springsecurity OAuth2.0-第6章: 认证与授权查询数据库信息
📅 2026/7/5 21:41:15
👁️ 阅读次数
📝 编程学习
目录
一 核心功能介绍
1.1 说明介绍
二 操作步骤
2.1 初始化脚本
2.2 使用mybaits实现查询数据库
2.2.1 配置pom
2.2.2 配置dao层
2.2.3 mapper层
2.2.4 application配置文件
2.2.5 service配置
2.2.6 启动类加注解
2.2.7 security配置类设置加密注解
2.2.8 启动访问
一 核心功能介绍
1.1 说明介绍
实际项目中用户信息存储在数据库中,只需要重新定义UserDetailService即可实现根据用户账号查询数据库。
也就是说:只需要实现userDeatailService接口,重写loadUserByUsername()方法,在方法中调用dao层进行查询数据库信息。
package com.ljf.spt.security.service; import com.ljf.spt.security.dao.UserMapper; import com.ljf.spt.security.model.UserDto; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UsernameNotFoundException; import org.springframework.stereotype.Service; import java.util.List; /** * @ClassName: SpringDataUserDetailsService * @Description: TODO * @Author: liujianfu * @Date: 2021/08/14 09:44:20 * @Version: V1.0 **/ @Service public class SpringDataUserDetailsService implements UserDetailsService { @Autowired private UserMapper userMapper; @Override public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { //将来连接数据库根据账号查询用户信息 UserDto userDto = userMapper.getUserByUsername(username); if(userDto == null){ //如果用户查不到,返回null,由provider来抛出异常 return null; } //权限 String [] authoritys={"p1"}; UserDetails userDetails = User.withUsername(userDto.getUsername()).password(userDto.getPassword()).authorities(authoritys).build(); return userDetails; } }二 操作步骤
2.1 初始化脚本
1.新建数据库
2.新建表
CREATE TABLE `t_user` ( `id` bigint(20) NOT NULL COMMENT '用户id', `username` varchar(64) NOT NULL, `password` varchar(64) NOT NULL, `fullname` varchar(255) NOT NULL COMMENT '用户姓名', `mobile` varchar(11) DEFAULT NULL COMMENT '手机号', PRIMARY KEY (`id`) USING BTREE ) ENGINE=InnoDB DEFAULT CHARSET=utf8 ROW_FORMAT=DYNAMIC3.新增数据
2.2 使用mybaits实现查询数据库
2.2.1 配置pom
<!-- 连接数据库mysql --> <dependency> <groupId>mysql</groupId> <artifactId>mysql-connector-java</artifactId> <version>5.1.47</version> </dependency> <!-- 分页插件 --> <dependency> <groupId>com.github.pagehelper</groupId> <artifactId>pagehelper-spring-boot-starter</artifactId> <version>1.2.5</version> </dependency> <!-- alibaba的druid数据库连接池 --> <dependency> <groupId>com.alibaba</groupId> <artifactId>druid-spring-boot-starter</artifactId> <version>1.1.9</version> </dependency>2.2.2 配置dao层
package com.ljf.spt.security.dao; import com.ljf.spt.security.model.UserDto; import org.apache.ibatis.annotations.Param; import org.springframework.stereotype.Repository; import java.util.List; @Repository public interface UserMapper { //查找用户名 public UserDto getUserByUsername(@Param("userName") String username); //查找该用户名下的权限 public List<String> findPermissionsByUserId(@Param("userId") String userId); }2.2.3 mapper层
<?xml version="1.0" encoding="UTF-8" ?> <!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd" > <mapper namespace="com.ljf.spt.security.dao.UserMapper" > <!-- 查询用户信息 --> <select id="getUserByUsername" resultType="com.ljf.spt.security.model.UserDto" > select id,username,password,fullname from t_user where username = #{userName} </select> <!-- 查询用户信息 --> </mapper>2.2.4 application配置文件
#基本配置 server.port=8080 server.servlet.context-path=/spt-security spring.application.name =springboot-security #视图 spring.mvc.view.prefix=/WEB-INF/view/ spring.mvc.view.suffix=.jsp #mysql spring.datasource.name=mysql_test spring.datasource.type=com.alibaba.druid.pool.DruidDataSource #druid相关配置 #监控统计拦截的filters spring.datasource.druid.filters=stat spring.datasource.druid.driver-class-name=com.mysql.jdbc.Driver #基本属性 spring.datasource.druid.url=jdbc:mysql://127.0.0.1:3306/security_db?useUnicode=true&characterEncoding=UTF-8&allowMultiQueries=true spring.datasource.druid.username=root spring.datasource.druid.password=root #配置初始化大小/最小/最大 spring.datasource.druid.initial-size=1 spring.datasource.druid.min-idle=1 spring.datasource.druid.max-active=20 #获取连接等待超时时间 spring.datasource.druid.max-wait=60000 #间隔多久进行一次检测,检测需要关闭的空闲连接 spring.datasource.druid.time-between-eviction-runs-millis=60000 #一个连接在池中最小生存的时间 spring.datasource.druid.min-evictable-idle-time-millis=300000 spring.datasource.druid.validation-query=SELECT 'x' spring.datasource.druid.test-while-idle=true spring.datasource.druid.test-on-borrow=false spring.datasource.druid.test-on-return=false #打开PSCache,并指定每个连接上PSCache的大小。oracle设为true,mysql设为false。分库分表较多推荐设置为false spring.datasource.druid.pool-prepared-statements=false spring.datasource.druid.max-pool-prepared-statement-per-connection-size=20 #mybaits mybatis.mapper-locations: classpath:mapper/*.xml mybatis.type-aliases-package: com.ljf.spt.security.model #pagehelper pagehelper.helperDialect=mysql pagehelper.reasonable=true pagehelper.supportMethodsArguments=true pagehelper.params=count=countSql pagehelper.returnPageInfo=check2.2.5 service配置
package com.ljf.spt.security.service; import com.ljf.spt.security.dao.UserMapper; import com.ljf.spt.security.model.UserDto; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UsernameNotFoundException; import org.springframework.stereotype.Service; import java.util.List; /** * @ClassName: SpringDataUserDetailsService * @Description: TODO * @Author: liujianfu * @Date: 2021/08/14 09:44:20 * @Version: V1.0 **/ @Service public class SpringDataUserDetailsService implements UserDetailsService { @Autowired private UserMapper userMapper; @Override public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { //将来连接数据库根据账号查询用户信息 UserDto userDto = userMapper.getUserByUsername(username); if(userDto == null){ //如果用户查不到,返回null,由provider来抛出异常 return null; } //权限 String [] authoritys={"p1"}; UserDetails userDetails = User.withUsername(userDto.getUsername()).password(userDto.getPassword()).authorities(authoritys).build(); return userDetails; } }2.2.6 启动类加注解
package com.ljf.spt.security; import org.mybatis.spring.annotation.MapperScan; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; /** * Hello world! * */ @SpringBootApplication @MapperScan("com.ljf.spt.security.dao") //@MapperScan 用户扫描MyBatis的Mapper public class App { public static void main( String[] args ) { SpringApplication.run(App.class,args); System.out.println("启动完成!!!"); } }2.2.7 security配置类设置加密注解
@Bean public PasswordEncoder passwordEncoder() { return new BCryptPasswordEncoder(); }同时注释掉:
2.2.8 启动访问
http://localhost:8080/spt-security/login-view
成功后:
编程学习
技术分享
实战经验