Official security

springboot-springSecurity2/pom.xml

+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+
+    <groupId>com.us</groupId>
+    <artifactId>springboot-security</artifactId>
+    <version>1.0-SNAPSHOT</version>
+
+    <parent>
+        <groupId>org.springframework.boot</groupId>
+        <artifactId>spring-boot-starter-parent</artifactId>
+        <version>1.3.0.RELEASE</version>
+    </parent>
+
+    <properties>
+        <start-class>com.us.Application</start-class>
+        <maven.compiler.target>1.8</maven.compiler.target>
+        <maven.compiler.source>1.8</maven.compiler.source>
+
+        <mybatis.version>3.2.7</mybatis.version>
+        <mybatis-spring.version>1.2.2</mybatis-spring.version>
+    </properties>
+
+    <dependencies>
+        <!--springboot-->
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-security</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-thymeleaf</artifactId>
+        </dependency>
+
+        <!-- 用于home.html文件中的 hasRole('ROLE_ADMIN') 语句-->
+        <dependency>
+            <groupId>org.thymeleaf.extras</groupId>
+            <artifactId>thymeleaf-extras-springsecurity4</artifactId>
+        </dependency>
+        <!--db-->
+        <dependency>
+            <groupId>mysql</groupId>
+            <artifactId>mysql-connector-java</artifactId>
+            <version>6.0.5</version>
+        </dependency>
+        <dependency>
+            <groupId>com.mchange</groupId>
+            <artifactId>c3p0</artifactId>
+            <version>0.9.5.2</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>commons-logging</groupId>
+                    <artifactId>commons-logging</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+
+        <!--mybatis-->
+        <dependency>
+            <groupId>org.springframework</groupId>
+            <artifactId>spring-jdbc</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.mybatis</groupId>
+            <artifactId>mybatis</artifactId>
+            <version>${mybatis.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.mybatis</groupId>
+            <artifactId>mybatis-spring</artifactId>
+            <version>${mybatis-spring.version}</version>
+        </dependency>
+
+
+    </dependencies>
+
+</project>
\ No newline at end of file

springboot-springSecurity2/src/main/java/com/us/example/Application.java

+package com.us.example;
+
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.context.ConfigurableApplicationContext;
+import org.springframework.context.annotation.ComponentScan;
+
+import static org.springframework.boot.SpringApplication.run;
+
+/**
+ * Created by yangyibo on 17/1/17.
+ */
+
+@ComponentScan(basePackages ="com.us.example")
+@SpringBootApplication
+public class Application {
+    public static void main(String[] args) {
+        ConfigurableApplicationContext run = run(Application.class, args);
+    }
+
+}

springboot-springSecurity2/src/main/java/com/us/example/config/DBconfig.java

+package com.us.example.config;
+
+import java.beans.PropertyVetoException;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.core.env.Environment;
+import com.mchange.v2.c3p0.ComboPooledDataSource;
+/**
+ * Created by yangyibo on 17/1/18.
+ */
+@Configuration
+public class DBconfig {
+    @Autowired
+    private Environment env;
+
+    @Bean(name="dataSource")
+    public ComboPooledDataSource dataSource() throws PropertyVetoException {
+        ComboPooledDataSource dataSource = new ComboPooledDataSource();
+        dataSource.setDriverClass(env.getProperty("ms.db.driverClassName"));
+        dataSource.setJdbcUrl(env.getProperty("ms.db.url"));
+        dataSource.setUser(env.getProperty("ms.db.username"));
+        dataSource.setPassword(env.getProperty("ms.db.password"));
+        dataSource.setMaxPoolSize(20);
+        dataSource.setMinPoolSize(5);
+        dataSource.setInitialPoolSize(10);
+        dataSource.setMaxIdleTime(300);
+        dataSource.setAcquireIncrement(5);
+        dataSource.setIdleConnectionTestPeriod(60);
+
+        return dataSource;
+    }
+}

springboot-springSecurity2/src/main/java/com/us/example/config/MyBatisConfig.java

+package com.us.example.config;
+
+import org.mybatis.spring.SqlSessionFactoryBean;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.ApplicationContext;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.ComponentScan;
+import org.springframework.context.annotation.Configuration;
+
+import javax.sql.DataSource;
+
+@Configuration
+@ComponentScan
+public class MyBatisConfig {
+
+    @Autowired
+    private DataSource dataSource;
+
+    @Bean(name = "sqlSessionFactory")
+    public SqlSessionFactoryBean sqlSessionFactory(ApplicationContext applicationContext) throws Exception {
+        SqlSessionFactoryBean sessionFactory = new SqlSessionFactoryBean();
+        sessionFactory.setDataSource(dataSource);
+        // sessionFactory.setPlugins(new Interceptor[]{new PageInterceptor()});
+        sessionFactory.setMapperLocations(applicationContext.getResources("classpath*:mapper/*.xml"));
+        return sessionFactory;
+    }
+
+}

springboot-springSecurity2/src/main/java/com/us/example/config/MyBatisScannerConfig.java

+package com.us.example.config;
+
+import org.mybatis.spring.mapper.MapperScannerConfigurer;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+@Configuration
+public class MyBatisScannerConfig {
+    @Bean
+    public MapperScannerConfigurer MapperScannerConfigurer() {
+        MapperScannerConfigurer mapperScannerConfigurer = new MapperScannerConfigurer();
+        mapperScannerConfigurer.setBasePackage("com.us.example.dao");
+        mapperScannerConfigurer.setSqlSessionFactoryBeanName("sqlSessionFactory");
+        return mapperScannerConfigurer;
+    }
+}

springboot-springSecurity2/src/main/java/com/us/example/config/TransactionConfig.java

+package com.us.example.config;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.ComponentScan;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.jdbc.datasource.DataSourceTransactionManager;
+import org.springframework.transaction.PlatformTransactionManager;
+import org.springframework.transaction.annotation.TransactionManagementConfigurer;
+
+import javax.sql.DataSource;
+
+@Configuration
+@ComponentScan
+public class TransactionConfig implements TransactionManagementConfigurer{
+    @Autowired
+    private DataSource dataSource;
+
+    @Bean(name = "transactionManager")
+    @Override
+    public PlatformTransactionManager annotationDrivenTransactionManager() {
+        return new DataSourceTransactionManager(dataSource);
+    }
+
+}
\ No newline at end of file

springboot-springSecurity2/src/main/java/com/us/example/config/WebSecurityConfig.java

+package com.us.example.config;
+
+import com.us.example.security.CustomUserService;
+import com.us.example.util.MD5Util;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.http.HttpMethod;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+
+/**
+ * Created by yangyibo on 17/1/18.
+ */
+@Configuration
+@EnableWebSecurity
+@EnableGlobalMethodSecurity(securedEnabled = true)
+public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
+
+    @Bean
+    UserDetailsService customUserService(){ //注册UserDetailsService 的bean
+        return new CustomUserService();
+    }
+
+    @Override
+    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+        auth.userDetailsService(customUserService()).passwordEncoder(new PasswordEncoder(){
+
+            @Override
+            public String encode(CharSequence rawPassword) {
+                return MD5Util.encode((String)rawPassword);
+            }
+
+            @Override
+            public boolean matches(CharSequence rawPassword, String encodedPassword) {
+                return encodedPassword.equals(MD5Util.encode((String)rawPassword));
+            }}); //user Details Service验证
+    }
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        http
+                .csrf().disable()
+                .authorizeRequests()
+                .antMatchers("/login").permitAll()
+                .antMatchers("/logout").permitAll()
+                .antMatchers("/").permitAll()
+                .antMatchers("/users/**")
+                .authenticated()
+                .antMatchers(HttpMethod.POST)
+                .authenticated()
+                .antMatchers(HttpMethod.PUT)
+                .authenticated()
+                .antMatchers(HttpMethod.DELETE)
+                .authenticated()
+                .antMatchers("/**")
+                .permitAll()
+                .and()
+                .sessionManagement()
+                .and()
+                .httpBasic();
+    }
+
+
+
+}
+

springboot-springSecurity2/src/main/java/com/us/example/controller/HomeController.java

+package com.us.example.controller;
+
+import org.springframework.security.access.annotation.Secured;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.ResponseBody;
+
+/**
+ * Created by yangyibo on 17/1/18.
+ */
+@Controller
+@RequestMapping("/users")
+public class HomeController {
+
+    @RequestMapping(method = RequestMethod.GET)
+    @ResponseBody
+    public String getUsers() {
+        return "getUsers";
+    }
+
+    @Secured("ROLE_ADMIN")
+    @RequestMapping(method = RequestMethod.POST)
+    @ResponseBody
+    public String save() {
+        return "saveUser";
+    }
+
+
+    @Secured("ROLE_ADMIN")
+    @RequestMapping(method = RequestMethod.PUT)
+    @ResponseBody
+    public String update() {
+        return "updateUser";
+    }
+
+
+    @Secured("ROLE_ADMIN")
+    @RequestMapping(method = RequestMethod.DELETE)
+    @ResponseBody
+    public String delete() {
+        return "deleteUser";
+    }
+
+
+}
+

springboot-springSecurity2/src/main/java/com/us/example/controller/LoginController.java

+package com.us.example.controller;
+
+import com.us.example.domain.SysUser;
+import org.springframework.security.core.annotation.AuthenticationPrincipal;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.ResponseBody;
+import org.springframework.web.bind.annotation.RestController;
+
+/**
+ * Created by yangyibo on 17/3/1.
+ */
+@RestController
+public class LoginController {
+
+    @RequestMapping(value = "/login")
+    @ResponseBody
+    //用户名密码是用base64 加密 原文为 admin:admin 即 用户名:密码  内容是放在request.getHeader 的 "authorization" 中
+    public Object login(@AuthenticationPrincipal SysUser loginedUser, @RequestParam(name = "logout", required = false) String logout) {
+        if (logout != null) {
+            return null;
+        }
+        if (loginedUser != null) {
+            return loginedUser;
+        }
+        return null;
+    }
+}

springboot-springSecurity2/src/main/java/com/us/example/dao/UserDao.java

+package com.us.example.dao;
+
+import com.us.example.domain.SysUser;
+
+
+public interface UserDao {
+    public SysUser findByUserName(String username);
+}

springboot-springSecurity2/src/main/java/com/us/example/domain/SysRole.java

+package com.us.example.domain;
+
+/**
+ * Created by yangyibo on 17/1/17.
+ */
+
+public class SysRole {
+
+    private Integer id;
+    private String name;
+    public Integer getId() {
+        return id;
+    }
+    public void setId(Integer id) {
+        this.id = id;
+    }
+    public String getName() {
+        return name;
+    }
+    public void setName(String name) {
+        this.name = name;
+    }
+
+
+
+}

springboot-springSecurity2/src/main/java/com/us/example/domain/SysUser.java

+package com.us.example.domain;
+
+import java.util.List;
+
+/**
+ * Created by yangyibo on 17/1/17.
+ */
+
+public class SysUser {
+    private Integer id;
+    private String username;
+    private String password;
+
+    private List<SysRole> roles;
+
+    public Integer getId() {
+        return id;
+    }
+
+    public void setId(Integer id) {
+        this.id = id;
+    }
+
+    public String getUsername() {
+        return username;
+    }
+
+    public void setUsername(String username) {
+        this.username = username;
+    }
+
+    public String getPassword() {
+        return password;
+    }
+
+    public void setPassword(String password) {
+        this.password = password;
+    }
+
+    public List<SysRole> getRoles() {
+        return roles;
+    }
+
+    public void setRoles(List<SysRole> roles) {
+        this.roles = roles;
+    }
+
+}

springboot-springSecurity2/src/main/java/com/us/example/security/CustomUserService.java

+package com.us.example.security;
+
+import com.us.example.dao.UserDao;
+import com.us.example.domain.SysRole;
+import com.us.example.domain.SysUser;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.stereotype.Service;
+
+import java.util.ArrayList;
+import java.util.List;
+
+/**
+ * Created by yangyibo on 17/1/18.
+ */
+@Service
+public class CustomUserService implements UserDetailsService { //自定义UserDetailsService 接口
+
+    @Autowired
+    UserDao userDao;
+
+    @Override
+    public UserDetails loadUserByUsername(String username) { //重写loadUserByUsername 方法获得 userdetails 类型用户
+
+        SysUser user = userDao.findByUserName(username);
+        if(user == null){
+            throw new UsernameNotFoundException("用户名不存在");
+        }
+        List<SimpleGrantedAuthority> authorities = new ArrayList<>();
+        //用于添加用户的权限。只要把用户权限添加到authorities 就万事大吉。
+        for(SysRole role:user.getRoles())
+        {
+            authorities.add(new SimpleGrantedAuthority(role.getName()));
+            System.out.println(role.getName());
+        }
+        return new org.springframework.security.core.userdetails.User(user.getUsername(),
+                user.getPassword(), authorities);
+
+    }
+
+}

springboot-springSecurity2/src/main/java/com/us/example/util/MD5Util.java

+package com.us.example.util;
+
+/**
+ * Created by yangyibo on 17/2/7.
+ */
+import java.security.MessageDigest;
+/**
+ * MD5加密工具
+ *
+ */
+public class MD5Util {
+
+    private static final String SALT = "exampel";
+
+    public static String encode(String password) {
+        password = password + SALT;
+        MessageDigest md5 = null;
+        try {
+            md5 = MessageDigest.getInstance("MD5");
+        } catch (Exception e) {
+            throw new RuntimeException(e);
+        }
+        char[] charArray = password.toCharArray();
+        byte[] byteArray = new byte[charArray.length];
+
+        for (int i = 0; i < charArray.length; i++)
+            byteArray[i] = (byte) charArray[i];
+        byte[] md5Bytes = md5.digest(byteArray);
+        StringBuffer hexValue = new StringBuffer();
+        for (int i = 0; i < md5Bytes.length; i++) {
+            int val = ((int) md5Bytes[i]) & 0xff;
+            if (val < 16) {
+                hexValue.append("0");
+            }
+
+            hexValue.append(Integer.toHexString(val));
+        }
+        return hexValue.toString();
+    }
+
+    public static void main(String[] args) {
+        System.out.println(MD5Util.encode("abel"));
+        System.out.println(MD5Util.encode("admin"));
+
+
+    }
+}
\ No newline at end of file

springboot-springSecurity2/src/main/resources/application.properties

+ms.db.driverClassName=com.mysql.jdbc.Driver
+ms.db.url=jdbc:mysql://localhost:3306/cache?characterEncoding=utf-8&useSSL=false
+ms.db.username=root
+ms.db.password=admin
+ms.db.maxActive=500
+server.port=8099
+
+logging.level.org.springframework.security= INFO
+spring.thymeleaf.cache=false

springboot-springSecurity2/src/main/resources/mapper/UserDaoMapper.xml

+<?xml version="1.0" encoding="UTF-8" ?>
+<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
+<mapper namespace="com.us.example.dao.UserDao">
+    <resultMap id="userMap" type="com.us.example.domain.SysUser">
+        <id property="id" column="ID"/>
+        <result property="username" column="username"/>
+        <result property="password" column="PASSWORD"/>
+        <collection property="roles" ofType="com.us.example.domain.SysRole">
+            <result column="name" property="name"/>
+        </collection>
+
+    </resultMap>
+    <select id="findByUserName" parameterType="String" resultMap="userMap">
+		select u.*
+		,r.name
+		from Sys_User u
+        LEFT JOIN sys_role_user sru on u.id= sru.Sys_User_id
+        LEFT JOIN Sys_Role r on sru.Sys_Role_id=r.id
+        where username= #{username}
+	</select>
+</mapper>
\ No newline at end of file