初步实现密码加密以及访问管理（暂时设置接受所有请求）

2 months ago · 095ae0ef4c
parent 41b0b90746
commit 095ae0ef4c
7 changed files with 84 additions and 9 deletions
--- a/User/User/pom.xml
+++ b/User/User/pom.xml
@ -67,6 +67,12 @@
 			<artifactId>lombok</artifactId>
 			<optional>true</optional>
 		</dependency>
+
+		<!-- 引入spring security,密码加密用-->
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-security</artifactId>
+		</dependency>
 	</dependencies>

 	<build>
--- a/User/User/src/main/java/com/example/User/Config/SecurityConfig.java
+++ b/User/User/src/main/java/com/example/User/Config/SecurityConfig.java
@ -0,0 +1,31 @@
+package com.example.User.Config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.web.SecurityFilterChain;
+
+@Configuration
+@EnableWebSecurity
+public class SecurityConfig {
+
+    //暂时配置成允许匿名访问
+    @Bean
+    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+        http
+                .csrf(csrf -> csrf.disable()) //禁用CSRF保护
+                .authorizeHttpRequests(auth -> auth
+                        .anyRequest().permitAll() //并允许所有请求
+                );
+        return http.build();
+    }
+
+    //密码加密器
+    @Bean
+    public PasswordEncoder passwordEncoder() {
+        return new BCryptPasswordEncoder();
+    }
+}
--- a/User/User/src/main/java/com/example/User/Exceptions/InvalidInputException.java
+++ b/User/User/src/main/java/com/example/User/Exceptions/InvalidInputException.java
@ -0,0 +1,9 @@
+package com.example.User.Exceptions;
+
+//处理输入异常
+public class InvalidInputException extends Exception{
+    public InvalidInputException(String message){
+        super(message);
+    }
+}
+
--- a/User/User/src/main/java/com/example/User/Exceptions/UserAlreadyExistException.java
+++ b/User/User/src/main/java/com/example/User/Exceptions/UserAlreadyExistException.java
@ -0,0 +1,8 @@
+package com.example.User.Exceptions;
+
+//处理用户名相同异常
+public class UserAlreadyExistException extends Exception{
+    public UserAlreadyExistException(String message){
+        super(message);
+    }
+}
--- a/User/User/src/main/java/com/example/User/Service/UserService.java
+++ b/User/User/src/main/java/com/example/User/Service/UserService.java
@ -2,23 +2,42 @@ package com.example.User.Service;

 import com.example.User.Entity.User;
 import com.example.User.Mapper.UserMapper;
+import com.example.User.Exceptions.*;
 import org.springframework.stereotype.Service;
+import org.springframework.security.crypto.password.PasswordEncoder;
+
 import java.util.List;

@Service
 public class UserService {
    private final UserMapper userMapper;
+    private final PasswordEncoder passwordEncoder;

-    public UserService(UserMapper userMapper) {
+    public UserService(UserMapper userMapper, PasswordEncoder passwordEncoder) {
        this.userMapper = userMapper;
+        this.passwordEncoder = passwordEncoder;
    }

-    //用户注册
-    public User register(User user) throws Exception {
-        User existing = userMapper.selectByUsername(user.getUsername());
-        if (existing != null) {
-            throw new Exception("用户已存在");
+    // 用户注册
+    public User register(User user) throws UserAlreadyExistException, InvalidInputException {
+        // 输入检测
+        if (user.getUsername() == null || user.getUsername().trim().isEmpty()) {
+            throw new InvalidInputException("用户名不能为空");
+        }
+        if (user.getPassword() == null || user.getPassword().trim().isEmpty()) {
+            throw new InvalidInputException("密码不能为空");
+        }
+
+        // 检测用户名是否存在
+        User existUser = userMapper.selectByUsername(user.getUsername());
+        if (existUser != null) {
+            throw new UserAlreadyExistException("用户已存在");
        }
+
+        // 密码加密
+        user.setPassword(passwordEncoder.encode(user.getPassword()));
+
+        // 插入用户
        userMapper.insert(user);
        return user;
    }
--- a/User/User/src/main/java/com/example/User/UserApplicationStarter.java
+++ b/User/User/src/main/java/com/example/User/UserApplicationStarter.java
@ -11,4 +11,4 @@ public class UserApplicationStarter {
 		SpringApplication.run(UserApplicationStarter.class, args);
 	}

-}
+}
--- a/User/User/src/main/resources/application.properties
+++ b/User/User/src/main/resources/application.properties
@ -1,11 +1,13 @@
 spring.application.name=User

-# ?????
+#mysql
 spring.datasource.url=jdbc:mysql://localhost:3306/software
+#数据库用户名（请更改为自己设置的）
 spring.datasource.username=root
+#数据库密码（同上）
 spring.datasource.password=123456
 spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver

-# MyBatis ??
+#MyBatis
 mybatis.mapper-locations=classpath:mapper/*.xml
 mybatis.configuration.map-underscore-to-camel-case=true