一、添加依赖
<!--spring security-->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<!--web-->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<!--test-->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<!-- mybatis-plus -->
<dependency>
<groupId>com.baomidou</groupId>
<artifactId>mybatis-plus-boot-starter</artifactId>
<version>3.5.1</version>
</dependency>
<!-- lombok -->
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId> <optional>true</optional>
</dependency>
<!-- mysql-connector -->
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>8.0.32</version>
</dependency>二、创建文件结构+主方法扫描mapper
三、创建数据库及对应实体,并配置yml文件
t_user:用户表
t_anth:角色表
user_anth:用户、角色关系表
User:
@Data//生成get、set方法
public class Users {
@JsonSerialize(using = ToStringSerializer.class)//防止json传过来导致精度缺失
private Long id;
private String userName;
private String account;
private String password;
private List<String> anths;//用户权限
}application.yml:
server:
port: 8080
spring:
# 数据源
datasource:
driver-class-name: com.mysql.cj.jdbc.Driver
//数据库地址
url: jdbc:mysql://127.0.0.1:3306/2_27user?useUnicode=true&characterEncoding=utf-8&serverTimezone=UTC
username: root//账号
password: 123456//密码
mybatis:
//mybits文件(维护sql)语句
mapper-locations: classpath:mapper/*.xml
logging:
level:
com.woniu.dao: debug
pattern:
console: '%d{yyyy-MM-dd HH:mm:ss.SSS} [%thread] %-5level %logger{50} - %msg%n'
四、维护sql语句,在mapper添加方法
UserMapper.xml:
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
<mapper namespace="com.security.mapper.UserMapper">
<resultMap id="userMap" type="com.security.entity.Users">
<id property="id" column="id"></id>
<result property="userName" column="user_name"></result>
<result property="account" column="account"></result>
<result property="password" column="password"></result>
<collection property="anths" ofType="java.lang.String">
<result column="anth_code"></result>
</collection>
</resultMap>
<select id="getUserInfoByAccount" resultMap="userMap">
select
us.id,
us.user_name,
us.account,
us.password,
ta.anth_code
from
t_user us
left join user_anth ua on us.id=ua.user_id
left join t_anth ta on ua.anth_id=ta.id
where account =#{account}
</select>
</mapper>UserMapper:
@Repository
public interface UserMapper {
/**
* 根据账号查看用户信息及其权限
* @param account
* @return
*/
Users getUserInfoByAccount(String account);
}五、config层
SercurityConfig:
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private SecurityService securityService;
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(securityService);
}
/**
* 数据加密类
* @return
*/
@Bean
public PasswordEncoder passwordEncoder(){
return new BCryptPasswordEncoder();
}
}六、Service层
SecurityService:
@Service
public class SecurityService implements UserDetailsService {
@Autowired
private PasswordEncoder passwordEncoder;
@Autowired
private UserMapper userMapper;
/**
* username:页面传过来的username
* @param username
* @return
* @throws UsernameNotFoundException
*/
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
Users users=userMapper.getUserInfoByAccount(username);
if(users!=null) {
String anths=String.join(",",users.getAnths());
//username 数据库产查用户信息
return new User(users.getUserName(), passwordEncoder.encode(users.getPassword()),
AuthorityUtils.commaSeparatedStringToAuthorityList(anths));
}
else {
throw new UsernameNotFoundException("该用户不存在");
}
}
}