Spring Sercurity介绍
在web应用开发中,安全无疑是十分重要的,选择Spring Security来保护web应用是一个非常好的选择。Spring Security是一个能够为基于Spring的企业应用系统提供声明式的安全访问控制解决方案的安全框架。
这是我们最基本的架构图:
security的pom文件主要内容:
<modules>
<module>security-core</module>
<module>security-borower</module>
<module>security-app</module>
<module>security-demo</module>
</modules>
<packaging>pom</packaging>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
</properties>
<dependencyManagement>
<dependencies>
<!-- 会替你去管理maven的版本,我们不用自己去写版本,保证互相兼容 -->
<dependency>
<groupId>io.spring.platform</groupId>
<artifactId>platform-bom</artifactId>
<version>Brussels-SR2</version>
<type>pom</type>
<scope>import</scope>
</dependency>
<!-- 导入spring cloud的包 -->
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-dependencies</artifactId>
<version>Dalston.SR2</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
<build>
<plugins>
<!-- 使用maven的编译插件 -->
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>2.3.2</version>
<!-- 编译的配置 -->
<configuration>
<!-- 源码环境1.8 -->
<source>1.8</source>
<!-- 编译后也是1.8 -->
<target>1.8</target>
<!-- encoding -->
<encoding>UTF-8</encoding>
</configuration>
</plugin>
</plugins>
</build>
security-core的pom文件主要内容:
<dependencies>
<!-- 跟spring-security相关的jar都会引进了 -->
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-oauth2</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-redis</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-jdbc</artifactId>
</dependency>
<!-- 加了数据库驱动要配置相关信息 -->
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
</dependency>
<!-- spring-social相关,实现第三方登录用到的依赖 -->
<dependency>
<groupId>org.springframework.social</groupId>
<artifactId>spring-social-config</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.social</groupId>
<artifactId>spring-social-core</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.social</groupId>
<artifactId>spring-social-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.social</groupId>
<artifactId>spring-social-web</artifactId>
</dependency>
<!-- 常用工具类 -->
<dependency>
<groupId>commons-lang</groupId>
<artifactId>commons-lang</artifactId>
</dependency>
<dependency>
<groupId>commons-collections</groupId>
<artifactId>commons-collections</artifactId>
</dependency>
<dependency>
<groupId>commons-beanutils</groupId>
<artifactId>commons-beanutils</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-configuration-processor</artifactId>
</dependency>
</dependencies>
security-borowser和security-app的pom文件主要内容
<dependencies>
<dependency>
<groupId>com.xxx.security</groupId>
<artifactId>security-core</artifactId>
<version>1.0-SNAPSHOT</version>
</dependency>
<!-- spring对session的集群管理,默认会开启。但是我们可以关掉 -->
<dependency>
<groupId>org.springframework.session</groupId>
<artifactId>spring-session</artifactId>
</dependency>
</dependencies>
security-demo工程的pom文件
<dependencies>
<dependency>
<artifactId>security-borower</artifactId>
<groupId>com.xxx.security</groupId>
<version>1.0-SNAPSHOT</version>
</dependency>
</dependencies>
<build>
<!-- maven的打包插件,可以把我们得spring boot工程打包成一个可运行得jar包 -->
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<version>1.3.3.RELEASE</version>
<configuration>
<mainClass>com.zhaohong.DemoApplication</mainClass>
</configuration>
<executions>
<execution>
<goals>
<!-- 会让我们的项目以spring-boot的方式重新打包 -->
<goal>repackage</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
<finalName>demo</finalName>
</build>
由于我们引入了mysql的驱动包和spring-session,那么我们需要在security-demo工程配置jdbc连接信息,反则项目启动会报错。
spring.datasource.driver-class-name = com.mysql.jdbc.Driver
spring.datasource.url= jdbc:mysql://127.0.0.1:3306/security-demo?useUnicode=yes&characterEncoding=UTF-8&useSSL=false
spring.datasource.username = root
spring.datasource.password = xxxx
# 暂且关闭spring-session,后续会继续见解它的使用
spring.session.store-type = none
# 项目访问端口server.port = 80
现在我们可以在security-demo工程中开始写我们的spring boot的启动类和第一个Controller。
@SpringBootApplication
@RestController
public class DemoApplication {
public static void main(String[] args) {
SpringApplication.run(DemoApplication.class);
}
}
@RestController
public class HelloController {
@GetMapping("/hello")
public String hello(){
return "hello spring security";
}
}
我们访问http://localhost/hello:
会弹出spring-security的用户验证对话框,这是在spring环境下的security默认配置,我们可以通过一写的方式关闭:
# 关闭spring-security身份验证
security.basic.enabled = false