springBoot+mybatis+springsecurity整合!

首先項目是maven工程，創建maven工程相信大家一定不陌生了。下面咱們直接進入主題。

首先搭建springBoot工程,pom.xml裏面添加這些jar信息,就足夠了，因爲springBoot非常強大，

<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>1.3.5.RELEASE</version>
</parent>

<properties>
    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
    <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
</properties>

<dependencies>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-web</artifactId>
    </dependency>
</dependencies>

創建啓動類
@SpringBootApplication
public class Application extends SpringBootServletInitializer {
@Override
protected SpringApplicationBuilder configure(SpringApplicationBuilder application) {
return application.sources(Application.class);
}

public static void main(String[] args) {
    SpringApplication.run(Application.class, args);
}

}

創建配置文件application.properties，因爲springBoot會默認取加載這個配置文件
項目根路徑
server.context-path=/bry
項目端口號
server.port=8090
是不是非常簡單，下面在創建頁面，通過controller訪問頁面，這一套跟springMVC就很像了，
咱們使用thymeleaf模板來處理頁面，代替視圖解析器，
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>

在src/main/resources下面創建static和templates包，默認的靜態資源是放在static裏面的，頁面是放在
templates裏面的，當然可以自己去配置目錄，但是沒有必要，既然springBoot給我們提供了這麼好的便利，我們爲什麼不用呢？

接下來，在templates裏面定義一個index.html
在定義一個controller,加一個跳轉的方法
@RequestMapping(value = { “index”}, method = RequestMethod.GET)
public String gotoIndex(Model model) {
return “index”;
}
這樣就可以跳轉到頁面了，因爲我們使用了強大的thymeleaf，一切他幫助我們處理了,
現在最簡單的工程我們已經搭建起來了，是不是超級簡單!

下面來說一下怎麼整合mybatis:
1.還是整合jar,也就是編寫pom.xml,
<dependency>
<groupId>org.mybatis.spring.boot</groupId>
<artifactId>mybatis-spring-boot-starter</artifactId>
<version>1.1.1</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
</dependency>

2.聲明Mapper 接口和實現Mapper 的xml, 注意接口需要加上@Mapper，會自動掃描注入，例如:
@Mapper
public interface UserMapper (){}
然後定義UserMapper.xml，裏面的內容跟mybatis寫法一致,不在囉嗦.

3.application.properties加入連接數據庫的信息:
spring.datasource.driver-class-name=com.mysql.jdbc.Driver
spring.datasource.url=jdbc:mysql://IP:3306/springSecurityTest?characterEncoding=utf8&useSSL=true
spring.datasource.username=root
spring.datasource.password=root

spring.datasource.max-active=20
spring.datasource.max-idle=8
spring.datasource.min-idle=8
spring.datasource.initial-size=10

spring.datasource.validation-query=SELECT 1
spring.datasource.test-while-idle=true
spring.datasource.time-between-eviction-runs-millis=27800

如此簡單就整合了mybatis，看看springBoot是不是非常牛氣啊，真的得說太讚了，不用想以前那麼繁瑣的配置了

最後來說一下怎麼整合springsecurity.
1.還是老規矩，配置pom.xml

<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.thymeleaf.extras</groupId>
<artifactId>thymeleaf-extras-springsecurity4</artifactId>
</dependency>

application.properties什麼都不用配置就行.

2.接下來的步驟有點繁瑣，首先爲了看到效果我們創建幾個表和對應的實體類
sys_role表 字段id,name
sys_user表 字段id，username，password
sys_role_user表 字段id,Sys_User_id,Sys_Role_id

3.插入幾條數據
INSERT INTO sys_role VALUES ('1', 'ROLE_ADMIN');
INSERT INTO sys_role VALUES ('2', 'ROLE_USER');

INSERT INTO sys_user VALUES ('1', 'admin', '6d789d4353c72e4f625d21c6b7ac2982');
INSERT INTO sys_user VALUES ('2', 'user', '36f1cab655c5252fc4f163a1409500b8');

INSERT INTO sys_role_user VALUES ('1', '1', '1');
INSERT INTO sys_role_user VALUES ('2', '2', '2');

4.創建對應的實體類:

public class SysRole {
private Integer id;
private String name;

public Integer getId() {
    return id;
}

public void setId(Integer id) {
    this.id = id;
}

public String getName() {
    return name;
}

public void setName(String name) {
    this.name = name;
}

}

public class SysUser {
private Integer id;
private String username;
private String password;

private List<SysRole> roles;

public Integer getId() {
    return id;
}

public void setId(Integer id) {
    this.id = id;
}

public String getUsername() {
    return username;
}

public void setUsername(String username) {
    this.username = username;
}

public String getPassword() {
    return password;
}

public void setPassword(String password) {
    this.password = password;
}

public List<SysRole> getRoles() {
    return roles;
}

public void setRoles(List<SysRole> roles) {
    this.roles = roles;
}

}

5.接下來是配置類WebSecurityConfig

@Configuration //必須加這個註解，用於生成一個配置類，
@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled = true) //啓用Security註解
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Bean
UserDetailsService customUserService() { // 註冊UserDetailsService 的bean
return new CustomUserService();
}

/**
 * 配置.忽略的靜態文件，不加的話，登錄之前頁面的css,js不能正常使用，得登錄之後才能正常.
 */

@Override
public void configure(WebSecurity web) throws Exception {
    // 忽略URL
    web.ignoring().antMatchers("/**/*.js", "/lang/*.json", "/**/*.css", "/**/*.js", "/**/*.map", "/**/*.html",
            "/**/*.png");
}

@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
    auth.userDetailsService(customUserService()).passwordEncoder(new PasswordEncoder(){
        //使用MD5獲取加密之後的密碼
        @Override
        public String encode(CharSequence rawPassword) {
            return MD5Util.encode((String)rawPassword);
        }
        //驗證密碼
        @Override 
        public boolean matches(CharSequence rawPassword, String encodedPassword) {
            return encodedPassword.equals(MD5Util.encode((String)rawPassword));
        }}); //user Details Service驗證
}

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests()
            .antMatchers("/").permitAll()  //首頁任意訪問
            .anyRequest().authenticated() // //其他所有資源都需要認證，登陸後才能訪問
            .and()
            .formLogin()
            .loginPage("/login")
            .defaultSuccessUrl("/", true)//登錄成功之後跳轉首頁
            .failureUrl("/login?error") //登錄失敗 返回error
            .permitAll() // 登錄頁面用戶任意訪問
            .and()
            .logout().permitAll(); // 註銷行爲任意訪問

}

}

6.其中用到了md5加密工具 ,這個經常用，不再囉嗦，你也可以使用別的加密方式，
例如 BCryptPasswordEncoder
public class MD5Util {

private static final String SALT = "tamboo";

public static String encode(String password) {
    password = password + SALT;
    MessageDigest md5 = null;
    try {
        md5 = MessageDigest.getInstance("MD5");
    } catch (Exception e) {
        throw new RuntimeException(e);
    }
    char[] charArray = password.toCharArray();
    byte[] byteArray = new byte[charArray.length];

    for (int i = 0; i < charArray.length; i++)
        byteArray[i] = (byte) charArray[i];
    byte[] md5Bytes = md5.digest(byteArray);
    StringBuffer hexValue = new StringBuffer();
    for (int i = 0; i < md5Bytes.length; i++) {
        int val = ((int) md5Bytes[i]) & 0xff;
        if (val < 16) {
            hexValue.append("0");
        }

        hexValue.append(Integer.toHexString(val));
    }
    return hexValue.toString();
}
public static void main(String[] args) {
    System.out.println(MD5Util.encode("admin"));
    System.out.println(MD5Util.encode("user"));

}

}

7.新建 CustomUserService 用於將用戶權限交給 springsecurity 進行管控；
@Service
public class CustomUserService implements UserDetailsService {
@Autowired
UserMapper userMapper;

@Override
public UserDetails loadUserByUsername(String username) { // 重寫loadUserByUsername 方法獲得 userdetails  類型用戶

    SysUser  user = userMapper.findByUserName(username);
    if (user == null) {
        throw new UsernameNotFoundException("用戶名不存在");
    }
    List<SimpleGrantedAuthority> authorities = new ArrayList<>();
    // 用於添加用戶的權限。只要把用戶權限添加到authorities 就萬事大吉。
    for (SysRole role : user.getRoles()) {
        authorities.add(new SimpleGrantedAuthority(role.getName()));
    }
    return new org.springframework.security.core.userdetails.User(user.getUsername(), user.getPassword(), authorities);
}

}

8.定義controller 我們的配置裏面配置了登錄成功之後跳轉到首頁
跳轉到登錄頁面
@RequestMapping(value = “/login”)
public String login() {
return “login”;
}
跳轉到主頁
@RequestMapping(value = {“/”,}, method = RequestMethod.GET)
public String gotohome() {
return “home”;
}

9.最後你可以自定義html頁面，很簡單了，這裏不再囉嗦!

10.配置完springsecurity之後，你的controller就可以加權限了
@RequestMapping("/getuser")
//必須有這個權限纔可以使用
@Secured("ROLE_USER")
@ResponseBody
public User getUser() {
User user = new User();
user.setName("test");
return user;
}

11.如果你想使用 BCryptPasswordEncoder加密,配置文件需要修改成下面這樣
@Autowired
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(customUserService).passwordEncoder(new BCryptPasswordEncoder());
}

存入數據庫的加密方法如下：
public SysUser create(User u　user){
//進行加密
BCryptPasswordEncoder encoder =new BCryptPasswordEncoder();
sysUser.setPassword(encoder.encode(user.getRawPassword().trim()));
userDao.create(user);
return sysUser;
}

end……..