廣州中企動(dòng)力網(wǎng)站制作,如何做平臺(tái)網(wǎng)站,新鄉(xiāng)網(wǎng)絡(luò)公司首選,杭州下城區(qū)建設(shè)局網(wǎng)站前言 承襲 {初探 Spring Security 文章}#xff0c;使用 InMemoryUserDetailsManager,建立帳號(hào)與密碼並儲(chǔ)存於記憶體中。 現(xiàn)實(shí)中#xff0c;我們不會(huì)將帳號(hào)與密碼這們做#xff0c;一般情況下#xff0c;都會(huì)存放在資料庫#xff0c;或者LDAP。 以下我們將改寫使用 MyS…前言承襲 {初探 Spring Security 文章}使用 InMemoryUserDetailsManager,建立帳號(hào)與密碼並儲(chǔ)存於記憶體中?，F(xiàn)實(shí)中我們不會(huì)將帳號(hào)與密碼這們做一般情況下都會(huì)存放在資料庫或者LDAP。以下我們將改寫使用 MySQL 來管理我們的使用者帳戶。專案實(shí)作(本次代碼有點(diǎn)多請細(xì)看)1.新增pom.xml相關(guān)DependenciesPom.xml dependency groupIdcom.mysql/groupId artifactIdmysql-connector-j/artifactId scoperuntime/scope /dependency2.增修相關(guān)代碼修改 Web 安全性, 網(wǎng)路安全配置類別 WebSecurityConfig(使用 HTTP Basic Authentication)增修SecurityConfig//SecurityConfig.java import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.http.HttpMethod; import org.springframework.security.config.Customizer; import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.web.SecurityFilterChain; Configuration EnableWebSecurity EnableMethodSecurity public class SecurityConfig { Bean public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { http .csrf(AbstractHttpConfigurer::disable) .authorizeHttpRequests(auth - auth // Read permissions (Guest, User, Admin) .requestMatchers(HttpMethod.GET, /api/users, /api/user/{uid}) .hasAnyAuthority(read) // , ROLE_GUEST) // Create permissions (User, Admin) .requestMatchers(HttpMethod.POST, /api/user).hasAnyAuthority(create) // Requirement : Admin (CRUD) - DELETE/PUT will be handled by PreAuthorize .requestMatchers(HttpMethod.PUT, /api/users/{uid}).hasAnyAuthority(update) .requestMatchers(HttpMethod.DELETE, /users/{uid}).hasAnyAuthority(delete) .anyRequest().authenticated()) .httpBasic(Customizer.withDefaults()) // .formLogin(Customizer.withDefaults()) .sessionManagement(sess - sess.sessionCreationPolicy(SessionCreationPolicy.STATELESS)); return http.build(); } Bean public PasswordEncoder passwordEncoder() { return new BCryptPasswordEncoder(); } }增修CustomUserDetailsService//CustomUserDetailsService.java Service Transactional(readOnly true) public class CustomUserDetailsService implements UserDetailsService { Autowired private UserRepository userRepository; Override public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { User user userRepository.findByUsername(username) .orElseThrow(() - new UsernameNotFoundException(User not found: username)); SetGrantedAuthority authorities new HashSet(); for (UserRole ur : user.getUserRoles()) { Role role ur.getRole(); authorities.add(new SimpleGrantedAuthority( ROLE_ role.getName().name())); // permission-based authority for (String p : role.getPermissions()) { authorities.add(new SimpleGrantedAuthority(p)); } } return new org.springframework.security.core.userdetails.User( user.getUsername(), user.getPassword(), authorities); } }增修Entity// Role.java Entity Getter Setter AllArgsConstructor Builder Table(name roles) public class Role { Id GeneratedValue(strategy GenerationType.IDENTITY) private Long id; Enumerated(EnumType.STRING) Column(nullable false, unique true) private RoleName name; public Role() { } public Role(RoleName role) { this.name role; } public Role(RoleName name, SetString permissions) { this.name name; this.permissions permissions; } Builder.Default ElementCollection(fetch FetchType.EAGER) CollectionTable(name role_permissions, joinColumns JoinColumn(name role_id)) Column(name permission) private SetString permissions new HashSet(); Builder.Default JsonBackReference OneToMany(mappedBy role, cascade CascadeType.ALL, orphanRemoval true) private SetUserRole userRoles new HashSet(); } // RoleName.java public enum RoleName { ADMIN, USER, GUEST; } // 角色權(quán)限 RolePermission.java Entity Getter Setter NoArgsConstructor AllArgsConstructor Builder Table(name role_permissions) public class RolePermission { Id GeneratedValue(strategy GenerationType.IDENTITY) private Long id; Column(name role_id) private Long role_id; Column(name permission, length 255) private String permission; } // 使用者 User.java Entity Getter Setter AllArgsConstructor Builder Table(name users) public class User { Id GeneratedValue(strategy GenerationType.IDENTITY) private Long id; Column(name username, nullable false, unique true) private String username; Column(name password, nullable false) private String password; Column(name first_name, nullable true) private String firstName; Column(name last_name, nullable true) private String lastName; Column(name email, nullable false, unique true) private String email; JsonManagedReference OneToMany(mappedBy user, cascade CascadeType.ALL, orphanRemoval true) private SetUserRole userRoles new HashSet(); public User() { } public User(String username, String password, String firstName, String lastName, String email) { this.username username; this.password password; this.firstName firstName; this.lastName lastName; this.email email; } public void addRole(UserRole role) { userRoles.add(role); role.setUser(this); } public void removeRole(UserRole role) { userRoles.remove(role); role.setUser(null); } } //UserRole.java /** * 中間實(shí)體定義(UserRole) */ Entity Getter Setter NoArgsConstructor AllArgsConstructor Builder Table(name users_roles) public class UserRole implements Serializable { Id GeneratedValue(strategy GenerationType.IDENTITY) private Long id; // ManyToOne 關(guān)係到 User JsonBackReference ManyToOne(fetch FetchType.LAZY) JoinColumn(name user_id) private User user; // ManyToOne 關(guān)係到 Role ManyToOne(fetch FetchType.LAZY) JoinColumn(name role_id) private Role role; Column(name assigned_at) private LocalDateTime assignedAt LocalDateTime.now(); public UserRole(User user, Role role) { this.user user; this.role role; } }增修Repository// UserRepository.java Repository public interface UserRepository extends JpaRepositoryUser, Long { Query(SELECT u FROM User u LEFT JOIN FETCH u.userRoles ur // 載入 UserRole 集合 LEFT JOIN FETCH ur.role // 透過 ur 載入 Role 實(shí)體本身 WHERE u.id :id) OptionalUser findByIdWithRolesAndRoleDetails(Param(id) Long id); OptionalUser findByUsername(String username); } Repository public interface RoleRepository extends JpaRepositoryRole, Long { OptionalRole findByName(RoleName name); } Repository public interface UserRoleRepository extends JpaRepositoryUserRole, Long { }增修Service// UserService.java Slf4j Service public class UserService { Autowired private PasswordEncoder passwordEncoder; // Used for hashing passwords Autowired private UserMapper userMapper; Autowired private UserRepository userRepository; Transactional public User createUser(User newUser) {//////////////////////////// if (newUser null) { throw new IllegalArgumentException(User must not be null); } newUser.setPassword(passwordEncoder.encode(newUser.getPassword())); User user userRepository.save(newUser); return user; } /** * 尋找單一使用者並返回 DTO */ public OptionalUserDto findByIdDto(Long id) { return userRepository.findById(id) // 使用 mapper to DTO .map(userMapper::toUserDto); } public ListUser findAll() { return userRepository.findAll(); } /** * 查找所有使用者並返回 DTO 列表 */ public ListUserDto findAllDto() {//////////////////////////// return userRepository.findAll().stream() // 使用 mapper to DTO .map(userMapper::toUserDto) .collect(Collectors.toList()); } public OptionalUser findById(Long id) {//////////////////////////// return userRepository.findByIdWithRolesAndRoleDetails(id); } public User getUserById(Long uid) { if (uid null) { throw new UserNotFoundException(null); } User user userRepository.findById(uid) .orElseThrow(() - new UserNotFoundException(uid)); return user; } Transactional public User updateUser(PathVariable Long id, RequestBody User newUser) {//////////////////////////// log.info(Updating user with id: id); return userRepository.findById(id) .map(user - { user.setUsername(newUser.getUsername()); // Update password only if provided if (newUser.getPassword() ! null !newUser.getPassword().isEmpty()) { user.setPassword(passwordEncoder.encode(newUser.getPassword())); } user.setFirstName(null newUser.getFirstName() ? user.getFirstName() : newUser.getFirstName()); user.setLastName(null newUser.getLastName() ? user.getLastName() : newUser.getLastName()); user.setEmail(null newUser.getEmail() ? user.getEmail() : newUser.getEmail()); return userRepository.save(user); }).orElseThrow(() - new RuntimeException(User not found with id id)); } /** * 刪除使用者 */ Transactional public void deleteUser(Long uid) {//////////////////////////// if (uid null) { throw new UserNotFoundException(null); } userRepository.deleteById(uid); } } // UserRoleService.java Service public class UserRoleService { Autowired private UserRepository userRepository; Autowired private RoleRepository roleRepository; Autowired private UserRoleRepository userRoleRepository; Transactional public User addRole(Long userId, RoleName roleName) { // 1. 查找使用者 User user userRepository.findById(userId) .orElseThrow(() - new RuntimeException(User not found with ID: userId)); // 強(qiáng)制初始化集合避免潛在的 LazyInitializationException Hibernate.initialize(user.getUserRoles()); // 2. 查找角色 Role role roleRepository.findByName(roleName) .orElseThrow(() - new RuntimeException(Role not found: roleName)); // 3. 檢查是否已存在角色 boolean alreadyExists user.getUserRoles().stream() .anyMatch(userRole - userRole.getRole().getName().equals(roleName)); if (alreadyExists) { return user; } // 4. 建立並設(shè)定 UserRole 關(guān)聯(lián)實(shí)體 UserRole userRole new UserRole(); userRole.setUser(user); userRole.setRole(role); user.getUserRoles().add(userRole); userRoleRepository.save(userRole); return userRepository.save(user); } } // RoleService.java Service public class RoleService { private final RoleRepository roleRepository; Autowired public RoleService(RoleRepository roleRepository) { this.roleRepository roleRepository; } /** * 創(chuàng)建一個(gè)新的角色。 * * param role 欲儲(chǔ)存的角色實(shí)體 * return 儲(chǔ)存後的角色實(shí)體 */ Transactional public Role createRole(Role role) { // 可以在此處添加驗(yàn)證例如檢查角色名稱是否已存在 // RoleName roleName RoleName.valueOf(role.getName().name().toUpperCase()); OptionalRole existingRole roleRepository.findByName(role.getName()); if (existingRole.isPresent()) { throw new IllegalArgumentException(Role name already exists: role.getName()); } return roleRepository.save(role); } }增修Controller// UserController.java RestController RequestMapping(/api) public class UserController { Autowired private UserService userService; // Create (User/Admin) PostMapping(/user) public ResponseEntity? createUser(RequestBody User newUser) { User user userService.createUser(newUser); return new ResponseEntity(user, HttpStatus.CREATED); } // Read One (Guest/User/Admin) GetMapping(/user/{uid}) public ResponseEntityUser getUserById(PathVariable Long uid) { return userService.findById(uid) .map(ResponseEntity::ok) .orElse(ResponseEntity.notFound().build()); } GetMapping(/users) PreAuthorize(hasAuthority(read)) public ResponseEntityListUserDto getAllUsers() { ListUserDto userDtos userService.findAllDto(); return ResponseEntity.ok(userDtos); } // Update (Admin) PutMapping(/users/{uid}) public ResponseEntityUser updateUser(PathVariable Long uid, RequestBody User userDetails) { User updatedUser userService.updateUser(uid, userDetails); return ResponseEntity.ok(updatedUser); } DeleteMapping(/users/{uid}) PreAuthorize(hasAuthority(delete) or hasRole(ADMIN)) public ResponseEntityVoid deleteUser(PathVariable Long uid) { userService.deleteUser(uid); return ResponseEntity.noContent().build(); } }增修D(zhuǎn)TO Mapper// UserMapper.java Component public class UserMapper { public RoleDto toRoleDto(Role role) { if (role null) { return null; } RoleDto roleDto new RoleDto(); roleDto.setId(role.getId()); roleDto.setName(role.getName()); return roleDto; } public SetRoleDto toRoleDtoSet(SetUserRole userRoles) { if (userRoles null) { return Collections.emptySet(); } return userRoles.stream() .map(UserRole::getRole) .map(this::toRoleDto) .filter(Objects::nonNull) // .sorted(Comparator.comparing(RoleDto::getName)) .collect(Collectors.toSet()); } /** * 將 User 實(shí)體轉(zhuǎn)換為 UserDto */ public UserDto toUserDto(User user) { if (user null) { return null; } UserDto userDto new UserDto(); userDto.setId(user.getId()); userDto.setUsername(user.getUsername()); userDto.setFirstName(user.getFirstName()); userDto.setLastName(user.getLastName()); userDto.setEmail(user.getEmail()); userDto.setRoles(toRoleDtoSet(user.getUserRoles())); return userDto; } }增修自定Exception// UserNotFoundException.java public class UserNotFoundException extends RuntimeException { public UserNotFoundException(Long id) { String errString ; if (id null) { errString User ID must not be null; } else { errString User with ID id not found; } super(errString); } }增修初始資料測試用// DataInitializer.java Slf4j Component public class DataInitializer implements CommandLineRunner { Autowired private UserRepository userRepository; Autowired private RoleRepository roleRepository; Autowired private UserRoleRepository userRoleRepository; Autowired private PasswordEncoder passwordEncoder; Override public void run(String... args) throws Exception { userRoleRepository.deleteAll(); userRepository.deleteAll(); roleRepository.deleteAll(); // --- 1. Create Roles --- Role adminRole createRole(RoleName.ADMIN, Set.of(create, read, update, delete)); Role userRole createRole(RoleName.USER, Set.of(create, read)); Role guestRole createRole(RoleName.GUEST, Set.of(read)); // --- 2. Create Users --- User adminUser createUser(admin, password, admin, user, adminexample.com); User standardUser createUser(user, password, standard, user, standardexample.com); User guestUser createUser(guest, password, guest, user, guestexample.com); // --- 3. Link Users to Roles (UserRole) --- linkUserToRole(adminUser, adminRole); linkUserToRole(standardUser, userRole); linkUserToRole(guestUser, guestRole); } Transactional private Role createRole(RoleName name, SetString permissions) { Role role new Role(); role.setName(name); role.setPermissions(permissions); return roleRepository.save(role); } Transactional private User createUser(String username, String rawPassword, String firstName, String lastName, String email) { User user new User(); user.setUsername(username); user.setPassword(passwordEncoder.encode(rawPassword)); user.setFirstName(firstName); user.setLastName(lastName); user.setEmail(email); return userRepository.save(user); } Transactional private void linkUserToRole(User user, Role role) { UserRole userRole new UserRole(); userRole.setUser(user); userRole.setRole(role); userRoleRepository.save(userRole); user.getUserRoles().add(userRole); userRepository.save(user); } }啟動(dòng)App初始寫入測試資料. ____ _ __ _ _/\ / ____ __ _ _(_)_ __ __ _ ( ( )\___ | _ | _| | _ / _ | \/ ___)| |_)| | | | | || (_| | ) ) ) ) |____| .__|_| |_|_| |_\__, | / / / /|_||___//_/_/_/:: Spring Boot :: (v3.5.8)21:18:10.278 WARN [com.dannyyu.backend.SpringbootBackendApplication.main()][deprecation.constructDialect(DialectFactoryImpl.java:15321:18:10.974 WARN [com.dannyyu.backend.SpringbootBackendApplication.main()][JpaBaseConfiguration$JpaWebConfiguration.openEntityManagerInViewInterceptor(JpaBaseConfiguration.java:258Hibernate: select ur1_0.id,ur1_0.assigned_at,ur1_0.role_id,ur1_0.user_id from users_roles ur1_0. . .Hibernate: insert into roles (name) values (?)Hibernate: insert into role_permissions (role_id,permission) values (?,?)Hibernate: insert into role_permissions (role_id,permission) values (?,?)Hibernate: insert into role_permissions (role_id,permission) values (?,?)Hibernate: insert into role_permissions (role_id,permission) values (?,?)Hibernate: insert into roles (name) values (?)Hibernate: insert into role_permissions (role_id,permission) values (?,?)Hibernate: insert into role_permissions (role_id,permission) values (?,?)Hibernate: insert into roles (name) values (?)Hibernate: insert into role_permissions (role_id,permission) values (?,?)Hibernate: insert into users (email,first_name,last_name,password,username) values (?,?,?,?,?)Hibernate: insert into users (email,first_name,last_name,password,username) values (?,?,?,?,?)Hibernate: insert into users (email,first_name,last_name,password,username) values (?,?,?,?,?)Hibernate: insert into users_roles (assigned_at,role_id,user_id) values (?,?,?)Hibernate: select u1_0.id,u1_0.email,u1_0.first_name,u1_0.last_name,u1_0.password,ur1_0.user_id,ur1_0.id,ur1_0.assigned_at,ur1_0.role_id,u1_0.username from users u1_0 left join users_roles ur1_0 on u1_0.idur1_0.user_id where u1_0.id?Hibernate: insert into users_roles (assigned_at,role_id,user_id) values (?,?,?)Hibernate: select u1_0.id,u1_0.email,u1_0.first_name,u1_0.last_name,u1_0.password,ur1_0.user_id,ur1_0.id,ur1_0.assigned_at,ur1_0.role_id,u1_0.username from users u1_0 left join users_roles ur1_0 on u1_0.idur1_0.user_id where u1_0.id?Hibernate: insert into users_roles (assigned_at,role_id,user_id) values (?,?,?)Hibernate: select u1_0.id,u1_0.email,u1_0.first_name,u1_0.last_name,u1_0.password,ur1_0.user_id,ur1_0.id,ur1_0.assigned_at,ur1_0.role_id,u1_0.username from users u1_0 left join users_roles ur1_0 on u1_0.idur1_0.user_id where u1_0.id?確認(rèn)測試資料已存入DB測試案例User 資料{ username: test, password: 123456, firstName: test, lastName: yu, email: testexample.com }GUEST不能POST不能新增User回應(yīng)ADMIN新增User回應(yīng)確認(rèn)測試數(shù)據(jù)有寫進(jìn)DBADMIN可刪除(hasAuthority(delete’))USER沒有delete權(quán)限GUEST可以GETUSER可以POST新建使用者回應(yīng)常見錯(cuò)誤 解法401 Unauthorized原因:.沒送 Authorization.帳號(hào)或密碼錯(cuò)檢查:.postman Authorization 是否設(shè)定.密碼是否為「明碼」而不是 BCrypt403 Forbidden原因:.有登入成功.但 authority 不符合檢查.hasAnyAuthority(read).是否真的有回傳 read不是 ROLE_READ本文章結(jié)束希望各位讀者能有所得。感謝!