eleven
twelve
thirteen
fourteen
fifteen
sixteen
seventeen
eighteen
nineteen
twenty
twenty-one
Package com.example.demo.config
Import org.springframework.context.annotation.Configuration
Import org.springframework.web.servlet.config.annotation.ViewControllerRegistry
Import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter
/ * *
* springMVC configuration (register access / login to login.html page)
*
* @ Author: I love Da Jin
* @ Description: springMVC configuration (register access / login to login.html page)
* @ Date: Create in 16:24 2017-7-5
, /
@ Configuration
Public class WebMvcConfig extends WebMvcConfigurerAdapter {
@ Override
Public void addViewControllers (ViewControllerRegistry registry) {
Registry.addViewController ("/ login") .setViewName ("login")
}
}
IV. Login authentication
In the security policy configuration code, it mainly depends on the custom CustomUserService, which implements the UserDetailsService interface and overrides the loadUserByUsername method
one
two
three
four
five
six
seven
eight
nine
ten
eleven
twelve
thirteen
fourteen
fifteen
sixteen
seventeen
eighteen
nineteen
twenty
twenty-one
twenty-two
twenty-three
twenty-four
twenty-five
twenty-six
twenty-seven
twenty-eight
twenty-nine
thirty
thirty-one
thirty-two
thirty-three
thirty-four
thirty-five
thirty-six
thirty-seven
thirty-eight
thirty-nine
forty
forty-one
forty-two
forty-three
forty-four
forty-five
forty-six
forty-seven
forty-eight
forty-nine
Package com.example.demo.utils.security
Import com.example.demo.dao.SysPermissionDao
Import com.example.demo.dao.SysUserDao
Import com.example.demo.pojo.SysPermission
Import org.springframework.security.core.userdetails.User
Import com.example.demo.pojo.SysUser
Import org.springframework.beans.factory.annotation.Autowired
Import org.springframework.security.core.GrantedAuthority
Import org.springframework.security.core.authority.SimpleGrantedAuthority
Import org.springframework.security.core.userdetails.UserDetails
Import org.springframework.security.core.userdetails.UserDetailsService
Import org.springframework.security.core.userdetails.UsernameNotFoundException
Import java.util.ArrayList
Import java.util.List
/ * *
* Custom UserDetailsService to transfer user rights to springsecurity for control
*
* @ Author: I love Da Jin
* @ Description: transfer user permissions to Springsecurity for control
* @ Date: Create in 16:19 2017-7-5
, /
Public class CustomUserService implements UserDetailsService {
@ Autowired
Private SysUserDao sysUserDao
@ Autowired
Private SysPermissionDao sysPermissionDao
@ Override
Public UserDetails loadUserByUsername (String username) {
SysUser user = sysUserDao.findByUserName (username)
If (user! = null) {
List permissions = sysPermissionDao.findByAdminUserId (user.getId ())
List grantedAuthorities = new ArrayList ()
For (SysPermission permission: permissions) {
If (permission! = null & & permission.getName ()! = null) {
GrantedAuthority grantedAuthority = new SimpleGrantedAuthority (permission.getName ())
/ / 1: the permission information is added to the GrantedAuthority object here, and the GrantedAuthority object will be used for full permission verification later.
GrantedAuthorities.add (grantedAuthority)
}
}
Return new User (user.getUsername (), user.getPassword (), grantedAuthorities)
} else {
Throw new UsernameNotFoundException ("admin:" + username + "do not exist!")
}
}
}
5. Authority management
The rights management filter CustomFilterSecurityInterceptor is used in the Security security configuration class
one
two
three
four
five
six
seven
eight
nine
ten
eleven
twelve
thirteen
fourteen
fifteen
sixteen
seventeen
eighteen
nineteen
twenty
twenty-one
twenty-two
twenty-three
twenty-four
twenty-five
twenty-six
twenty-seven
twenty-eight
twenty-nine
thirty
thirty-one
thirty-two
thirty-three
thirty-four
thirty-five
thirty-six
thirty-seven
thirty-eight
thirty-nine
forty
forty-one
forty-two
forty-three
forty-four
forty-five
forty-six
forty-seven
forty-eight
forty-nine
fifty
fifty-one
fifty-two
fifty-three
fifty-four
fifty-five
fifty-six
fifty-seven
fifty-eight
fifty-nine
sixty
sixty-one
sixty-two
sixty-three
sixty-four
sixty-five
sixty-six
sixty-seven
sixty-eight
sixty-nine
seventy
seventy-one
seventy-two
seventy-three
seventy-four
seventy-five
seventy-six
seventy-seven
Package com.example.demo.utils.security
Import javax.servlet.Filter
Import javax.servlet.FilterChain
Import javax.servlet.FilterConfig
Import javax.servlet.ServletException
Import javax.servlet.ServletRequest
Import javax.servlet.ServletResponse
Import org.springframework.beans.factory.annotation.Autowired
Import org.springframework.security.access.SecurityMetadataSource
Import org.springframework.security.access.intercept.AbstractSecurityInterceptor
Import org.springframework.security.access.intercept.InterceptorStatusToken
Import org.springframework.security.web.FilterInvocation
Import org.springframework.stereotype.Service
Import java.io.IOException
/ * *
* Rights Management filter
*
* @ Author: I love Da Jin
* @ Description: rights management filter
* @ Date: Create in 17:16 2017-7-5
, /
@ Service
Public class CustomFilterSecurityInterceptor extends AbstractSecurityInterceptor implements Filter {
@ Autowired
Private CustomFilterInvocationSecurityMetadataSource customFilterInvocationSecurityMetadataSource; / / permission configuration Explorer
/ * * Rights Management decision maker * /
@ Autowired
Public void setMyAccessDecisionManager (CustomAccessDecisionManager customAccessDecisionManager) {
Super.setAccessDecisionManager (customAccessDecisionManager)
}
@ Override
Public void init (FilterConfig filterConfig) throws ServletException {
}
@ Override
Public void doFilter (ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
FilterInvocation fi = new FilterInvocation (request, response, chain)
Invoke (fi)
}
Public void invoke (FilterInvocation fi) throws IOException, ServletException {
/ / there is an intercepted url in fi
/ / call the getAttributes (Object object) of MyInvocationSecurityMetadataSource to get all the permissions corresponding to fi
/ / then call the decide method of MyAccessDecisionManager to verify whether the user's permissions are sufficient
InterceptorStatusToken token = super.beforeInvocation (fi)
Try {
/ / execute the next interceptor
Fi.getChain () .doFilter (fi.getRequest (), fi.getResponse ())
} finally {
Super.afterInvocation (token, null)
}
}
@ Override
Public void destroy () {
}
@ Override
Public Class getSecureObjectClass () {
Return FilterInvocation.class
}
@ Override
Public SecurityMetadataSource obtainSecurityMetadataSource () {
Return this.customFilterInvocationSecurityMetadataSource
}
}
Description:
CustomFilterSecurityInterceptor: rights management filter
CustomAccessDecisionManager: rights management decision maker
CustomFilterInvocationSecurityMetadataSource: permission configuration explorer
The filter starts to work when the system starts up, and imports the rights configuration resource manager and the rights management determiner at the same time to manage the resources accessed by the user. The rights management determiner compares the resources accessed by the user with the role permissions that the user has to determine whether the user has access to a resource.
5.1, Rights Management filter
Inherit and AbstractSecurityInterceptor to monitor the behavior of users in real time and prevent users from accessing unauthorized resources.
one
two
three
four
five
six
seven
eight
nine
ten
eleven
twelve
thirteen
fourteen
fifteen
sixteen
seventeen
eighteen
nineteen
twenty
twenty-one
twenty-two
twenty-three
twenty-four
twenty-five
twenty-six
twenty-seven
twenty-eight
twenty-nine
thirty
thirty-one
thirty-two
thirty-three
thirty-four
thirty-five
thirty-six
thirty-seven
thirty-eight
thirty-nine
forty
forty-one
forty-two
forty-three
forty-four
forty-five
forty-six
forty-seven
forty-eight
forty-nine
fifty
fifty-one
fifty-two
fifty-three
fifty-four
fifty-five
fifty-six
fifty-seven
fifty-eight
fifty-nine
sixty
sixty-one
sixty-two
sixty-three
sixty-four
sixty-five
sixty-six
sixty-seven
sixty-eight
sixty-nine
seventy
seventy-one
seventy-two
seventy-three
seventy-four
seventy-five
seventy-six
seventy-seven
seventy-eight
seventy-nine
eighty
eighty-one
eighty-two
eighty-three
eighty-four
Package com.example.demo.utils.security
Import javax.servlet.Filter
Import javax.servlet.FilterChain
Import javax.servlet.FilterConfig
Import javax.servlet.ServletException
Import javax.servlet.ServletRequest
Import javax.servlet.ServletResponse
Import org.slf4j.Logger
Import org.slf4j.LoggerFactory
Import org.springframework.beans.factory.annotation.Autowired
Import org.springframework.security.access.SecurityMetadataSource
Import org.springframework.security.access.intercept.AbstractSecurityInterceptor
Import org.springframework.security.access.intercept.InterceptorStatusToken
Import org.springframework.security.web.FilterInvocation
Import org.springframework.stereotype.Service
Import java.io.IOException
/ * *
* Rights Management filter
*
* @ Author: I love Da Jin
* @ Description: rights management filter
* @ Date: Create in 17:16 2017-7-5
, /
@ Service
Public class CustomFilterSecurityInterceptor extends AbstractSecurityInterceptor implements Filter {
Logger log = LoggerFactory.getLogger (CustomFilterSecurityInterceptor.class)
@ Autowired
Private CustomFilterInvocationSecurityMetadataSource customFilterInvocationSecurityMetadataSource; / / permission configuration Explorer
/ * * Rights Management decision maker * /
@ Autowired
Public void setMyAccessDecisionManager (CustomAccessDecisionManager customAccessDecisionManager) {
Super.setAccessDecisionManager (customAccessDecisionManager)
}
@ Override
Public void init (FilterConfig filterConfig) throws ServletException {
}
@ Override
Public void doFilter (ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
FilterInvocation fi = new FilterInvocation (request, response, chain)
Log.info ("[Rights Management filter] request URL:" + fi.getRequestUrl ())
Invoke (fi)
}
Public void invoke (FilterInvocation fi) throws IOException, ServletException {
/ / there is an intercepted url in fi
/ / call the getAttributes (Object object) of CustomFilterInvocationSecurityMetadataSource to get all the permissions corresponding to fi
/ / then call the decide method of CustomAccessDecisionManager to verify whether the user's permissions are sufficient
InterceptorStatusToken token = super.beforeInvocation (fi)
Try {
/ / execute the next interceptor
Fi.getChain () .doFilter (fi.getRequest (), fi.getResponse ())
} catch (Exception e) {
Log.error ("[Rights Management filter] [exception]" + e.getMessage (), e)
} finally {
Super.afterInvocation (token, null)
}
}
@ Override
Public void destroy () {
}
@ Override
Public Class getSecureObjectClass () {
Return FilterInvocation.class
}
@ Override
Public SecurityMetadataSource obtainSecurityMetadataSource () {
Return this.customFilterInvocationSecurityMetadataSource
}
}
5.2. Rights management determiner
The key part of rights management is the determiner, which implements AccessDecisionManager, overrides the decide method, and uses a custom determiner. When the user accesses the protected resource, the determiner determines whether the user has access to the modified resource in the role, and if not, the access is denied.
one
two
three
four
five
six
seven
eight
nine
ten
eleven
twelve
thirteen
fourteen
fifteen
sixteen
seventeen
eighteen
nineteen
twenty
twenty-one
twenty-two
twenty-three
twenty-four
twenty-five
twenty-six
twenty-seven
twenty-eight
twenty-nine
thirty
thirty-one
thirty-two
thirty-three
thirty-four
thirty-five
thirty-six
thirty-seven
thirty-eight
thirty-nine
forty
forty-one
forty-two
forty-three
forty-four
forty-five
forty-six
forty-seven
forty-eight
forty-nine
fifty
fifty-one
fifty-two
fifty-three
fifty-four
fifty-five
fifty-six
fifty-seven
fifty-eight
fifty-nine
sixty
sixty-one
Package com.example.demo.utils.security
Import org.slf4j.Logger
Import org.slf4j.LoggerFactory
Import org.springframework.security.access.AccessDecisionManager
Import org.springframework.security.access.AccessDeniedException
Import org.springframework.security.access.ConfigAttribute
Import org.springframework.security.authentication.InsufficientAuthenticationException
Import org.springframework.security.core.Authentication
Import org.springframework.security.core.GrantedAuthority
Import org.springframework.stereotype.Service
Import java.util.Collection
Import java.util.Iterator
/ * *
* Rights management decision maker
*
* @ Author: I love Da Jin
* @ Description: rights management decision maker
* @ Date: Create in 17:15 2017-7-5
, /
@ Service
Public class CustomAccessDecisionManager implements AccessDecisionManager {
Logger log = LoggerFactory.getLogger (CustomAccessDecisionManager.class)
/ / the decide method is the decision method to determine whether you have permission or not.
/ / authentication is a collection of permission information that is cyclically added to the GrantedAuthority object in the release CustomUserService.
/ / object contains the requset information of the request initiated by the client, which can be converted to HttpServletRequest request = ((FilterInvocation) object) .getHttpRequest ()
/ / configAttributes is the result returned by the getAttributes (Object object) method of MyInvocationSecurityMetadataSource. This method is used to determine whether the url requested by the user is in the permission table, and if it is in the permission table, it is returned to the decide method to determine whether the user has this permission. Let it go if it is not in the permissions table.
@ Override
Public void decide (Authentication authentication, Object object, Collection configAttributes) throws AccessDeniedException, InsufficientAuthenticationException {
If (null== configAttributes | | configAttributes.size () clazz) {
Return true
}
}
6. Set the connection according to the permission
For rights management, we may want to, in an interface accessed by the user, not wait until the user clicks on the hyperlink to determine whether the user has this permission, but to display the hyperlink according to the permission the user has. Such a design would be more user-friendly for the user experience.
Method 1: use the sec tag (thymeleaf)
The tag of Spring Security introduced in the html tag:
one
Xmlns:sec= "http://www.thymeleaf.org/thymeleaf-extras-springsecurity4"
Sec:authentication= "name": take the user name of the currently logged in user
one
Sec:authorize= "hasRole ('ROLE_ADMIN'): indicates whether the current user has the role ROLE_ADMIN
one
Admin
Sec:authorize= "hasAuthority ('admin')": indicates whether the current user has permission admin
one
Admin
6.2. Method 2: code
In the control layer, code is used to obtain whether there is permission, and then the identity is put into the content, and the page is obtained.
VII. Other codes
7.1 、 controller
IndexController.java
one
two
three
four
five
six
seven
eight
nine
ten
eleven
twelve
thirteen
fourteen
fifteen
sixteen
seventeen
eighteen
nineteen
twenty
twenty-one
twenty-two
twenty-three
twenty-four
twenty-five
twenty-six
twenty-seven
twenty-eight
twenty-nine
thirty
thirty-one
thirty-two
thirty-three
thirty-four
thirty-five
thirty-six
thirty-seven
thirty-eight
thirty-nine
forty
forty-one
forty-two
forty-three
forty-four
forty-five
Package com.example.demo.controller
Import com.example.demo.domain.Msg
Import org.springframework.stereotype.Controller
Import org.springframework.ui.Model
Import org.springframework.web.bind.annotation.RequestMapping
Import org.springframework.web.bind.annotation.ResponseBody
/ * *
* description
*
* @ Author: I love Da Jin
* @ Description: description
* @ Date: Create in 15:25 2017-7-5
, /
@ Controller
Public class IndexController {
/ * * system home page * /
@ RequestMapping ("/")
Public String index (Model model) {
Msg msg = new Msg ("Test title", "Test content", "Welcome to the HOME page, you have index permission")
Model.addAttribute ("msg", msg)
Return "home"
}
/ * * the home page of the system is 2 years /
@ RequestMapping ("/ index2")
Public String index2 (Model model) {
Msg msg = new Msg ("Test title 2", "Test content 2", "Welcome to the HOME page, you have home permission")
Model.addAttribute ("msg", msg)
Return "home"
}
@ RequestMapping ("/ admin")
@ ResponseBody
Public String hello () {
Return "hello admin"
}
@ RequestMapping ("/ yk")
@ ResponseBody
Public String hello2 () {
Return "hello yk"
}
}
7.2 、 dao
SysUserDao.java
one
two
three
four
five
six
seven
eight
nine
ten
eleven
twelve
thirteen
fourteen
fifteen
sixteen
Package com.example.demo.dao
Import com.example.demo.pojo.SysUser
Import org.apache.ibatis.annotations.Mapper
/ * *
* system user dao
*
* @ Author: I love Da Jin
* @ Description: system user dao
* @ Date: Create in 16:15 2017-7-5
, /
@ Mapper
Public interface SysUserDao {
Public SysUser findByUserName (String username)
}
SysPermissionDao.java
one
two
three
four
five
six
seven
eight
nine
ten
eleven
twelve
thirteen
fourteen
fifteen
sixteen
seventeen
eighteen
nineteen
Package com.example.demo.dao
Import com.example.demo.pojo.SysPermission
Import org.apache.ibatis.annotations.Mapper
Import java.util.List
/ * *
* system permissions dao
*
* @ Author: I love Da Jin
* @ Description: description
* @ Date: Create in 17:05 2017-7-5
, /
@ Mapper
Public interface SysPermissionDao {
List findAll ()
List findByAdminUserId (Long userId)
}
7.3 、 domain
Msg.java
one
two
three
four
five
six
seven
eight
nine
ten
eleven
twelve
thirteen
fourteen
fifteen
sixteen
seventeen
eighteen
nineteen
twenty
twenty-one
twenty-two
twenty-three
twenty-four
twenty-five
twenty-six
twenty-seven
twenty-eight
twenty-nine
thirty
thirty-one
thirty-two
thirty-three
thirty-four
thirty-five
thirty-six
thirty-seven
thirty-eight
Package com.example.demo.domain
/ * *
* description
*
* @ Author: I love Da Jin
* @ Description: description
* @ Date: Create in 16:14 2017-7-5
, /
Public class Msg {
Private String title
Private String content
Private String etraInfo
Public Msg (String title, String content, String etraInfo) {
Super ()
This.title = title
This.content = content
This.etraInfo = etraInfo
}
Public String getTitle () {
Return title
}
Public void setTitle (String title) {
This.title = title
}
Public String getContent () {
Return content
}
Public void setContent (String content) {
This.content = content
}
Public String getEtraInfo () {
Return etraInfo
}
Public void setEtraInfo (String etraInfo) {
This.etraInfo = etraInfo
}
}
7.4 、 pojo
SysUser.java
one
two
three
four
five
six
seven
eight
nine
ten
eleven
twelve
thirteen
fourteen
fifteen
sixteen
seventeen
eighteen
nineteen
twenty
twenty-one
twenty-two
twenty-three
twenty-four
twenty-five
twenty-six
twenty-seven
twenty-eight
twenty-nine
thirty
thirty-one
thirty-two
thirty-three
thirty-four
thirty-five
thirty-six
thirty-seven
thirty-eight
thirty-nine
forty
forty-one
forty-two
forty-three
forty-four
forty-five
forty-six
forty-seven
forty-eight
forty-nine
fifty
Package com.example.demo.pojo
Import java.util.List
/ * *
* system users
*
* @ Author: I love Da Jin
* @ Description: system user
* @ Date: Create in 16:12 2017-7-5
, /
Public class SysUser {
Private Long id
Private String username
Private String password
Private List roles
Public Long getId () {
Return id
}
Public void setId (Long id) {
This.id = id
}
Public String getUsername () {
Return username
}
Public void setUsername (String username) {
This.username = username
}
Public String getPassword () {
Return password
}
Public void setPassword (String password) {
This.password = password
}
Public List getRoles () {
Return roles
}
Public void setRoles (List roles) {
This.roles = roles
}
}
SysRole.java
one
two
three
four
five
six
seven
eight
nine
ten
eleven
twelve
thirteen
fourteen
fifteen
sixteen
seventeen
eighteen
nineteen
twenty
twenty-one
twenty-two
twenty-three
twenty-four
twenty-five
twenty-six
twenty-seven
twenty-eight
twenty-nine
Package com.example.demo.pojo
/ * *
* system role
*
* @ Author: I love Da Jin
* @ Description: system role
* @ Date: Create in 16:13 2017-7-5
, /
Public class SysRole {
Private Long id
Private String name
Public Long getId () {
Return id
}
Public void setId (Long id) {
This.id = id
}
Public String getName () {
Return name
}
Public void setName (String name) {
This.name = name
}
}
SysPermission.java
one
two
three
four
five
six
seven
eight
nine
ten
eleven
twelve
thirteen
fourteen
fifteen
sixteen
seventeen
eighteen
nineteen
twenty
twenty-one
twenty-two
twenty-three
twenty-four
twenty-five
twenty-six
twenty-seven
twenty-eight
twenty-nine
thirty
thirty-one
thirty-two
thirty-three
thirty-four
thirty-five
thirty-six
thirty-seven
thirty-eight
thirty-nine
forty
forty-one
forty-two
forty-three
forty-four
forty-five
forty-six
forty-seven
forty-eight
forty-nine
fifty
fifty-one
fifty-two
fifty-three
fifty-four
fifty-five
fifty-six
fifty-seven
fifty-eight
fifty-nine
sixty
sixty-one
sixty-two
sixty-three
Package com.example.demo.pojo
/ * *
* system permissions
*
* @ Author: I love Da Jin
* @ Description: system permissions
* @ Date: Create in 17:04 2017-7-5
, /
Public class SysPermission {
Private Long id
/ / permission name
Private String name
/ / permission description
Private String descritpion
/ / Licensing link
Private String url
/ / parent node id
Private int pid
Public Long getId () {
Return id
}
Public void setId (Long id) {
This.id = id
}
Public String getName () {
Return name
}
Public void setName (String name) {
This.name = name
}
Public String getDescritpion () {
Return descritpion
}
Public void setDescritpion (String descritpion) {
This.descritpion = descritpion
}
Public String getUrl () {
Return url
}
Public void setUrl (String url) {
This.url = url
}
Public int getPid () {
Return pid
}
Public void setPid (int pid) {
This.pid = pid
}
}
7.5 、 mapperXX.xml
SysUserDao.xml
one
two
three
four
five
six
seven
eight
nine
ten
eleven
twelve
thirteen
fourteen
fifteen
sixteen
seventeen
eighteen
nineteen
twenty
twenty-one
Select u. *
, r.name
From sys_user u
LEFT JOIN sys_user_role sru on u.id = sru.sys_user_id
LEFT JOIN sys_role r on sru.sys_role_id=r.id
Where username= # {username}
SysPermissionDao.xml
one
two
three
four
five
six
seven
eight
nine
ten
eleven
twelve
thirteen
fourteen
fifteen
sixteen
seventeen
eighteen
nineteen
twenty
SELECT * from sys_permission
SELECT
P.*
FROM sys_user u
LEFT JOIN sys_user_role sru ON u.id = sru.sys_user_id
LEFT JOIN sys_role r ON sru.sys_role_id=r.id
LEFT JOIN sys_role_permission spr ON spr.sys_role_id=r.id
LEFT JOIN Sys_permission p ON p.id = spr.sys_permission_id
WHERE u.id=# {userId}
7.6 、 html
Login.html
one
two
three
four
five
six
seven
eight
nine
ten
eleven
twelve
thirteen
fourteen
fifteen
sixteen
seventeen
eighteen
nineteen
twenty
twenty-one
twenty-two
twenty-three
twenty-four
twenty-five
twenty-six
twenty-seven
twenty-eight
twenty-nine
thirty
thirty-one
thirty-two
thirty-three
thirty-four
thirty-five
thirty-six
thirty-seven
thirty-eight
thirty-nine
forty
forty-one
forty-two
forty-three
forty-four
forty-five
forty-six
forty-seven
forty-eight
forty-nine
fifty
fifty-one
fifty-two
fifty-three
Login page
Body {
Padding-top: 50px
}
. starter-template {
Padding: 40px 15px
Text-align: center
}
Spring Security demo
Home page
Logged out successfully
You do not have the right to access. Please change your account and log in.
Wrong user name or password
Log in using the account password
Account number
Password
Home.html
one
two
three
four
five
six
seven
eight
nine
ten
eleven
twelve
thirteen
fourteen
fifteen
sixteen
seventeen
eighteen
nineteen
twenty
twenty-one
twenty-two
twenty-three
twenty-four
twenty-five
twenty-six
twenty-seven
twenty-eight
twenty-nine
thirty
thirty-one
thirty-two
thirty-three
thirty-four
thirty-five
thirty-six
thirty-seven
thirty-eight
thirty-nine
forty
forty-one
forty-two
forty-three
forty-four
forty-five
forty-six
forty-seven
forty-eight
forty-nine
fifty
fifty-one
fifty-two
fifty-three
Body {
Padding-top: 50px
}
. starter-template {
Padding: 40px 15px
Text-align: center
}
Spring Security demo
Home page
Admin
Thank you for your reading, the above is the content of "how to configure the spring-security of SpringCloud". After the study of this article, I believe you have a deeper understanding of how to configure the spring-security of SpringCloud, and the specific use needs to be verified in practice. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 276
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
Yuan Shu = element? Too careless?
© 2024 shulou.com SLNews company. All rights reserved.
12
Report
