Spring Security连接数据库实现登录

使用Spring Security的登录页面，从数据库中获取数据进行登录认证。

步骤：

一、前置工作：

1.搭建Spring Boot
2.连接MySQL数据库，数据库中创建好表

二、 Spring Security环节

1. 创建与数据库对应的admin实体（Admin.java）
2. 写查询语句（AdminDao.java和AdminDao.xml）
3. 实现UserDetailsService接口（UserDetailsServiceImpl.java）
4. 配置Spring Security

实现

一、前置工作代码

• 前置工作MySQL连接数据库的代码

spring:
  datasource:
#   数据源基本配置
    username: root
    password: 1234
    driver-class-name: com.mysql.jdbc.Driver
    url: jdbc:mysql://localhost:3306/mybatis
    type: com.alibaba.druid.pool.DruidDataSource

• 数据库中的表
  表名：admin 属性：username、password
  我用Navicat创建的所以没有代码，小伙伴们可以自己手动创建一下

二、Spring Security部分的代码实现

1. 创建Admin.java
   属性名要和变量名对应

package com.example.login0227.entities;

public class Admin {
    private String username;
    private String password;

    public String getUsername() {
        return username;
    }

    public void setUsername(String username) {
        this.username = username;
    }

    public String getPassword() {
        return password;
    }

    public void setPassword(String password) {
        this.password = password;
    }
}

2. 写查询语句
   这一步的目的是为之后从数据库中查询用户名和密码做准备
   查询语句传入username，返回了整个Admin对象
   （1）AdminDao.java

package com.example.login0227.mapper;

import com.example.login0227.entities.Admin;
import java.util.List;

public interface AdminDao {
    //查找管理员账号密码
    public Admin getAdmin(String username);
    }

（2）AdminDao.xml

<mapper namespace="com.example.login0227.mapper.AdminDao" >
    <select id="getAdmin" resultType="com.example.login0227.entities.Admin">
        select * from admin where username = #{username};
    select>
mapper>

3. 实现UserDetailsService接口
   这一步是非常重要的！！
   整个Spring Security连接数据库的核心就是实现UserDetaisService接口
   重写接口loadUserByUsername这个方法，在其中完成数据库的查询工作，并将得到的admin返回就可以了

package com.example.login0227.service;

import com.example.login0227.entities.Admin;
import com.example.login0227.mapper.AdminDao;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Service;

import java.util.ArrayList;
import java.util.Collection;

@Service
public class UserDetailsServiceImpl implements UserDetailsService {
    @Autowired
    AdminDao adminDao;
    @Autowired
    PasswordEncoder passwordEncoder;

    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
        Admin admin = adminDao.getAdmin(username);
        if(admin == null){
            return null;
        }else{
            Collection<GrantedAuthority> authorities = new ArrayList<>();         
            authorities.add(new SimpleGrantedAuthority("ROLE_ADMIN"));
            User user = new User(admin.getUsername(),passwordEncoder.encode(admin.getPassword()),authorities);
            System.out.println("管理员信息："+user.getUsername()+"   "+passwordEncoder.encode(admin.getPassword())+"  "+user.getAuthorities());
            return user;
        }
    }
}

4. 配置Spring Security

package com.example.login0227.config;

import com.example.login0227.service.UserDetailsServiceImpl;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;

@EnableWebSecurity
public class MySecurityConfig extends WebSecurityConfigurerAdapter {
    /*
    授权规则
     */
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        //定制请求的授权规则
        //角色的设置需要和上面的权限一致，不然会报403
     http.authorizeRequests().antMatchers("/admin").hasRole("ADMIN");
        //开启自动配置的登录功能
        http.formLogin();
    }

    /*
    认证规则
     */

    @Autowired
    UserDetailsServiceImpl userDetailsService;
    @Bean
    public PasswordEncoder passwordEncoder(){
        return new BCryptPasswordEncoder();
    }

	//在这里完成获得数据库中的用户信息
	//密码一定要加密
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService).passwordEncoder(new BCryptPasswordEncoder());
    }

}

参考材料：
https://blog.csdn.net/lizc_lizc/article/details/84030932
https://www.bilibili.com/video/BV1xA411h7o3?p=9