前言
本文章是使用方法,数据库查询使用的是mybatis-plus
需要的工具类,请前往:https://www.ifnice.cn/archives/24
开始
1.UserService里面有一个方法:根据用户名和密码查询,返回token
String login(String username, String passwd);
2.UserDetailServiceImpl继承UserDetailsService
实现public UserDetails loadUserByUsername方法,Security会自动找谁实现了,然后获取信息
代码:
package com.zb.service.impl;
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.zb.entity.LoginUser;
import com.zb.entity.Menu;
import com.zb.entity.User;
import com.zb.mapper.MenuMapper;
import com.zb.mapper.UserMapper;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;
import java.util.ArrayList;
import java.util.List;
import java.util.stream.Collectors;
@Service
public class UserDetailServiceImpl implements UserDetailsService {
@Autowired
private UserMapper userMapper;
@Autowired
private MenuMapper menuMapper;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
System.out.println("2.进入访问数据库的UserDetailServiceImpl服务类中...");
QueryWrapper<User> queryWrapper = new QueryWrapper<>();
queryWrapper.eq("nick_name", username);
//根据用户名查询用户信息
User user = userMapper.selectOne(queryWrapper);
//拿用户名 查用户权限等信息
List<Menu> query = menuMapper.query(user.getId().toString());
//读取query里面权限信息(Perms参数),将信息存入list
List<String> list = query.stream().map(menu -> {
return menu.getPerms();
}).collect(Collectors.toList());
if (user != null) {
//将用户信息,权限信息放入LoginUser
return new LoginUser(user, list);
}
return null;
}
}
3.UserServiceImpl继承自已的UserService,实现自已的login方法
package com.zb.service.impl;
import com.alibaba.fastjson.JSON;
import com.zb.config.JwtUtil;
import com.zb.entity.LoginUser;
import com.zb.service.UserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.stereotype.Service;
import org.springframework.util.ObjectUtils;
@Service
public class UserServiceImpl implements UserService {
@Autowired
private RedisTemplate redisTemplate;
@Autowired
//发起验证,此方法已经实例化
private AuthenticationManager authenticationManager;
@Override
public String login(String username, String passwd) {
//使用密码器,并且告诉密码器登录的账号密码
UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken =
new UsernamePasswordAuthenticationToken(username, passwd);
//告诉验证起,本次登录使用的是密码器验证
//这里会调用:实现UserDetailsService接口的UserDetails类 loadUserByUsername的方法
//本意就是已经查出数据了
Authentication authenticate = authenticationManager
.authenticate(usernamePasswordAuthenticationToken);
if (ObjectUtils.isEmpty(authenticate)) {
return "登陆失败";
}
System.out.println("3.登陆成功信息");
//获取数据,转成LoginUser对象
LoginUser loginUser = (LoginUser) authenticate.getPrincipal();
//拿出用户名,生成token
String token = JwtUtil.createJWT(loginUser.getUser().getNickName());
//将用户名和用户信息存入redis
redisTemplate.boundValueOps("token:" + loginUser.getUser().getNickName()).set(JSON.toJSONString(loginUser));
return token;
}
}
4.Controller正常使用即可,普通方法必须传入token,否则会被拦截
package com.zb.controller;
import com.zb.entity.LoginUser;
import com.zb.entity.User;
import com.zb.service.UserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.bind.annotation.*;
@RestController
@RequestMapping("/user")
public class UserController {
@Autowired
private UserService userService;
@Autowired
private RedisTemplate redisTemplate;
@PostMapping("/login")
public String login(@RequestParam("username") String username, @RequestParam("passwd") String passwd) {
return userService.login(username, passwd);
}
@GetMapping("/info")
public User info() {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
LoginUser loginUser = (LoginUser) authentication.getPrincipal();
return loginUser.getUser();
}
@GetMapping("/exit")
public String exit() {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
LoginUser loginUser = (LoginUser) authentication.getPrincipal();
String key = "token:" + loginUser.getUser().getNickName();
redisTemplate.delete(key);
return "success";
}
@GetMapping("/testok")
public String tsetok(@RequestHeader String token){
System.out.println("这是一个普通方法");
return "这是一个普通方法";
}
}
5.权限拦截,使用@PreAuthorize(“”)注解,里面填的是存放LoginUser类里面查出来的powers权限名字
package com.zb.controller;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;
@RestController
public class TestController {
@GetMapping("/show")
@PreAuthorize("hasAuthority('book:search') or hasAuthority('book:get')")
public String show() {
System.out.println("============>");
return "hello";
}
}