spring系列---Security 安全框架使用和文件上传FastDFS

1

1.Spring Security框架入门

1.1 Spring Security简介

Spring Security是一个能够为基于Spring的企业应用系统提供声明式的安全访问控制解决方案的安全框架。它提供了一组可以在Spring应用上下文中配置的Bean,充分利用了Spring IoC,DI(控制反转Inversion of Control ,DI:Dependency Injection 依赖注入)和AOP(面向切面编程)功能,为应用系统提供声明式的安全访问控制功能,减少了为企业系统安全控制编写大量重复代码的工作。

1.2 Spring Security入门小Demo

1.2.1最简单Demo

(1)创建工程spring_security_demo ,pom.xml内容
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
    <modelVersion>4.0.0</modelVersion>
    <groupId>cn.itcast.demo</groupId>
    <artifactId>spring-security-demo</artifactId>
    <packaging>war</packaging>
    <version>0.0.1-SNAPSHOT</version>
    <properties>
        <spring.version>4.2.4.RELEASE</spring.version>
    </properties>
    <dependencies>
        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-core</artifactId>
            <version>${spring.version}</version>
        </dependency>
        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-web</artifactId>
            <version>${spring.version}</version>
        </dependency>
        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-webmvc</artifactId>
            <version>${spring.version}</version>
        </dependency>
        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-context-support</artifactId>
            <version>${spring.version}</version>
        </dependency>
        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-test</artifactId>
            <version>${spring.version}</version>
        </dependency>
        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-jdbc</artifactId>
            <version>${spring.version}</version>
        </dependency>
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-web</artifactId>
            <version>4.1.0.RELEASE</version>
        </dependency>
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-config</artifactId>
            <version>4.1.0.RELEASE</version>
        </dependency>
        <dependency>
            <groupId>javax.servlet</groupId>
            <artifactId>servlet-api</artifactId>
            <version>2.5</version>
            <scope>provided</scope>
        </dependency>
    </dependencies>
    <build>
      <plugins>        
          <!-- java编译插件 -->
          <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-compiler-plugin</artifactId>
                <version>3.2</version>
                <configuration>
                    <source>1.7</source>
                    <target>1.7</target>
                    <encoding>UTF-8</encoding>
                </configuration>
          </plugin>      
          <plugin>
                <groupId>org.apache.tomcat.maven</groupId>
                <artifactId>tomcat7-maven-plugin</artifactId>
                <configuration>
                    <!-- 指定端口 -->
                    <port>9090</port>
                    <!-- 请求路径 -->
                    <path>/</path>
                </configuration>
            </plugin>
       </plugins>  
    </build>
</project>
(2)创建web.xml 
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns="http://java.sun.com/xml/ns/javaee"
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
    version="2.5">        
       <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>classpath:spring-security.xml</param-value>
     </context-param>
     <listener>
        <listener-class>
            org.springframework.web.context.ContextLoaderListener
        </listener-class>
     </listener>    
     <filter>  
        <filter-name>springSecurityFilterChain</filter-name>           <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>  
     </filter>  
     <filter-mapping>  
        <filter-name>springSecurityFilterChain</filter-name>  
        <url-pattern>/*</url-pattern>  
     </filter-mapping>    
</web-app>
(3)创建index.html   内容略(IDEA的index.jsp也可用)

(4)创建spring 配置文件spring-security.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
             xmlns:beans="http://www.springframework.org/schema/beans" 
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xsi:schemaLocation="http://www.springframework.org/schema/beans 
                                 http://www.springframework.org/schema/beans/spring-beans.xsd
                                 http://www.springframework.org/schema/security 
                                 http://www.springframework.org/schema/security/spring-security.xsd">

    <!-- 页面拦截规则 -->
    <http use-expressions="false">
        <intercept-url pattern="/**" access="ROLE_USER" />
        <form-login/>    
    </http>

    <!-- 认证管理器 -->
    <authentication-manager>
        <authentication-provider>
            <user-service>
                <user name="admin" password="123456" authorities="ROLE_USER"/>
            </user-service>        
        </authentication-provider>    
    </authentication-manager>
</beans:beans>
**配置说明**:
    intercept-url 表示拦截页面   
    //  表示的是该目录下的资源,只包括本级目录不包括下级目录
    // 表示的是该目录以及该目录下所有级别子目录的资源
    form-login  为开启表单登陆

use-expressions 为是否使用使用 Spring 表达式语言( SpEL ),默认为true ,如果开启,则拦截的配置写成以下形式

<intercept-url pattern="/**" access="hasRole('ROLE_USER')" />

此时启动localhost:9090就能看到登陆页面

2项目中的配置及使用

  • pom.xml

        <dependencies>
            <!--公共组件-->
            <dependency>
                <groupId>com.yh</groupId>
                <artifactId>yh_common</artifactId>
                <version>1.0-SNAPSHOT</version>
            </dependency>
            <!-- Spring -->
            <dependency>
                <groupId>org.springframework</groupId>
                <artifactId>spring-context</artifactId>
            </dependency>
            <dependency>
                <groupId>org.springframework</groupId>
                <artifactId>spring-beans</artifactId>
            </dependency>
            <dependency>
                <groupId>org.springframework</groupId>
                <artifactId>spring-webmvc</artifactId>
            </dependency>
            <dependency>
                <groupId>org.springframework</groupId>
                <artifactId>spring-jdbc</artifactId>
            </dependency>
            <dependency>
                <groupId>org.springframework</groupId>
                <artifactId>spring-aspects</artifactId>
            </dependency>
            <dependency>
                <groupId>org.springframework</groupId>
                <artifactId>spring-jms</artifactId>
            </dependency>
            <dependency>
                <groupId>org.springframework</groupId>
                <artifactId>spring-context-support</artifactId>
            </dependency>
            <dependency>
                <groupId>org.springframework</groupId>
                <artifactId>spring-test</artifactId>
            </dependency>
            <!--认证相关-->
            <dependency>
                <groupId>org.springframework.security</groupId>
                <artifactId>spring-security-web</artifactId>
            </dependency>
            <dependency>
                <groupId>org.springframework.security</groupId>
                <artifactId>spring-security-config</artifactId>
            </dependency>
            <!-- dubbo相关 -->
            <dependency>
                <groupId>com.alibaba</groupId>
                <artifactId>dubbo</artifactId>
            </dependency>
            <dependency>
                <groupId>org.apache.zookeeper</groupId>
                <artifactId>zookeeper</artifactId>
            </dependency>
            <dependency>
                <groupId>com.github.sgroschupf</groupId>
                <artifactId>zkclient</artifactId>
            </dependency>
            <dependency>
                <groupId>junit</groupId>
                <artifactId>junit</artifactId>
            </dependency>
            <dependency>
                <groupId>com.alibaba</groupId>
                <artifactId>fastjson</artifactId>
            </dependency>
            <dependency>
                <groupId>org.javassist</groupId>
                <artifactId>javassist</artifactId>
                <version>3.23.1-GA</version>
            </dependency>
            <dependency>
                <groupId>commons-codec</groupId>
                <artifactId>commons-codec</artifactId>
            </dependency>
            <dependency>
                <groupId>javax.servlet</groupId>
                <artifactId>servlet-api</artifactId>
                <scope>provided</scope>
            </dependency>
            <dependency>
                <groupId>com.yh</groupId>
                <artifactId>yh_sellergoods_interface</artifactId>
                <version>1.0-SNAPSHOT</version>
            </dependency>
    
            <!-- 文件上传组件 -->
            <dependency>
                <groupId>org.csource.fastdfs</groupId>
                <artifactId>fastdfs</artifactId>
            </dependency>
            <dependency>
                <groupId>commons-fileupload</groupId>
                <artifactId>commons-fileupload</artifactId>
            </dependency>
        </dependencies>
    
        <build>
            <plugins>
                <plugin>
                    <groupId>org.apache.tomcat.maven</groupId>
                    <artifactId>tomcat7-maven-plugin</artifactId>
                    <version>2.2</version>
                    <configuration>
                        <!-- 指定端口 -->
                        <port>9102</port>
                        <!-- 请求路径 -->
                        <path>/</path>
                    </configuration>
                </plugin>
            </plugins>
        </build>
  • web.xml
  • <?xml version="1.0" encoding="UTF-8"?>
    <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xmlns="http://java.sun.com/xml/ns/javaee"
             xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
             version="2.5">
        <!-- 解决post乱码 -->
        <filter>
            <filter-name>CharacterEncodingFilter</filter-name>
            <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
            <init-param>
                <param-name>encoding</param-name>
                <param-value>utf-8</param-value>
            </init-param>
            <init-param>
                <param-name>forceEncoding</param-name>
                <param-value>true</param-value>
            </init-param>
        </filter>
        <filter-mapping>
            <filter-name>CharacterEncodingFilter</filter-name>
            <url-pattern>/*</url-pattern>
        </filter-mapping>
    
    
        <servlet>
            <servlet-name>springmvc</servlet-name>
            <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
            <!-- 指定加载的配置文件 ,通过参数contextConfigLocation加载-->
            <init-param>
                <param-name>contextConfigLocation</param-name>
                <param-value>classpath:spring/spring*.xml</param-value>
            </init-param>
            <load-on-startup>2</load-on-startup>
        </servlet>
    
        <servlet-mapping>
            <servlet-name>springmvc</servlet-name>
            <url-pattern>*.do</url-pattern>
        </servlet-mapping>
    
        <context-param>
            <param-name>contextConfigLocation</param-name>
            <!--加载common中的配置文件 要使用 classpath*-->
            <param-value>classpath:spring/spring*.xml,classpath*:spring/applicationContext*.xml</param-value>
        </context-param>
        <listener>
            <listener-class>
                org.springframework.web.context.ContextLoaderListener
            </listener-class>
        </listener>
    
    
        <filter>
            <filter-name>springSecurityFilterChain</filter-name>
            <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
        </filter>
        <filter-mapping>
            <filter-name>springSecurityFilterChain</filter-name>
            <url-pattern>/*</url-pattern>
        </filter-mapping>
    </web-app>
  • pringmvc.xml
  • <?xml version="1.0" encoding="UTF-8"?>
    <beans xmlns="http://www.springframework.org/schema/beans"
           xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p"
           xmlns:context="http://www.springframework.org/schema/context"
           xmlns:dubbo="http://code.alibabatech.com/schema/dubbo" xmlns:mvc="http://www.springframework.org/schema/mvc"
           xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
            http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd
            http://code.alibabatech.com/schema/dubbo http://code.alibabatech.com/schema/dubbo/dubbo.xsd
            http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd">
        <context:property-placeholder location="classpath:config/application.properties"/>
    
        <!-- 配置多媒体解析器 -->
        <bean id="multipartResolver" class="org.springframework.web.multipart.commons.CommonsMultipartResolver">
            <property name="defaultEncoding" value="UTF-8"></property>
            <!-- 设定文件上传的最大值5MB,5*1024*1024 -->
            <property name="maxUploadSize" value="5242880"></property>
        </bean>
    
        <mvc:annotation-driven>
            <mvc:message-converters register-defaults="true">
                <bean class="com.alibaba.fastjson.support.spring.FastJsonHttpMessageConverter">
                    <property name="supportedMediaTypes" value="application/json"/>
                    <property name="features">
                        <array>
                            <value>WriteMapNullValue</value>
                            <value>WriteDateUseDateFormat</value>
                        </array>
                    </property>
                </bean>
            </mvc:message-converters>
        </mvc:annotation-driven>
    
        <!-- 引用dubbo 服务 -->
        <!--<dubbo:application name="yh_shop_web"/>-->
        <!--<dubbo:registry address="zookeeper://192.168.80.128:2181"/>-->
        <!--<dubbo:annotation package="com.yh.shop.controller"/>-->
    
    </beans>
  • Spring-secuity.xml
  • <?xml version="1.0" encoding="UTF-8"?>
    <beans:beans xmlns="http://www.springframework.org/schema/security"
                 xmlns:beans="http://www.springframework.org/schema/beans"
                 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                 xmlns:dubbo="http://code.alibabatech.com/schema/dubbo"
                 xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
                            http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd http://code.alibabatech.com/schema/dubbo http://code.alibabatech.com/schema/dubbo/dubbo.xsd">
    
        <!--允许匿名访问的资源-->
        <http pattern="/shoplogin.html" security="none"></http>
        <http pattern="/register.html" security="none"></http>
        <http pattern="/seller/add.do" security="none"></http>
        <http pattern="/css/**" security="none"></http>
        <http pattern="/img/**" security="none"></http>
        <http pattern="/js/**" security="none"></http>
        <http pattern="/plugins/**" security="none"></http>
    
    
        <!--拦截规则-->
        <!--不使用表达式-->
        <http>
            <!--拦截所有根目录资源及其子目录-->
            <intercept-url pattern="/**" access="hasRole('ROLE_SELLER')"></intercept-url>
            <!--自定义登陆页面 登陆成功跳转页面  指定了是否在身份验证通过后总是跳转到default-target-url属性指定的URL。-->
            <!--指定用户名密码的name username-parameter="username" password-parameter="password"-->
            <form-login login-page="/shoplogin.html" default-target-url="/admin/index.html"
                        always-use-default-target="true"/>
            <logout/>
            <csrf disabled="true"></csrf>
            <!--请求过滤-->
            <headers>
                <!--允许同源访问-->
                <frame-options policy="SAMEORIGIN"/>
            </headers>
        </http>
    
        <authentication-manager>
            <!--实现接口 查询用户-->
            <authentication-provider user-service-ref="userDetailService">
                <password-encoder ref="bCryptPasswordEncoder"></password-encoder>
            </authentication-provider>
        </authentication-manager>
    
    
        <!-- 引用dubbo 服务 -->
        <dubbo:application name="yh_shop_web"/>
        <dubbo:registry address="zookeeper://192.168.80.128:2181"/>
        <dubbo:annotation package="com.yh"/>
    
    
        <beans:bean id="userDetailService" class="com.yh.page.service.UserDetailServiceImpl"></beans:bean>
        <beans:bean id="bCryptPasswordEncoder"
                    class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"></beans:bean>
    </beans:beans>
  • com.yh.service.UserDetailServiceImpl.java
  • package com.yh.page.service;
    
    import com.alibaba.dubbo.config.annotation.Reference;
    import com.yh.pojo.TbSeller;
    import com.yh.sellergoods.service.SellerService;
    import org.springframework.security.core.GrantedAuthority;
    import org.springframework.security.core.authority.SimpleGrantedAuthority;
    import org.springframework.security.core.userdetails.User;
    import org.springframework.security.core.userdetails.UserDetails;
    import org.springframework.security.core.userdetails.UserDetailsService;
    import org.springframework.security.core.userdetails.UsernameNotFoundException;
    import org.springframework.stereotype.Component;
    
    import java.util.ArrayList;
    
    /
      实现userdetail接口 用于验证前台输入用户信息匹配
      <p>
      需要让接口扫描到这个类
     /
    @Component
    public class UserDetailServiceImpl implements UserDetailsService {
        //远程调用dubbo提供的服务 但是此时还没有
        @Reference
        public SellerService sellerService;
        
        @Override
        public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
            TbSeller seller = sellerService.findOne(username);
            System.out.println(seller);
            //没找到用户  或者用户没有通过审核
            if (seller == null || !"1".equals(seller.getStatus())) {
                return null;
            }
            ArrayList<GrantedAuthority> list = new ArrayList<>();
            list.add(new SimpleGrantedAuthority("ROLE_SELLER"));
            
            return new User(username, seller.getPassword(), list);
        }
    }
    
  • config/fdfs_client.conf
# connect timeout in seconds
# default value is 30s
connect_timeout=30

# network timeout in seconds
# default value is 30s
network_timeout=60

# the base path to store log files
base_path=/home/fastdfs

# tracker_server can ocur more than once, and tracker_server format is
#  "host:port", host can be hostname or ip address
tracker_server=172.16.224.128:22122

#standard log level as syslog, case insensitive, value list:
### emerg for emergency
### alert
### crit for critical
### error
### warn for warning
### notice
### info
### debug
log_level=info

# if use connection pool
# default value is false
# since V4.05
use_connection_pool = false

# connections whose the idle time exceeds this time will be closed
# unit: second
# default value is 3600
# since V4.05
connection_pool_max_idle_time = 3600

# if load FastDFS parameters from tracker server
# since V4.05
# default value is false
load_fdfs_parameters_from_tracker=false

# if use storage ID instead of IP address
# same as tracker.conf
# valid only when load_fdfs_parameters_from_tracker is false
# default value is false
# since V4.05
use_storage_id = false

# specify storage ids filename, can use relative or absolute path
# same as tracker.conf
# valid only when load_fdfs_parameters_from_tracker is false
# since V4.05
storage_ids_filename = storage_ids.conf


#HTTP settings
http.tracker_server_port=80

#use "#include" directive to include HTTP other settiongs
##include http.conf
  • com.yh.shop.controller.UploadController
package com.yh.shop.controller;
import entity.Result;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.multipart.MultipartFile;
import utils.FastDFSClient;
//  文件上传controller
@RestController
 public class UploadController {
  @Value("${FILE_SERVER_URL}")
  public String FILE_SERVER_URL;
   
    @RequestMapping("upload")
    public Result upload(MultipartFile file) {
        //文件名称
        //String originalFilename = file.getOriginalFilename();
        //获取扩展名称
        //String extName = originalFilename.substring(originalFilename.lastIndexOf(".") + 1);
    
        String extName = file.getOriginalFilename().substring(file.getOriginalFilename().lastIndexOf(".")+1);
        try {
            //创建fastdfs客户端
            FastDFSClient fastDFSClient = new FastDFSClient("classpath:config/fdfs_client.conf");
            //返回图片路径
            String path = fastDFSClient.uploadFile(file.getBytes(), extName);
            System.out.println(path);
            return new Result(true, FILE_SERVER_URL + path);
        } catch (Exception e) {
            e.printStackTrace();
            return new Result(false, "上传失败");
        }
        
    }
    
}

你可能感兴趣的

载入中...