WeChat official account develops SpringBoot +Spring Security + thymeleaf + layui

Posted by sniperscope on Mon, 24 Feb 2020 05:43:03 +0100

SpringBoot +Spring Security + thymeleaf + layui

Program ideas and resource sources:

Wx Java wechat working number original demo

NatApp intranet penetration

layuimini background template

Wechat work number interface test number acquisition

This is written for the purpose of binding the WeChat official account in my graduation project. The project has the following functions: [template message push], [automatic reply], [WeChat user details] these 3 functions, but can be provided to you as a demon, for the first time, official account is not a problem. Please do so.

First of all, let's see what it looks like:

Maven dependence

 <properties>
        <weixin-java-mp.version>3.6.0</weixin-java-mp.version>

        <maven.compiler.source>1.8</maven.compiler.source>
        <maven.compiler.target>1.8</maven.compiler.target>
        <swagger.version>2.7.0</swagger.version>
        <mysql-connector.version>5.1.46</mysql-connector.version>
        <druid.version>1.1.12</druid.version>
        <mp-starter.version>3.1.0</mp-starter.version>
        <mybatis-starter.version>2.0.1</mybatis-starter.version>
        <pagehelper.version>5.1.2</pagehelper.version>
        <pagehelper-auto.version>1.2.3</pagehelper-auto.version>
        <maven.compiler.encoding>UTF-8</maven.compiler.encoding>
        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
        <project.build.locales>zh_CN</project.build.locales>
        <docker.image.prefix>wechat-mp-demo</docker.image.prefix>
    </properties>

    <dependencies>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
            <exclusions>
                <exclusion>
                    <groupId>com.fasterxml.jackson.core</groupId>
                    <artifactId>jackson-databind</artifactId>
                </exclusion>
            </exclusions>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-thymeleaf</artifactId>
        </dependency>
        <dependency>
            <groupId>org.thymeleaf.extras</groupId>
            <artifactId>thymeleaf-extras-springsecurity5</artifactId>
        </dependency>

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-devtools</artifactId>
        </dependency>


        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency>

        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-test</artifactId>
            <scope>test</scope>
        </dependency>



        <dependency>
            <groupId>com.github.binarywang</groupId>
            <artifactId>weixin-java-mp</artifactId>
            <version>${weixin-java-mp.version}</version>
        </dependency>

        <dependency>
            <groupId>org.projectlombok</groupId>
            <artifactId>lombok</artifactId>
            <scope>provided</scope>
        </dependency>

        <!-- Testing Dependencies -->
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
            <scope>test</scope>
        </dependency>

        <dependency>
            <groupId>redis.clients</groupId>
            <artifactId>jedis</artifactId>
            <version>2.9.0</version>
        </dependency>

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-configuration-processor</artifactId>
            <optional>true</optional>
        </dependency>

        <dependency>
            <groupId>com.alibaba</groupId>
            <artifactId>fastjson</artifactId>
            <version>1.2.46</version>
        </dependency>
        <dependency>
            <groupId>net.sf.json-lib</groupId>
            <artifactId>json-lib</artifactId>
            <version>2.4</version>
            <classifier>jdk15</classifier>
        </dependency>
        <dependency>
            <groupId>mysql</groupId>
            <artifactId>mysql-connector-java</artifactId>
            <version>${mysql-connector.version}</version>
        </dependency>
        <dependency>
            <groupId>com.alibaba</groupId>
            <artifactId>druid</artifactId>
            <version>${druid.version}</version>
        </dependency>

        <dependency>
            <groupId>com.github.pagehelper</groupId>
            <artifactId>pagehelper</artifactId>
            <version>${pagehelper.version}</version>
        </dependency>
        <dependency>
            <groupId>com.github.pagehelper</groupId>
            <artifactId>pagehelper-spring-boot-autoconfigure</artifactId>
            <version>${pagehelper-auto.version}</version>
        </dependency>
        <dependency>
            <groupId>org.mybatis.spring.boot</groupId>
            <artifactId>mybatis-spring-boot-starter</artifactId>
            <version>${mybatis-starter.version}</version>
        </dependency>
        <dependency>
            <groupId>com.baomidou</groupId>
            <artifactId>mybatis-plus-boot-starter</artifactId>
            <version>${mp-starter.version}</version>
        </dependency>

        <dependency>
            <groupId>com.bscommon</groupId>
            <artifactId>bscommon-base</artifactId>
            <version>1.0.0-SNAPSHOT</version>
        </dependency>
    </dependencies>

Interface configuration of WX platform

Note: do not import Security when authenticating, because authentication requests will be blocked if it is not suitable for Security

Log in to the wechat platform first, and you can see the appid and appsecret. For the interface configuration information, you can set the token as the configuration file, and the url as the authentication path

yml configuration is like figure (aesKey can be used without official account number).

Then the specific interface directly refers to the configuration and authentication interface of the Wx demo above (the project is modified on the demo),

After the interface is written, run the program, and then fill in the url and token on the wechat platform. The url is [ip]/wx/portal/[appid], [] is the order replacement,

Note that the authentication port is 80 or 443. If tested locally, natApp can be used for intranet penetration. There are free channels available.

Click physical examination after configuration, and the above prompt is Ok.

Configure Security

You should customize encryption (MD5) for graduation reason authentication, while the BCrypt code of Security is the default. In addition, in order to solve the problem that when the session expires, the post request does not jump to the login page, you need to customize the success / failure processor as follows:

/**
* configuration file
**/
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled=true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    private static final String KEY = "yljun.com";

    @Autowired
    private UserDetailsService userDetailsService;

    @Autowired
    private LoginValidateAuthenticationProvider loginValidateAuthenticationProvider;

    @Autowired
    private CustomAuthenticationFailure customAuthenticationFailure; //User defined authentication failure handling
    @Autowired
    private CustomAuthenticationSuccess customAuthenticationSuccess; //Custom authentication processing

    @Bean
    public PasswordEncoder passwordEncoder() {
//        return new BCryptPasswordEncoder(); / / use BCrypt encryption
        return new CustomPasswordEncoder(); //Custom encryption
    }


    /**
     * Custom configuration wx / * * do not block wechat platform authentication
     */
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests().antMatchers("wx/**","error/**", "lib/**","js/**", "api/**", "images/**", "css/**").permitAll() // All accessible
                .antMatchers("/h2-console/**").permitAll() // All accessible
                .antMatchers("/wxm/**").hasRole("1") // Corresponding roles are required to access
                .antMatchers("/index", "/", "/welcome").hasRole("1")
                .and()
                .formLogin().failureHandler(customAuthenticationFailure).successHandler(customAuthenticationSuccess)   //Form based login verification
                .loginPage("/login") // Custom login interface
                .and().rememberMe().key(KEY); // Enable remember me
//                .and().exceptionHandling().accessDeniedPage("/403");  // Handle exceptions, deny access and redirect to 403 page
        http.csrf().disable(); //Turn off cross domain protection
        http.headers().frameOptions().sameOrigin(); // Allow requests from the same source H2 console
    }

    /**
     * Certification information management
     * @param auth
     * @throws Exception
     */
    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService);
        auth.authenticationProvider(loginValidateAuthenticationProvider);
    }


}

Specific functions

The specific functions are basically provided by mybatis - plus and wx-java toolkits....

I'd better link to demo directly... I don't know how to narrate the bad writing...

Source code

Published 2 original articles, praised 0, visited 89
Private letter follow

Topics: Spring Java Maven Mybatis