SpringSecurity + JWT 2025最新版 SpringSecurity角色权限控制 SpringSecurity6

原创 已于 2025-03-13 16:23:49 修改 · 1.9k 阅读 · 22 ·
本内容遵循CC 4.0 BY-SA版权协议
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
GEO检测
标签
#java #spring #spring boot #servlet #hibernate
#后端 #mysql
于 2024-09-01 23:28:01 首次发布
Python3.8

Python3.8

Conda
Python

Python 是一种高级、解释型、通用的编程语言,以其简洁易读的语法而闻名,适用于广泛的应用,包括Web开发、数据分析、人工智能和自动化脚本

文章目录

  • 前言
  • 完整代码
    • pom.xml(引入项目所需依赖)
    • application.properties(配置数据库连接)
    • JwtUtil.java(生成、校验、解析JWT)
    • JsonUtil.java(对象转JSON)
    • User.java(用户实体)
    • UserRepository.java(用户数据接口)
    • UserService(实现UserDetailsService)
    • UserController.java(测试权限)
    • JwtAuthenticationFilter(验证JWT是否合法)
    • SecurityConfig.java(SpringSecurity配置类)
    • Result.java(封装返回信息)
    • JwtAccessDeniedHandler.java(处理请求路径无权限)
    • JwtAuthenticationEntryPoint.java(处理无效JWT/未认证用户)
    • LoginFailureHandler.java(处理登录失败逻辑)
    • LoginSuccessHandler.java(处理登录成功逻辑)
  • 效果检验
    • 1.测试用户注册功能
    • 2.测试角色user功能
    • 3.测试角色admin功能
    • 4.测试超时处理
    • 5.测试未登录用户

前言

本文默认读者已了解相关知识,所以只介绍代码。
本文尽量使用官方提供的方法尽量简略的实现SpringSecurity+JWT,更多自定义功能需读者扩展。
项目环境:SpringBoot3、JDK21、Mysql8、SpringSecurity6、auth0 JWT

完整代码

pom.xml(引入项目所需依赖)

		<!-- Lombok -->
        <dependency>
            <groupId>org.projectlombok</groupId>
            <artifactId>lombok</artifactId>
            <scope>provided</scope>
        </dependency>

        <!--Json-->
        <dependency>
            <groupId>com.google.code.gson</groupId>
            <artifactId>gson</artifactId>
            <version>2.8.9</version>
        </dependency>

        <!--Spring Starter-->
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>

        <!--JPA-->
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-data-jpa</artifactId>
        </dependency>

        <!-- MySQL -->
        <dependency>
            <groupId>com.mysql</groupId>
            <artifactId>mysql-connector-j</artifactId>
        </dependency>

        <!-- SpringSecurity -->
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency>

        <!-- auth0 JWT -->
        <dependency>
            <groupId>com.auth0</groupId>
            <artifactId>java-jwt</artifactId>
            <version>3.18.2</version>
        </dependency>

        <!--开发时用(自动应用程序重启,自动加载静态资源,禁用模板缓存,全局错误页面)-->
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-devtools</artifactId>
            <optional>true</optional>
        </dependency>

application.properties(配置数据库连接)

# Mysql数据库连接配置
spring.datasource.url=jdbc:mysql://localhost:3306/windows?serverTimezone=UTC
spring.datasource.username=root
spring.datasource.password=123456
spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver

# Hibernate配置
spring.jpa.hibernate.ddl-auto=update
spring.jpa.show-sql=true

JwtUtil.java(生成、校验、解析JWT)

import com.auth0.jwt.JWT;
import com.auth0.jwt.JWTVerifier;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.exceptions.JWTVerificationException;
import com.auth0.jwt.interfaces.Claim;
import com.auth0.jwt.interfaces.DecodedJWT;

import jakarta.servlet.http.HttpServletRequest;

import java.util.*;

import org.springframework.util.StringUtils;

public class JwtUtil {
    private static final String jwtKey = "123456";
    private static final Integer expiredTimeInSeconds = 60;

    public static String generateToken(String username) {
        Algorithm algorithm = Algorithm.HMAC256(jwtKey);
        Date now = new Date();
        Date expiration = new Date(now.getTime() + expiredTimeInSeconds * 1000L);

        return JWT.create()
                .withClaim("username", username)
                .withExpiresAt(expiration)
                .withIssuedAt(now)
                .sign(algorithm);
    }

    public static Optional<Map<String, Claim>> getClaims(String token) {
        Algorithm algorithm = Algorithm.HMAC256(jwtKey);
        JWTVerifier verifier = JWT.require(algorithm).build();

        try {
            DecodedJWT decodedJWT = verifier.verify(token);
            return Optional.of(decodedJWT.getClaims());
        } catch (JWTVerificationException e) {
            return Optional.empty();
        }
    }

    public static boolean validateToken(String token) {
        Algorithm algorithm = Algorithm.HMAC256(jwtKey);
        JWTVerifier verifier = JWT.require(algorithm).build();

        try {
            verifier.verify(token);
            return true;
        } catch (JWTVerificationException e) {
            return false;
        }
    }

    public static String getTokenFromRequest(HttpServletRequest request) {
        String bearerToken = request.getHeader("Authorization");
        if (StringUtils.hasText(bearerToken) && bearerToken.startsWith("Bearer ")) {
            return bearerToken.substring(7, bearerToken.length());
        }
        return null;
    }
}

JsonUtil.java(对象转JSON)

import com.google.gson.Gson;

public class JsonUtil {
    public static String ObjectToJson(Object object) {
        Gson gson = new Gson();
        return gson.toJson(object);
    }
}

User.java(用户实体)

import jakarta.persistence.Entity;
import jakarta.persistence.GeneratedValue;
import jakarta.persistence.GenerationType;
import jakarta.persistence.Id;
import lombok.Data;

@Data
@Entity
public class User {
    @Id
    @GeneratedValue(strategy = GenerationType.IDENTITY)
    private Long id;

    private String username;
    private String password;
    private String role;
}

UserRepository.java(用户数据接口)

import java.util.Optional;

import org.springframework.data.jpa.repository.JpaRepository;
import org.springframework.stereotype.Repository;

import com.example.windows.windows.enity.User;

@Repository
public interface UserRepository extends JpaRepository<User, Long> {
    Optional<User> findByUsername(String username);
}

UserService(实现UserDetailsService)

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.stereotype.Service;

import com.example.windows.windows.enity.User;
import com.example.windows.windows.repository.UserRepository;

import java.io.File;
import java.util.ArrayList;
import java.util.List;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.stereotype.Service;

import com.example.windows.windows.enity.User;
import com.example.windows.windows.repository.UserRepository;

import java.io.File;
import java.util.ArrayList;
import java.util.List;

@Service
public class UserService implements UserDetailsService {
    @Autowired
    private UserRepository userRepository;

    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
        User user = userRepository.findByUsername(username)
                .orElseThrow(() -> new UsernameNotFoundException("User not found with username: " + username));

        List<GrantedAuthority> authorities = new ArrayList<>();
        authorities.add(new SimpleGrantedAuthority(user.getRole()));

        return new org.springframework.security.core.userdetails.User(user.getUsername(), user.getPassword(),
                authorities);
    }

    public User register(String username,String password) {
        User user = new User();
        if (userRepository.findByUsername(username).isPresent()) {
            return null;
        }
        user.setUsername(username);
        user.setPassword(new BCryptPasswordEncoder().encode(password));
        user.setRole("user");
        return userRepository.save(user);
    }
}

UserController.java(测试权限)

import org.springframework.web.bind.annotation.*;
import org.springframework.web.bind.annotation.GetMapping;

@RestController
@RequestMapping("/api/user")
public class UserController {
    @GetMapping("/test")
    public String test() {
        return "test";
    }

    @GetMapping("/adminTest")
    public String adminTest() {
        return "adminTest";
    }

    @GetMapping("/userTest")
    public String userTest() {
        return "userTest";
    }
}

JwtAuthenticationFilter(验证JWT是否合法)

import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
import org.springframework.util.StringUtils;
import org.springframework.web.filter.OncePerRequestFilter;

import com.auth0.jwt.interfaces.Claim;
import com.example.windows.windows.service.UserService;
import com.example.windows.windows.utils.JwtUtil;

import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import lombok.RequiredArgsConstructor;

import java.io.IOException;
import java.util.Map;
import java.util.Optional;

@RequiredArgsConstructor
public class JwtAuthenticationFilter extends OncePerRequestFilter {
    private UserService userService;

    public JwtAuthenticationFilter(UserService userService) {
        this.userService = userService;
    }

    @Override
    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
            throws ServletException, IOException {
        String jwt = JwtUtil.getTokenFromRequest(request);
        if (StringUtils.hasText(jwt) && JwtUtil.validateToken(jwt)) {
            Optional<Map<String, Claim>> claims = JwtUtil.getClaims(jwt);
            Claim usernameClaim = claims.get().get("username");
            String username = usernameClaim.asString();
            UserDetails userDetails = userService.loadUserByUsername(username);
            UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(
                    userDetails,
                    null,
                    userDetails.getAuthorities());

            authenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
            SecurityContextHolder.getContext().setAuthentication(authenticationToken);
        }
        filterChain.doFilter(request, response);
    }
}

SecurityConfig.java(SpringSecurity配置类)

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

import com.example.windows.windows.filter.JwtAuthenticationFilter;
import com.example.windows.windows.handle.JwtAccessDeniedHandler;
import com.example.windows.windows.handle.JwtAuthenticationEntryPoint;
import com.example.windows.windows.handle.LoginFailureHandler;
import com.example.windows.windows.handle.LoginSuccessHandler;
import com.example.windows.windows.service.UserService;

import lombok.RequiredArgsConstructor;

@Configuration
@EnableWebSecurity
@RequiredArgsConstructor
public class SecurityConfig {
    private final JwtAuthenticationEntryPoint jwtAuthenticationEntryPoint;
    private final JwtAccessDeniedHandler jwtAccessDeniedHandler;
    private final UserService userService;
    private final LoginFailureHandler loginFailureHandler;
    private final LoginSuccessHandler loginSuccessHandler;

    @Bean
    public AuthenticationManager authenticationManager(AuthenticationConfiguration configuration)
            throws Exception {
        return configuration.getAuthenticationManager();
    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

    @Bean
    SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        http.csrf(csrf -> csrf.disable())
                .addFilterBefore(new JwtAuthenticationFilter(userService), UsernamePasswordAuthenticationFilter.class)
               	.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.NEVER))
                .formLogin(login -> login
                        .loginProcessingUrl("/api/user/login")
                        .usernameParameter("username")
                        .passwordParameter("password")
                        .successHandler(loginSuccessHandler)
                        .failureHandler(loginFailureHandler))
                .authorizeHttpRequests(authorize -> authorize
                        .requestMatchers("/api/user/userTest").hasAnyAuthority("user")
                        .requestMatchers("/api/user/adminTest").hasAnyAuthority("admin")
                        .anyRequest().authenticated())
                .exceptionHandling(exception -> exception
                        .accessDeniedHandler(jwtAccessDeniedHandler)
                        .authenticationEntryPoint(jwtAuthenticationEntryPoint));
        return http.build();
    }
}

Result.java(封装返回信息)

package com.example.windows.windows.enity;

import java.io.Serializable;
import lombok.Data;

@Data
public class Result implements Serializable {
    private int code;
    private String message;
    private Object data;

    public Result() {}

    public Result(int code, String message, Object data) {
        this.code = code;
        this.message = message;
        this.data = data;
    }
}

JwtAccessDeniedHandler.java(处理请求路径无权限)

import java.io.IOException;
import java.nio.charset.StandardCharsets;

import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.stereotype.Component;

import com.example.windows.windows.enity.Result;
import com.example.windows.windows.utils.JsonUtil;

import jakarta.servlet.ServletException;
import jakarta.servlet.ServletOutputStream;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;

@Component
public class JwtAccessDeniedHandler implements AccessDeniedHandler {
    @Override
    public void handle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse,
            AccessDeniedException e) throws IOException, ServletException {
        httpServletResponse.setContentType("application/json;charset=UTF-8");
        httpServletResponse.setStatus(HttpServletResponse.SC_OK);
        ServletOutputStream outputStream = httpServletResponse.getOutputStream();

        Result result = new Result(401, "权限不足", null);
        outputStream.write(JsonUtil.ObjectToJson(result).getBytes(StandardCharsets.UTF_8));
        outputStream.flush();
        outputStream.close();
    }
}

JwtAuthenticationEntryPoint.java(处理无效JWT/未认证用户)

import java.io.IOException;
import java.nio.charset.StandardCharsets;

import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.stereotype.Component;
import org.springframework.util.StringUtils;

import jakarta.servlet.ServletException;
import jakarta.servlet.ServletOutputStream;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;

import com.example.windows.windows.enity.Result;
import com.example.windows.windows.utils.JsonUtil;
import com.example.windows.windows.utils.JwtUtil;

@Component
public class JwtAuthenticationEntryPoint implements AuthenticationEntryPoint {
    @Override
    public void commence(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse,
            AuthenticationException authenticationException) throws IOException, ServletException {
        httpServletResponse.setContentType("application/json;charset=UTF-8");
        httpServletResponse.setStatus(HttpServletResponse.SC_OK);
        ServletOutputStream outputStream = httpServletResponse.getOutputStream();
        String jwt = JwtUtil.getTokenFromRequest(httpServletRequest);
        Result result = new Result();
        if (StringUtils.hasText(jwt) && JwtUtil.validateToken(jwt)){
            result.setCode(401);
            result.setMessage("JWT无效");
        }
        else{
            result.setCode(401);
            result.setMessage("请先登录");
        }

        outputStream.write(JsonUtil.ObjectToJson(result).getBytes(StandardCharsets.UTF_8));
        outputStream.flush();
        outputStream.close();
    }
}

LoginFailureHandler.java(处理登录失败逻辑)

import java.io.IOException;
import java.nio.charset.StandardCharsets;

import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.stereotype.Component;

import com.example.windows.windows.enity.Result;
import com.example.windows.windows.service.UserService;
import com.example.windows.windows.utils.JsonUtil;
import com.example.windows.windows.utils.JwtUtil;

import jakarta.servlet.ServletException;
import jakarta.servlet.ServletOutputStream;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import lombok.RequiredArgsConstructor;

@Component
@RequiredArgsConstructor
public class LoginFailureHandler implements AuthenticationFailureHandler {
    private final UserService userService;
    Logger logger = LoggerFactory.getLogger(LoginFailureHandler.class);
    @Override
    public void onAuthenticationFailure(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse,
            AuthenticationException authenticationException) throws IOException, ServletException {
        httpServletResponse.setContentType("application/json;charset=UTF-8");
        httpServletResponse.setStatus(HttpServletResponse.SC_OK);
        ServletOutputStream outputStream = httpServletResponse.getOutputStream();
        String username = httpServletRequest.getParameter("username");
        String password = httpServletRequest.getParameter("password");
        Result result = new Result();
        if (userService.register(username,password) == null) {
            result.setCode(401);
            result.setMessage("用户名或密码错误");
        }
        else{
            String jwt = JwtUtil.generateToken(username);
            result.setCode(200);
            result.setMessage("注册成功");
            result.setData(jwt);
        }
        
        outputStream.write(JsonUtil.ObjectToJson(result).getBytes(StandardCharsets.UTF_8));
        outputStream.flush();
        outputStream.close();
    }
}

LoginSuccessHandler.java(处理登录成功逻辑)

import java.io.IOException;
import java.nio.charset.StandardCharsets;

import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.stereotype.Component;

import jakarta.servlet.ServletException;
import jakarta.servlet.ServletOutputStream;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;

import com.example.windows.windows.enity.Result;
import com.example.windows.windows.utils.JsonUtil;
import com.example.windows.windows.utils.JwtUtil;

@Component
public class LoginSuccessHandler implements AuthenticationSuccessHandler {
    @Override
    public void onAuthenticationSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse,
            Authentication authentication) throws IOException, ServletException {
        httpServletResponse.setContentType("application/json;charset=UTF-8");
        httpServletResponse.setStatus(HttpServletResponse.SC_OK);
        ServletOutputStream outputStream = httpServletResponse.getOutputStream();

        String username = httpServletRequest.getParameter("username");
        String jwt = JwtUtil.generateToken(username);
        Result result = new Result(200, "登录成功", jwt);

        outputStream.write(JsonUtil.ObjectToJson(result).getBytes(StandardCharsets.UTF_8));
        outputStream.flush();
        outputStream.close();
    }
}

效果检验

以下均使用postman测试

1.测试用户注册功能

代码中设置了用户不存在自动注册的逻辑
user注册成功
在这里插入图片描述
admin注册成功
在这里插入图片描述
去数据库修改admin用户的权限用于测试
在这里插入图片描述

2.测试角色user功能

登录user用户
在这里插入图片描述
将返回的jwt(data中的字符串)放到Headers中的Authorization中,并添加前缀((Bearer )有个空格)。
有user权限
在这里插入图片描述
没有admin权限
在这里插入图片描述

3.测试角色admin功能

admin登录
在这里插入图片描述
有admin权限
在这里插入图片描述
没有user权限
在这里插入图片描述

4.测试超时处理

在这里插入图片描述

5.测试未登录用户

在这里插入图片描述

您可能感兴趣的与本文相关的镜像

Python3.8

Python3.8

Conda
Python

Python 是一种高级、解释型、通用的编程语言,以其简洁易读的语法而闻名,适用于广泛的应用,包括Web开发、数据分析、人工智能和自动化脚本

Nacos启动异常
you_get_me_there的博客
08-11 8138
可能原因一: 集群切换单机 startup -m standalone 可能原因二: derby-data文件夹内文件解析失败 解决方案: 删了derby-data文件夹重启就行 报错信息(供网友搜索): 2021-08-11 13:11:37,550 WARN Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.U
Spring Security 6 系列之九 - 集成JWT
最新发布
代码让AI扣
12-26 2213
1)不清楚的可以回顾lesson03子模块,这里做了一些小改动2) 在entity包下新增LoginUserDetails类,自定义类为了能够Redis序列化,之前使用Security默认的User,在Redis反序列化会报错@Data@Override@Override@Override@Override@Override@Override@Override3)定义entity包下的TUser和对应mapper包下的TUserMapper@Data。
spring Security + jwt使用
wenlai123456的博客
08-22 2862
spring Security + jwt
SpringSecurity6+JWT实现后端分离
Huonzy的博客
09-17 5096
本文使用mybatis-plus作为ORM框架,然后使用springsecurity6作为安全框架,采用JWT作为权限确认的方式。其实我现在就刚入门这个springsecurity6而已,有许多都没有摸清它的使用,写下这篇文章只是想记录一下,下次想用的时候来看看。
SpringBoot3.0 + SpringSecurity6.0+JWT
热门推荐
胖胖爱吃肉~的博客
03-03 2万+
SpringBoot3.0 + SpringSecurity6.0+JWTSpring SecuritySpring 家族中的一个安全管理框架。一般Web应用的需要进行认证和授权。认证:验证当前访问系统的是不是本系统的用户,并且要确认具体是哪个用户授权:经过认证后判断当前用户是否有权限进行某个操作搭建一个SpringBoot工程① 设置父工程 添加依赖 配置文件application.yml ② 创建启动类 ③ 创建Controller 启动项目,查看接口文档地址:http://localhost:4
Hibernate深入理解----03操作Session缓存方法(flush、refresh、clear,事务隔离级别)
XIXILOVEBIANBIAN的博客
02-26 445
Session 接口是 hibernate 向应用程序提供的操纵数据库的最主要的接口, 它提供了基本的保存, 更新, 删除和加载 Java 对象的方法.     Session 具有一个缓存, 位于缓存中的对象称为持久化对象, 它和数据库中的相关记录对应. Session 能够在某些时间点, 按照缓存中对象的变化来执行相关的 SQL 语句, 来同步更新数据库, 这一过程被称为刷新缓存(flush
hibernate mysql flush_hibernate中flush()、refresh()、clear()缓存操作
weixin_42131790的博客
02-23 314
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~分割线~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~flush():使数据库中的对象和session缓存中的对象的状态保持一致。为了保持一致,则可能发送对应的sql语句(若缓存中的对象和数据库中的对象一样则不发送sql语句)。1、在transaction的commit()方法中:先调用session的flush方法,再...
hibernate 的session一级缓存
超胆孤侠
12-19 292
概述 Session 接口是 Hibernate 向应用程序提供的操纵数据库的最主要的接口, 它提供了基本的保存, 更新, 删除和加载 Java 对象的方法. Session 具有一个缓存, 位于缓存中的对象称为持久化对象, 它和数据库中的相关记录对应. Session 能够在某些时间点, 按照缓存中对象的变化来执行相关的 SQL 语句, 来同步更新数据库, 这一过程被称为刷新缓存(flush) 站
hibernate数据库事务的隔离级别
小匠心的博客
06-02 503
1.数据库的事务的隔离级别 查询mysql的数据库事务的隔离级别 注意: 问题:数据库查看事务隔离级别 select @@global.tx_isolation,@@tx_isolation; 报错: mysql> select @@global.tx_isolation,@@tx_isolation; ERROR 1193 (HY000): Unknown system ...
spring security6+springboot3+jwt实现权限控制
hepeike001的博客
05-12 3847
最近在学习spring security,看到网上的都是比较老的版本,所以从github上找了一个开源的最新spring security6 的demo借鉴,然后结合官网文档自己鼓捣了一个demo出来,做个笔记方便以后忘记怎么搞了来看看,哈哈哈OVO。(本项目用的是jdk17,有些表达式jdk8是无法编译的,所以要跑起来的话记得安装17哦,反正现在也免费了)
SpringSecurity6.0+Redis+JWT+MP基于token认证功能开发(源码级剖析可用于实际生产项目
laizhenghua的博客
06-25 8294
引子:最近做项目时遇到了一个特殊的需求,需要写共享接口把本系统的一些业务数据共享给各地市的自建系统,为了体现公司的专业性以及考虑到程序的扩展性(通过各地市的行政区划代码做限制),决定要把接口做的高级一些,而不是简单的传个用户名和密码对比数据库里面的,那样真的很low。于是写了基于token的认证功能,在这里分享出来供大家学习与探讨。
Spring-SecurityJWT后端分离
竹林幽深
01-13 873
https://mp.weixin.qq.com/s/h6hLe9d2yNXvxG_DpcSPxg
Tomcat启动问题(debug无法启动,正常可以启动)
zhang0135789的博客
11-14 4482
FATAL ERROR in native method: JDWP No transports initialized, jvmtiError=AGENT_ERROR_TRANSPORT_INIT(197) 最近遇到了这样一个问题,项目正常启动没毛病,但是用debug启动就会报上图的这个错误。查了百度,上面很多解决方案,最终找到了答案,不知道什么操作,触动了防火墙,导致防火墙把tomcat
SpringSecurity权限管理系统实战—六、SpringSecurity整合JWT
CoderMy的博客
08-01 5914
最近是真的懒。。。
Spring boot Security Jwt
何xiao树
05-31 1664
Spring Security 整合开发 引入 security 启动器,默认拦截所有资源,启动项目会生成一个默认密码,账号 user <!-- 引入Spring Security --> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-.
Spring Security 超详细整合 JWT,能否拿下看你自己!
08-31 1万+
文章目录1.JWT 入门1.1 JWT 概念1.2 JWT 应用场景1.3 为何选择 JWT基于 Session 的传统认证基于 JWT 的认证1.4 JWT 的结构标头(Header)载荷(Payload)签名(Signature)1.5 RBAC (Role-Based Access Control)1.6 JWT 基本使用添加依赖生成 Token解析 Token2.Security 整合 JWT2.1 单独抽离 Security 模块添加相关依赖JWT 工具类JWT 相关配置JWT 登录授权过滤器自定
idea中debugger启动就一直卡在这里jwtAuthenticationTokenFilter
dowhil的博客
08-02 1013
idea中debugger启动就一直卡在这里jwtAuthenticationTokenFilter
Springboot 3 + Spring Security 6 + OAuth2 入门级最佳实践
m0_64469199的博客
05-03 2万+
当我的项目基于 SpringBoot 3 而我想使用Spring Security,最终不幸得到WebSecurityConfigurerAdapter被废弃的消息。本文档就是在这样的情况下产生的。
Spring Security 6 配置方法,废弃 WebSecurityConfigurerAdapter
markvivv随笔
03-26 2万+
Spring Security 5.7.0-M2中,Spring就废弃了WebSecurityConfigurerAdapter,因为Spring官方鼓励用户转向基于组件的安全配置。本文整理了一下新的配置方法。在下面的例子中,我们使用Spring Security lambda DSL和HttpSecurity#authorizeHttpRequests方法来定义我们的授权规则,从而遵循最佳实践。
评论 2
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值