介绍

本系统为springboot整合security，mybatisPlus，thymeleaf实现登录认证及用户，菜单，角色权限管理。页面为极简模式，没有任何渲染。

源码：/qfp17393120407/spring-boot_thymeleaf

开发步骤

架构截图

pom文件

<parent><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-parent</artifactId><version>2.3.5.RELEASE</version></parent><dependencies><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-web</artifactId></dependency><dependency><groupId>com.baomidou</groupId><artifactId>mybatis-plus-boot-starter</artifactId><version>3.5.3</version></dependency><dependency><groupId>org.projectlombok</groupId><artifactId>lombok</artifactId></dependency><dependency><groupId>mysql</groupId><artifactId>mysql-connector-java</artifactId></dependency><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-security</artifactId></dependency><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-thymeleaf</artifactId></dependency><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-test</artifactId></dependency><dependency><groupId>io.springfox</groupId><artifactId>springfox-boot-starter</artifactId><version>3.0.0</version></dependency><!--参数校验--><dependency><groupId>javax.validation</groupId><artifactId>validation-api</artifactId></dependency><dependency><groupId>org.hibernate</groupId><artifactId>hibernate-validator</artifactId><version>6.0.8.Final</version></dependency><dependency><groupId>mons</groupId><artifactId>commons-lang3</artifactId><version>3.12.0</version></dependency></dependencies>

配置文件

server:port: 9011spring:application:name: security-testdatasource:driver-class-name: com.mysql.cj.jdbc.Driverurl: jdbc:mysql://localhost:3306/wechat?serverTimezone=Asia/Shanghai&characterEncoding=utf-8username: rootpassword: root

启动类

@SpringBootApplication@EnableOpenApipublic class UserApplication {public static void main(String[] args) {SpringApplication.run(UserApplication.class,args);}}

准备建表和实体类

此处以用户表为例，其他表数据可在源码获取。

用户表

CREATE TABLE `user` (`id` int NOT NULL AUTO_INCREMENT,`username` varchar(20) NOT NULL COMMENT '用户名',`password` varchar(200) NOT NULL COMMENT '密码',`phone` varchar(20) NOT NULL COMMENT '手机号',`create_time` datetime NOT NULL COMMENT '创建时间',`update_time` datetime NOT NULL COMMENT '更新时间',`create_user` varchar(20) NOT NULL COMMENT '创建用户',`update_user` varchar(20) NOT NULL COMMENT '更新用户',`user_type` char(2) DEFAULT '0' COMMENT '用户类型，0-普通用户，1-超级管理员',`group_id` int DEFAULT NULL COMMENT '分组id',PRIMARY KEY (`id`)) ENGINE=InnoDB DEFAULT CHARSET=utf8mb3

共用属性

package com.test.user.entity;import com.baomidou.mybatisplus.annotation.FieldFill;import com.baomidou.mybatisplus.annotation.IdType;import com.baomidou.mybatisplus.annotation.TableField;import com.baomidou.mybatisplus.annotation.TableId;import com.fasterxml.jackson.annotation.JsonFormat;import lombok.Data;import java.io.Serializable;import java.util.Date;/*** @author清梦* @site * @company xxx公司* @create -05-06 15:11*/@Datapublic abstract class AbstractEntity implements Serializable {@TableId(type = IdType.AUTO)private Integer id;@JsonFormat(pattern = "yyyy-MM-dd HH:mm:ss")@TableField(fill = FieldFill.INSERT)private Date createTime;@JsonFormat(pattern = "yyyy-MM-dd HH:mm:ss")@TableField(fill = FieldFill.INSERT_UPDATE)private Date updateTime;@TableField(fill = FieldFill.INSERT)private String createUser;@TableField(fill = FieldFill.INSERT_UPDATE)private String updateUser;}

共用属性自动填充配置

package com.test.user.handler;import com.baomidou.mybatisplus.core.handlers.MetaObjectHandler;import com.test.user.entity.AbstractEntity;import org.apache.ibatis.reflection.MetaObject;import org.springframework.security.authentication.AnonymousAuthenticationToken;import org.springframework.security.core.Authentication;import org.springframework.security.core.context.SecurityContextHolder;import org.ponent;import javax.xml.crypto.Data;import java.util.Date;import java.util.Objects;/*** @author清梦* @site * @company xxx公司* @create -05-09 15:16*/@Componentpublic class DefaultFieldFillHandler implements MetaObjectHandler {@Overridepublic void insertFill(MetaObject metaObject) {if (Objects.nonNull(metaObject) && metaObject.getOriginalObject() instanceof AbstractEntity){AbstractEntity abstractEntity = (AbstractEntity)metaObject.getOriginalObject();Date now = new Date();abstractEntity.setCreateTime(now);abstractEntity.setUpdateTime(now);String username = getLoginUserName();abstractEntity.setCreateUser(username);abstractEntity.setUpdateUser(username);}}@Overridepublic void updateFill(MetaObject metaObject) {Object updateTime = getFieldValByName("updateTime", metaObject);if (Objects.isNull(updateTime)){setFieldValByName("updateTime",new Date(),metaObject);}Object updateUser = getFieldValByName("updateUser", metaObject);if (Objects.isNull(updateUser)){setFieldValByName("updateUser",getLoginUserName(),metaObject);}}public String getLoginUserName(){String username = "anonymous";Authentication authentication = SecurityContextHolder.getContext().getAuthentication();if (!(authentication instanceof AnonymousAuthenticationToken)){username = authentication.getName();}return username;}}

实体类

package com.test.user.entity;import com.baomidou.mybatisplus.annotation.TableName;import lombok.Data;import org.hibernate.validator.constraints.Length;import javax.validation.constraints.NotBlank;import javax.validation.constraints.Pattern;/*** @author清梦* @site * @company xxx公司* @create -05-06 10:06*/@Data@TableName("user")public class User extends AbstractEntity{@NotBlank(message = "请输入用户名")@Length(message = "不能超过 {max} 个字符",max = 20)private String username;@NotBlank(message = "请输入密码")@Length(message = "最少为{min}个字符",min = 6)private String password;@NotBlank(message = "请输入手机号")@Pattern(regexp = "^1[34578][0-9]{9}$",message = "请输入正确的手机号")private String phone;private Integer groupId;private String userType;}

security配置

package com.test.user.config;import org.springframework.context.annotation.Bean;import org.springframework.context.annotation.Configuration;import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;import org.springframework.security.config.annotation.web.builders.HttpSecurity;import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;import org.springframework.security.core.userdetails.UserDetailsService;import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;import org.springframework.security.crypto.password.PasswordEncoder;import javax.annotation.Resource;/*** @author清梦* @site * @company xxx公司* @create -05-06 15:15*/@Configuration@EnableGlobalMethodSecurity(securedEnabled = true,prePostEnabled = true)public class SecurityConfig extends WebSecurityConfigurerAdapter {@Resourceprivate UserDetailsService userDetailsService;@BeanPasswordEncoder getPasswordEncoder(){return new BCryptPasswordEncoder();}//security的鉴权排除列表private static final String [] excludeAuthPages = {"/user/login","/login"};@Overrideprotected void configure(AuthenticationManagerBuilder auth) throws Exception {auth.userDetailsService(userDetailsService).passwordEncoder(getPasswordEncoder());}@Overrideprotected void configure(HttpSecurity http) throws Exception {http.cors().and().csrf().disable().authorizeRequests().antMatchers(excludeAuthPages).permitAll().anyRequest().permitAll().and().formLogin().loginPage("/login.html").loginProcessingUrl("/login").and().exceptionHandling().accessDeniedPage("/403.html").and().logout().invalidateHttpSession(true).deleteCookies().clearAuthentication(true).logoutSuccessUrl("/login.html");}}

实现UserDetailsService接口的loadUserByUsername方法

这个方法具体实现在用户实现类中，具体代码在用户实现类中给出

用户接口

package com.test.user.controller;import com.test.user.entity.User;import com.test.user.service.UserService;import io.swagger.annotations.Api;import org.springframework.beans.factory.annotation.Autowired;import org.springframework.http.ResponseEntity;import org.springframework.security.access.prepost.PreAuthorize;import org.springframework.security.crypto.password.PasswordEncoder;import org.springframework.stereotype.Controller;import org.springframework.ui.Model;import org.springframework.web.bind.annotation.*;import java.util.List;/*** @author清梦* @site * @company xxx公司* @create -05-06 14:35*/@Api(tags = "用户管理")@Controllerpublic class UserController {@AutowiredUserService userService;@AutowiredPasswordEncoder passwordEncoder;@PreAuthorize("hasAnyAuthority('user:select')")@RequestMapping("/toUserList")public String toUserList(Model model){List<User> userList = userService.getUserList();model.addAttribute("userList",userList);return "userList";}@PreAuthorize("hasAnyAuthority('user:save')")@RequestMapping("/toAddUser")public String toSave(){return "addUser";}@PreAuthorize("hasAnyAuthority('user:save')")@RequestMapping("/addUser")public String save(User user){String password = user.getPassword();user.setPassword(passwordEncoder.encode(password));userService.saveOrUpdate(user);return "redirect:/toUserList";}@PreAuthorize("hasAnyAuthority('user:save')")@RequestMapping("/toEditUser")public String toUpdateUser(Integer id,Model model) {User user=userService.getById(id);System.out.println("id="+user.getId());model.addAttribute("user",user);return "updateUser";}@PreAuthorize("hasAnyAuthority('user:save')")@RequestMapping("/updateUser")public String updateUser(User user) {userService.saveOrUpdate(user);return "redirect:/toUserList";}@PreAuthorize("hasAnyAuthority('user:delete')")@RequestMapping("/delete")public String delete(Integer id){userService.delete(id);return "redirect:/toUserList";}}

mapper

package com.test.user.mapper;import com.baomidou.mybatisplus.core.mapper.BaseMapper;import com.test.user.entity.User;import com.test.user.vo.RoleVo;import org.apache.ibatis.annotations.Mapper;import org.apache.ibatis.annotations.Select;import org.springframework.stereotype.Repository;import java.util.List;/*** @author清梦* @site * @company xxx公司* @create -05-06 14:42*/@Repository@Mapperpublic interface UserMapper extends BaseMapper<User> {@Select("select ur.role_id,r.role_code from user_role ur join role r on ur.role_id = r.id where user_id = #{userId} ")List<RoleVo> selectRole(Integer userId);@Select("select distinct(permission_code) from permission")List<String> selectAllPermission();@Select("select distinct(role_code) from role")List<String> selectAllRole();}

service

package com.test.user.service;import com.baomidou.mybatisplus.core.metadata.IPage;import com.baomidou.mybatisplus.extension.service.IService;import com.test.user.entity.User;import java.util.List;import java.util.Map;/*** @author清梦* @site * @company xxx公司* @create -05-06 14:44*/public interface UserService extends IService<User> {List<User> getUserList();void delete(Integer userId);}

实现类

package com.test.user.service.impl;import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;import com.baomidou.mybatisplus.core.metadata.IPage;import com.baomidou.mybatisplus.extension.plugins.pagination.Page;import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;import com.test.user.entity.CustomerUserDetails;import com.test.user.entity.RoleMenu;import com.test.user.entity.User;import com.test.user.entity.UserRole;import com.test.user.enums.UserTypeEnum;import com.test.user.mapper.RoleMenuMapper;import com.test.user.mapper.UserMapper;import com.test.user.mapper.UserRoleMapper;import com.test.user.service.RoleMenuService;import com.test.user.service.UserService;import com.test.user.vo.RoleVo;import lombok.extern.slf4j.Slf4j;import mons.lang3.StringUtils;import org.springframework.beans.factory.annotation.Autowired;import org.springframework.security.core.userdetails.UserDetails;import org.springframework.security.core.userdetails.UserDetailsService;import org.springframework.security.core.userdetails.UsernameNotFoundException;import org.springframework.stereotype.Service;import org.springframework.transaction.annotation.Transactional;import java.util.ArrayList;import java.util.Arrays;import java.util.Collections;import java.util.List;import java.util.stream.Collectors;/*** @author清梦* @site * @company xxx公司* @create -05-06 14:45*/@Service@Slf4jpublic class UserServiceImpl extends ServiceImpl<UserMapper,User> implements UserDetailsService, UserService {@Autowiredprivate UserMapper userMapper;@Autowiredprivate UserRoleMapper userRoleMapper;@Autowiredprivate RoleMenuMapper roleMenuMapper;@Overridepublic UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {LambdaQueryWrapper<User> queryWrapper = new LambdaQueryWrapper<>();queryWrapper.eq(User::getUsername,username);User user = userMapper.selectOne(queryWrapper);if (null == user){log.error("用户名或密码错误");throw new UsernameNotFoundException("用户名或密码错误");}//查询角色及权限List<String> authoritiesList = new ArrayList<>();Integer userId = user.getId();String userType = user.getUserType();log.info("userType:{}",userType.toString());List<RoleVo> roleVos = userMapper.selectRole(userId);List<String> authPermissions = new ArrayList<>();List<String> roleList = new ArrayList<>();List<String> finalRoleList = roleList;List<String> finalAuthPermissions = authPermissions;roleVos.stream().forEach(vo->{finalRoleList.add(vo.getRoleCode());Integer roleId = vo.getRoleId();List<String> stringList = roleMenuMapper.selectRoleCodesByRoleID(roleId);List<String> permissions = new ArrayList<>();stringList.stream().forEach(list->{if (StringUtils.isNotBlank(list)){permissions.addAll(stringToList(list));}});finalAuthPermissions.addAll(permissions);});if (UserTypeEnum.ROOT.getCode().equals(userType)){authPermissions = userMapper.selectAllPermission();roleList = userMapper.selectAllRole();authoritiesList.addAll(authPermissions);authoritiesList.addAll(roleList);}else {authoritiesList.addAll(finalAuthPermissions);authoritiesList.addAll(finalRoleList);}log.info("{}的权限:{}",user.getUsername(),authPermissions.toString());log.info("{}的角色:{}",user.getUsername(),roleList.toString());authoritiesList = authoritiesList.stream().distinct().collect(Collectors.toList());CustomerUserDetails customerUserDetails = new CustomerUserDetails(user, authoritiesList);return customerUserDetails;}public List<String> stringToList(String list){return Arrays.asList(list.split(","));}@Overridepublic List<User> getUserList() {return userMapper.selectList(null);}@Override@Transactionalpublic void delete(Integer userId) {//1.删除该用户关联的角色菜单记录LambdaQueryWrapper<UserRole> queryWrapper = new LambdaQueryWrapper<>();queryWrapper.eq(UserRole::getUserId,userId);int delete = userRoleMapper.delete(queryWrapper);log.info("删除了{}条记录",delete);//2.删除用户userMapper.deleteById(userId);}}

vo

package com.test.user.vo;import lombok.Data;/*** @author清梦* @site * @company xxx公司* @create -05-12 20:03*/@Datapublic class RoleVo {private Integer roleId;private String roleCode;}

页面

注意：使用thymeleaf语法的页面必须放在/resource/templates/目录下

如图

index.html

<!DOCTYPE html><html lang="en"><head><meta charset="UTF-8"><title>后台管理系统</title></head><body><form action="/logout" method="get"><input type="submit" value="注销"></form><button><a href="/menu/toList">菜单管理</a></button><button><a href="/toUserList">用户管理</a></button><button><a href="/role/toList">角色管理</a></button><button><a href="/permission/toList">权限管理</a></button></body></html>

login.html

<!DOCTYPE html><html lang="en"><head><meta charset="UTF-8"><title>登录页面</title></head><body><h1>欢迎登录XXX系统</h1><form action="/login" method="post">用户名 <input type="text" name="username"><br/>密码 <input type="password" name="password"><br/><button>登录</button></form></body></html>

403.html

<!DOCTYPE html><html lang="en"><head><meta charset="UTF-8"><title>403</title></head><body><h1>没有访问权限，请联系管理员</h1></body></html>

addUser.html

<!DOCTYPE html><html><head><meta charset="utf-8"><title>添加用户</title></head><body><form action="/addUser" method="post">用户名<input type="text" name="username"/><br/>密码<input type="text" name="password"/><br/>电话号码<input type="text" name="phone"/><br/>用户类型<input type="radio" name="userType" value="1"/>超级管理员<input type="radio" name="userType" value="0"/>普通用户<br/><input type="submit" value="保存"/></form></body></html>

updateUser.html

<!DOCTYPE html><html lang="en" xmlns:th=""><head><meta charset="UTF-8"><title>编辑用户</title></head><body><form action="/updateUser" method="post">用户id<input type="number" name="id" th:value="${user.id}"/><br/>用户名<input type="text" name="username" th:value="${user.username}"/><br/>密码<input type="text" name="password" th:value="${user.password}"/><br/>电话号码<input type="text" name="phone" th:value="${user.phone}"/><br/>用户类型<input type="text" name="userType" th:value="${user.userType}"/><br/><input type="submit" value="保存"/></form></body></html>

userList.html

<!DOCTYPE html><html lang="en" xmlns:th=""><head><meta charset="UTF-8"><title>用户管理</title></head><body><a href="/toAddUser">添加用户</a><br/><a href="/index.html">返回首页</a><table border="1" cellpadding="1" cellspacing="1"><tr><th>用户id</th><th>用户名</th><th>密码</th><th>电话号码</th><th>用户类型</th><th>创建时间</th><th>创建用户</th><th>更新时间</th><th>更新用户</th><th>操作</th></tr><tr th:each="user,status:${userList}"><td th:text="${user.id}"></td><td th:text="${user.username}"></td><td th:text="${user.password}"></td><td th:text="${user.phone}"></td><td th:text="${user.userType == '1'?'超级管理员':'普通用户'}"></td><td th:text="${#dates.format(user.createTime,'yyyy-MM-dd HH:mm:ss')}"></td><td th:text="${user.createUser}"></td><td th:text="${#dates.format(user.updateTime,'yyyy-MM-dd HH:mm:ss')}"></td><td th:text="${user.updateUser}"></td><td><a th:href="'/delete?id='+${user.id}">删除</a><a th:href="'/toEditUser?id='+${user.id}">编辑</a><a href="/userRole/toList">配置角色</a></td></tr></table></body></html>

其他模块管理代码看源码，基本雷同。

运行

运行项目

启动成功后，打开浏览器，输入

http://localhost:9011/，即可进入首页，

查看其他菜单需要登录，输入用户名：admin,密码：123456，以超级管理员登入，拥有所有权限；输入用户名：查询角色,密码：123456，只能查看列表。