使用springboot简单整合springsecurity和mybatis,实现权限管理
时间: 2024-05-14 09:14:15 浏览: 11
1. 创建一个Spring Boot项目,并添加以下依赖:
```xml
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.mybatis.spring.boot</groupId>
<artifactId>mybatis-spring-boot-starter</artifactId>
</dependency>
```
2. 创建一个用户实体类和一个用户DAO接口,用于查询用户信息。
```java
public class User {
private Long id;
private String username;
private String password;
private List<String> roles;
// getter and setter
}
public interface UserDAO {
User findByUsername(String username);
}
```
3. 创建一个自定义的UserDetailsService,用于加载用户信息,并实现UserDetails接口。
```java
@Service
public class UserDetailsServiceImpl implements UserDetailsService {
@Autowired
private UserDAO userDAO;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
User user = userDAO.findByUsername(username);
if (user == null) {
throw new UsernameNotFoundException("User not found");
}
return new org.springframework.security.core.userdetails.User(
user.getUsername(),
user.getPassword(),
AuthorityUtils.createAuthorityList(user.getRoles().toArray(new String[0]))
);
}
}
```
4. 创建一个SecurityConfig类,用于配置Spring Security。
```java
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private UserDetailsService userDetailsService;
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/admin/**").hasRole("ADMIN")
.anyRequest().authenticated()
.and()
.formLogin()
.and()
.logout()
.logoutUrl("/logout")
.logoutSuccessUrl("/")
.invalidateHttpSession(true)
.deleteCookies("JSESSIONID")
.and()
.csrf().disable();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService);
}
}
```
5. 创建一个AdminController类,用于测试权限控制。
```java
@RestController
@RequestMapping("/admin")
public class AdminController {
@GetMapping("/hello")
public String hello() {
return "Hello, Admin!";
}
}
```
6. 在application.properties中配置MyBatis和数据库信息。
```properties
mybatis.mapper-locations=classpath:mapper/*.xml
spring.datasource.url=jdbc:mysql://localhost:3306/test?useSSL=false&useUnicode=true&characterEncoding=UTF-8
spring.datasource.username=root
spring.datasource.password=root
spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver
```
7. 创建一个测试类,测试权限控制。
```java
@RunWith(SpringRunner.class)
@SpringBootTest
public class SecurityTest {
@Autowired
private WebApplicationContext context;
private MockMvc mockMvc;
@Before
public void setUp() {
mockMvc = MockMvcBuilders.webAppContextSetup(context).apply(springSecurity()).build();
}
@Test
public void testAdmin() throws Exception {
mockMvc.perform(get("/admin/hello")
.with(user("admin").password("admin").roles("ADMIN")))
.andExpect(status().isOk())
.andExpect(content().string("Hello, Admin!"));
}
@Test
public void testUser() throws Exception {
mockMvc.perform(get("/admin/hello")
.with(user("user").password("user").roles("USER")))
.andExpect(status().isForbidden());
}
}
```
运行测试类,可以看到测试通过,权限控制生效。
以上就是使用Spring Boot整合Spring Security和MyBatis实现权限管理的简单示例。