<kbd id="5sdj3"></kbd>
<th id="5sdj3"></th>
  • <dd id="5sdj3"><form id="5sdj3"></form></dd>
    <td id="5sdj3"><form id="5sdj3"><big id="5sdj3"></big></form></td><del id="5sdj3"></del>
    

  • 

    • 

  • <dd id="5sdj3"></dd>
    <dfn id="5sdj3"></dfn>
    • <th id="5sdj3"></th>

    <tfoot id="5sdj3"><menuitem id="5sdj3"></menuitem></tfoot>
    • <td id="5sdj3"><form id="5sdj3"><menu id="5sdj3"></menu></form></td>
  • <kbd id="5sdj3"><form id="5sdj3"></form></kbd>
    公司新來了一個(gè)同事,把權(quán)限系統(tǒng)設(shè)計(jì)的爐火純青!
    共
                28413字,需瀏覽
                    57分鐘
                
     ·
    2023-10-15 14:27
     
 
     
  
     點(diǎn)擊關(guān)注公眾號(hào),SQL干貨及時(shí)獲取 
   
     
  
     
  
        
    
    
     后臺(tái)回復(fù):1024,獲取海量學(xué)習(xí)資源
    
    
    
    
    
    
     SQL刷題專欄
    
    
    
    
    
    
     
     
    
      
      
    
       
       
    
        SQL145題系列
       
       
    
      
      
    
     
     
    
    
    
    
    
    
    
     
     

    
     
     
    
      
      
    大家注意:
    
      
      
    因?yàn)槲⑿鸥牧送扑蜋C(jī)制,會(huì)有小伙伴刷不到當(dāng)天的文章,
    
      
      
    一些比較實(shí)用的知識(shí)和信息,錯(cuò)過了就是錯(cuò)過了。
    
      
      
    所以建議大家加個(gè)星標(biāo),就能第一時(shí)間收到推送了。
    
      
      
    
     
     
    
    
    
     
  
     來源:segmentfault.com/a/1190000023052493 
   
     
  
     
  
     
   
     
  
     
  
     思維導(dǎo)圖如下 
  
     
  
     
   
     
  
     
  
     
    
  
     
  
     
   
     
  
     
  
     # RBAC權(quán)限分析 
  
     
  
     
   
     
  
     
  
     RBAC 全稱為基于角色的權(quán)限控制,本段將會(huì)從什么是RBAC,模型分類,什么是權(quán)限,用戶組的使用,實(shí)例分析等幾個(gè)方面闡述RBAC 
  
     
  
     
   
     
  
     
  
     思維導(dǎo)圖 
  
     
  
     
   
     
  
     
  
     繪制思維導(dǎo)圖如下 
  
     
  
         
     
    
      
      
    
     
     
    
   
   
    
    
   
   
     
  
     
   
     
  
     
  
     
    
  
     
  
     
   
     
  
     
  
     什么是RBAC 
  
     
  
     
   
     
  
     
  
     RBAC 全稱為用戶角色權(quán)限控制,通過角色關(guān)聯(lián)用戶,角色關(guān)聯(lián)權(quán)限,這種方式,間階的賦予用戶的權(quán)限,如下圖所示 
  
     
  
     
   
     
  
     
  
     
    
  
     
  
     
   
     
  
     
  
     對(duì)于通常的系統(tǒng)而言,存在多個(gè)用戶具有相同的權(quán)限,在分配的時(shí)候,要為指定的用戶分配相關(guān)的權(quán)限,修改的時(shí)候也要依次的對(duì)這幾個(gè)用戶的權(quán)限進(jìn)行修改,有了角色這個(gè)權(quán)限,在修改權(quán)限的時(shí)候,只需要對(duì)角色進(jìn)行修改,就可以實(shí)現(xiàn)相關(guān)的權(quán)限的修改。這樣做增加了效率,減少了權(quán)限漏洞的發(fā)生。 
  
     
  
     
   
     
  
     
  
     模型分類 
  
     
  
     
   
     
  
     
  
     對(duì)于RBAC模型來說,分為以下幾個(gè)模型 分別是RBAC0,RBAC1,RBAC2,RBAC3,這四個(gè)模型,這段將會(huì)依次介紹這四個(gè)模型,其中最常用的模型有RBAC0. 
  
     
  
     
   
     
  
     
  
     RBAC0 
  
     
  
     
   
     
  
     
  
     RBAC0是最簡單的RBAC模型,這里面包含了兩種。 
  
     
  
     
   
     
  
     
  
     用戶和角色是多對(duì)一的關(guān)系,即一個(gè)用戶只充當(dāng)一種角色,一個(gè)角色可以有多個(gè)角色的擔(dān)當(dāng)。用戶和角色是多對(duì)多的關(guān)系,即,一個(gè)用戶可以同時(shí)充當(dāng)多個(gè)角色,一個(gè)角色可以有多個(gè)用戶。  
  
     
  
     
   
     
  
     
  
     此系統(tǒng)功能單一,人員較少,這里舉個(gè)栗子,張三既是行政,也負(fù)責(zé)財(cái)務(wù),此時(shí)張三就有倆個(gè)權(quán)限,分別是行政權(quán)限,和財(cái)務(wù)權(quán)限兩個(gè)部分。 
  
     
  
     
   
     
  
     
  
     RBAC1 
  
     
  
     
   
     
  
     
  
     相對(duì)于RBAC0模型來說,增加了子角色,引入了繼承的概念。 
  
     
  
     
   
     
  
     
  
     
    
  
     
  
     
   
     
  
     
  
     RBAC2 模型 
  
     
  
     
   
     
  
     
  
     這里RBAC2模型,在RBAC0模型的基礎(chǔ)上,增加了一些功能,以及限制 
  
     
  
     
   
     
  
     
  
       
   
    •  
    
       角色互斥 
    
      •  
  
     
  
     
   
     
  
     
  
     即,同一個(gè)用戶不能擁有兩個(gè)互斥的角色,舉個(gè)例子,在財(cái)務(wù)系統(tǒng)中,一個(gè)用戶不能擁有會(huì)計(jì)員和審計(jì)這兩種角色。 
  
     
  
     
   
     
  
     
  
       
   
    •  
    
       基數(shù)約束 
    
      •  
  
     
  
     
   
     
  
     
  
     即,用一個(gè)角色,所擁有的成員是固定的,例如對(duì)于CEO這種角色,同一個(gè)角色,也只能有一個(gè)用戶。 
  
     
  
     
   
     
  
     
  
       
   
    •  
    
       先決條件 
    
      •  
  
     
  
     
   
     
  
     
  
     即,對(duì)于該角色來說,如果想要獲得更高的角色,需要先獲取低一級(jí)別的角色。舉個(gè)栗子,對(duì)于副總經(jīng)理和經(jīng)理這兩個(gè)權(quán)限來說,需要先有副總經(jīng)理權(quán)限,才能擁有經(jīng)理權(quán)限,其中副總經(jīng)理權(quán)限是經(jīng)理權(quán)限的先決條件。 
  
     
  
     
   
     
  
     
  
       
   
    •  
    
       運(yùn)行時(shí)互斥 
    
      •  
  
     
  
     
   
     
  
     
  
     即,一個(gè)用戶可以擁有兩個(gè)角色,但是這倆個(gè)角色不能同時(shí)使用,需要切換角色才能進(jìn)入另外一個(gè)角色。舉個(gè)栗子,對(duì)于總經(jīng)理和專員這兩個(gè)角色,系統(tǒng)只能在一段時(shí)間,擁有其一個(gè)角色,不能同時(shí)對(duì)這兩種角色進(jìn)行操作。 
  
     
  
     
   
     
  
     
  
     RBAC3模型 
  
     
  
     
   
     
  
     
  
     即,RBAC1,RBAC2,兩者模型全部累計(jì),稱為統(tǒng)一模型。 
  
     
  
     
   
     
  
     
  
     
    
  
     
  
     
   
     
  
     
  
     什么是權(quán)限 
  
     
  
     
   
     
  
     
  
     權(quán)限是資源的集合,這里的資源指的是軟件中的所有的內(nèi)容,即,對(duì)頁面的操作權(quán)限,對(duì)頁面的訪問權(quán)限,對(duì)數(shù)據(jù)的增刪查改的權(quán)限。舉個(gè)栗子。對(duì)于下圖中的系統(tǒng)而言, 
  
     
  
     
   
     
  
     
  
     
    
  
     
  
     
   
     
  
     
  
     
     
  
     
  
     擁有,計(jì)劃管理,客戶管理,合同管理,出入庫通知單管理,糧食安全追溯,糧食統(tǒng)計(jì)查詢,設(shè)備管理這幾個(gè)頁面,對(duì)這幾個(gè)頁面的訪問,以及是否能夠訪問到菜單,都屬于權(quán)限。 
  
     
  
     
   
     
  
     
  
     用戶組的使用 
  
     
  
     
   
     
  
     
  
     對(duì)于用戶組來說,是把眾多的用戶劃分為一組,進(jìn)行批量授予角色,即,批量授予權(quán)限。舉個(gè)栗子,對(duì)于部門來說,一個(gè)部門擁有一萬多個(gè)員工,這些員工都擁有相同的角色,如果沒有用戶組,可能需要一個(gè)個(gè)的授予相關(guān)的角色,在擁有了用戶組以后,只需要,把這些用戶全部劃分為一組,然后對(duì)該組設(shè)置授予角色,就等同于對(duì)這些用戶授予角色。 
  
     
  
     
   
     
  
     
  
     優(yōu)點(diǎn):減少工作量,便于理解,增加多級(jí)管理,等。 
  
     
  
     
   
     
  
     
  
     SpringSecurity 簡單使用 
  
     
  
     
   
     
  
     
  
     首先添加依賴 
  
     
  
     
   
       
    
    •  
    
    •  
    
    •  
    
    •  
   
     
   
    <dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-security</artifactId></dependency>
     
  
     
  
     
     
  
     
  
     然后添加相關(guān)的訪問接口 
  
     
  
     
   
       
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
   
     
   
    package com.example.demo.web;
    import org.springframework.web.bind.annotation.RequestMapping;import org.springframework.web.bind.annotation.RestController;
    @RestController@RequestMapping("/test")public class Test {    @RequestMapping("/test")    public String test(){return "test";    }}
     
  
     
  
     
   
     
  
     
  
     最后啟動(dòng)項(xiàng)目,在日志中查看相關(guān)的密碼 
  
     
  
     
   
     
  
     
  
     
    
  
     
  
     
   
     
  
     
  
     訪問接口,可以看到相關(guān)的登錄界面 
  
     
  
     
   
     
  
     
  
     
    
  
     
  
     
   
     
  
     
  
     輸入用戶名和相關(guān)的密碼 
  
     
  
     
   
     
  
     
  
     
   
       
    
    •  
    
    •  
    
    •  
   
     
   
    用戶名:user
    密碼 984cccf2-ba82-468e-a404-7d32123d0f9c
     
  
     
  
     
   
     
  
     
  
     
    
  
     
  
     
   
     
  
     
  
     登錄成功 
  
     
  
     
   
     
  
     
  
     增加用戶名和密碼 
  
     
  
     
   
     
  
     
  
     在配置文件中,書寫相關(guān)的登錄和密碼 
  
     
  
     
   
       
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
   
     
   
    spring:  security:    user:      name: ming      password: 123456      roles: admin
     
  
     
  
     
   
     
  
     
  
     在登錄頁面,輸入用戶名和密碼,即可正常登錄。 
  
     
  
     
   
     
  
     
  
     基于內(nèi)存的認(rèn)證 
  
     
  
     
   
     
  
     
  
     需要自定義類繼承 WebSecurityConfigurerAdapter 代碼如下 
  
     
  
     
   
       
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
   
     
   
    package com.example.demo.config;
    import org.springframework.context.annotation.Bean;import org.springframework.context.annotation.Configuration;import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;import org.springframework.security.crypto.password.NoOpPasswordEncoder;import org.springframework.security.crypto.password.PasswordEncoder;
    @Configurationpublic class MyWebSecurityConfig extends WebSecurityConfigurerAdapter {    @Bean    PasswordEncoder passwordEncoder(){        return NoOpPasswordEncoder.getInstance();    }
        @Override    protected void configure(AuthenticationManagerBuilder auth) throws Exception {        auth.inMemoryAuthentication()                .withUser("admin").password("123").roles("admin");    }}
     
  
     
  
     
     
  
     
  
     即,配置的用戶名為admin,密碼為123,角色為admin 
  
     
  
     
   
     
  
     
  
     HttpSecurity 
  
     
  
     
   
     
  
     
  
     這里對(duì)一些方法進(jìn)行攔截 
  
     
  
     
   
       
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
   
     
   
    package com.ming.demo.interceptor;
    import org.springframework.beans.factory.annotation.Autowired;import org.springframework.context.annotation.Bean;import org.springframework.context.annotation.Configuration;import org.springframework.http.HttpMethod;import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;import org.springframework.security.config.annotation.web.builders.HttpSecurity;import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;import org.springframework.security.crypto.password.PasswordEncoder;import org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices;
    @Configuration@EnableWebSecuritypublic class SecurityConfig  extends WebSecurityConfigurerAdapter {    //基于內(nèi)存的用戶存儲(chǔ)    @Override    public void configure(AuthenticationManagerBuilder auth) throws Exception {        auth.inMemoryAuthentication()                .withUser("itguang").password("123456").roles("USER").and()                .withUser("admin").password("{noop}" + "123456").roles("ADMIN");    }
        //請(qǐng)求攔截    @Override    protected void configure(HttpSecurity http) throws Exception {        http.authorizeRequests()                .anyRequest().permitAll()                .and()                .formLogin()                .permitAll()                .and()                .logout()                .permitAll();    }}
     
  
     
  
      
  
     
  
     即,這里完成了對(duì)所有的方法訪問的攔截。 
  
     
  
     
   
     
  
     
  
     # SpringSecurity 集成JWT 
  
     
  
     
   
     
  
     
  
     這是一個(gè)小demo,目的,登錄以后返回jwt生成的token 
  
     
  
     
   
     
  
     
  
     導(dǎo)入依賴 
  
     
  
     
   
     
  
     
  
     添加web依賴 
  
     
  
     
   
     
  
     
  
     
    
  
     
  
      
  
     
  
     
   
     
  
     
  
     導(dǎo)入JWT和Security依賴 
  
     
  
     
   
       
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
   
     
   
     <!-- https://mvnrepository.com/artifact/io.jsonwebtoken/jjwt -->        <dependency>            <groupId>io.jsonwebtoken</groupId>            <artifactId>jjwt</artifactId>            <version>0.9.1</version>        </dependency>        <!-- https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-starter-security -->        <dependency>            <groupId>org.springframework.boot</groupId>            <artifactId>spring-boot-starter-security</artifactId>            <version>2.3.1.RELEASE</version>        </dependency>
     
  
     
  
      
  
     
  
     創(chuàng)建一個(gè)JwtUser實(shí)現(xiàn)UserDetails 
  
     
  
     
   
     
  
     
  
     創(chuàng)建 一個(gè)相關(guān)的JavaBean 
  
     
  
     
   
       
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
   
     
   
    package com.example.demo;
    import org.springframework.security.core.GrantedAuthority;import org.springframework.security.core.userdetails.UserDetails;
    import java.util.Collection;
    public class JwtUser implements UserDetails {    private String username;    private String password;    private Integer state;    private Collection<? extends GrantedAuthority> authorities;    public JwtUser(){
        }
        public JwtUser(String username, String password, Integer state,  Collection<? extends GrantedAuthority> authorities){        this.username = username;        this.password = password;        this.state = state;        this.authorities = authorities;    }
        @Override    public Collection<? extends GrantedAuthority> getAuthorities() {        return authorities;    }
        @Override    public String getPassword() {        return this.password;    }
        @Override    public String getUsername() {        return this.username;    }
        @Override    public boolean isAccountNonExpired() {        return true;    }
        @Override    public boolean isAccountNonLocked() {        return true;    }
        @Override    public boolean isCredentialsNonExpired() {        return true;    }
        @Override    public boolean isEnabled() {        return true;    }}
     
  
     
  
      
  
     
  
     編寫工具類生成令牌 
  
     
  
     
   
     
  
     
  
     編寫工具類,用來生成token,以及刷新token,以及驗(yàn)證token 
  
     
  
     
   
       
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
   
     
   
    package com.example.demo;
    import io.jsonwebtoken.Claims;import io.jsonwebtoken.Jwts;import io.jsonwebtoken.SignatureAlgorithm;import org.springframework.security.core.userdetails.UserDetails;
    import java.io.Serializable;import java.util.Date;import java.util.HashMap;import java.util.Map;
    public class JwtTokenUtil implements Serializable {    private String secret;    private Long expiration;    private String header;
        private String generateToken(Map<String, Object> claims) {        Date expirationDate = new Date(System.currentTimeMillis() + expiration);        return Jwts.builder().setClaims(claims).setExpiration(expirationDate).signWith(SignatureAlgorithm.HS512, secret).compact();    }    private Claims getClaimsFromToken(String token) {        Claims claims;        try {            claims = Jwts.parser().setSigningKey(secret).parseClaimsJws(token).getBody();        } catch (Exception e) {            claims = null;        }        return claims;    }
        public String generateToken(UserDetails userDetails) {        Map<String, Object> claims = new HashMap<>(2);        claims.put("sub", userDetails.getUsername());        claims.put("created", new Date());        return generateToken(claims);    }
        public String getUsernameFromToken(String token) {        String username;        try {            Claims claims = getClaimsFromToken(token);            username = claims.getSubject();        } catch (Exception e) {            username = null;        }        return username;    }
        public Boolean isTokenExpired(String token) {        try {            Claims claims = getClaimsFromToken(token);            Date expiration = claims.getExpiration();            return expiration.before(new Date());        } catch (Exception e) {            return false;        }    }    public String refreshToken(String token) {        String refreshedToken;        try {            Claims claims = getClaimsFromToken(token);            claims.put("created", new Date());            refreshedToken = generateToken(claims);        } catch (Exception e) {            refreshedToken = null;        }        return refreshedToken;    }
        public Boolean validateToken(String token, UserDetails userDetails) {        JwtUser user = (JwtUser) userDetails;        String username = getUsernameFromToken(token);        return (username.equals(user.getUsername()) && !isTokenExpired(token));    }}
     
  
     
  
     
   
     
  
     
  
     編寫攔截器 
  
     
  
     
   
     
  
     
  
     編寫Filter 用來檢測JWT 
  
     
  
     
   
       
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
   
     
   
    package com.example.demo;
    import org.apache.commons.lang.StringUtils;import org.springframework.beans.factory.annotation.Autowired;import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;import org.springframework.security.core.context.SecurityContextHolder;import org.springframework.security.core.userdetails.UserDetails;import org.springframework.security.core.userdetails.UserDetailsService;import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;import org.springframework.stereotype.Component;import org.springframework.web.filter.OncePerRequestFilter;
    import javax.servlet.FilterChain;import javax.servlet.ServletException;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import java.io.IOException;
    @Componentpublic class JwtAuthenticationTokenFilter  extends OncePerRequestFilter {    @Autowired    private UserDetailsService userDetailsService;    @Autowired    private JwtTokenUtil jwtTokenUtil;
        @Override    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {        String authHeader = httpServletRequest.getHeader(jwtTokenUtil.getHeader());        if (authHeader != null && StringUtils.isNotEmpty(authHeader)) {            String username = jwtTokenUtil.getUsernameFromToken(authHeader);            if (username != null && SecurityContextHolder.getContext().getAuthentication() == null) {                UserDetails userDetails = this.userDetailsService.loadUserByUsername(username);                if (jwtTokenUtil.validateToken(authHeader, userDetails)) {                    UsernamePasswordAuthenticationToken authentication  =                    new UsernamePasswordAuthenticationToken(userDetails,null,userDetails.getAuthorities());                    authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(httpServletRequest));                    SecurityContextHolder.getContext().setAuthentication(authentication);
                    }            }        }        filterChain.doFilter(httpServletRequest, httpServletResponse);    }}
     
  
     
  
      
  
     
  
     編寫userDetailsService的實(shí)現(xiàn)類 
  
     
  
     
   
     
  
     
  
     在上方代碼中,編寫userDetailsService,類,實(shí)現(xiàn)其驗(yàn)證過程 
  
     
  
     
   
       
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
   
     
   
    package com.example.demo;
    import org.springframework.beans.factory.annotation.Autowired;import org.springframework.security.core.authority.SimpleGrantedAuthority;import org.springframework.security.core.userdetails.User;import org.springframework.security.core.userdetails.UserDetails;import org.springframework.security.core.userdetails.UserDetailsService;import org.springframework.security.core.userdetails.UsernameNotFoundException;import org.springframework.stereotype.Service;
    import javax.management.relation.Role;import java.util.List;
    @Servicepublic class JwtUserDetailsServiceImpl  implements UserDetailsService {    @Autowired    private UserMapper userMapper;
        @Override    public UserDetails loadUserByUsername(String s) throws UsernameNotFoundException {        User user = userMapper.selectByUserName(s);        if (user == null) {            throw new UsernameNotFoundException(String.format("'%s'.這個(gè)用戶不存在", s));
            }        List<SimpleGrantedAuthority> collect = user.getRoles().stream().map(Role::getRolename).map(SimpleGrantedAuthority::new).collect(Collectors.toList());        return new JwtUser(user.getUsername(), user.getPassword(), user.getState(), collect);    }}
     
  
     
  
     
   
     
  
     
  
     編寫登錄 
  
     
  
     
   
     
  
     
  
     編寫登錄業(yè)務(wù)的實(shí)現(xiàn)類 其login方法會(huì)返回一個(gè)JWTUtils 的token 
  
     
  
     
   
       
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
   
     
   
    @Servicepublic class UserServiceImpl  implements UserService {    @Autowired    private UserMapper userMapper;
        @Autowired    private AuthenticationManager authenticationManager;
        @Autowired    private UserDetailsService userDetailsService;
        @Autowired    private JwtTokenUtil jwtTokenUtil;
        public User findByUsername(String username) {        User user = userMapper.selectByUserName(username);        return user;    }
        public RetResult login(String username, String password) throws AuthenticationException {        UsernamePasswordAuthenticationToken upToken = new UsernamePasswordAuthenticationToken(username, password);        final Authentication authentication = authenticationManager.authenticate(upToken);        SecurityContextHolder.getContext().setAuthentication(authentication);        UserDetails userDetails = userDetailsService.loadUserByUsername(username);        return new RetResult(RetCode.SUCCESS.getCode(),jwtTokenUtil.generateToken(userDetails));    }}
     
  
     
  
     
   
     
  
     
  
     最后配置Config 
  
     
  
      
  
     
  
     
   
       
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
   
     
   
    @EnableGlobalMethodSecurity(prePostEnabled = true)@EnableWebSecuritypublic class WebSecurity extends WebSecurityConfigurerAdapter {    @Autowired    private UserDetailsService userDetailsService;    @Autowired    private JwtAuthenticationTokenFilter jwtAuthenticationTokenFilter;
        @Autowired    public void configureAuthentication(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {        authenticationManagerBuilder.userDetailsService(this.userDetailsService).passwordEncoder(passwordEncoder());
        }
        @Bean(name = BeanIds.AUTHENTICATION_MANAGER)
        @Override    public AuthenticationManager authenticationManagerBean() throws Exception {        return super.authenticationManagerBean();    }        @Bean    public PasswordEncoder passwordEncoder() {        return new BCryptPasswordEncoder();    }
        @Override    protected void configure(HttpSecurity http) throws Exception {        http.csrf().disable().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)                .and().authorizeRequests()                .antMatchers(HttpMethod.OPTIONS, "/**").permitAll()                .antMatchers("/auth/**").permitAll()                .anyRequest().authenticated()                .and().headers().cacheControl();
            http.addFilterBefore(jwtAuthenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);
            ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry = http.authorizeRequests();
            registry.requestMatchers(CorsUtils::isPreFlightRequest).permitAll();
        }
        @Bean    public CorsFilter corsFilter() {        final UrlBasedCorsConfigurationSource urlBasedCorsConfigurationSource = new UrlBasedCorsConfigurationSource();        final CorsConfiguration cors = new CorsConfiguration();        cors.setAllowCredentials(true);        cors.addAllowedOrigin("*");        cors.addAllowedHeader("*");        cors.addAllowedMethod("*");        urlBasedCorsConfigurationSource.registerCorsConfiguration("/**", cors);        return new CorsFilter(urlBasedCorsConfigurationSource);
        }}
     
  
     
  
      
  
     
  
     運(yùn)行,返回token 
  
     
  
     
   
     
  
     
  
     運(yùn)行,返回結(jié)果為token 
  
     
  
     
   
     
  
     
  
     
    
  
     
  
      
  
     
  
     # SpringSecurity JSON登錄 
   
     
  
     
  
      
  
     
  
     這里配置SpringSecurity之JSON登錄 
  
     
  
     
   
     
  
     
  
     這里需要重寫UsernamePasswordAnthenticationFilter類,以及配置SpringSecurity 
  
     
  
     
   
     
  
     
  
     重寫UsernamePasswordAnthenticationFilter 
  
     
  
     
   
     
  
     
  
     
   
       
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
   
     
   
    public class CustomAuthenticationFilter extends UsernamePasswordAuthenticationFilter {
        @Override    public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {
            //attempt Authentication when Content-Type is json        if(request.getContentType().equals(MediaType.APPLICATION_JSON_UTF8_VALUE)                ||request.getContentType().equals(MediaType.APPLICATION_JSON_VALUE)){
                //use jackson to deserialize json            ObjectMapper mapper = new ObjectMapper();            UsernamePasswordAuthenticationToken authRequest = null;            try (InputStream is = request.getInputStream()){                AuthenticationBean authenticationBean = mapper.readValue(is,AuthenticationBean.class);                authRequest = new UsernamePasswordAuthenticationToken(                        authenticationBean.getUsername(), authenticationBean.getPassword());            }catch (IOException e) {                e.printStackTrace();                authRequest = new UsernamePasswordAuthenticationToken(                        "", "");            }finally {                setDetails(request, authRequest);                return this.getAuthenticationManager().authenticate(authRequest);            }        }
            //transmit it to UsernamePasswordAuthenticationFilter        else {            return super.attemptAuthentication(request, response);        }    }}
     
  
     
  
     
   
     
  
     
  
     配置SecurityConfig 
  
     
  
      
  
     
  
     
   
       
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
   
     
   
    @Overrideprotected void configure(HttpSecurity http) throws Exception {    http            .cors().and()            .antMatcher("/**").authorizeRequests()            .antMatchers("/", "/login**").permitAll()            .anyRequest().authenticated()            //這里必須要寫formLogin(),不然原有的UsernamePasswordAuthenticationFilter不會(huì)出現(xiàn),也就無法配置我們重新的UsernamePasswordAuthenticationFilter            .and().formLogin().loginPage("/")            .and().csrf().disable();
        //用重寫的Filter替換掉原有的UsernamePasswordAuthenticationFilter    http.addFilterAt(customAuthenticationFilter(),    UsernamePasswordAuthenticationFilter.class);}
    //注冊(cè)自定義的UsernamePasswordAuthenticationFilter@BeanCustomAuthenticationFilter customAuthenticationFilter() throws Exception {    CustomAuthenticationFilter filter = new CustomAuthenticationFilter();    filter.setAuthenticationSuccessHandler(new SuccessHandler());    filter.setAuthenticationFailureHandler(new FailureHandler());    filter.setFilterProcessesUrl("/login/self");
        //這句很關(guān)鍵,重用WebSecurityConfigurerAdapter配置的AuthenticationManager,不然要自己組裝AuthenticationManager    filter.setAuthenticationManager(authenticationManagerBean());    return filter;}
     
  
     
  
      
  
     
  
     這樣就完成使用json登錄SpringSecurity。 
  
     
  
     
   
     
  
     
  
     # Spring Security 密碼加密方式 
  
     
  
     
   
     
  
     
  
     需要在Config 類中配置如下內(nèi)容 
  
     
  
     
   
       
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
   
     
   
    /**     * 密碼加密     */    @Bean    public BCryptPasswordEncoder passwordEncoder(){        return new BCryptPasswordEncoder();    }
     
  
     
  
      
  
     
  
     即,使用此方法,對(duì)密碼進(jìn)行加密, 在業(yè)務(wù)層的時(shí)候,使用此加密的方法 
  
     
  
     
   
       
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
   
     
   
    @Service@Transactionalpublic class UserServiceImpl implements UserService {
        @Resource    private UserRepository userRepository;
        @Resource    private BCryptPasswordEncoder bCryptPasswordEncoder;  //注入bcryct加密    @Override    public User add(User user) {        user.setPassword(bCryptPasswordEncoder.encode(user.getPassword())); //對(duì)密碼進(jìn)行加密        User user2 = userRepository.save(user);        return user2;    }    @Override    public ResultInfo login(User user) {        ResultInfo resultInfo=new ResultInfo();        User user2 = userRepository.findByName(user.getName());        if (user2==null) {            resultInfo.setCode("-1");            resultInfo.setMessage("用戶名不存在");            return resultInfo;        }
            //判斷密碼是否正確        if (!bCryptPasswordEncoder.matches(user.getPassword(),user2.getPassword())) {            resultInfo.setCode("-1");            resultInfo.setMessage("密碼不正確");            return resultInfo;        }        resultInfo.setMessage("登錄成功");        return resultInfo;    }}
     
  
     
  
      
  
     
  
     即,使用BCryptPasswordEncoder 對(duì)密碼進(jìn)行加密,保存數(shù)據(jù)庫 
   
     
  
     
  
     
   
     
  
     
  
     # 使用數(shù)據(jù)庫認(rèn)證 
  
     
  
     
   
     
  
     
  
     這里使用數(shù)據(jù)庫認(rèn)證SpringSecurity 
  
     
  
     
   
     
  
     
  
     設(shè)計(jì)數(shù)據(jù)表 
  
     
  
     
   
     
  
     
  
     這里設(shè)計(jì)數(shù)據(jù)表 
  
     
  
     
   
     
  
     
  
     
    
  
     
  
      
  
     
  
     著重配置SpringConfig 
  
     
  
      
  
     
  
     
   
       
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
    
    •  
   
     
   
    @Configurablepublic class WebSecurityConfig extends WebSecurityConfigurerAdapter {    @Autowired    private UserService userService;    // service 層注入
        @Bean    PasswordEncoder passwordEncoder(){        return new BCryptPasswordEncoder();    }
        @Override    protected void configure(AuthenticationManagerBuilder auth) throws Exception {        // 參數(shù)傳入Service,進(jìn)行驗(yàn)證        auth.userDetailsService(userService);    }
        @Override    protected void configure(HttpSecurity http) throws Exception {        http.authorizeRequests()                .antMatchers("/admin/**").hasRole("admin")                .anyRequest().authenticated()                .and()                .formLogin()                .loginProcessingUrl("/login").permitAll()                .and()                .csrf().disable();    }}
     
  
     
  
      
  
     
  
     這里著重配置SpringConfig 
   
     
  
     
  
     
   
     
  
     
  
     # 小結(jié) 
  
     
  
     
   
     
  
     
  
     著重講解了RBAC的權(quán)限配置,以及簡單的使用SpringSecurity,以及使用SpringSecurity + JWT 完成前后端的分離,以及配置json登錄,和密碼加密方式。 
  
     
  
     
     
  
     
  

        
    
    
     
     
    
      
      
    
       
       
    最后給大家分享我寫的SQL兩件套:《SQL基礎(chǔ)知識(shí)第二版》《SQL高級(jí)知識(shí)第二版》的PDF電子版。里面有各個(gè)語法的解釋、大量的實(shí)例講解和批注等等,非常通俗易懂,方便大家跟著一起來實(shí)操。
    
       
       

    
       
       
    有需要的讀者可以下載學(xué)習(xí),在下面的公眾號(hào)「數(shù)據(jù)前線」(非本號(hào))后臺(tái)回復(fù)關(guān)鍵字:SQL,就行
    
       
       
    數(shù)據(jù)前線
    
       
       
    
       
       

    
      
      
    
     
     
    
    
    
    后臺(tái)回復(fù)關(guān)鍵字:1024,獲取一份精心整理的技術(shù)干貨
    后臺(tái)回復(fù)關(guān)鍵字:進(jìn)群,帶你進(jìn)入高手如云的交流群。
          
      
    
       
       
    
      
      
    推薦閱讀
            
        
        
        
    
         
         
        
        
     
  
      
  
     
  
     
     
 
     

    瀏覽
                    2292
    點(diǎn)贊
    
    評(píng)論
    
    收藏
    
    分享
        
    手機(jī)掃一掃分享
    分享
    
    
        舉報(bào)
    
    評(píng)論
    圖片
    表情
    推薦
        
    點(diǎn)贊
    
    評(píng)論
    
    收藏
    
    分享
        
    手機(jī)掃一掃分享
    分享
    
    
        舉報(bào)
    
    

    <kbd id="5sdj3"></kbd>
    <th id="5sdj3"></th>
  • <dd id="5sdj3"><form id="5sdj3"></form></dd>
    <td id="5sdj3"><form id="5sdj3"><big id="5sdj3"></big></form></td><del id="5sdj3"></del>
    

  • 

    • 

  • <dd id="5sdj3"></dd>
    <dfn id="5sdj3"></dfn>
    • <th id="5sdj3"></th>

    <tfoot id="5sdj3"><menuitem id="5sdj3"></menuitem></tfoot>
    • <td id="5sdj3"><form id="5sdj3"><menu id="5sdj3"></menu></form></td>
  • <kbd id="5sdj3"><form id="5sdj3"></form></kbd>
    

五月色小说|
色吧网色五月
|
大鸡巴日逼视频
|
日日日干
|
一区二区三区在线播放
|