Spring Security开发安全的REST服务之项目搭建

Posted 沸羊羊一个

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Spring Security开发安全的REST服务之项目搭建相关的知识,希望对你有一定的参考价值。

前言

实现达到的效果:
1、深入理解Spring Security及相关框架的原理、功能和代码。
2、可以基于Spring Security及相关框架独立开发认证授权相关功能。
3、掌握抽象和封装的常用技巧,可以编写可重用的模块供他人使用。

涉及的三个spring项目:

项目搭建

1、代码结构

2、构建maven项目

具体maven项目的构建在这里不多说了,非常简单。可以参考这篇文章IntelliJ IDEA创建maven多模块项目 ,按照上面的代码结构构建。搭建好的项目如下:

3、配置pom依赖
3.1、配置主模块依赖

immoc-security pom.xml

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>

    <groupId>com.immoc.security</groupId>
    <artifactId>immoc-seccurity</artifactId>
    <packaging>pom</packaging>
    <version>1.0-SNAPSHOT</version>

    <!--版本变量-->
    <properties>
        <imooc.security.version>1.0-SNAPSHOT</imooc.security.version>
    </properties>

    <dependencyManagement>
        <dependencies>
            <!--spring io 用于管理maven依赖的版本-->
            <dependency>
                <groupId>io.spring.platform</groupId>
                <artifactId>platform-bom</artifactId>
                <version>Brussels-SR6</version>
                <type>pom</type>
                <scope>import</scope>
            </dependency>
            <!---引入spring cloud,注意选择的是ga版本-->
            <dependency>
                <groupId>org.springframework.cloud</groupId>
                <artifactId>spring-cloud-dependencies</artifactId>
                <version>Dalston.SR5</version>
                <type>pom</type>
                <scope>import</scope>
            </dependency>
        </dependencies>
    </dependencyManagement>

    <build>
        <plugins>
            <!--编译插件-->
            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-compiler-plugin</artifactId>
                <version>2.3.2</version>
                <configuration>
                    <source>1.8</source>
                    <target>1.8</target>
                    <encoding>UTF-8</encoding>
                </configuration>
            </plugin>
        </plugins>
    </build>

    <!--引入子模块-->
    <modules>
        <module>immoc-security-code</module>
        <module>immoc-security-app</module>
        <module>immoc-security-browser</module>
        <module>immoc-security-demo</module>
    </modules>


</project>
3.2、子模块immoc-security-code的依赖

immoc-security-code pom.xml

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>
    <artifactId>immoc-security-code</artifactId>
    <parent>
        <artifactId>immoc-seccurity</artifactId>
        <groupId>com.immoc.security</groupId>
        <version>1.0-SNAPSHOT</version>
    </parent>


     <dependencies>
         <!--用于引入spring security相关的包和oauth jar-->
         <dependency>
             <groupId>org.springframework.cloud</groupId>
             <artifactId>spring-cloud-starter-oauth2</artifactId>
         </dependency>
         <!--redis存储-->
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-data-redis</artifactId>
         </dependency>
         <!--jdbc存储-->
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-jdbc</artifactId>
         </dependency>
         <!--mysql 驱动-->
         <dependency>
             <groupId>mysql</groupId>
             <artifactId>mysql-connector-java</artifactId>
         </dependency>
         <!--引入spring social 相关包,可用于第三方登录-->
         <dependency>
             <groupId>org.springframework.social</groupId>
             <artifactId>spring-social-config</artifactId>
         </dependency>
         <dependency>
             <groupId>org.springframework.social</groupId>
             <artifactId>spring-social-core</artifactId>
         </dependency>
         <dependency>
             <groupId>org.springframework.social</groupId>
             <artifactId>spring-socail-security</artifactId>
         </dependency>
         <dependency>
             <groupId>org.springframework.social</groupId>
             <artifactId>spring-social-web</artifactId>
         </dependency>
         <!--引入jdk工具包-->
         <dependency>
             <groupId>commons-lang</groupId>
             <artifactId>commons-lang</artifactId>
         </dependency>
         <dependency>
             <groupId>commons-collections</groupId>
             <artifactId>commons-collections</artifactId>
         </dependency>
         <dependency>
             <groupId>commons-beanutils</groupId>
             <artifactId>commons-beanutils</artifactId>
         </dependency>
     </dependencies>

</project>
3.3、子模块immoc-security-app依赖

immoc-security-app pom.xml

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <parent>
        <artifactId>immoc-seccurity</artifactId>
        <groupId>com.immoc.security</groupId>
        <version>1.0-SNAPSHOT</version>
    </parent>
    <modelVersion>4.0.0</modelVersion>

    <artifactId>immoc-security-app</artifactId>


    <!--引入imooc-security-code子模块-->
    <dependencies>
        <dependency>
            <groupId>com.immoc.security</groupId>
            <artifactId>immoc-security-demo</artifactId>
            <version>$imooc.security.version</version>
        </dependency>
    </dependencies>
</project>
3.4、子模块immoc-security-browser依赖

immoc-security-browser pom.xml

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <parent>
        <artifactId>immoc-seccurity</artifactId>
        <groupId>com.immoc.security</groupId>
        <version>1.0-SNAPSHOT</version>
    </parent>
    <modelVersion>4.0.0</modelVersion>

    <artifactId>immoc-security-browser</artifactId>


    <dependencies>
        <!--引入imooc-security-code子模块-->
        <dependency>
            <groupId>com.immoc.security</groupId>
            <artifactId>immoc-security-code</artifactId>
            <version>$imooc.security.version</version>
        </dependency>
        <!--引入session-->
        <dependency>
            <groupId>org.springframework.session</groupId>
            <artifactId>spring-session</artifactId>
        </dependency>
    </dependencies>

</project>
3.5、子模块immoc-security-demo依赖

immoc-security-demo pom.xml

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <parent>
        <artifactId>immoc-seccurity</artifactId>
        <groupId>com.immoc.security</groupId>
        <version>1.0-SNAPSHOT</version>
    </parent>
    <modelVersion>4.0.0</modelVersion>

    <artifactId>immoc-security-demo</artifactId>


    <dependencies>
        <!--引入imooc-security-browser子模块-->
        <dependency>
            <groupId>com.immoc.security</groupId>
            <artifactId>immoc-security-browser</artifactId>
            <version>$imooc.security.version</version>
        </dependency>
    </dependencies>
    <build>
        <plugins>
           <!--打包的插件-->
            <plugin>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-maven-plugin</artifactId>
                <version>1.3.3.RELEASE</version>
                <executions>
                    <execution>
                        <goals>
                            <goal>repackage</goal>
                        </goals>
                    </execution>
                </executions>
            </plugin>
        </plugins>
        <finalName>demo</finalName><!--打包后的jar名称-->
    </build>
</project>

4、Hello Spring Security

初步环境已搭建好,下面编写hello测试。
immoc-security-demo模块下新建DemoApplication类测试:

package com.immoc;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;
/**
 * Created by zhixinhua on 18/1/20.
 */
@SpringBootApplication
@RestController
public class DemoApplication 

    public static void main(String[] args) 
        SpringApplication.run(DemoApplication.class,args);
    

    @GetMapping("/hello")
    public String hello()
        return "hello spring security!";
    

好了,总于可以跑起来了试试……

很遗憾,跑起来就抛出如下错误:
问题一:没有配置数据库链接

ok,那就配置数据库链接吧,新建application.properties(噢噢,当然要先创建数据库,这里就不详细说了)

application.properties

spring.datasource.driver-class-name=com.mysql.jdbc.Driver
spring.datasource.url=jdbc:mysql://127.0.0.1:3306/springsecurity?useUnicode=true&characterEncoding=UTF-8
spring.datasource.username=root
spring.datasource.password=123456

问题二:由于在immoc-security-browser模块下加入了 集群环境下session的管理,所以报没有配置spring session存储管理。

目前我们暂时没有用到,先关闭。在application.properties中添加:

spring.session.store-type=none

到此,终于控制台没有报错了。访问http://localhost:7070/hello ,给我们弹出身份验证。

………用户名、密码是什么?????? 我现在也不知道,好吧!关掉它!!!
在application.properties中添加关闭基本的鉴权:

security.basic.enabled=false

重新启动,大功告成!!

完整的application.properties

#连数据连接配置
spring.datasource.driver-class-name=com.mysql.jdbc.Driver
spring.datasource.url=jdbc:mysql://127.0.0.1:3306/springsecurity?useUnicode=true&characterEncoding=UTF-8
spring.datasource.username=root
spring.datasource.password=123456

#不需将session放入redis
spring.session.store-type=none
#关闭基本的鉴权
security.basic.enabled=false
#配置端口
server.port=7070

5、也可以使用maven把项目打包发布

5.1、immoc-security-demo的pom添加打包插件
<build>
        <plugins>
           <!--打包的插件-->
            <plugin>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-maven-plugin</artifactId>
                <version>1.3.3.RELEASE</version>
                <executions>
                    <execution>
                        <goals>
                            <goal>repackage</goal>
                        </goals>
                    </execution>
                </executions>
            </plugin>
        </plugins>
        <finalName>demo</finalName><!--打包后的jar名称-->
    </build>
5.2、maven 命令clean package运行项目

IntelliJ IDEA运行maven程序可参考IntelliJ IDEA 14 如何运行maven程序。

打包后可以看到immoc-security-demo target目录下多了demo.jar和demo.jar.original

5.3、执行demo.jar

切换到demo.jar所在目录,执行“java -jar demo.jar“,启动项目。

启动成功后即可访问。


项目搭建已完成,待续。。。。。。。

demo源码

以上是关于Spring Security开发安全的REST服务之项目搭建的主要内容,如果未能解决你的问题,请参考以下文章

Spring(Websockets / REST / Security)、JWT 和 Sockjs(Stomp)集成

Spring MVC 和 Spring REST 的 Spring Security

SpringCloud - Spring Cloud 之 Security服务安全机制(二十)

使用 Spring Security 保护 REST 端点

从移动设备登录 Spring Security、Rest api 和 Facebook

Spring boot:无法从另一个 Origin 访问安全资源 - CORS - Spring Security - Spring data rest