UncleCatMySelf/myself-securitygit
大体简介项目主要逐步迭代讲解Spring Security + Spring Social + Spring Security OAuth + REST服务开发,经过实际的案例开发来说解,项目注解详细适合做为教程案例,同时对代码的演进还有重构也会有对应的推文讲解!程序员
什么是登陆与帐户安全!?github
大多数初级的程序员可能理解的比较简单,即普通的表单登陆,数据查询等等,可是真正的企业登陆权限系统是如何的呢?如今大多数主流的权限系统通常都是使用Spring Security了,而咱们的主题也是它,让咱们来深刻了解这个权限框架吧!web
首先是项目的目录,项目采用Maven多模块模式开发。spring
一、Myself-security:主模块(pom) 二、Myself-security-core:核心业务逻辑(jar) 三、Myself-security-browser:浏览器安全特定代码(jar) 四、Myself-security-app:app相关特定代码(jar) 五、Myself-security-demo:样例程序(jar)
让咱们来了解项目的主模块的pom文件,这个的packaging要选择为pom形式,咱们选择引入Spring IO来控制版本,还有配置Maven插件,具体以下apache
<?xml version="1.0" encoding="UTF-8"?> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion>4.0.0</modelVersion> <groupId>com.myself.security</groupId> <artifactId>myself-security</artifactId> <version>1.0-SNAPSHOT</version> <packaging>pom</packaging> <!-- 配置版本参数 --> <properties> <myself.security.version>1.0-SNAPSHOT</myself.security.version> </properties> <!-- 帮助咱们管理Maven依赖的版本,由spring IO 来指定版本 --> <dependencyManagement> <dependencies> <dependency> <groupId>io.spring.platform</groupId> <artifactId>platform-bom</artifactId> <version>Cairo-SR4</version> <type>pom</type> <scope>import</scope> </dependency> <dependency> <groupId>org.springframework.cloud</groupId> <artifactId>spring-cloud-dependencies</artifactId> <version>Finchley.SR1</version> <type>pom</type> <scope>import</scope> </dependency> </dependencies> </dependencyManagement> <!-- 配置Maven插件 --> <build> <plugins> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-compiler-plugin</artifactId> <version>3.7.0</version> <configuration> <source>1.8</source> <target>1.8</target> <encoding>UTF-8</encoding> </configuration> </plugin> </plugins> </build> <!-- 子模块引入 --> <modules> <module>../myselfsecuritycore</module> <module>../myselfsecuritydemo</module> <module>../myselfsecuritybrowser</module> <module>../myselfsecurityapp</module> </modules> </project>
接下来是core的核心组件,这一块的代码较多,我中间部分就省略了,具体能够去GitHub查看浏览器
<?xml version="1.0" encoding="UTF-8"?> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <!-- 父模块信息 --> <parent> <artifactId>myself-security</artifactId> <groupId>com.myself.security</groupId> <version>1.0-SNAPSHOT</version> <relativePath>../myselfsecurity</relativePath> </parent> <modelVersion>4.0.0</modelVersion> <artifactId>myself-security-core</artifactId> <dependencies> <!-- 引入全部与Spring Security相关的jar包 --> <dependency> <groupId>org.springframework.cloud</groupId> <artifactId>spring-cloud-starter-oauth2</artifactId> </dependency> <dependency> <groupId>...</groupId> <artifactId>...</artifactId> </dependency> </dependencies> </project>
而app模块是针对App的权限,这一块只要引入core组件便可安全
<?xml version="1.0" encoding="UTF-8"?> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <!-- 父模块信息 --> <parent> <artifactId>myself-security</artifactId> <groupId>com.myself.security</groupId> <version>1.0-SNAPSHOT</version> <relativePath>../myselfsecurity</relativePath> </parent> <modelVersion>4.0.0</modelVersion> <artifactId>myself-security-app</artifactId> <!-- 引入core核心代码组件 --> <dependencies> <dependency> <groupId>com.myself.security</groupId> <artifactId>myself-security-core</artifactId> <version>${myself.security.version}</version> </dependency> </dependencies> </project>
对于browser浏览器模块,则须要加Session集群管理,因为app是使用token,而浏览器则是sessionsession
<?xml version="1.0" encoding="UTF-8"?> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <!-- 父模块信息 --> <parent> <artifactId>myself-security</artifactId> <groupId>com.myself.security</groupId> <version>1.0-SNAPSHOT</version> <relativePath>../myselfsecurity</relativePath> </parent> <modelVersion>4.0.0</modelVersion> <artifactId>myself-security-browser</artifactId> <dependencies> <!-- 引入core核心代码组件 --> <dependency> <groupId>com.myself.security</groupId> <artifactId>myself-security-core</artifactId> <version>${myself.security.version}</version> </dependency> <!-- 集群环境下的session管理 --> <!-- 部分组件的版本还未在Spring IO更新,这里要本身引入 --> <dependency> <groupId>org.springframework.session</groupId> <artifactId>spring-session</artifactId> <version>1.3.3.RELEASE</version> </dependency> </dependencies> </project>
demo组件是咱们的代码测试区,还有功能实现测试,咱们暂时先引用browser模块。app
<?xml version="1.0" encoding="UTF-8"?> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <!-- 父模块信息 --> <parent> <artifactId>myself-security</artifactId> <groupId>com.myself.security</groupId> <version>1.0-SNAPSHOT</version> <relativePath>../myselfsecurity</relativePath> </parent> <modelVersion>4.0.0</modelVersion> <artifactId>myself-security-demo</artifactId> <dependencies> <!-- 引入browser代码组件 --> <dependency> <groupId>com.myself.security</groupId> <artifactId>myself-security-browser</artifactId> <version>${myself.security.version}</version> </dependency> <!-- 用于接口测试 --> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-test</artifactId> </dependency> </dependencies> <!-- 用于打包 --> <build> <plugins> <plugin> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-maven-plugin</artifactId> <version>2.0.5.RELEASE</version> <executions> <execution> <goals> <goal>repackage</goal> </goals> </execution> </executions> </plugin> </plugins> <finalName>demo</finalName> </build> </project>
接下来咱们要编写启动类,我使用了Swagger插件,还有初始化时咱们先移除Security的登陆验证,固然yml配置文件也要先关了Session管理
package com.myself; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.EnableAutoConfiguration; import org.springframework.boot.autoconfigure.SpringBootApplication; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.RestController; import springfox.documentation.swagger2.annotations.EnableSwagger2; /** * @author MySelf * @create 2018/9/15 * @desc Demo SpringBoot 启动类 **/ @SpringBootApplication @RestController @EnableSwagger2 @EnableAutoConfiguration(exclude = { org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration.class }) public class DemoApplication { /** * 启动类 * @param args {@link String} */ public static void main(String[] args) { SpringApplication.run(DemoApplication.class,args); } /** * 初始化建立接口服务 * @return {@link String} */ @GetMapping("/hello") public String hello(){ return "Hello Spring Security"; } }
好了,运行项目,咱们就能够看到初始化成功的项目啦!
若是本文对你有帮助,欢迎关注我的技术公众号,谢谢。