Spring Security技术栈开发企业级认证与授权(一)环境搭建
Spring Security技术栈开发企业级认证与授权(一)环境搭建
itlemon
发布于 2020-04-03 14:39:47
发布于 2020-04-03 14:39:47
文章被收录于专栏:深入理解Java
Spring Security是一个能够为基于Spring的企业应用系统提供声明式的安全访问控制解决方案的安全框架。它提供了一组可以在Spring应用上下文中配置的Bean,充分利用了Spring IoC,DI(控制反转Inversion of Control,DI:Dependency Injection依赖注入)和AOP(面向切面编程)功能,为应用系统提供声明式的安全访问控制功能,减少了为企业系统安全控制编写大量重复代码的工作。
本篇博客主要记录的是学习利用Spring Security技术栈开发企业级认证与授权。这篇博客的主要内容是搭建环境。
一、项目组织结构
下图展示了项目的组织结构,其中lemon-security为聚合项目,打包方式为pom,其他四个项目为子模块,都是lemon-security的子模块,打包方式均为jar。
下面简要说明各个项目的基本作用:
项目 | 作用 |
|---|---|
lemon-security | 聚合项目,主要控制整个项目所需依赖的版本 |
lemon-security-core | 认证与授权的核心模块 |
lemon-security-browser | 浏览器作为客户端的认证与授权模块,依赖lemon-security-core模块 |
lemon-security-app | 移动端作为客户端的认证与授权模块,依赖lemon-security-core模块 |
lemon-security-demo | 案例模块,依赖lemon-security-browser和lemon-security-app模块 |
二、依赖
lemon-security的pom依赖
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.lemon.security</groupId>
<artifactId>lemon-security</artifactId>
<version>1.0.0-SNAPSHOT</version>
<modules>
<module>../lemon-security-core</module>
<module>../lemon-security-browser</module>
<module>../lemon-security-app</module>
<module>../lemon-security-demo</module>
</modules>
<packaging>pom</packaging>
<description>Spring Security技术栈开发企业级认证与授权POM项目</description>
<properties>
<lemon.security.version>1.0.0-SNAPSHOT</lemon.security.version>
</properties>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>io.spring.platform</groupId>
<artifactId>platform-bom</artifactId>
<version>Brussels-SR7</version>
<type>pom</type>
<scope>import</scope>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-dependencies</artifactId>
<version>Edgware.SR2</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.7.0</version>
<configuration>
<source>1.8</source>
<target>1.8</target>
<encoding>UTF-8</encoding>
</configuration>
</plugin>
</plugins>
</build>
</project>这个pom文件中主要涉及到的就是版本控制,这里引进了Spring平台的版本控制,和Spring Cloud版本控制,整个项目是基于Spring Boot进行开发的。
lemon-security-core的pom依赖
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>com.lemon.security</groupId>
<artifactId>lemon-security</artifactId>
<version>1.0.0-SNAPSHOT</version>
<relativePath>../lemon-security</relativePath>
</parent>
<artifactId>lemon-security-core</artifactId>
<version>1.0.0-SNAPSHOT</version>
<packaging>jar</packaging>
<description>Spring Security技术栈开发企业级认证与授权CORE项目</description>
<dependencies>
<!-- APP安全认证的重要依赖 -->
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-oauth2</artifactId>
</dependency>
<!-- session存储依赖,暂时用不到,先注释掉 -->
<!--<dependency>-->
<!--<groupId>org.springframework.boot</groupId>-->
<!--<artifactId>spring-boot-starter-data-redis</artifactId>-->
<!--</dependency>-->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-jdbc</artifactId>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
</dependency>
<!-- 第三方登录用到的重要依赖 -->
<dependency>
<groupId>org.springframework.social</groupId>
<artifactId>spring-social-config</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.social</groupId>
<artifactId>spring-social-core</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.social</groupId>
<artifactId>spring-social-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.social</groupId>
<artifactId>spring-social-web</artifactId>
</dependency>
<!-- 工具依赖 -->
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-collections4</artifactId>
<version>4.1</version>
</dependency>
<dependency>
<groupId>commons-beanutils</groupId>
<artifactId>commons-beanutils</artifactId>
</dependency>
</dependencies>
</project>lemon-security-browser的pom依赖
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>com.lemon.security</groupId>
<artifactId>lemon-security</artifactId>
<version>1.0.0-SNAPSHOT</version>
<relativePath>../lemon-security</relativePath>
</parent>
<artifactId>lemon-security-browser</artifactId>
<version>1.0.0-SNAPSHOT</version>
<packaging>jar</packaging>
<description>Spring Security技术栈开发企业级认证与授权浏览器项目</description>
<dependencies>
<dependency>
<groupId>com.lemon.security</groupId>
<artifactId>lemon-security-core</artifactId>
<version>${lemon.security.version}</version>
</dependency>
<!-- 浏览器端Session管理的重要依赖 -->
<dependency>
<groupId>org.springframework.session</groupId>
<artifactId>spring-session</artifactId>
</dependency>
</dependencies>
</project>lemon-security-app的pom依赖
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>com.lemon.security</groupId>
<artifactId>lemon-security</artifactId>
<version>1.0.0-SNAPSHOT</version>
<relativePath>../lemon-security</relativePath>
</parent>
<artifactId>lemon-security-app</artifactId>
<version>1.0.0-SNAPSHOT</version>
<packaging>jar</packaging>
<description>Spring Security技术栈开发企业级认证与授权移动端项目</description>
<dependencies>
<dependency>
<groupId>com.lemon.security</groupId>
<artifactId>lemon-security-core</artifactId>
<version>${lemon.security.version}</version>
</dependency>
</dependencies>
</project>lemon-security-demo的pom依赖
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>com.lemon.security</groupId>
<artifactId>lemon-security</artifactId>
<version>1.0.0-SNAPSHOT</version>
<relativePath>../lemon-security</relativePath>
</parent>
<artifactId>lemon-security-demo</artifactId>
<version>${lemon.security.version}</version>
<packaging>jar</packaging>
<description>Spring Security技术栈开发企业级认证与授权案例项目</description>
<dependencies>
<!-- 首先学习的是浏览器端的安全开发 -->
<dependency>
<groupId>com.lemon.security</groupId>
<artifactId>lemon-security-browser</artifactId>
<version>${lemon.security.version}</version>
</dependency>
<dependency>
<groupId>com.alibaba</groupId>
<artifactId>druid-spring-boot-starter</artifactId>
<version>1.1.9</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
</dependency>
</dependencies>
<build>
<plugins>
<!-- spring boot应用打包插件 -->
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<version>1.5.10.RELEASE</version>
<executions>
<execution>
<goals>
<goal>repackage</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>
</project>三、编写Spring Boot应用入口
在包com.lemon.security.web.application下编写MainApplication.java如下:
package com.lemon.security.web.application;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.context.annotation.ComponentScan;
/**
* @author lemon
* @date 2018/3/18 下午5:44
*/
@SpringBootApplication
@ComponentScan(basePackages = {"com.lemon.security"})
public class MainApplication {
public static void main(String[] args) {
SpringApplication.run(MainApplication.class, args);
}
}再在包com.lemon.security.web.controller下编写一个DemoController.java如下:
package com.lemon.security.web.controller;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.ResponseBody;
/**
* @author lemon
* @date 2018/3/18 下午5:46
*/
@Controller
public class DemoController {
@GetMapping("/hello")
@ResponseBody
public String hello() {
return "Hello Spring Security";
}
}当然,还要写一个Spring Boot的配置文件,内容如下:
spring:
profiles:
active: dev
---
spring:
profiles: dev
# 数据库配置
datasource:
driverClassName: com.mysql.jdbc.Driver
url: jdbc:mysql://localhost:3306/spring-security?characterEncoding=utf-8&useSSL=false
username: root
password: 123456
# 配置Druid连接池
type: com.alibaba.druid.pool.DruidDataSource
server:
port: 8080需要将上面的数据库连接设置修改为自己的即可。
这时候运行Spring Boot的Main方法,会发现报了如下的错误:
Caused by: java.lang.IllegalArgumentException: No Spring Session store is configured: set the 'spring.session.store-type' property这是由于lemon-security-core中加入了Spring Session的依赖,而没有配置Session的存储方式导致出错,我们在Spring Boot的配置文件加入下面的内容即可,内容如下:
spring:
session:
store-type: none完整的配置文件为:
spring:
profiles:
active: dev
---
spring:
profiles: dev
# 数据库配置
datasource:
driverClassName: com.mysql.jdbc.Driver
url: jdbc:mysql://192.168.25.133:3306/spring-security?characterEncoding=utf-8&useSSL=false
username: root
password: caifutong122819
# 配置Druid连接池
type: com.alibaba.druid.pool.DruidDataSource
# 配置session存储方式,暂时关掉该功能
session:
store-type: none
server:
port: 8080这时候重新启动应用就可以正常启动了,到浏览器运行http://localhost:8080/hello发现需要输入用户名和密码才可以访问DemoController的hello方法,这是由于在Spring Boot环境下Spring Security的默认配置,也就是需要经过验证在可以访问方法。如图所示:
由于是前期环境,暂时可以关闭权限验证功能,这需要在配置文件中设置一下即可:
# 首先将权限验证关闭
security:
basic:
enabled: false这时候重新启动应用就可以正常启动了,到浏览器运行http://localhost:8080/hello发现浏览器上显示了Hello Spring Security。
本文参与 腾讯云自媒体同步曝光计划,分享自作者个人站点/博客。
原始发表:2018/03/19 ,如有侵权请联系 cloudcommunity@tencent.com 删除
评论
登录后参与评论
推荐阅读
目录
相关产品与服务
移动应用安全
移动应用安全(Mobile Application Security,MS)针对移动应用普遍存在的破解、篡改、重打包等各类安全风险,提供Android应用加固、iOS源码混淆、SDK加固等多种加固技术,拥有丰富的行业经验,已服务于金融、互联网、车联网、物联网,运营商等多个行业。稳定、简单、有效,让移动安全建设不再是一种负担。
腾讯云开发者
