\u4e3a\u4ec0\u4e48\u8fd9\u4e48\u5199?
\n\u6211\u66fe\u5199\u8fc7:<\/p>\n
\/\/ \u4f2a\u4ee3\u7801:\u76f4\u63a5\u64cd\u4f5c\u6570\u636e\u5e93<\/span> \u7ed3\u679c:SQL\u6ce8\u5165\u653b\u51fb!\u9ed1\u5ba2\u8f93\u5165userId=1 OR 1=1,\u76f4\u63a5\u83b7\u53d6\u6240\u6709\u7528\u6237\u6570\u636e! \u2705 \u6b63\u786e\u59ff\u52bf:\u7528Spring Security+RBAC<\/p>\n @Configuration<\/span> @Override<\/span> \/\/ \u914d\u7f6e\u5bc6\u7801\u7f16\u7801\u5668(\u5173\u952e!)<\/span> \u6ce8\u91ca\u72c2\u9b54\u65f6\u95f4:<\/p>\n \u4e3a\u4ec0\u4e48\u8fd9\u4e48\u5199? \/\/ \u76f4\u63a5\u5b58\u50a8\u660e\u6587\u5bc6\u7801<\/span> \u7ed3\u679c:\u6570\u636e\u5e93\u6cc4\u9732!\u9ed1\u5ba2\u62ff\u5230\u660e\u6587\u5bc6\u7801,\u76f4\u63a5\u767b\u5f55\u5176\u4ed6\u7cfb\u7edf! \u2705 \u6b63\u786e\u59ff\u52bf:\u7528BCrypt\u52a0\u5bc6\u654f\u611f\u6570\u636e<\/p>\n @Service<\/span> @Autowired<\/span> public<\/span> void<\/span> saveUser<\/span>(<\/span>User<\/span> user)<\/span> {<\/span> public<\/span> boolean<\/span> checkPassword<\/span>(<\/span>String<\/span> rawPassword,<\/span> String<\/span> encodedPassword)<\/span> {<\/span> \u6ce8\u91ca\u72c2\u9b54\u65f6\u95f4:<\/p>\n \u4e3a\u4ec0\u4e48\u8fd9\u4e48\u5199? \/\/ \u76f4\u63a5\u6253\u5370\u654f\u611f\u4fe1\u606f<\/span> \u7ed3\u679c:\u65e5\u5fd7\u6cc4\u9732!\u751f\u4ea7\u65e5\u5fd7\u5305\u542b\u660e\u6587\u5bc6\u7801,\u88ab\u9ed1\u5ba2\u5229\u7528! \u2705 \u6b63\u786e\u59ff\u52bf:\u8fc7\u6ee4\u654f\u611f\u4fe1\u606f<\/p>\n \/\/ \u7528AOP\u8fc7\u6ee4\u654f\u611f\u4fe1\u606f<\/span> @Before<\/span>(<\/span>"execution(* com.example.service.*.*(..))"<\/span>)<\/span>
\npublic<\/span> User<\/span> getUserById<\/span>(<\/span>String<\/span> userId)<\/span> {<\/span>
\n return<\/span> jdbcTemplate.<\/span>queryForObject<\/span>(<\/span>
\n "SELECT * FROM users WHERE id = "<\/span> +<\/span> userId,<\/span> \/\/ \u76f4\u63a5\u62fc\u63a5SQL<\/span>
\n new<\/span> BeanPropertyRowMapper<\/span><<\/span>><\/span><\/span>(<\/span>User<\/span>.<\/span>class<\/span>)<\/span>
\n )<\/span>;<\/span>
\n}<\/span><\/p>\n
\n\u8840\u6cea\u6559\u8bad:\u522b\u8ba9\u6743\u9650\u63a7\u5236\u6210\u88f8\u5954\u7684\u4ee3\u7801,\u5b83\u4f1a\u8981\u4e86\u4f60\u7684\u6570\u636e\u5b89\u5168!<\/p>\n
\n@EnableWebSecurity<\/span>
\npublic<\/span> class<\/span> SecurityConfig<\/span> extends<\/span> WebSecurityConfigurerAdapter<\/span> {<\/span><\/p>\n
\n protected<\/span> void<\/span> configure<\/span>(<\/span>HttpSecurity<\/span> http)<\/span> throws<\/span> Exception<\/span> {<\/span>
\n http
\n .<\/span>authorizeRequests<\/span>(<\/span>)<\/span>
\n .<\/span>antMatchers<\/span>(<\/span>"\/admin\/**"<\/span>)<\/span>.<\/span>hasRole<\/span>(<\/span>"ADMIN"<\/span>)<\/span> \/\/ \u53ea\u6709ADMIN\u89d2\u8272\u80fd\u8bbf\u95ee\/admin<\/span>
\n .<\/span>antMatchers<\/span>(<\/span>"\/user\/**"<\/span>)<\/span>.<\/span>hasAnyRole<\/span>(<\/span>"USER"<\/span>,<\/span> "ADMIN"<\/span>)<\/span> \/\/ USER\u548cADMIN\u90fd\u80fd\u8bbf\u95ee\/user<\/span>
\n .<\/span>anyRequest<\/span>(<\/span>)<\/span>.<\/span>authenticated<\/span>(<\/span>)<\/span>
\n .<\/span>and<\/span>(<\/span>)<\/span>
\n .<\/span>formLogin<\/span>(<\/span>)<\/span>;<\/span> \/\/ \u542f\u7528\u8868\u5355\u767b\u5f55<\/span>
\n }<\/span><\/p>\n
\n @Bean<\/span>
\n public<\/span> PasswordEncoder<\/span> passwordEncoder<\/span>(<\/span>)<\/span> {<\/span>
\n return<\/span> new<\/span> BCryptPasswordEncoder<\/span>(<\/span>)<\/span>;<\/span> \/\/ \u4f7f\u7528BCrypt\u52a0\u5bc6\u5bc6\u7801<\/span>
\n }<\/span>
\n}<\/span><\/p>\n\n
\n\u8beb2:\u522b\u8ba9\u654f\u611f\u6570\u636e\u6210"\u88f8\u5954\u7684\u660e\u6587"<\/h4>\n
\n\u6211\u66fe\u5199\u8fc7:<\/p>\n
\npublic<\/span> void<\/span> saveUser<\/span>(<\/span>User<\/span> user)<\/span> {<\/span>
\n jdbcTemplate.<\/span>update<\/span>(<\/span>
\n "INSERT INTO users (username, password) VALUES (?, ?)"<\/span>,<\/span>
\n user.<\/span>getUsername<\/span>(<\/span>)<\/span>,<\/span>
\n user.<\/span>getPassword<\/span>(<\/span>)<\/span> \/\/ \u660e\u6587\u5b58\u50a8\u5bc6\u7801<\/span>
\n )<\/span>;<\/span>
\n}<\/span><\/p>\n
\n\u8840\u6cea\u6559\u8bad:\u522b\u8ba9\u654f\u611f\u6570\u636e\u6210\u88f8\u5954\u7684\u660e\u6587,\u5b83\u4f1a\u8981\u4e86\u4f60\u7684\u6570\u636e\u5b89\u5168!<\/p>\n
\npublic<\/span> class<\/span> UserService<\/span> {<\/span><\/p>\n
\n private<\/span> PasswordEncoder<\/span> passwordEncoder;<\/span><\/p>\n
\n String<\/span> encodedPassword =<\/span> passwordEncoder.<\/span>encode<\/span>(<\/span>user.<\/span>getPassword<\/span>(<\/span>)<\/span>)<\/span>;<\/span> \/\/ \u52a0\u5bc6\u5bc6\u7801<\/span>
\n jdbcTemplate.<\/span>update<\/span>(<\/span>
\n "INSERT INTO users (username, password) VALUES (?, ?)"<\/span>,<\/span>
\n user.<\/span>getUsername<\/span>(<\/span>)<\/span>,<\/span>
\n encodedPassword \/\/ \u5b58\u50a8\u52a0\u5bc6\u540e\u7684\u5bc6\u7801<\/span>
\n )<\/span>;<\/span>
\n }<\/span><\/p>\n
\n return<\/span> passwordEncoder.<\/span>matches<\/span>(<\/span>rawPassword,<\/span> encodedPassword)<\/span>;<\/span> \/\/ \u9a8c\u8bc1\u5bc6\u7801<\/span>
\n }<\/span>
\n}<\/span><\/p>\n\n
\n\u8beb3:\u522b\u8ba9\u65e5\u5fd7\u8f93\u51fa\u6210"\u6cc4\u5bc6\u7684\u9ed1\u6d1e"<\/h4>\n
\n\u6211\u66fe\u5199\u8fc7:<\/p>\n
\nlogger.<\/span>info<\/span>(<\/span>"User login: username={}, password={}"<\/span>,<\/span>
\n user.<\/span>getUsername<\/span>(<\/span>)<\/span>,<\/span> user.<\/span>getPassword<\/span>(<\/span>)<\/span>)<\/span>;<\/span><\/p>\n
\n\u8840\u6cea\u6559\u8bad:\u522b\u8ba9\u65e5\u5fd7\u8f93\u51fa\u6210\u6cc4\u5bc6\u7684\u9ed1\u6d1e,\u5b83\u4f1a\u8981\u4e86\u4f60\u7684\u5408\u89c4\u6027!<\/p>\n
\n@Aspect<\/span>
\n@Component<\/span>
\npublic<\/span> class<\/span> LoggingAspect<\/span> {<\/span><\/p>\n
\n public<\/span> void<\/span> logRequest<\/span>(<\/span>JoinPoint<\/span> joinPoint)<\/span> {<\/span>
\n Object<\/span>[<\/span>]<\/span> args =<\/span> joinPoint.<\/span>