springboot 学习 之 spring security 权限控制

Author: ttdys

springboot_security/05_role_permission/pom.xml

@@ -0,0 +1,39 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <parent>
+        <artifactId>springboot_security</artifactId>
+        <groupId>com.zjh</groupId>
+        <version>0.0.1-SNAPSHOT</version>
+    </parent>
+    <modelVersion>4.0.0</modelVersion>
+
+    <artifactId>05_role_permission</artifactId>
+
+    <dependencies>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-jdbc</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>mysql</groupId>
+            <artifactId>mysql-connector-java</artifactId>
+        </dependency>
+
+        <!-- https://mvnrepository.com/artifact/org.springframework.session/spring-session -->
+        <dependency>
+            <groupId>org.springframework.social</groupId>
+            <artifactId>spring-social-config</artifactId>
+            <version>1.1.6.RELEASE</version>
+        </dependency>
+        <!-- https://mvnrepository.com/artifact/org.apache.commons/commons-lang3 -->
+        <dependency>
+            <groupId>org.apache.commons</groupId>
+            <artifactId>commons-lang3</artifactId>
+            <version>3.10</version>
+        </dependency>
+    </dependencies>
+
+
+</project>

springboot_security/05_role_permission/src/main/java/com/zjh/security/PermissionApplication.java

@@ -0,0 +1,14 @@
+package com.zjh.security;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+
+/**
+ * @author zjh on 2020/7/6
+ */
+@SpringBootApplication
+public class PermissionApplication {
+    public static void main(String[] args) {
+        SpringApplication.run(PermissionApplication.class);
+    }
+}

springboot_security/05_role_permission/src/main/java/com/zjh/security/captcha/ImageCode.java

@@ -0,0 +1,65 @@
+package com.zjh.security.captcha;
+
+import java.awt.image.BufferedImage;
+import java.time.LocalDateTime;
+
+/**
+ * @author zjh on 2020/7/6
+ */
+public class ImageCode {
+
+    private BufferedImage image;
+
+    private String code;
+
+    private LocalDateTime expireTime;
+
+    public ImageCode(BufferedImage image, String code, int expireIn) {
+        this.image = image;
+        this.code = code;
+        this.expireTime = LocalDateTime.now().plusSeconds(expireIn);
+    }
+    // image图片 code验证码 expireTime过期时间
+    public ImageCode(BufferedImage image, String code, LocalDateTime expireTime) {
+        this.image = image;
+        this.code = code;
+        this.expireTime = expireTime;
+    }
+    // 过期时间
+    public boolean isExpire() {
+        return LocalDateTime.now().isAfter(expireTime);
+    }
+
+    public BufferedImage getImage() {
+        return image;
+    }
+
+    public void setImage(BufferedImage image) {
+        this.image = image;
+    }
+
+    public String getCode() {
+        return code;
+    }
+
+    public void setCode(String code) {
+        this.code = code;
+    }
+
+    public LocalDateTime getExpireTime() {
+        return expireTime;
+    }
+
+    public void setExpireTime(LocalDateTime expireTime) {
+        this.expireTime = expireTime;
+    }
+
+    @Override
+    public String toString() {
+        return "ImageCode{" +
+                "image=" + image +
+                ", code='" + code + '\'' +
+                ", expireTime=" + expireTime +
+                '}';
+    }
+}

springboot_security/05_role_permission/src/main/java/com/zjh/security/config/MySecurityConfig.java

@@ -0,0 +1,78 @@
+package com.zjh.security.config;
+
+
+import com.zjh.security.fileter.ValidateCodeFilter;
+import com.zjh.security.handler.MyAuthenticationAccessDeniedHandler;
+import com.zjh.security.handler.MyAuthenticationFailureHandler;
+import com.zjh.security.handler.MyAuthenticationSuccessHandler;
+import com.zjh.security.service.UserDetailService;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl;
+import org.springframework.security.web.authentication.rememberme.PersistentTokenRepository;
+import org.springframework.stereotype.Component;
+
+import javax.sql.DataSource;
+
+/**
+ * @author zjh on 2020/7/5
+ */
+@Component
+@EnableGlobalMethodSecurity(prePostEnabled = true) // 开启权限注解
+public class MySecurityConfig extends WebSecurityConfigurerAdapter {
+    @Autowired
+    private MyAuthenticationFailureHandler authenticationFailureHandler;
+
+    @Autowired
+    private MyAuthenticationSuccessHandler authenticationSuccessHandler;
+    @Autowired
+    private ValidateCodeFilter validateCodeFilter;
+    @Autowired
+    private UserDetailService userDetailService;
+    @Autowired
+    private DataSource dataSource;
+    @Autowired
+    private MyAuthenticationAccessDeniedHandler myAuthenticationAccessDeniedHandler;
+
+    public PersistentTokenRepository persistentTokenRepository() {
+        JdbcTokenRepositoryImpl jdbcTokenRepository = new JdbcTokenRepositoryImpl();
+        jdbcTokenRepository.setDataSource(dataSource);
+        jdbcTokenRepository.setCreateTableOnStartup(false);
+        return jdbcTokenRepository;
+    }
+    @Bean
+    public BCryptPasswordEncoder bCryptPasswordEncoder(){
+        return new BCryptPasswordEncoder();
+    }
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+         http.addFilterBefore(validateCodeFilter, UsernamePasswordAuthenticationFilter.class) // 添加验证码校验过滤器
+                 .exceptionHandling()
+                 .accessDeniedHandler(myAuthenticationAccessDeniedHandler)
+                 .and()
+                 .formLogin() // 表单登录
+                // http.httpBasic() // HTTP Basic
+                .loginPage("/authentication/require") // 登录跳转 URL
+                .loginProcessingUrl("/login") // 处理表单登录 URL
+                .failureHandler(authenticationFailureHandler) // 处理登录失败
+                .successHandler(authenticationSuccessHandler)
+                 .and()
+                 .rememberMe() // 启用rememberMe
+                 .tokenRepository(persistentTokenRepository()) // 配置 token 持久化仓库
+                 .tokenValiditySeconds(3600) // remember 过期时间，单为秒
+                 .userDetailsService(userDetailService) // 处理自动登录逻辑
+                .and()
+                .authorizeRequests() // 授权配置
+                .antMatchers("/authentication/require",
+                        "/login.html",
+                        "/code/image").permitAll() // 无需认证的请求路径
+                .anyRequest()  // 所有请求
+                .authenticated() // 都需要认证
+                .and().csrf().disable();
+    }
+}

springboot_security/05_role_permission/src/main/java/com/zjh/security/controller/IndexController.java

@@ -0,0 +1,19 @@
+package com.zjh.security.controller;
+
+import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+@RestController
+public class IndexController {
+    @GetMapping("index")
+    public Object index(){
+        return SecurityContextHolder.getContext().getAuthentication();
+    }
+    @GetMapping("/auth/admin")
+    @PreAuthorize("hasAuthority('admin')")
+    public String authenticationTest() {
+        return "您拥有admin权限，可以查看";
+    }
+}

springboot_security/05_role_permission/src/main/java/com/zjh/security/controller/MySecurityController.java

@@ -0,0 +1,38 @@
+package com.zjh.security.controller;
+
+import org.springframework.http.HttpStatus;
+import org.springframework.security.web.DefaultRedirectStrategy;
+import org.springframework.security.web.RedirectStrategy;
+import org.springframework.security.web.savedrequest.HttpSessionRequestCache;
+import org.springframework.security.web.savedrequest.RequestCache;
+import org.springframework.security.web.savedrequest.SavedRequest;
+import org.springframework.util.StringUtils;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.ResponseStatus;
+import org.springframework.web.bind.annotation.RestController;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+@RestController
+public class MySecurityController {
+	//RequestCache requestCache是Spring Security提供的用于缓存请求的对象
+    private RequestCache requestCache = new HttpSessionRequestCache();
+	//DefaultRedirectStrategy是Spring Security提供的重定向策略
+    private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
+
+    @GetMapping("/authentication/require")
+    @ResponseStatus(HttpStatus.UNAUTHORIZED)
+    public String requireAuthentication(HttpServletRequest request, HttpServletResponse response) throws IOException {
+				//getRequest方法可以获取到本次请求的HTTP信息
+        SavedRequest savedRequest = requestCache.getRequest(request, response);
+        if (savedRequest != null) {
+            String targetUrl = savedRequest.getRedirectUrl();
+            if (StringUtils.endsWithIgnoreCase(targetUrl, ".html"))
+							//sendRedirect为Spring Security提供的用于处理重定向的方法
+                redirectStrategy.sendRedirect(request, response, "/login.html");
+        }
+        return "访问的资源需要身份认证！";
+    }
+}

springboot_security/05_role_permission/src/main/java/com/zjh/security/controller/ValidateController.java

@@ -0,0 +1,84 @@
+package com.zjh.security.controller;
+
+import com.zjh.security.captcha.ImageCode;
+import org.springframework.social.connect.web.HttpSessionSessionStrategy;
+import org.springframework.social.connect.web.SessionStrategy;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.context.request.ServletWebRequest;
+
+import javax.imageio.ImageIO;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.awt.*;
+import java.awt.image.BufferedImage;
+import java.io.IOException;
+import java.util.Random;
+
+@RestController
+public class ValidateController {
+
+    public final static String SESSION_KEY = "SESSION_KEY_IMAGE_CODE";
+
+    private final SessionStrategy sessionStrategy = new HttpSessionSessionStrategy();
+
+
+
+    @GetMapping("/code/image")
+    public void createCode(HttpServletRequest request, HttpServletResponse response) throws IOException {
+        ImageCode imageCode = createImageCode();
+        sessionStrategy.setAttribute(new ServletWebRequest(request), SESSION_KEY, imageCode);
+        ImageIO.write(imageCode.getImage(), "jpeg", response.getOutputStream());
+
+        System.out.println(imageCode);
+    }
+
+    private ImageCode createImageCode() {
+        // 该参数可以自定义
+        int width = 100; // 验证码图片宽度
+        int height = 36; // 验证码图片长度
+        int length = 4; // 验证码位数
+        int expireIn = 60; // 验证码有效时间 60s
+
+        BufferedImage image = new BufferedImage(width, height, BufferedImage.TYPE_INT_RGB);
+        Graphics g = image.getGraphics();
+
+        Random random = new Random();
+
+        g.setColor(getRandColor(200, 250));
+        g.fillRect(0, 0, width, height);
+        g.setFont(new Font("Times New Roman", Font.ITALIC, 20));
+        g.setColor(getRandColor(160, 200));
+        for (int i = 0; i < 155; i++) {
+            int x = random.nextInt(width);
+            int y = random.nextInt(height);
+            int xl = random.nextInt(12);
+            int yl = random.nextInt(12);
+            g.drawLine(x, y, x + xl, y + yl);
+        }
+
+        StringBuilder sRand = new StringBuilder();
+        for (int i = 0; i < length; i++) {
+            String rand = String.valueOf(random.nextInt(10));
+            sRand.append(rand);
+            g.setColor(new Color(20 + random.nextInt(110), 20 + random.nextInt(110), 20 + random.nextInt(110)));
+            g.drawString(rand, 13 * i + 6, 16);
+        }
+        g.dispose();
+        return new ImageCode(image, sRand.toString(), expireIn);
+    }
+
+    private Color getRandColor(int fc, int bc) {
+        Random random = new Random();
+        if (fc > 255) {
+            fc = 255;
+        }
+        if (bc > 255) {
+            bc = 255;
+        }
+        int r = fc + random.nextInt(bc - fc);
+        int g = fc + random.nextInt(bc - fc);
+        int b = fc + random.nextInt(bc - fc);
+        return new Color(r, g, b);
+    }
+}