-
Spring Security API(Spring Security 开发文档).CHM
2020-08-31 14:24:01Spring Security。 官网 Spring Security API(Spring Security 开发文档).CHM -
Spring Security 参考手册_Spring Security中文版
2018-01-02 14:24:17Spring security 是一个强大的和高度可定制的身份验证和访问控制框架。它是确保基于Spring的应用程序的标准。 Spring Security 为基于javaEE的企业应用程序提供一个全面的解决方案。正如你将从这个参考指南发现的,... -
Spring Security实战源码
2017-09-07 15:54:59该资源是基本Spring Security实战七篇文档中组织的源码,详情如下: ssecurity项目是Spring Security实战(一和二)的源码; ssecurity-db项目是Spring Security实战(三)的源码; ssceurity-page项目是Spring ... -
springsecurity原理流程图.pdf
2019-09-08 10:23:56SpringSecurity框架的权限认证流程原理,请求到来时SpringSecurity如果调用层层过滤器来完成认证; -
Spring Security 5.1 中文 参考手册 中文文档
2020-05-16 21:01:43Spring Security 5.1 中文 参考手册 中文文档 中文文档都是由软件翻译,翻译内容未检查校对,文档内容仅供参考。 -
springboot springsecurity动态权限控制
2019-09-18 19:27:16springboot springsecurity动态权限控制,实现数据库动态管理菜单权限 -
SpringBoot2+Spring Security+Vue+ElementUI+蚂蚁金服AntV
2020-04-10 16:58:17SpringSecurity5+Element UI+Vue Admin Template+蚂蚁可视化AntV 等技术栈开发的项目,采用分布式,多模块,前后端分离开发。包括图形展示、权限管理、用户管理等功能。 【后端技术】 技术 说明... -
spring mvc 和spring security自定义登录
2018-05-14 11:15:07使用spring mvc 和spring security 完成简单的自定义登录 -
SpringSecurity电子书下载
2019-03-17 02:16:32NULL 博文链接:https://jecms.iteye.com/blog/577965 -
springsecurity5+oauth2+jwt
2019-05-02 13:44:22权限认证的源码框架 springsecurity5+oauth2+jwt 适用于浏览器 app jwt存储可以是redis 灵活可复用 -
spring security视频教程
2018-01-29 20:51:26spring security视频教程,永久有效。如有问题留言私信我 -
SpringSecurity基本原理图
2018-11-12 10:26:50对Security基本执行过程的分析和各个环节类执行的分析。 -
Pro Spring Security.pdf
2017-11-03 15:46:52Pro Spring Security.pdf Pro Spring Security.pdf Pro Spring Security.pdf -
spring security 4 多点登录
2016-01-23 13:23:28最近看了spring security 4的开发文档,登录权限拦截封装的相当好!!! 附件为简单的多点登录demo,给开发前后台的朋友们做参考,其中authentication-provider为框架自带的user-service,后续会在整个自定义user-... -
spring security oauth2整合
2017-07-27 11:34:36spring security oauth2整合的详细说明文档,demo下载地址在文档中已经给出。其中demo中包含了详细的代码注释。 -
spring security 实现 sso 单点登录Demo
2018-08-22 11:14:27使用 spring security 基于oauth 2.0 实现 sso 单点登录Demo spring boot + spring security + spring security oauth -
Spring security 自定义密码加密方式的使用范例。
2017-09-15 15:18:35Spring security的完整使用范例,支持自定义密码的加密方式,以及成功,失败的处理。是一个完整可运行的工程,码云似乎还要注册。后期考虑下用码云 -
spring boot +spring security+thymeleaf实现权限
2017-08-25 16:01:42spring boot +spring security +thymeleaf 实现简单权限+remember-me功能 -
spring security 登录、权限管理配置
2017-08-13 12:01:25登录流程 1)容器启动(MySecurityMetadataSource:loadResourceDefine加载系统资源与权限列表) 2)用户发出请求 3)过滤器拦截(MySecurityFilter:doFilter) 4)取得请求资源所需权限(MySecurityMetadataSource:... -
Java全栈工程师-Spring Security
2020-07-21 21:36:29由浅入深讲解从搭建Spring Security认证授权应用,到Spring Security底层过滤器原理 本课程讲解Spring Security三种使用方案:独立使用,整合SSM框架用法,和整合SpringBoot的用法 本课程讲解Spring ... -
SpringBoot+Vue前后端分离,使用SpringSecurity完美处理权限问题
2018-10-12 21:49:39转载他人 https://blog.csdn.net/u012702547/article/details/79010010 https://blog.csdn.net/u012702547/article/details/79019510 -
基于springsecurity的用户角色权限
2016-08-24 18:03:50适合初学者使用,代码简单,未连接数据库,全部集成在.xml中。有注释,注释全面。可以进行二次开发。 -
SpringBoot+Mybatis+SpringSecurity+JWT
2018-09-12 10:53:34SpringBoot2.0.4 +Mybatis+SpringSecurity+JWT实现权限管理及登陆管理 -
SpringBoot+SpringSecurity案例Demo
2017-10-11 10:50:20SpringBoot+SpringSecurity案例Demo -
spring boot,mybaits,spring security,redis整合
2017-07-28 14:17:24spring boot,mybaits,spring security,redis整合 -
入门到精通:SpringBoot2和SpringSecurity5视频教程
2018-11-12 20:09:06 -
Spring Security集成CAS客户端实例
2015-03-02 16:51:32这是一个Spring Security集成CAS实现单点登录的客户端实例,使用Maven集成开发,项目中使用到的Oframer和otauser(CAS服务端)请至我的资源中寻找下载。 -
spring security原理和机制
2021-06-25 21:35:08一、SpringSecurity 框架简介 Spring 是非常流行和成功的 Java 应用开发框架,Spring Security 正是 Spring 家族中的 成员。Spring Security 基于 Spring 框架,提供了一套 Web 应用安全性的完整解决方 案。 正如你...展开全文🍅 周周有福利,周周有惊喜 哪吒社区 - 风火轮计划
🍅 Java学习路线:搬砖工逆袭Java架构师
🍅 简介:Java领域优质创作者🏆、CSDN哪吒公众号作者✌ 、Java架构师奋斗者💪
🍅 扫描主页左侧二维码,加入群聊,一起学习、一起进步
🍅 欢迎点赞 👍 收藏 ⭐留言 📝
一、SpringSecurity 框架简介
Spring 是非常流行和成功的 Java 应用开发框架,Spring Security 正是 Spring 家族中的成员。Spring Security 基于 Spring 框架,提供了一套 Web 应用安全性的完整解决方案。
正如你可能知道的关于安全方面的两个主要区域是“认证”和“授权”(或者访问控制),一般来说,Web 应用的安全性包括用户认证(Authentication)和用户授权(Authorization)两个部分,这两点也是 Spring Security 重要核心功能。1、用户认证指的是:验证某个用户是否为系统中的合法主体,也就是说用户能否访问该系统。用户认证一般要求用户提供用户名和密码。系统通过校验用户名和密码来完成认证过程。通俗点说就是系统认为用户是否能登录。
2、用户授权指的是验证某个用户是否有权限执行某个操作。在一个系统中,不同用户所具有的权限是不同的。比如对一个文件来说,有的用户只能进行读取,而有的用户可以进行修改。一般来说,系统会为不同的用户分配不同的角色,而每个角色则对应一系列的权限。通俗点讲就是系统判断用户是否有权限去做某些事情。
二、SpringSecurity与shiro
1、SpringSecurity特点
(1)和 Spring 无缝整合。
(2)全面的权限控制。
(3)专门为 Web 开发而设计。
- 旧版本不能脱离 Web 环境使用。
- 新版本对整个框架进行了分层抽取,分成了核心模块和 Web 模块。单独
- 引入核心模块就可以脱离 Web 环境。
- 重量级
2、shiro特点
Apache 旗下的轻量级权限控制框架。
(1)轻量级
Shiro 主张的理念是把复杂的事情变简单。针对对性能有更高要求的互联网应用有更好表现。
(2)通用性
好处:不局限于 Web 环境,可以脱离 Web 环境使用。
缺陷:在 Web 环境下一些特定的需求需要手动编写代码定制。
3、SpringSecurity与shiro总结
相对于 Shiro,在 SSM 中整合 Spring Security 都是比较麻烦的操作,所以,SpringSecurity 虽然功能比 Shiro 强大,但是使用反而没有 Shiro 多(Shiro 虽然功能没有Spring Security 多,但是对于大部分项目而言,Shiro 也够用了)。自从有了 Spring Boot 之后,Spring Boot 对于 Spring Security 提供了自动化配置方案,可以使用更少的配置来使用 Spring Security。因此,一般来说,常见的安全管理技术栈的组合是这样的:
(1)SSM + Shiro
(2)Spring Boot/Spring Cloud + Spring Security
以上只是一个推荐的组合而已,如果单纯从技术上来说,无论怎么组合,都是可以运行的。
三、Spring Security过滤器
1、Spring Security中常见过滤器
- FilterSecurityInterceptor:是一个方法级的权限过滤器, 基本位于过滤链的最底部。
- ExceptionTranslationFilter:是个异常过滤器,用来处理在认证授权过程中抛出的异常。
- UsernamePasswordAuthenticationFilter :对/login 的 POST 请求做拦截,校验表单中用户
名,密码。
2、15种过滤器
SpringSecurity 采用的是责任链的设计模式,它有一条很长的过滤器链。现在对这条过滤器链的 15 个过滤器进行说明:
(1) WebAsyncManagerIntegrationFilter:将 Security 上下文与 Spring Web 中用于处理异步请求映射的 WebAsyncManager 进行集成。
(2) SecurityContextPersistenceFilter:在每次请求处理之前将该请求相关的安全上下文信息加载到 SecurityContextHolder 中,然后在该次请求处理完成之后,将SecurityContextHolder 中关于这次请求的信息存储到一个“仓储”中,然后将SecurityContextHolder 中的信息清除,例如Session 中维护一个用户的安全信息就是这个过滤器处理的。
(3) HeaderWriterFilter:用于将头信息加入响应中。
(4) CsrfFilter:用于处理跨站请求伪造。
(5)LogoutFilter:用于处理退出登录。
(6)UsernamePasswordAuthenticationFilter:用于处理基于表单的登录请求,从表单中获取用户名和密码。默认情况下处理来自 /login 的请求。从表单中获取用户名和密码时,默认使用的表单 name 值为 username 和 password,这两个值可以通过设置这个过滤器的 usernameParameter 和 passwordParameter 两个参数的值进行修改。
(7)DefaultLoginPageGeneratingFilter:如果没有配置登录页面,那系统初始化时就会配置这个过滤器,并且用于在需要进行登录时生成一个登录表单页面。
(8)BasicAuthenticationFilter:检测和处理 http basic 认证。
(9)RequestCacheAwareFilter:用来处理请求的缓存。
(10)SecurityContextHolderAwareRequestFilter:主要是包装请求对象 request。
(11)AnonymousAuthenticationFilter:检测 SecurityContextHolder 中是否存在Authentication 对象,如果不存在为其提供一个匿名 Authentication。
(12)SessionManagementFilter:管理 session 的过滤器
(13)ExceptionTranslationFilter:处理 AccessDeniedException 和AuthenticationException 异常。
(14)FilterSecurityInterceptor:可以看做过滤器链的出口。
(15)RememberMeAuthenticationFilter:当用户没有登录而直接访问资源时, 从 cookie里找出用户的信息, 如果 Spring Security 能够识别出用户提供的 remember me cookie,用户将不必填写用户名和密码, 而是直接登录进入系统,该过滤器默认不开启。
3、SpringSecurity 基本流程
Spring Security 采取过滤链实现认证与授权,只有当前过滤器通过,才能进入下一个过滤器:
绿色部分是认证过滤器,需要我们自己配置,可以配置多个认证过滤器。认证过滤器可以使用 Spring Security 提供的认证过滤器,也可以自定义过滤器(例如:短信验证)。认证过滤器要在 configure(HttpSecurity http)方法中配置,没有配置不生效。
下面会重点介绍以下三个过滤器:
UsernamePasswordAuthenticationFilter 过滤器:该过滤器会拦截前端提交的 POST 方式的登录表单请求,并进行身份认证。ExceptionTranslationFilter 过滤器:该过滤器不需要我们配置,对于前端提交的请求会直接放行,捕获后续抛出的异常并进行处理(例如:权限访问限制)。FilterSecurityInterceptor 过滤器:该过滤器是过滤器链的最后一个过滤器,根据资源权限配置来判断当前请求是否有权限访问对应的资源。如果访问受限会抛出相关异常,并
由 ExceptionTranslationFilter 过滤器进行捕获和处理。4、SpringSecurity 认证流程
认证流程是在 UsernamePasswordAuthenticationFilter 过滤器中处理的,具体流程如下所示:
四、PasswordEncoder 接口
// 表示把参数按照特定的解析规则进行解析 String encode(CharSequence rawPassword); // 表示验证从存储中获取的编码密码与编码后提交的原始密码是否匹配。如果密码匹 配,则返回 true;如果不匹配,则返回 false。第一个参数表示需要被解析的密码。第二个 参数表示存储的密码。 boolean matches(CharSequence rawPassword, String encodedPassword); // 表示如果解析的密码能够再次进行解析且达到更安全的结果则返回 true,否则返回 false。默认返回 false。 default boolean upgradeEncoding(String encodedPassword) { return false; }BCryptPasswordEncoder 是 Spring Security 官方推荐的密码解析器,平时多使用这个解析器。
BCryptPasswordEncoder 是对 bcrypt 强散列方法的具体实现。是基于 Hash 算法实现的单向加密。可以通过 strength 控制加密强度,默认 10。五、SpringBoot整合Spring Security入门
1、pom.xml
<?xml version="1.0" encoding="UTF-8"?> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion>4.0.0</modelVersion> <parent> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-parent</artifactId> <version>2.2.1.RELEASE</version> <relativePath/> <!-- lookup parent from repository --> </parent> <groupId>com.guor</groupId> <artifactId>securityProject</artifactId> <version>0.0.1-SNAPSHOT</version> <name>securityProject</name> <description>Demo project for Spring Boot</description> <properties> <java.version>1.8</java.version> </properties> <dependencies> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-test</artifactId> <scope>test</scope> </dependency> <!--mybatis-plus--> <dependency> <groupId>com.baomidou</groupId> <artifactId>mybatis-plus-boot-starter</artifactId> <version>3.0.5</version> </dependency> <!--mysql--> <dependency> <groupId>mysql</groupId> <artifactId>mysql-connector-java</artifactId> </dependency> <!--lombok用来简化实体类--> <dependency> <groupId>org.projectlombok</groupId> <artifactId>lombok</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-thymeleaf</artifactId> </dependency> </dependencies> <build> <plugins> <plugin> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-maven-plugin</artifactId> </plugin> </plugins> </build> </project>2、application.properties
server.port=8111 #spring.security.user.name=root #spring.security.user.password=root #mysql数据库连接 spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver spring.datasource.url=jdbc:mysql://localhost:3306/security?serverTimezone=GMT%2B8 spring.datasource.username=root spring.datasource.password=root3、SecurityConfig
package com.guor.security.config; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder; public class SecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder(); String password = passwordEncoder.encode("123"); auth.inMemoryAuthentication().withUser("zs").password(password).roles("admin"); } @Bean PasswordEncoder password() { return new BCryptPasswordEncoder(); } }package com.guor.security.config; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl; import org.springframework.security.web.authentication.rememberme.PersistentTokenRepository; import org.springframework.security.web.csrf.CookieCsrfTokenRepository; import javax.sql.DataSource; @Configuration public class UserSecurityConfig extends WebSecurityConfigurerAdapter { @Autowired private UserService userService; //注入数据源 @Autowired private DataSource dataSource; //配置对象 @Bean public PersistentTokenRepository persistentTokenRepository() { JdbcTokenRepositoryImpl jdbcTokenRepository = new JdbcTokenRepositoryImpl(); jdbcTokenRepository.setDataSource(dataSource); //jdbcTokenRepository.setCreateTableOnStartup(true); return jdbcTokenRepository; } @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth.userService(userService).passwordEncoder(password()); } @Bean PasswordEncoder password() { return new BCryptPasswordEncoder(); } @Override protected void configure(HttpSecurity http) throws Exception { //退出 http.logout().logoutUrl("/logout"). logoutSuccessUrl("/test/hello").permitAll(); //配置没有权限访问跳转自定义页面 http.exceptionHandling().accessDeniedPage("/unauth.html"); http.formLogin() //自定义自己编写的登录页面 .loginPage("/on.html") //登录页面设置 .loginProcessingUrl("/user/login") //登录访问路径 .defaultSuccessUrl("/success.html").permitAll() //登录成功之后,跳转路径 .failureUrl("/unauth.html") .and().authorizeRequests() .antMatchers("/","/test/hello","/user/login").permitAll() //设置哪些路径可以直接访问,不需要认证 //当前登录用户,只有具有admins权限才可以访问这个路径 //1 hasAuthority方法 // .antMatchers("/test/index").hasAuthority("admins") //2 hasAnyAuthority方法 // .antMatchers("/test/index").hasAnyAuthority("admins,manager") //3 hasRole方法 ROLE_sale .antMatchers("/test/index").hasRole("sale") .anyRequest().authenticated() .and().rememberMe().tokenRepository(persistentTokenRepository()) .tokenValiditySeconds(60)//设置有效时长,单位秒 .userDetailsService(userService); // .and().csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()); // .and().csrf().disable(); //关闭csrf防护 } }4、启动类
package com.guor.security; import org.mybatis.spring.annotation.MapperScan; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; @SpringBootApplication @MapperScan("com.guor.security.mapper") @EnableGlobalMethodSecurity(securedEnabled=true,prePostEnabled = true) public class SecurityProjectApplication { public static void main(String[] args) { SpringApplication.run(SecurityProjectApplication.class, args); } }5、User
package com.guor.security.entity; import lombok.AllArgsConstructor; import lombok.Data; import lombok.NoArgsConstructor; @Data public class User { private Integer id; private String username; private String password; }6、UserService
package com.guor.security.service; import com.guor.security.entity.User; import com.guor.security.mapper.UsersMapper; import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.AuthorityUtils; import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UsernameNotFoundException; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.stereotype.Service; import java.util.List; @Service public class UserServiceImpl implements UserService { @Autowired private UserMapper userMapper; @Override public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { //调用usersMapper方法,根据用户名查询数据库 QueryWrapper<Users> wrapper = new QueryWrapper(); // where username=? wrapper.eq("username",username); User user = userMapper.selectOne(wrapper); //判断 if(user == null) {//数据库没有用户名,认证失败 throw new UsernameNotFoundException("用户名不存在!"); } List<GrantedAuthority> auths = AuthorityUtils.commaSeparatedStringToAuthorityList("admin,ROLE_sale"); //从查询数据库返回users对象,得到用户名和密码,返回 return new User(user.getUsername(), new BCryptPasswordEncoder().encode(user.getPassword()),auths); } }7、UserMapper
package com.guor.security.mapper; import com.guor.security.entity.User; import com.baomidou.mybatisplus.core.mapper.BaseMapper; import org.springframework.stereotype.Repository; @Repository public interface UserMapper extends BaseMapper<User> { }8、UserController
package com.guor.security.controller; import com.guor.security.entity.User; import org.springframework.security.access.annotation.Secured; import org.springframework.security.access.prepost.PostAuthorize; import org.springframework.security.access.prepost.PostFilter; import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RestController; import java.util.ArrayList; import java.util.List; @RestController @RequestMapping("/test") public class UserController { @GetMapping("hello") public String hello() { return "hello security"; } @GetMapping("index") public String index() { return "hello index"; } @GetMapping("update") //@Secured({"ROLE_sale","ROLE_manager"}) //@PreAuthorize("hasAnyAuthority('admins')") @PostAuthorize("hasAnyAuthority('admins')") public String update() { System.out.println("update......"); return "hello update"; } @GetMapping("getAll") @PostAuthorize("hasAnyAuthority('admins')") @PostFilter("filterObject.username == 'admin1'") public List<Users> getAllUser(){ ArrayList<Users> list = new ArrayList<>(); list.add(new Users(11,"admin1","6666")); list.add(new Users(21,"admin2","888")); System.out.println(list); return list; } }
六、微服务认证与授权实现思路
1、如果是基于 Session,那么 Spring-security 会对 cookie 里的 sessionid 进行解析,找到服务器存储的 session 信息,然后判断当前用户是否符合请求的要求。
2、如果是 token,则是解析出 token,然后将当前请求加入到 Spring-security 管理的权限信息中去。
如果系统的模块众多,每个模块都需要进行授权与认证,所以我们选择基于 token 的形式进行授权与认证,用户根据用户名密码认证成功,然后获取当前用户角色的一系列权限值,并以用户名为 key,权限列表为 value 的形式存入 redis 缓存中,根据用户名相关信息生成 token 返回,浏览器将 token 记录到 cookie 中,每次调用 api 接口都默认将 token 携带到 header 请求头中,Spring-security 解析 header 头获取 token 信息,解析 token 获取当前用户名,根据用户名就可以从 redis中获取权限列表,这样 Spring-security 就能够判断当前请求是否有权限访问。
七、微服务代码实例
1、父工程pom.xml
<?xml version="1.0" encoding="UTF-8"?> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion>4.0.0</modelVersion> <modules> <module>common</module> <module>infrastructure</module> <module>service</module> </modules> <parent> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-parent</artifactId> <version>2.2.1.RELEASE</version> <relativePath/> <!-- lookup parent from repository --> </parent> <groupId>com.atguigu</groupId> <artifactId>acl_parent</artifactId> <packaging>pom</packaging> <version>0.0.1-SNAPSHOT</version> <name>acl_parent</name> <description>Demo project for Spring Boot</description> <properties> <java.version>1.8</java.version> <mybatis-plus.version>3.0.5</mybatis-plus.version> <velocity.version>2.0</velocity.version> <swagger.version>2.7.0</swagger.version> <jwt.version>0.7.0</jwt.version> <fastjson.version>1.2.28</fastjson.version> <gson.version>2.8.2</gson.version> <json.version>20170516</json.version> <cloud-alibaba.version>0.2.2.RELEASE</cloud-alibaba.version> </properties> <dependencyManagement> <dependencies> <!--Spring Cloud--> <dependency> <groupId>org.springframework.cloud</groupId> <artifactId>spring-cloud-dependencies</artifactId> <version>Hoxton.RELEASE</version> <type>pom</type> <scope>import</scope> </dependency> <dependency> <groupId>org.springframework.cloud</groupId> <artifactId>spring-cloud-alibaba-dependencies</artifactId> <version>${cloud-alibaba.version}</version> <type>pom</type> <scope>import</scope> </dependency> <!--mybatis-plus 持久层--> <dependency> <groupId>com.baomidou</groupId> <artifactId>mybatis-plus-boot-starter</artifactId> <version>${mybatis-plus.version}</version> </dependency> <!-- velocity 模板引擎, Mybatis Plus 代码生成器需要 --> <dependency> <groupId>org.apache.velocity</groupId> <artifactId>velocity-engine-core</artifactId> <version>${velocity.version}</version> </dependency> <dependency> <groupId>com.google.code.gson</groupId> <artifactId>gson</artifactId> <version>${gson.version}</version> </dependency> <!--swagger--> <dependency> <groupId>io.springfox</groupId> <artifactId>springfox-swagger2</artifactId> <version>${swagger.version}</version> </dependency> <!--swagger ui--> <dependency> <groupId>io.springfox</groupId> <artifactId>springfox-swagger-ui</artifactId> <version>${swagger.version}</version> </dependency> <!-- JWT --> <dependency> <groupId>io.jsonwebtoken</groupId> <artifactId>jjwt</artifactId> <version>${jwt.version}</version> </dependency> <dependency> <groupId>com.alibaba</groupId> <artifactId>fastjson</artifactId> <version>${fastjson.version}</version> </dependency> <dependency> <groupId>org.json</groupId> <artifactId>json</artifactId> <version>${json.version}</version> </dependency> </dependencies> </dependencyManagement> <build> <plugins> <plugin> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-maven-plugin</artifactId> </plugin> </plugins> </build> </project>2、common模块
common模块pom.xml
<?xml version="1.0" encoding="UTF-8"?> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <parent> <artifactId>acl_parent</artifactId> <groupId>com.atguigu</groupId> <version>0.0.1-SNAPSHOT</version> </parent> <modelVersion>4.0.0</modelVersion> <artifactId>common</artifactId> <packaging>pom</packaging> <modules> <module>service_base</module> <module>spring_security</module> </modules> <dependencies> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> <scope>provided </scope> </dependency> <!--mybatis-plus--> <dependency> <groupId>com.baomidou</groupId> <artifactId>mybatis-plus-boot-starter</artifactId> <scope>provided </scope> </dependency> <!--lombok用来简化实体类:需要安装lombok插件--> <dependency> <groupId>org.projectlombok</groupId> <artifactId>lombok</artifactId> <scope>provided </scope> </dependency> <!--swagger--> <dependency> <groupId>io.springfox</groupId> <artifactId>springfox-swagger2</artifactId> <scope>provided </scope> </dependency> <dependency> <groupId>io.springfox</groupId> <artifactId>springfox-swagger-ui</artifactId> <scope>provided </scope> </dependency> <!-- redis --> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-data-redis</artifactId> </dependency> <!-- spring2.X集成redis所需common-pool2--> <dependency> <groupId>org.apache.commons</groupId> <artifactId>commons-pool2</artifactId> <version>2.6.0</version> </dependency> </dependencies> </project>3、common模块 -> SpringSecurity子模块
(1)核心配置类
Spring Security 的核心配置就是继承 WebSecurityConfigurerAdapter 并注解@EnableWebSecurity 的配置。这个配置指明了用户名密码的处理方式、请求路径、登录登出控制等和安全相关的配置
package com.atguigu.security.config; import com.atguigu.security.filter.TokenAuthFilter; import com.atguigu.security.filter.TokenLoginFilter; import com.atguigu.security.security.DefaultPasswordEncoder; import com.atguigu.security.security.TokenLogoutHandler; import com.atguigu.security.security.TokenManager; import com.atguigu.security.security.UnauthEntryPoint; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Configuration; import org.springframework.data.redis.core.RedisTemplate; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.WebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.core.userdetails.UserDetailsService; @Configuration @EnableWebSecurity @EnableGlobalMethodSecurity(prePostEnabled = true) public class TokenWebSecurityConfig extends WebSecurityConfigurerAdapter { private TokenManager tokenManager; private RedisTemplate redisTemplate; private DefaultPasswordEncoder defaultPasswordEncoder; private UserDetailsService userDetailsService; @Autowired public TokenWebSecurityConfig(UserDetailsService userDetailsService, DefaultPasswordEncoder defaultPasswordEncoder, TokenManager tokenManager, RedisTemplate redisTemplate) { this.userDetailsService = userDetailsService; this.defaultPasswordEncoder = defaultPasswordEncoder; this.tokenManager = tokenManager; this.redisTemplate = redisTemplate; } /** * 配置设置 * @param http * @throws Exception */ //设置退出的地址和token,redis操作地址 @Override protected void configure(HttpSecurity http) throws Exception { http.exceptionHandling() .authenticationEntryPoint(new UnauthEntryPoint())//没有权限访问 .and().csrf().disable() .authorizeRequests() .anyRequest().authenticated() .and().logout().logoutUrl("/admin/acl/index/logout")//退出路径 .addLogoutHandler(new TokenLogoutHandler(tokenManager,redisTemplate)).and() .addFilter(new TokenLoginFilter(authenticationManager(), tokenManager, redisTemplate)) .addFilter(new TokenAuthFilter(authenticationManager(), tokenManager, redisTemplate)).httpBasic(); } //调用userDetailsService和密码处理 @Override public void configure(AuthenticationManagerBuilder auth) throws Exception { auth.userDetailsService(userDetailsService).passwordEncoder(defaultPasswordEncoder); } //不进行认证的路径,可以直接访问 @Override public void configure(WebSecurity web) throws Exception { web.ignoring().antMatchers("/api/**"); } }(2)实体类
package com.atguigu.security.entity; import lombok.Data; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.util.StringUtils; import java.util.ArrayList; import java.util.Collection; import java.util.List; @Data public class SecurityUser implements UserDetails { //当前登录用户 private transient User currentUserInfo; //当前权限 private List<String> permissionValueList; public SecurityUser() { } public SecurityUser(User user) { if (user != null) { this.currentUserInfo = user; } } @Override public Collection<? extends GrantedAuthority> getAuthorities() { Collection<GrantedAuthority> authorities = new ArrayList<>(); for(String permissionValue : permissionValueList) { if(StringUtils.isEmpty(permissionValue)) continue; SimpleGrantedAuthority authority = new SimpleGrantedAuthority(permissionValue); authorities.add(authority); } return authorities; } }package com.atguigu.security.entity; import io.swagger.annotations.ApiModel; import io.swagger.annotations.ApiModelProperty; import lombok.Data; import java.io.Serializable; @Data @ApiModel(description = "用户实体类") public class User implements Serializable { private static final long serialVersionUID = 1L; @ApiModelProperty(value = "微信openid") private String username; @ApiModelProperty(value = "密码") private String password; @ApiModelProperty(value = "昵称") private String nickName; @ApiModelProperty(value = "用户头像") private String salt; @ApiModelProperty(value = "用户签名") private String token; }(3)过滤器
package com.atguigu.security.filter; import com.atguigu.security.security.TokenManager; import org.springframework.data.redis.core.RedisTemplate; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.web.authentication.www.BasicAuthenticationFilter; import javax.servlet.FilterChain; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; import java.util.ArrayList; import java.util.Collection; import java.util.List; public class TokenAuthFilter extends BasicAuthenticationFilter { private TokenManager tokenManager; private RedisTemplate redisTemplate; public TokenAuthFilter(AuthenticationManager authenticationManager,TokenManager tokenManager,RedisTemplate redisTemplate) { super(authenticationManager); this.tokenManager = tokenManager; this.redisTemplate = redisTemplate; } @Override protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException { //获取当前认证成功用户权限信息 UsernamePasswordAuthenticationToken authRequest = getAuthentication(request); //判断如果有权限信息,放到权限上下文中 if(authRequest != null) { SecurityContextHolder.getContext().setAuthentication(authRequest); } chain.doFilter(request,response); } private UsernamePasswordAuthenticationToken getAuthentication(HttpServletRequest request) { //从header获取token String token = request.getHeader("token"); if(token != null) { //从token获取用户名 String username = tokenManager.getUserInfoFromToken(token); //从redis获取对应权限列表 List<String> permissionValueList = (List<String>)redisTemplate.opsForValue().get(username); Collection<GrantedAuthority> authority = new ArrayList<>(); for(String permissionValue : permissionValueList) { SimpleGrantedAuthority auth = new SimpleGrantedAuthority(permissionValue); authority.add(auth); } return new UsernamePasswordAuthenticationToken(username,token,authority); } return null; } }package com.atguigu.security.filter; import com.atguigu.security.entity.SecurityUser; import com.atguigu.security.entity.User; import com.atguigu.security.security.TokenManager; import com.atguigu.utils.utils.R; import com.atguigu.utils.utils.ResponseUtil; import com.fasterxml.jackson.databind.ObjectMapper; import org.springframework.data.redis.core.RedisTemplate; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; import org.springframework.security.web.util.matcher.AntPathRequestMatcher; import javax.servlet.FilterChain; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; import java.util.ArrayList; public class TokenLoginFilter extends UsernamePasswordAuthenticationFilter { private TokenManager tokenManager; private RedisTemplate redisTemplate; private AuthenticationManager authenticationManager; public TokenLoginFilter(AuthenticationManager authenticationManager, TokenManager tokenManager, RedisTemplate redisTemplate) { this.authenticationManager = authenticationManager; this.tokenManager = tokenManager; this.redisTemplate = redisTemplate; this.setPostOnly(false); this.setRequiresAuthenticationRequestMatcher(new AntPathRequestMatcher("/admin/acl/login","POST")); } //1 获取表单提交用户名和密码 @Override public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException { //获取表单提交数据 try { User user = new ObjectMapper().readValue(request.getInputStream(), User.class); return authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(user.getUsername(),user.getPassword(), new ArrayList<>())); } catch (IOException e) { e.printStackTrace(); throw new RuntimeException(); } } //2 认证成功调用的方法 @Override protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain chain, Authentication authResult) throws IOException, ServletException { //认证成功,得到认证成功之后用户信息 SecurityUser user = (SecurityUser)authResult.getPrincipal(); //根据用户名生成token String token = tokenManager.createToken(user.getCurrentUserInfo().getUsername()); //把用户名称和用户权限列表放到redis redisTemplate.opsForValue().set(user.getCurrentUserInfo().getUsername(),user.getPermissionValueList()); //返回token ResponseUtil.out(response, R.ok().data("token",token)); } //3 认证失败调用的方法 protected void unsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response, AuthenticationException failed) throws IOException, ServletException { ResponseUtil.out(response, R.error()); } }(4)security
package com.atguigu.security.security; import com.atguigu.utils.utils.MD5; import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.stereotype.Component; @Component public class DefaultPasswordEncoder implements PasswordEncoder { public DefaultPasswordEncoder() { this(-1); } public DefaultPasswordEncoder(int strength) { } //进行MD5加密 @Override public String encode(CharSequence charSequence) { return MD5.encrypt(charSequence.toString()); } //进行密码比对 @Override public boolean matches(CharSequence charSequence, String encodedPassword) { return encodedPassword.equals(MD5.encrypt(charSequence.toString())); } }package com.atguigu.security.security; import com.atguigu.utils.utils.R; import com.atguigu.utils.utils.ResponseUtil; import org.springframework.data.redis.core.RedisTemplate; import org.springframework.security.core.Authentication; import org.springframework.security.web.authentication.logout.LogoutHandler; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; //退出处理器 public class TokenLogoutHandler implements LogoutHandler { private TokenManager tokenManager; private RedisTemplate redisTemplate; public TokenLogoutHandler(TokenManager tokenManager,RedisTemplate redisTemplate) { this.tokenManager = tokenManager; this.redisTemplate = redisTemplate; } @Override public void logout(HttpServletRequest request, HttpServletResponse response, Authentication authentication) { //1 从header里面获取token //2 token不为空,移除token,从redis删除token String token = request.getHeader("token"); if(token != null) { //移除 tokenManager.removeToken(token); //从token获取用户名 String username = tokenManager.getUserInfoFromToken(token); redisTemplate.delete(username); } ResponseUtil.out(response, R.ok()); } }package com.atguigu.security.security; import io.jsonwebtoken.CompressionCodecs; import io.jsonwebtoken.Jwts; import io.jsonwebtoken.SignatureAlgorithm; import org.springframework.stereotype.Component; import java.util.Date; @Component public class TokenManager { //token有效时长 private long tokenEcpiration = 24*60*60*1000; //编码秘钥 private String tokenSignKey = "123456"; //1 使用jwt根据用户名生成token public String createToken(String username) { String token = Jwts.builder().setSubject(username) .setExpiration(new Date(System.currentTimeMillis()+tokenEcpiration)) .signWith(SignatureAlgorithm.HS512, tokenSignKey).compressWith(CompressionCodecs.GZIP).compact(); return token; } //2 根据token字符串得到用户信息 public String getUserInfoFromToken(String token) { String userinfo = Jwts.parser().setSigningKey(tokenSignKey).parseClaimsJws(token).getBody().getSubject(); return userinfo; } //3 删除token public void removeToken(String token) { } }package com.atguigu.security.security; import com.atguigu.utils.utils.R; import com.atguigu.utils.utils.ResponseUtil; import org.springframework.security.core.AuthenticationException; import org.springframework.security.web.AuthenticationEntryPoint; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; public class UnauthEntryPoint implements AuthenticationEntryPoint { @Override public void commence(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException e) throws IOException, ServletException { ResponseUtil.out(httpServletResponse, R.error()); } }4、common模块 -> service_base
(1)RedisConfig
package com.atguigu.utils; import com.fasterxml.jackson.annotation.JsonAutoDetect; import com.fasterxml.jackson.annotation.PropertyAccessor; import com.fasterxml.jackson.databind.ObjectMapper; import org.springframework.cache.CacheManager; import org.springframework.cache.annotation.CachingConfigurerSupport; import org.springframework.cache.annotation.EnableCaching; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.data.redis.cache.RedisCacheConfiguration; import org.springframework.data.redis.cache.RedisCacheManager; import org.springframework.data.redis.connection.RedisConnectionFactory; import org.springframework.data.redis.core.RedisTemplate; import org.springframework.data.redis.serializer.Jackson2JsonRedisSerializer; import org.springframework.data.redis.serializer.RedisSerializationContext; import org.springframework.data.redis.serializer.RedisSerializer; import org.springframework.data.redis.serializer.StringRedisSerializer; import java.time.Duration; @EnableCaching //开启缓存 @Configuration //配置类 public class RedisConfig extends CachingConfigurerSupport { @Bean public RedisTemplate<String, Object> redisTemplate(RedisConnectionFactory factory) { RedisTemplate<String, Object> template = new RedisTemplate<>(); RedisSerializer<String> redisSerializer = new StringRedisSerializer(); Jackson2JsonRedisSerializer jackson2JsonRedisSerializer = new Jackson2JsonRedisSerializer(Object.class); ObjectMapper om = new ObjectMapper(); om.setVisibility(PropertyAccessor.ALL, JsonAutoDetect.Visibility.ANY); om.enableDefaultTyping(ObjectMapper.DefaultTyping.NON_FINAL); jackson2JsonRedisSerializer.setObjectMapper(om); template.setConnectionFactory(factory); //key序列化方式 template.setKeySerializer(redisSerializer); //value序列化 template.setValueSerializer(jackson2JsonRedisSerializer); //value hashmap序列化 template.setHashValueSerializer(jackson2JsonRedisSerializer); return template; } @Bean public CacheManager cacheManager(RedisConnectionFactory factory) { RedisSerializer<String> redisSerializer = new StringRedisSerializer(); Jackson2JsonRedisSerializer jackson2JsonRedisSerializer = new Jackson2JsonRedisSerializer(Object.class); //解决查询缓存转换异常的问题 ObjectMapper om = new ObjectMapper(); om.setVisibility(PropertyAccessor.ALL, JsonAutoDetect.Visibility.ANY); om.enableDefaultTyping(ObjectMapper.DefaultTyping.NON_FINAL); jackson2JsonRedisSerializer.setObjectMapper(om); // 配置序列化(解决乱码的问题),过期时间600秒 RedisCacheConfiguration config = RedisCacheConfiguration.defaultCacheConfig() .entryTtl(Duration.ofSeconds(600)) .serializeKeysWith(RedisSerializationContext.SerializationPair.fromSerializer(redisSerializer)) .serializeValuesWith(RedisSerializationContext.SerializationPair.fromSerializer(jackson2JsonRedisSerializer)) .disableCachingNullValues(); RedisCacheManager cacheManager = RedisCacheManager.builder(factory) .cacheDefaults(config) .build(); return cacheManager; } }(2)SwaggerConfig
package com.atguigu.utils; import com.google.common.base.Predicates; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import springfox.documentation.builders.ApiInfoBuilder; import springfox.documentation.builders.PathSelectors; import springfox.documentation.service.ApiInfo; import springfox.documentation.service.Contact; import springfox.documentation.spi.DocumentationType; import springfox.documentation.spring.web.plugins.Docket; import springfox.documentation.swagger2.annotations.EnableSwagger2; @Configuration//配置类 @EnableSwagger2 //swagger注解 public class SwaggerConfig { @Bean public Docket webApiConfig(){ return new Docket(DocumentationType.SWAGGER_2) .groupName("webApi") .apiInfo(webApiInfo()) .select() //.paths(Predicates.not(PathSelectors.regex("/admin/.*"))) .paths(Predicates.not(PathSelectors.regex("/error.*"))) .build(); } private ApiInfo webApiInfo(){ return new ApiInfoBuilder() .title("网站-课程中心API文档") .description("本文档描述了课程中心微服务接口定义") .version("1.0") .contact(new Contact("java", "http://atguigu.com", "1123@qq.com")) .build(); } }(3)工具类
package com.atguigu.utils.utils; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; public final class MD5 { public static String encrypt(String strSrc) { try { char hexChars[] = { '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f' }; byte[] bytes = strSrc.getBytes(); MessageDigest md = MessageDigest.getInstance("MD5"); md.update(bytes); bytes = md.digest(); int j = bytes.length; char[] chars = new char[j * 2]; int k = 0; for (int i = 0; i < bytes.length; i++) { byte b = bytes[i]; chars[k++] = hexChars[b >>> 4 & 0xf]; chars[k++] = hexChars[b & 0xf]; } return new String(chars); } catch (NoSuchAlgorithmException e) { e.printStackTrace(); throw new RuntimeException("MD5加密出错!!+" + e); } } public static void main(String[] args) { System.out.println(MD5.encrypt("111111")); } }package com.atguigu.utils.utils; import com.fasterxml.jackson.databind.ObjectMapper; import org.springframework.http.HttpStatus; import org.springframework.http.MediaType; import javax.servlet.http.HttpServletResponse; import java.io.IOException; public class ResponseUtil { public static void out(HttpServletResponse response, R r) { ObjectMapper mapper = new ObjectMapper(); response.setStatus(HttpStatus.OK.value()); response.setContentType(MediaType.APPLICATION_JSON_UTF8_VALUE); try { mapper.writeValue(response.getWriter(), r); } catch (IOException e) { e.printStackTrace(); } } }package com.atguigu.utils.utils; import lombok.Data; import java.util.HashMap; import java.util.Map; //统一返回结果的类 @Data public class R { private Boolean success; private Integer code; private String message; private Map<String, Object> data = new HashMap<String, Object>(); //把构造方法私有 private R() {} //成功静态方法 public static R ok() { R r = new R(); r.setSuccess(true); r.setCode(20000); r.setMessage("成功"); return r; } //失败静态方法 public static R error() { R r = new R(); r.setSuccess(false); r.setCode(20001); r.setMessage("失败"); return r; } public R success(Boolean success){ this.setSuccess(success); return this; } public R message(String message){ this.setMessage(message); return this; } public R code(Integer code){ this.setCode(code); return this; } public R data(String key, Object value){ this.data.put(key, value); return this; } public R data(Map<String, Object> map){ this.setData(map); return this; } }5、gateway模块
(1)pom.xml
<?xml version="1.0" encoding="UTF-8"?> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <parent> <artifactId>infrastructure</artifactId> <groupId>com.atguigu</groupId> <version>0.0.1-SNAPSHOT</version> </parent> <modelVersion>4.0.0</modelVersion> <artifactId>api_gateway</artifactId> <dependencies> <dependency> <groupId>com.atguigu</groupId> <artifactId>service_base</artifactId> <version>0.0.1-SNAPSHOT</version> </dependency> <dependency> <groupId>org.springframework.cloud</groupId> <artifactId>spring-cloud-starter-alibaba-nacos-discovery</artifactId> </dependency> <dependency> <groupId>org.springframework.cloud</groupId> <artifactId>spring-cloud-starter-gateway</artifactId> </dependency> <!--gson--> <dependency> <groupId>com.google.code.gson</groupId> <artifactId>gson</artifactId> </dependency> <!--服务调用--> <dependency> <groupId>org.springframework.cloud</groupId> <artifactId>spring-cloud-starter-openfeign</artifactId> </dependency> </dependencies> </project>(2)application.properties
# 端口号 server.port=8222 # 服务名 spring.application.name=service-gateway # nacos服务地址 spring.cloud.nacos.discovery.server-addr=127.0.0.1:8848 # 使用服务发现路由 spring.cloud.gateway.discovery.locator.enabled=true # 配置路由规则 spring.cloud.gateway.routes[0].id=service-acl # 设置路由uri lb://注册服务名称 spring.cloud.gateway.routes[0].uri=lb://service-acl # 具体路径规则 spring.cloud.gateway.routes[0].predicates= Path=/*/acl/**(3)解决跨域
package com.atguigu.gateway.config; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.web.cors.CorsConfiguration; import org.springframework.web.cors.reactive.CorsWebFilter; import org.springframework.web.cors.reactive.UrlBasedCorsConfigurationSource; import org.springframework.web.util.pattern.PathPatternParser; @Configuration public class CorsConfig { //解决跨域 @Bean public CorsWebFilter corsWebFilter() { CorsConfiguration config = new CorsConfiguration(); config.addAllowedMethod("*"); config.addAllowedOrigin("*"); config.addAllowedHeader("*"); UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(new PathPatternParser()); source.registerCorsConfiguration("/**",config); return new CorsWebFilter(source); } }(4)启动类
package com.atguigu.gateway; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; import org.springframework.cloud.client.discovery.EnableDiscoveryClient; @SpringBootApplication @EnableDiscoveryClient public class ApiGatewayApplication { public static void main(String[] args) { SpringApplication.run(ApiGatewayApplication.class, args); } }6、service模块
(1)pom.xml
<?xml version="1.0" encoding="UTF-8"?> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <parent> <artifactId>acl_parent</artifactId> <groupId>com.atguigu</groupId> <version>0.0.1-SNAPSHOT</version> </parent> <modelVersion>4.0.0</modelVersion> <artifactId>service</artifactId> <packaging>pom</packaging> <modules> <module>service_acl</module> </modules> <dependencies> <dependency> <groupId>com.atguigu</groupId> <artifactId>service_base</artifactId> <version>0.0.1-SNAPSHOT</version> </dependency> <!--服务注册--> <dependency> <groupId>org.springframework.cloud</groupId> <artifactId>spring-cloud-starter-alibaba-nacos-discovery</artifactId> </dependency> <!--服务调用--> <dependency> <groupId>org.springframework.cloud</groupId> <artifactId>spring-cloud-starter-openfeign</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> </dependency> <!--mybatis-plus--> <dependency> <groupId>com.baomidou</groupId> <artifactId>mybatis-plus-boot-starter</artifactId> </dependency> <!--swagger--> <dependency> <groupId>io.springfox</groupId> <artifactId>springfox-swagger2</artifactId> </dependency> <dependency> <groupId>io.springfox</groupId> <artifactId>springfox-swagger-ui</artifactId> </dependency> <!--mysql--> <dependency> <groupId>mysql</groupId> <artifactId>mysql-connector-java</artifactId> </dependency> <!-- velocity 模板引擎, Mybatis Plus 代码生成器需要 --> <dependency> <groupId>org.apache.velocity</groupId> <artifactId>velocity-engine-core</artifactId> </dependency> <!--lombok用来简化实体类:需要安装lombok插件--> <dependency> <groupId>org.projectlombok</groupId> <artifactId>lombok</artifactId> </dependency> <!--gson--> <dependency> <groupId>com.google.code.gson</groupId> <artifactId>gson</artifactId> </dependency> </dependencies> <build> <resources> <resource> <directory>src/main/java</directory> <includes> <include>**/*.xml</include> </includes> <filtering>false</filtering> </resource> </resources> </build> </project>(2)application.properties
# 服务端口 server.port=8009 # 服务名 spring.application.name=service-acl # mysql数据库连接 spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver spring.datasource.url=jdbc:mysql://localhost:3306/acldb?serverTimezone=GMT%2B8 spring.datasource.username=root spring.datasource.password=root # redis连接 spring.redis.host=192.168.44.132 spring.redis.port=6379 spring.redis.database= 0 spring.redis.timeout=1800000 spring.redis.lettuce.pool.max-active=20 spring.redis.lettuce.pool.max-wait=-1 #最大阻塞等待时间(负数表示没限制) spring.redis.lettuce.pool.max-idle=5 spring.redis.lettuce.pool.min-idle=0 #最小空闲 #配置mapper xml文件的路径 mybatis-plus.mapper-locations=classpath:com/atguigu/aclservice/mapper/xml/*.xml # nacos服务地址 spring.cloud.nacos.discovery.server-addr=127.0.0.1:8848 #返回json的全局时间格式 spring.jackson.date-format=yyyy-MM-dd HH:mm:ss spring.jackson.time-zone=GMT+8 #mybatis日志 mybatis-plus.configuration.log-impl=org.apache.ibatis.logging.stdout.StdOutImpl以菜单权限管理CRUD为例:
(3)Permission
package com.atguigu.aclservice.entity; import com.baomidou.mybatisplus.annotation.*; import java.util.Date; import java.io.Serializable; import java.util.List; import io.swagger.annotations.ApiModel; import io.swagger.annotations.ApiModelProperty; import lombok.Data; import lombok.EqualsAndHashCode; import lombok.experimental.Accessors; /** * <p> * 权限 * </p> * * @author testjava * @since 2020-01-12 */ @Data @EqualsAndHashCode(callSuper = false) @Accessors(chain = true) @TableName("acl_permission") @ApiModel(value="Permission对象", description="权限") public class Permission implements Serializable { private static final long serialVersionUID = 1L; @ApiModelProperty(value = "编号") @TableId(value = "id", type = IdType.ID_WORKER_STR) private String id; @ApiModelProperty(value = "所属上级") private String pid; @ApiModelProperty(value = "名称") private String name; @ApiModelProperty(value = "类型(1:菜单,2:按钮)") private Integer type; @ApiModelProperty(value = "权限值") private String permissionValue; @ApiModelProperty(value = "访问路径") private String path; @ApiModelProperty(value = "组件路径") private String component; @ApiModelProperty(value = "图标") private String icon; @ApiModelProperty(value = "状态(0:禁止,1:正常)") private Integer status; @ApiModelProperty(value = "层级") @TableField(exist = false) private Integer level; @ApiModelProperty(value = "下级") @TableField(exist = false) private List<Permission> children; @ApiModelProperty(value = "是否选中") @TableField(exist = false) private boolean isSelect; @ApiModelProperty(value = "逻辑删除 1(true)已删除, 0(false)未删除") private Boolean isDeleted; @ApiModelProperty(value = "创建时间") @TableField(fill = FieldFill.INSERT) private Date gmtCreate; @ApiModelProperty(value = "更新时间") @TableField(fill = FieldFill.INSERT_UPDATE) private Date gmtModified; }(4)PermissionController
package com.atguigu.aclservice.controller; import com.atguigu.aclservice.entity.Permission; import com.atguigu.aclservice.service.PermissionService; import com.atguigu.utils.utils.R; import io.swagger.annotations.ApiOperation; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.web.bind.annotation.*; import java.util.List; /** * <p> * 权限 菜单管理 * </p> * * @author testjava * @since 2020-01-12 */ @RestController @RequestMapping("/admin/acl/permission") //@CrossOrigin public class PermissionController { @Autowired private PermissionService permissionService; //获取全部菜单 @ApiOperation(value = "查询所有菜单") @GetMapping public R indexAllPermission() { List<Permission> list = permissionService.queryAllMenu(); return R.ok().data("children",list); } @ApiOperation(value = "给角色分配权限") @PostMapping("/doAssign") public R doAssign(String roleId,String[] permissionId) { permissionService.saveRolePermissionRealtionShipGuli(roleId,permissionId); return R.ok(); } @ApiOperation(value = "根据角色获取菜单") @GetMapping("toAssign/{roleId}") public R toAssign(@PathVariable String roleId) { List<Permission> list = permissionService.selectAllMenu(roleId); return R.ok().data("children", list); } }(5)PermissionService
package com.atguigu.aclservice.service; import com.alibaba.fastjson.JSONObject; import com.atguigu.aclservice.entity.Permission; import com.baomidou.mybatisplus.extension.service.IService; import java.util.List; /** * <p> * 权限 服务类 * </p> * * @author testjava * @since 2020-01-12 */ public interface PermissionService extends IService<Permission> { //获取全部菜单 List<Permission> queryAllMenu(); //根据角色获取菜单 List<Permission> selectAllMenu(String roleId); //给角色分配权限 void saveRolePermissionRealtionShip(String roleId, String[] permissionId); //递归删除菜单 void removeChildById(String id); //根据用户id获取用户菜单 List<String> selectPermissionValueByUserId(String id); List<JSONObject> selectPermissionByUserId(String id); //获取全部菜单 List<Permission> queryAllMenuGuli(); //递归删除菜单 void removeChildByIdGuli(String id); //给角色分配权限 void saveRolePermissionRealtionShipGuli(String roleId, String[] permissionId); }PermissionService Impl
package com.atguigu.aclservice.service.impl; import com.alibaba.fastjson.JSONObject; import com.atguigu.aclservice.entity.Permission; import com.atguigu.aclservice.entity.RolePermission; import com.atguigu.aclservice.entity.User; import com.atguigu.aclservice.helper.MemuHelper; import com.atguigu.aclservice.helper.PermissionHelper; import com.atguigu.aclservice.mapper.PermissionMapper; import com.atguigu.aclservice.service.PermissionService; import com.atguigu.aclservice.service.RolePermissionService; import com.atguigu.aclservice.service.UserService; import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper; import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; import org.springframework.util.StringUtils; import java.util.ArrayList; import java.util.List; import java.util.stream.Collectors; /** * <p> * 权限 服务实现类 * </p> * * @author testjava * @since 2020-01-12 */ @Service public class PermissionServiceImpl extends ServiceImpl<PermissionMapper, Permission> implements PermissionService { @Autowired private RolePermissionService rolePermissionService; @Autowired private UserService userService; //获取全部菜单 @Override public List<Permission> queryAllMenu() { QueryWrapper<Permission> wrapper = new QueryWrapper<>(); wrapper.orderByDesc("id"); List<Permission> permissionList = baseMapper.selectList(wrapper); List<Permission> result = bulid(permissionList); return result; } //根据角色获取菜单 @Override public List<Permission> selectAllMenu(String roleId) { List<Permission> allPermissionList = baseMapper.selectList(new QueryWrapper<Permission>().orderByAsc("CAST(id AS SIGNED)")); //根据角色id获取角色权限 List<RolePermission> rolePermissionList = rolePermissionService.list(new QueryWrapper<RolePermission>().eq("role_id",roleId)); //转换给角色id与角色权限对应Map对象 // List<String> permissionIdList = rolePermissionList.stream().map(e -> e.getPermissionId()).collect(Collectors.toList()); // allPermissionList.forEach(permission -> { // if(permissionIdList.contains(permission.getId())) { // permission.setSelect(true); // } else { // permission.setSelect(false); // } // }); for (int i = 0; i < allPermissionList.size(); i++) { Permission permission = allPermissionList.get(i); for (int m = 0; m < rolePermissionList.size(); m++) { RolePermission rolePermission = rolePermissionList.get(m); if(rolePermission.getPermissionId().equals(permission.getId())) { permission.setSelect(true); } } } List<Permission> permissionList = bulid(allPermissionList); return permissionList; } //给角色分配权限 @Override public void saveRolePermissionRealtionShip(String roleId, String[] permissionIds) { rolePermissionService.remove(new QueryWrapper<RolePermission>().eq("role_id", roleId)); List<RolePermission> rolePermissionList = new ArrayList<>(); for(String permissionId : permissionIds) { if(StringUtils.isEmpty(permissionId)) continue; RolePermission rolePermission = new RolePermission(); rolePermission.setRoleId(roleId); rolePermission.setPermissionId(permissionId); rolePermissionList.add(rolePermission); } rolePermissionService.saveBatch(rolePermissionList); } //递归删除菜单 @Override public void removeChildById(String id) { List<String> idList = new ArrayList<>(); this.selectChildListById(id, idList); idList.add(id); baseMapper.deleteBatchIds(idList); } //根据用户id获取用户菜单 @Override public List<String> selectPermissionValueByUserId(String id) { List<String> selectPermissionValueList = null; if(this.isSysAdmin(id)) { //如果是系统管理员,获取所有权限 selectPermissionValueList = baseMapper.selectAllPermissionValue(); } else { selectPermissionValueList = baseMapper.selectPermissionValueByUserId(id); } return selectPermissionValueList; } @Override public List<JSONObject> selectPermissionByUserId(String userId) { List<Permission> selectPermissionList = null; if(this.isSysAdmin(userId)) { //如果是超级管理员,获取所有菜单 selectPermissionList = baseMapper.selectList(null); } else { selectPermissionList = baseMapper.selectPermissionByUserId(userId); } List<Permission> permissionList = PermissionHelper.bulid(selectPermissionList); List<JSONObject> result = MemuHelper.bulid(permissionList); return result; } /** * 判断用户是否系统管理员 * @param userId * @return */ private boolean isSysAdmin(String userId) { User user = userService.getById(userId); if(null != user && "admin".equals(user.getUsername())) { return true; } return false; } /** * 递归获取子节点 * @param id * @param idList */ private void selectChildListById(String id, List<String> idList) { List<Permission> childList = baseMapper.selectList(new QueryWrapper<Permission>().eq("pid", id).select("id")); childList.stream().forEach(item -> { idList.add(item.getId()); this.selectChildListById(item.getId(), idList); }); } /** * 使用递归方法建菜单 * @param treeNodes * @return */ private static List<Permission> bulid(List<Permission> treeNodes) { List<Permission> trees = new ArrayList<>(); for (Permission treeNode : treeNodes) { if ("0".equals(treeNode.getPid())) { treeNode.setLevel(1); trees.add(findChildren(treeNode,treeNodes)); } } return trees; } /** * 递归查找子节点 * @param treeNodes * @return */ private static Permission findChildren(Permission treeNode,List<Permission> treeNodes) { treeNode.setChildren(new ArrayList<Permission>()); for (Permission it : treeNodes) { if(treeNode.getId().equals(it.getPid())) { int level = treeNode.getLevel() + 1; it.setLevel(level); if (treeNode.getChildren() == null) { treeNode.setChildren(new ArrayList<>()); } treeNode.getChildren().add(findChildren(it,treeNodes)); } } return treeNode; } //========================递归查询所有菜单================================================ //获取全部菜单 @Override public List<Permission> queryAllMenuGuli() { //1 查询菜单表所有数据 QueryWrapper<Permission> wrapper = new QueryWrapper<>(); wrapper.orderByDesc("id"); List<Permission> permissionList = baseMapper.selectList(wrapper); //2 把查询所有菜单list集合按照要求进行封装 List<Permission> resultList = bulidPermission(permissionList); return resultList; } //把返回所有菜单list集合进行封装的方法 public static List<Permission> bulidPermission(List<Permission> permissionList) { //创建list集合,用于数据最终封装 List<Permission> finalNode = new ArrayList<>(); //把所有菜单list集合遍历,得到顶层菜单 pid=0菜单,设置level是1 for(Permission permissionNode : permissionList) { //得到顶层菜单 pid=0菜单 if("0".equals(permissionNode.getPid())) { //设置顶层菜单的level是1 permissionNode.setLevel(1); //根据顶层菜单,向里面进行查询子菜单,封装到finalNode里面 finalNode.add(selectChildren(permissionNode,permissionList)); } } return finalNode; } private static Permission selectChildren(Permission permissionNode, List<Permission> permissionList) { //1 因为向一层菜单里面放二层菜单,二层里面还要放三层,把对象初始化 permissionNode.setChildren(new ArrayList<Permission>()); //2 遍历所有菜单list集合,进行判断比较,比较id和pid值是否相同 for(Permission it : permissionList) { //判断 id和pid值是否相同 if(permissionNode.getId().equals(it.getPid())) { //把父菜单的level值+1 int level = permissionNode.getLevel()+1; it.setLevel(level); //如果children为空,进行初始化操作 if(permissionNode.getChildren() == null) { permissionNode.setChildren(new ArrayList<Permission>()); } //把查询出来的子菜单放到父菜单里面 permissionNode.getChildren().add(selectChildren(it,permissionList)); } } return permissionNode; } //============递归删除菜单================================== @Override public void removeChildByIdGuli(String id) { //1 创建list集合,用于封装所有删除菜单id值 List<String> idList = new ArrayList<>(); //2 向idList集合设置删除菜单id this.selectPermissionChildById(id,idList); //把当前id封装到list里面 idList.add(id); baseMapper.deleteBatchIds(idList); } //2 根据当前菜单id,查询菜单里面子菜单id,封装到list集合 private void selectPermissionChildById(String id, List<String> idList) { //查询菜单里面子菜单id QueryWrapper<Permission> wrapper = new QueryWrapper<>(); wrapper.eq("pid",id); wrapper.select("id"); List<Permission> childIdList = baseMapper.selectList(wrapper); //把childIdList里面菜单id值获取出来,封装idList里面,做递归查询 childIdList.stream().forEach(item -> { //封装idList里面 idList.add(item.getId()); //递归查询 this.selectPermissionChildById(item.getId(),idList); }); } //=========================给角色分配菜单======================= @Override public void saveRolePermissionRealtionShipGuli(String roleId, String[] permissionIds) { //roleId角色id //permissionId菜单id 数组形式 //1 创建list集合,用于封装添加数据 List<RolePermission> rolePermissionList = new ArrayList<>(); //遍历所有菜单数组 for(String perId : permissionIds) { //RolePermission对象 RolePermission rolePermission = new RolePermission(); rolePermission.setRoleId(roleId); rolePermission.setPermissionId(perId); //封装到list集合 rolePermissionList.add(rolePermission); } //添加到角色菜单关系表 rolePermissionService.saveBatch(rolePermissionList); } }(6)PermissionMapper
package com.atguigu.aclservice.mapper; import com.atguigu.aclservice.entity.Permission; import com.baomidou.mybatisplus.core.mapper.BaseMapper; import java.util.List; /** * <p> * 权限 Mapper 接口 * </p> * * @author testjava * @since 2020-01-12 */ public interface PermissionMapper extends BaseMapper<Permission> { List<String> selectPermissionValueByUserId(String id); List<String> selectAllPermissionValue(); List<Permission> selectPermissionByUserId(String userId); }(7)PermissionMapper.xml
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd"> <mapper namespace="com.atguigu.aclservice.mapper.PermissionMapper"> <resultMap id="permissionMap" type="com.atguigu.aclservice.entity.Permission"> <result property="id" column="id"/> <result property="pid" column="pid"/> <result property="name" column="name"/> <result property="type" column="type"/> <result property="permissionValue" column="permission_value"/> <result property="path" column="path"/> <result property="component" column="component"/> <result property="icon" column="icon"/> <result property="status" column="status"/> <result property="isDeleted" column="is_deleted"/> <result property="gmtCreate" column="gmt_create"/> <result property="gmtModified" column="gmt_modified"/> </resultMap> <!-- 用于select查询公用抽取的列 --> <sql id="columns"> p.id,p.pid,p.name,p.type,p.permission_value,path,p.component,p.icon,p.status,p.is_deleted,p.gmt_create,p.gmt_modified </sql> <select id="selectPermissionByUserId" resultMap="permissionMap"> select <include refid="columns" /> from acl_user_role ur inner join acl_role_permission rp on rp.role_id = ur.role_id inner join acl_permission p on p.id = rp.permission_id where ur.user_id = #{userId} and ur.is_deleted = 0 and rp.is_deleted = 0 and p.is_deleted = 0 </select> <select id="selectPermissionValueByUserId" resultType="String"> select p.permission_value from acl_user_role ur inner join acl_role_permission rp on rp.role_id = ur.role_id inner join acl_permission p on p.id = rp.permission_id where ur.user_id = #{userId} and p.type = 2 and ur.is_deleted = 0 and rp.is_deleted = 0 and p.is_deleted = 0 </select> <select id="selectAllPermissionValue" resultType="String"> select permission_value from acl_permission where type = 2 and is_deleted = 0 </select> </mapper>(8)PermissionHelper
package com.atguigu.aclservice.helper; import com.atguigu.aclservice.entity.Permission; import java.util.ArrayList; import java.util.List; /** * <p> * 根据权限数据构建菜单数据 * </p> * * @author qy * @since 2019-11-11 */ public class PermissionHelper { /** * 使用递归方法建菜单 * @param treeNodes * @return */ public static List<Permission> bulid(List<Permission> treeNodes) { List<Permission> trees = new ArrayList<>(); for (Permission treeNode : treeNodes) { if ("0".equals(treeNode.getPid())) { treeNode.setLevel(1); trees.add(findChildren(treeNode,treeNodes)); } } return trees; } /** * 递归查找子节点 * @param treeNodes * @return */ public static Permission findChildren(Permission treeNode,List<Permission> treeNodes) { treeNode.setChildren(new ArrayList<Permission>()); for (Permission it : treeNodes) { if(treeNode.getId().equals(it.getPid())) { int level = treeNode.getLevel() + 1; it.setLevel(level); if (treeNode.getChildren() == null) { treeNode.setChildren(new ArrayList<>()); } treeNode.getChildren().add(findChildren(it,treeNodes)); } } return treeNode; } }(9)启动类
package com.atguigu.aclservice; import org.mybatis.spring.annotation.MapperScan; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; import org.springframework.cloud.client.discovery.EnableDiscoveryClient; import org.springframework.context.annotation.ComponentScan; @SpringBootApplication @EnableDiscoveryClient @ComponentScan("com.atguigu") @MapperScan("com.atguigu.aclservice.mapper") public class ServiceAclApplication { public static void main(String[] args) { SpringApplication.run(ServiceAclApplication.class, args); } }🍅 Java学习路线:搬砖工逆袭Java架构师
🍅 简介:Java领域优质创作者🏆、CSDN哪吒公众号作者✌ 、Java架构师奋斗者💪
🍅 扫描主页左侧二维码,加入群聊,一起学习、一起进步
🍅 欢迎点赞 👍 收藏 ⭐留言 📝
-
SpringBoot+SpringSecurity+WebSocket
2017-04-11 18:16:23SpringBoot+SpringSecurity+WebSocket的整合Demo
收藏数
177,918
精华内容
71,167
spring
订阅