当前位置: 首页 > article >正文

SpringSecurity+jwt使用

article 2024/11/15 19:50:11

参考文章链接

自定义SpringSecurity用户

package com.daben.springsecurityjwt.vo;

import com.daben.springsecurityjwt.entity.SysUser;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.User;
import java.util.Collection;
/**
 * SpringSecurity用户
 *
 * @Author JinDongSheng
 * @Date 2023-11-16 09:21
 */
public class SpringSecurityUser extends User {
    /**
     * 系统用户
     */
    private SysUser sysUser;
    /**
     * 构造函数
     */
    public SpringSecurityUser(SysUser sysUser, Collection<? extends GrantedAuthority> authorities) {
        super(sysUser.getUsername(), sysUser.getPassword(), authorities);
        this.sysUser = sysUser;
    }
    public SysUser getSysUser() {
        return sysUser;
    }
    public void setSysUser(SysUser sysUser) {
        this.sysUser = sysUser;
    }
}

自定义认证失败处理类

package com.daben.springsecurityjwt.handle;

import com.alibaba.fastjson2.JSON;
import com.daben.springsecurityjwt.vo.Result;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.stereotype.Component;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
/**
 * 未登录处理类
 *
 * @Author JinDongSheng
 * @Date 2023-11-15 17:37
 */
@Component
public class AuthenticationEntryPointImpl implements AuthenticationEntryPoint {
    @Override
    public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException, ServletException {
        response.setStatus(200);
        response.setContentType("application/json");
        response.setCharacterEncoding("utf-8");
        response.getWriter().print(JSON.toJSONString(Result.error("认证失败,无法访问系统资源!")));
    }
}

自定义Security用户服务实现类

package com.daben.springsecurityjwt.service;

import com.daben.springsecurityjwt.entity.SysUser;
import com.daben.springsecurityjwt.vo.SpringSecurityUser;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;
import java.util.Collections;
/**
 * Security用户服务实现类
 *
 * @Author JinDongSheng
 * @Date 2023-11-16 09:14
 */
@Service
public class UserDetailsServiceImpl implements UserDetailsService {
    @Autowired
    private SysUserServiceImpl sysUserServiceImpl;
    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
        // 根据用户名称查询用户
        SysUser sysUser = sysUserServiceImpl.selectSysUserByName(username);
        // 查询用户权限
        List<GrantedAuthority> authorities = Collections.emptyList();
        // 返回Security指定的用户对象
        return new SpringSecurityUser(sysUser, authorities);
    }
}

自定义JWT工具类

package com.daben.springsecurityjwt.utils;

import cn.hutool.core.date.DateUtil;
import cn.hutool.json.JSONUtil;
import com.daben.springsecurityjwt.entity.SysUser;
import io.jsonwebtoken.*;
import org.apache.commons.lang3.StringUtils;
import java.util.Date;
/**
 * JWT工具类
 *
 * @Author JinDongSheng
 * @Date 2023-11-16 15:49
 */
public class JwtUtil {
    /**
     * Token有效期为30分钟
     */
    public static final int EXPIRE_TIME = 30;
    /**
     * 秘钥
     */
    private final static String SECRET_KEY = "ABCDE";
    /**
     * 生成token
     */
    public static String createToken(SysUser user) {
        return Jwts.builder()
                // 将user放进JWT
                .setSubject(JSONUtil.toJsonStr(user))
                // 设置过期时间
                .setExpiration(DateUtil.offsetMinute(new Date(), EXPIRE_TIME))
                // 设置加密算法和秘钥
                .signWith(SignatureAlgorithm.HS512, SECRET_KEY)
                .compact();
    }
    public static Claims parseToken(String token) {
        // 如果是空字符串直接返回null
        if (StringUtils.isEmpty(token)) {
            return null;
        }
        // 这个Claims对象包含了许多属性,比如签发时间、过期时间以及存放的数据等
        Claims claims = null;
        // 解析失败了会抛出异常,所以我们要捕捉一下。token过期、token非法都会导致解析失败
        try {
            claims = Jwts.parser()
                    .setSigningKey(SECRET_KEY) // 设置秘钥
                    .parseClaimsJws(token)
                    .getBody();
        } catch (JwtException e) {
            // 这里应该用日志输出,为了演示方便就直接打印了
            System.err.println("解析失败!");
        }
        return claims;
    }
}

自定义token认证过滤器

package com.daben.springsecurityjwt.filter;

import cn.hutool.json.JSONUtil;
import com.daben.springsecurityjwt.entity.SysUser;
import com.daben.springsecurityjwt.utils.JwtUtil;
import io.jsonwebtoken.Claims;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Component;
import org.springframework.web.filter.OncePerRequestFilter;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.Collections;
/**
 * 登录过滤器
 *
 * @Author JinDongSheng
 * @Date 2023-11-16 14:48
 */
@Component
public class LoginFilter extends OncePerRequestFilter {
    @Override
    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
        // 解析token
        Claims claims = JwtUtil.parseToken(request.getHeader("Authorization"));
        if (claims != null) {
            // 获取用户
            SysUser sysUser = JSONUtil.toBean(claims.getSubject(), SysUser.class);
            // 手动组装一个认证对象
            Authentication authentication = new UsernamePasswordAuthenticationToken(sysUser, null, Collections.emptyList());
            // 将认证对象放到上下文中
            SecurityContextHolder.getContext().setAuthentication(authentication);
        }
        filterChain.doFilter(request, response);
    }
}

自定义SpringSecurity配置类

package com.daben.springsecurityjwt.config;

import com.daben.springsecurityjwt.filter.LoginFilter;
import com.daben.springsecurityjwt.handle.AuthenticationEntryPointImpl;
import com.daben.springsecurityjwt.service.UserDetailsServiceImpl;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
/**
 * spring security 配置
 *
 * @Author JinDongSheng
 * @Date 2023-11-15 17:16
 */
@EnableWebSecurity
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
    /**
     * 登录认证过滤器
     */
    @Autowired
    private LoginFilter loginFilter;
    /**
     * Security用户服务实现类
     */
    @Autowired
    private UserDetailsServiceImpl userDetailsService;
    /**
     * 未登录处理类
     */
    @Autowired
    private AuthenticationEntryPointImpl authenticationEntryPoint;
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        // 关闭csrf
        http.csrf().disable();
        // 关闭frameOptions
        http.headers().frameOptions().disable();
        // 指定未登录处理类
        http.exceptionHandling().authenticationEntryPoint(authenticationEntryPoint);
        // 前置登录认证过滤器
        http.addFilterBefore(loginFilter, UsernamePasswordAuthenticationFilter.class);
        // 禁用session
        http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
        // 配置认证和授权接口
        http.authorizeRequests()
                // 指出放行接口
                .antMatchers("/sys/port/*").permitAll()
                // 拦截剩余接口
                .anyRequest().authenticated();
    }
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        // 指定UserDetailService和加密器
        auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
    }
    @Bean
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }
    @Bean
    public PasswordEncoder passwordEncoder() {
        // 使用bcrypt加密
        return new BCryptPasswordEncoder();
    }
}

登录入口

package com.daben.springsecurityjwt.controller;

import com.daben.springsecurityjwt.entity.SysUser;
import com.daben.springsecurityjwt.utils.JwtUtil;
import com.daben.springsecurityjwt.vo.Result;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
/**
 * 登录控制器
 *
 * @Author JinDongSheng
 * @Date 2023-11-15 17:25
 */
@RestController
@RequestMapping("/sys/port")
public class SysPortController {
    @Autowired
    private AuthenticationManager authenticationManager;
    @PostMapping("/login")
    public Result login(@RequestBody SysUser sysUser) {
        // 认证
        Authentication authenticate = authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(sysUser.getUsername(), sysUser.getPassword()));
        if (authenticate.isAuthenticated()) {
            // 生成token
            String token = JwtUtil.createToken(sysUser);
            // 返回token
            return Result.success(token);
        }
        return Result.error("用户名或密码错误");
    }
}

整体调用流程

  1. 服务启动,根据【自定义SpringSecurity配置类】配置信息(指定放行和认证接口、token认证过滤器、认证失败处理器、密码加密器、用户查询服务等。)
  2. 用户发起登录请求。
  3. token认证过滤器过滤,因为不携带token,直接放行调用登录接口,在登录接口中手动调用AuthenticationManager进行用户信息认证。
  4. AuthenticationManager进行用户信息认证时会调用【自定义Security用户服务实现类】查询数据库用户,然后将数据库用户封装成Security指定用户返回。
  5. 认证失败调用【自定义认证失败处理类】,认证成功则返回token
  6. 用户发起非登录请求,token过滤器过滤,token校验成功将认证对象放入上下文中。调用请求接口。token校验失败,调用【自定义认证失败处理类】。

pom文件

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>
    <parent>
        <groupId>com.vitalframework</groupId>
        <artifactId>vital-framework-dependencies</artifactId>
        <version>1.1.0</version>
    </parent>
    <groupId>com.citic</groupId>
    <artifactId>vital-portal-core</artifactId>
    <version>1.0.0</version>
    <name>vital-portal-core</name>
    <description>系统管理(门面工程)模块</description>

    <properties>
        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
        <project.rep4orting.outputEncoding>UTF-8</project.rep4orting.outputEncoding>
        <java.version>1.8</java.version>
        <maven.compiler.source>${java.version}</maven.compiler.source>
        <maven.compiler.target>${java.version}</maven.compiler.target>
    </properties>

    <dependencies>
        <!--CITIC 一些公共包-->
        <dependency>
            <groupId>com.vitalframework.web</groupId>
            <artifactId>vital-framework-web-common</artifactId>
            <version>1.0.0</version>
        </dependency>

        <dependency>
            <groupId>org.projectlombok</groupId>
            <artifactId>lombok</artifactId>
        </dependency>

        <dependency>
            <groupId>com.alibaba</groupId>
            <artifactId>easyexcel</artifactId>
        </dependency>
        <dependency>
            <groupId>commons-net</groupId>
            <artifactId>commons-net</artifactId>
        </dependency>
        <dependency>
            <groupId>com.jcraft</groupId>
            <artifactId>jsch</artifactId>
        </dependency>
        <!--代码生成器-->
        <dependency>
            <groupId>com.baomidou</groupId>
            <artifactId>mybatis-plus-generator</artifactId>
        </dependency>

        <dependency>
            <groupId>org.apache.poi</groupId>
            <artifactId>poi</artifactId>
        </dependency>

        <dependency>
            <groupId>org.apache.poi</groupId>
            <artifactId>poi-ooxml-schemas</artifactId>
        </dependency>

        <dependency>
            <groupId>org.apache.poi</groupId>
            <artifactId>poi-scratchpad</artifactId>
        </dependency>

        <dependency>
            <groupId>org.codehaus.castor</groupId>
            <artifactId>castor-xml</artifactId>
        </dependency>
    </dependencies>

    <build>
<!--        <finalName>${project.artifactId}</finalName>-->
        <plugins>
            <plugin>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-maven-plugin</artifactId>
                <configuration>
                    <fork>true</fork>
                    <skip>true</skip>
                </configuration>
            </plugin>
            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-source-plugin</artifactId>
                <version>${maven-source-plugin.version}</version>
            </plugin>
        </plugins>
    </build>
</project>

http://www.kler.cn/a/133556.html

相关文章:

  • 【mysql的当前读和快照读】
  • [宁波24届]平方数
  • 微信小程序的主体文件和页面文件介绍
  • C++中的std::tuple和std::pair
  • 力扣662:二叉树的最大宽度
  • PNG图片批量压缩exe工具+功能纯净+不改变原始尺寸
  • Python将已标注的两张图片进行上下拼接并修改、合并其对应的Labelme标注文件
  • 【Axure高保真原型】附件卡片
  • 深度解析 InterpretML:打开机器学习模型的黑箱
  • C++之旅(学习笔记)第8章 概念和泛型编程
  • 基于SSM+Vue的鲜花销售系统/网上花店系统
  • Unity Quaternion接口API的常用方法解析_unity基础开发教程
  • RobotFramework之用例执行时添加命令行参数(十三)
  • 代码随想录算法训练营Day 55 || 583. 两个字符串的删除操作、72. 编辑距离
  • 力扣-路径总和问题
  • 【SpringBoot3+Vue3】三【实战篇】-后端(优化)
  • 大数据数仓建模基础理论【维度表、事实表、数仓分层及示例】
  • [开源]基于 AI 大语言模型 API 实现的 AI 助手全套开源解决方案
  • OpenCV快速入门:图像形态学操作
  • PPT转PDF转换器:便捷的批量PPT转PDF转换软件
  • WSA子系统(一)
  • Vue3-watchEffect函数
  • 220V交流转直流的简易电源设计
  • 高效背单词——单词APP安利
  • Jmeter- Beanshell语法和常用内置对象(网络整理)
  • 【SpringBoot3+Vue3】四【实战篇】-前端(vue基础)