Template应用接入lib-security
简介
模版应用包括Velocity、Thymeleaf等模版构建的web应用,前后端的资源集成在一起部署。
接入示例
application.yml配置如下
app:
type: TEMPLATE
security:
basePath: '/auth'
cookieKey: 'AES256_CBC16:YDD7uVFNpvkId8HWI6xTfOeRW3O6Wk3FDuGJdnGDhiD='
defaultTestUser: 'test_user'
enabled: true
jwtKey: 'HS512:Ve+/vU5u77+977+977+977+977+9Acu/77+977+977+9OXrvv71XH++/vRLvv73vv73vv73vv71577+9fQLvv73vv71eB++/vW7vv71g77+977+977+9L++/vWDvv73vv73vv71577+9VO+/ve+/vR3vv73vv73Coemfv++/ve+/vQ=='
loginKey: 'RSA1024_PAIR_PKCS1_X509:MIICWwIBAAKBgQCRXunHa+5hw+L39UZoIFhPwPR9gBvdlEvlXAH4biP+GNb8OH77OjMsfjfs3dXs3QqwXMajJUKZFpX1v+w/ilZ9muvty4/wfQlx5qy305Ui6mRqpIQKKxkwgAS+LTVCh+AeFWfB9G/OVA/khp73VQ3/IPoqgcPG+e/RD/kdFwTozwIDAQABAoGAALbYqzQqjaxqtxErcWOHS40FJoC0olgSL2ROViwkXSE+HSsh5JYankNYfv9wB6PmY4txJmgOdbYYsoZo4L8LQbzV02cEzAibAltvS8JUZ0XWNbnhRnSvY+GJ24hf1BHIJGjBnkQDK/XrDw8Xzt2bSDlWyWH4iEC7PgpghQpHRZECQQDB1GK0U3iDofSJkdLpypxWE6T6MBl7RJCOROj56cXIaVcamOKD1D+x+aDrP7wH2Crhn5X83cTDGekDEIzs0tHjAkEAv/+A4QP61ZgEKn+1gk7RHw/tWHBLWhb1EcIpShBNWx8sB4G8wI7brf858iLXl9NhROkcqYmbchG3D6SnYZmRJQJAR8kxBTgk2huRRaIMSyoO3JJJ95740P6Dyy0aW/SIm8Dn0aHtwoVJUdDyGC5ypTUaLJW+Jvi7dsaR1eC7ULqDoQJAHoSNRrbsOuEz4FF2V2URxl8wubr3rzUw9Qaoq3YV5aL5y6OqjeznLCwCWOOC40YdEuf+v0/5HlOEhn8Ef/X55QJAKktna3oDVsfsTH6REVLz8kjvhILJ5yk493/yjTZxpcpcVv8LGjuCKtIn3NdCRoeIC1K+oLzbBB6U+J8Uu5aeSA==:MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCRXunHa+5hw+L39UZoIFhPwPR9gBvdlEvlXAH4biP+GNb8OH77OjMsfjfs3dXs3QqwXMajJUKZFpX1v+w/ilZ9muvty4/wfQlx5qy305Ui6mRqpIQKKxkwgAS+LTVCh+AeFWfB9G/OVA/khp73VQ3/IPoqgcPG+e/RD/kdFwTozwIDAQAB'
loginProcessingUrl: '/login'
loginPublicKeyUrl: '/login/rsaPublicKey'
logoutUrl: '/logout'
permited: '/fonts/*,/img/*,/images/*,/js/*,/login*,/css/*'
loginPage : '/login.do'
authSucessHandler : '/cluster/list.do'
用户模型
继承
cn.home1.oss.lib.security.api.AbstractUser类并实现父类抽象方法,按需覆写父类方法。关于额外的用户信息,可以通过扩展public Map<String, Object> getProperties()来实现
角色模型
继承
cn.home1.oss.lib.security.api.AbstractRole类,来存储用户角色的信息,
权限模型
继承
cn.home1.oss.lib.security.api.StaticPrivilege类,来做静态资源权限的定义,
Service层实现
- 继承
cn.home1.oss.lib.security.api.BaseUserDetailsAuthenticationProvider抽象类, 该类已经实现了UserDetailsService接口并hook了ContextRefreshedEvent事件. - lib-security不假定用户的存储逻辑,用户只需重写 findByName、save、delete等方法即可.
- 可以重写该类的 testUsers 方法,生成测试用户方便测试。
- lib-security配置中的defaultTestUser属性需要配合该方法使用,测试用户必须在用户提供的测试用户列表中进行选择。
Controller层实现
需要实现进入登陆页的入口和登陆成功后跳转的页面,这里成功后跳转到的页面没有列出
@Controller
@RequestMapping("/auth")
public class AuthAction extends AbstractAction {
/**
* 登录页跳转
*
* @param map
* @param request
* @return
*/
@RequestMapping(value = "/login", method = RequestMethod.GET)
public String login(ModelMap map, HttpServletRequest request) {
map.put(getFlag(), "active");
map.put(TITLE, "login");
return "login";
}
}