SpringSecurity笔记(非自记)

最新推荐文章于 2023-11-19 19:36:04 发布
最新推荐文章于 2023-11-19 19:36:04 发布
阅读量178 收藏
点赞数 1
分类专栏: 笔记 Spring 文章标签: java spring boot 开发语言 spring
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/m0_59563359/article/details/128982650
版权

SpringSecurity

它是一个身份认证及权限控制的框架。shiro是它的对标框架,springsecurity已经开发很多年了,由于shiro的优势,它发展的不是很好,直到springboot出现,security的配置变的非常简单,现在微服务的项目都会优先选择security框架。security实现原理是通过Filter实现的。

1、基础代码

Result

import lombok.Data;
​
import java.util.HashMap;
import java.util.Map;
​
import static com.wztsl.springboo.contants.ResultCode.ERROR;
import static com.wztsl.springboo.contants.ResultCode.SUCCESS;
​
/**
* @author szsw
* @date 2023/2/3 18:18:15
*/
@Data
public class Result {
​
   private Integer code;
​
   private String message;
​
   private Map<String, Object> map = new HashMap<>();
​
   private Result() {
  }
​
   public static Result ok() {
       Result r = new Result();
       r.setCode(SUCCESS.getCode());
       r.setMessage(SUCCESS.getMessage());
       return r;
  }
​
   public static Result error() {
       Result r = new Result();
       r.setCode(ERROR.getCode());
       r.setMessage(ERROR.getMessage());
       return r;
  }
​
   public Result put(String key, Object value) {
       map.put(key, value);
       return this;
  }
​
   public Object get(String key) {
       return map.get(key);
  }
​
}

ResultCode

/**
* @author szsw
* @date 2023/2/3 18:26:03
*/
public enum ResultCode {
​
   /**
    *
    */
   SUCCESS(0, "请求成功"),
   ERROR(1, "请求失败"),
  ;
​
   private int code;
   private String message;
​
   ResultCode(int code, String message) {
       this.code = code;
       this.message = message;
  }
​
   public int getCode() {
       return code;
  }
​
   public String getMessage() {
       return message;
  }
}

StringConstant

/**
* @author szsw
* @date 2023/2/3 19:42:55
*/
public class StringConstant {
​
   /**
    * session当前登录人信息
    */
   public static final String SESSION_USER = "SESSION_USER";
   public static final String AUTH_LIST = "AUTH_LIST";
   public static final String TOKEN = "token";
​
​
   private StringConstant() {
  }
}
​

AuthenticationEnum

/**
* @author szsw
* @date 2023/2/3 19:43:10
*/
public enum AuthenticationEnum {
}
​

2、工具代码

Md5

import lombok.extern.slf4j.Slf4j;
​
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
​
@Slf4j
@SuppressWarnings("java:S112")
public final class Md5 {
​
   private Md5() {
  }
​
   public static String encrypt(String strSrc) {
       try {
           char[] hexChars = {'0', '1', '2', '3', '4', '5', '6', '7', '8',
                   '9', 'a', 'b', 'c', 'd', 'e', 'f'};
           byte[] bytes = strSrc.getBytes();
           MessageDigest md = MessageDigest.getInstance("Md5");
           md.update(bytes);
           bytes = md.digest();
           int j = bytes.length;
           char[] chars = new char[j * 2];
           int k = 0;
           int i;
           for (i = 0; i < bytes.length; i++) {
               byte b = bytes[i];
               chars[k++] = hexChars[b >>> 4 & 0xf];
               chars[k++] = hexChars[b & 0xf];
          }
           return new String(chars);
      } catch (NoSuchAlgorithmException e) {
           log.info("MD5计算异常!", e);
           throw new RuntimeException("MD5加密出错!!+" + e);
      }
  }
​
}

ResponseUtil

import com.fasterxml.jackson.databind.ObjectMapper;
import com.wztsl.springboo.vo.Result;
import lombok.extern.slf4j.Slf4j;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
​
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
​
/**
* 响应工具
*
* @author by szsw
*/
@Slf4j
public class ResponseUtil {
​
   private ResponseUtil() {
  }
​
   public static void out(HttpServletResponse response, Result r) {
       ObjectMapper mapper = new ObjectMapper();
       response.setStatus(HttpStatus.OK.value());
       response.setContentType(MediaType.APPLICATION_JSON_UTF8_VALUE);
       try {
           mapper.writeValue(response.getOutputStream(), r);
      } catch (IOException e) {
           log.info("响应IO异常!", e);
      }
  }
}
​

TokenManager

import io.jsonwebtoken.CompressionCodecs;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import org.springframework.stereotype.Component;
​
import java.util.Date;
​
/**
* token管理
*
* @author by szsw
*/
@Component
public class TokenManager {
​
   private static final long TOKEN_EXPIRATION = 24 * 60 * 60 * 1000L;
​
   private String tokenSignKey = "123456";
​
   /**
    * 生成token
    *
    * @param username 用户名
    * @return 通过用户名生成的token
    */
   public String createToken(String username) {
       return Jwts.builder().setSubject(username)
              .setExpiration(new Date(System.currentTimeMillis() + TOKEN_EXPIRATION))
              .signWith(SignatureAlgorithm.HS512, tokenSignKey).compressWith(CompressionCodecs.GZIP).compact();
  }
​
   /**
    * 通过token获取用户名
    *
    * @param token 令牌
    * @return 令牌对应的用户名
    */
   public String getUserFromToken(String token) {
       returnJwts.parser().setSigningKey(tokenSignKey).parseClaimsJws(token).getBody().getSubject();
  }
​
   @SuppressWarnings("all")
   public void removeToken(String token) {
       //jwttoken无需删除,客户端扔掉即可。
  }
​
}

3、实体代码

User

import lombok.Data;
​
/**
* @author szsw
* @date 2023/2/3 20:11:37
*/
@Data
public class User {
​
   private String username;
   private String password;
​
}
​

SecurityUser

import lombok.Data;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.util.CollectionUtils;
import org.springframework.util.StringUtils;

import java.util.ArrayList;
import java.util.Collection;
import java.util.List;

/**
 * @author szsw
 * @date 2023/2/3 20:11:45
 */
@Data
public class SecurityUser implements UserDetails {

    private User user;
    private List<String> authList;

    public SecurityUser(User user) {
        this.user = user;
    }

    /**
     * 返回用户的权限
     *
     * @return the authorities, sorted by natural key (never <code>null</code>)
     */
    @Override
    public Collection<? extends GrantedAuthority> getAuthorities() {
        Collection<GrantedAuthority> authorities = new ArrayList<>();
        if (CollectionUtils.isEmpty(authList)) {
            return authorities;
        }
        for (String auths : authList) {
            if (StringUtils.isEmpty(auths)) {
                continue;
            }
            authorities.add(new SimpleGrantedAuthority(auths));
        }
        return authorities;
    }

    /**
     * Returns the password used to authenticate the user.
     *
     * @return the password
     */
    @Override
    public String getPassword() {
        return user.getPassword();
    }

    /**
     * Returns the username used to authenticate the user. Cannot return <code>null</code>.
     *
     * @return the username (never <code>null</code>)
     */
    @Override
    public String getUsername() {
        return user.getUsername();
    }

    /**
     * Indicates whether the user's account has expired. An expired account cannot be
     * authenticated.
     *
     * @return <code>true</code> if the user's account is valid (ie non-expired),
     * <code>false</code> if no longer valid (ie expired)
     */
    @Override
    public boolean isAccountNonExpired() {
        return true;
    }

    /**
     * Indicates whether the user is locked or unlocked. A locked user cannot be
     * authenticated.
     *
     * @return <code>true</code> if the user is not locked, <code>false</code> otherwise
     */
    @Override
    public boolean isAccountNonLocked() {
        return true;
    }

    /**
     * Indicates whether the user's credentials (password) has expired. Expired
     * credentials prevent authentication.
     *
     * @return <code>true</code> if the user's credentials are valid (ie non-expired),
     * <code>false</code> if no longer valid (ie expired)
     */
    @Override
    public boolean isCredentialsNonExpired() {
        return true;
    }

    /**
     * Indicates whether the user is enabled or disabled. A disabled user cannot be
     * authenticated.
     *
     * @return <code>true</code> if the user is enabled, <code>false</code> otherwise
     */
    @Override
    public boolean isEnabled() {
        return true;
    }
}

4、配置代码

TokenWebSecurityConfig

import com.wztsl.springboo.security.filter.TokenAuthenticationFilter;
import com.wztsl.springboo.security.filter.TokenLoginFilter;
import com.wztsl.springboo.security.filter.TokenLogoutHandler;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.UserDetailsService;

/**
 * Security配置类
 *
 * @author by szsw
 * @date 2020/10/27 16:39
 */
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class TokenWebSecurityConfig extends WebSecurityConfigurerAdapter {

    private UserDetailsService userDetailsService;
    private TokenManager tokenManager;
    private DefaultPasswordEncoder defaultPasswordEncoder;

    @Autowired
    public TokenWebSecurityConfig(UserDetailsService userDetailsService, DefaultPasswordEncoder defaultPasswordEncoder, TokenManager tokenManager) {
        this.userDetailsService = userDetailsService;
        this.defaultPasswordEncoder = defaultPasswordEncoder;
        this.tokenManager = tokenManager;
    }


    /**
     * 配置设置
     *
     * @param http httpSecurity配置对象
     * @throws Exception 异常
     */
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        /*
         * always – 如果session不存在总是需要创建;
         * ifRequired – 仅当需要时,创建session(默认配置);
         * never – 框架从不创建session,但如果已经存在,会使用该session ;
         * stateless – Spring Security不会创建session,或使用session;
         * 解决Feign调用时session丢失问题
         */
        http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.NEVER);
        /*
         * "migrateSession",即认证时,创建一个新http session,原session失效,属性从原session中拷贝过来
         * “none”,原session保持有效;
         * “newSession”,新创建session,且不从原session中拷贝任何属性。
         * 解决Feign调用时session丢失问题
         */
        http.sessionManagement().sessionFixation().none();
        http.exceptionHandling()
                .authenticationEntryPoint(new UnauthorizedEntryPoint())
                .and()
                .cors()
                .and()
                .csrf()
                .disable()
                .authorizeRequests()
                .anyRequest()
                .authenticated()
                .and()
                .logout()
                .logoutUrl("/center/logout")
                .addLogoutHandler(new TokenLogoutHandler(tokenManager))
                .and()
                .addFilter(new TokenLoginFilter(authenticationManager(), tokenManager))
                .addFilter(new TokenAuthenticationFilter(authenticationManager(), tokenManager))
                .httpBasic();

    }

    /**
     * 密码处理
     *
     * @param auth 权限管理创建者
     * @throws Exception 异常
     */
    @Override
    public void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService).passwordEncoder(defaultPasswordEncoder);
    }

    /**
     * 配置哪些请求不拦截
     *
     * @param web webSecurity配置对象
     * @throws Exception 异常
     */
    @Override
    public void configure(WebSecurity web) throws Exception {
        String[] matchers = {"/**/allowAuth/**", "/assets/**"};
        web.ignoring().antMatchers(matchers);
    }

}

DefaultPasswordEncoder

import com.wztsl.springboo.utils.Md5;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Component;

/**
 * @author szsw
 * @date 2023/2/3 19:46:52
 */
@Component
public class DefaultPasswordEncoder implements PasswordEncoder {
    /**
     * Encode the raw password. Generally, a good encoding algorithm applies a SHA-1 or
     * greater hash combined with an 8-byte or greater randomly generated salt.
     *
     * @param rawPassword 密码
     */
    @Override
    public String encode(CharSequence rawPassword) {
        return Md5.encrypt(rawPassword.toString());
    }

    /**
     * Verify the encoded password obtained from storage matches the submitted raw
     * password after it too is encoded. Returns true if the passwords match, false if
     * they do not. The stored password itself is never decoded.
     *
     * @param rawPassword     the raw password to encode and match
     * @param encodedPassword the encoded password from storage to compare with
     * @return true if the raw password, after encoding, matches the encoded password from
     * storage
     */
    @Override
    public boolean matches(CharSequence rawPassword, String encodedPassword) {
        if(rawPassword == null || encodedPassword == null){
            return false;
        }
        return encodedPassword.equals(Md5.encrypt(rawPassword.toString()));
    }
}

UnauthorizedEntryPoint

import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.AuthenticationEntryPoint;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

/**
 * @author szsw
 * @date 2023/2/3 19:47:06
 */
public class UnauthorizedEntryPoint implements AuthenticationEntryPoint {
    /**
     * Commences an authentication scheme.
     * <p>
     * <code>ExceptionTranslationFilter</code> will populate the <code>HttpSession</code>
     * attribute named
     * <code>AbstractAuthenticationProcessingFilter.SPRING_SECURITY_SAVED_REQUEST_KEY</code>
     * with the requested target URL before calling this method.
     * <p>
     * Implementations should modify the headers on the <code>ServletResponse</code> as
     * necessary to commence the authentication process.
     *
     * @param request       that resulted in an <code>AuthenticationException</code>
     * @param response      so that the user agent can begin authentication
     * @param authException that caused the invocation
     */
    @Override
    public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException, ServletException {

    }
}

5、Filter代码

TokenAuthenticationFilter

import com.wztsl.springboo.utils.ResponseUtil;
import com.wztsl.springboo.utils.StringUtils;
import com.wztsl.springboo.utils.TokenManager;
import com.wztsl.springboo.vo.Result;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.IOException;
import java.util.Collection;
import java.util.List;

import static com.wztsl.springboo.contants.StringConstant.*;

/**
 * @author szsw
 * @date 2023/2/3 19:47:36
 */
public class TokenAuthenticationFilter extends BasicAuthenticationFilter {

    private AuthenticationManager authenticationManager;
    private TokenManager tokenManager;

    public TokenAuthenticationFilter(AuthenticationManager authenticationManager, TokenManager tokenManager) {
        super(authenticationManager);
        this.authenticationManager = authenticationManager;
        this.tokenManager = tokenManager;
    }

    @Override
    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {
        String requestUri = request.getRequestURI();
        handing(request, response, chain, requestUri);
    }

    @SuppressWarnings("unchecked")
    private void handing(HttpServletRequest request, HttpServletResponse response, FilterChain chain, String requestUri) throws IOException, ServletException {
        HttpSession session = request.getSession();
        Object userObj = session.getAttribute(SESSION_USER);
        if (userObj != null) {
            UsernamePasswordAuthenticationToken auth = createUpat(request);
            if(auth == null){
                ResponseUtil.out(response, Result.error("没有权限!"));
            }
            SecurityContextHolder.getContext().setAuthentication(auth);
            List<SimpleGrantedAuthority> authorityList = (List<SimpleGrantedAuthority>) session.getAttribute(AUTH_LIST);
            boolean authFlag = authorityList.stream().anyMatch(t -> requestUri.contains(t.getAuthority()));
            if (authFlag) {
                chain.doFilter(request, response);
            }else{
                ResponseUtil.out(response, Result.error("没有权限!"));
            }
        } else {
            ResponseUtil.out(response, Result.error("请登录!"));
        }
    }

    @SuppressWarnings("unchecked")
    private UsernamePasswordAuthenticationToken createUpat(HttpServletRequest request) {
        String token = request.getHeader(TOKEN);
        if (StringUtils.isEmpty(token)) {
            return null;
        }
        String username = tokenManager.getUserFromToken(token);
        if (StringUtils.isEmpty(username)) {
            return null;
        }
        Object authList = request.getSession().getAttribute(AUTH_LIST);
        return new UsernamePasswordAuthenticationToken(username, token, (Collection<? extends GrantedAuthority>) authList);
    }


}

TokenLoginFilter

import com.fasterxml.jackson.databind.ObjectMapper;
import com.wztsl.springboo.utils.ResponseUtil;
import com.wztsl.springboo.utils.TokenManager;
import com.wztsl.springboo.vo.Result;
import com.wztsl.springboo.vo.SecurityUser;
import com.wztsl.springboo.vo.User;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.ArrayList;

import static com.wztsl.springboo.contants.StringConstant.AUTH_LIST;
import static com.wztsl.springboo.contants.StringConstant.SESSION_USER;

/**
 * @author szsw
 * @date 2023/2/3 19:47:46
 */
public class TokenLoginFilter extends UsernamePasswordAuthenticationFilter {

    private AuthenticationManager authenticationManager;
    private TokenManager tokenManager;

    public TokenLoginFilter(AuthenticationManager authenticationManager, TokenManager tokenManager) {
        this.authenticationManager = authenticationManager;
        this.tokenManager = tokenManager;
        this.setRequiresAuthenticationRequestMatcher(new AntPathRequestMatcher("/login"));
    }

    /**
     * 获取数据和返回响应的
     *
     * @param request  请求
     * @param response 响应
     * @return 认证
     * @throws AuthenticationException 认证过程中可能会由Spring抛出认证异常
     */
    @Override
    @SuppressWarnings("java:S112")
    public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {
        try {
            User user = new ObjectMapper().readValue(request.getInputStream(), User.class);
            UsernamePasswordAuthenticationToken authToken = new UsernamePasswordAuthenticationToken(user.getUsername(), user.getPassword(), new ArrayList<>());
            return authenticationManager.authenticate(authToken);
        } catch (IOException e) {
            throw new RuntimeException("认证失败!");
        }
    }

    /**
     * 认证成功
     *
     * @param request    请求
     * @param response   响应
     * @param chain      chain对象
     * @param authResult the object returned from the <tt>attemptAuthentication</tt>
     *                   method.
     * @throws IOException      认证过程中可能会由Spring抛出认证异常
     * @throws ServletException 认证过程中可能会由Spring抛出认证异常
     */
    @Override
    protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain chain, Authentication authResult) throws IOException, ServletException {
        SecurityUser securityUser = (SecurityUser) authResult.getPrincipal();
        String token = tokenManager.createToken(securityUser.getUsername());
        request.getSession().setAttribute(SESSION_USER, securityUser.getUser());
        request.getSession().setAttribute(AUTH_LIST, securityUser.getAuthorities());
        ResponseUtil.out(response, Result.ok().put("token", token));
    }

    /**
     * 认证失败
     *
     * @param request  请求
     * @param response 响应
     * @param e        认证异常
     */
    @Override
    protected void unsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response, AuthenticationException e) throws IOException, ServletException {
        ResponseUtil.out(response, Result.error("用户名或密码错误!"));
    }
}

TokenLogoutHandler

import com.wztsl.springboo.utils.TokenManager;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.logout.LogoutHandler;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/**
 * @author szsw
 * @date 2023/2/3 19:47:54
 */
public class TokenLogoutHandler implements LogoutHandler {

    private TokenManager tokenManager;

    public TokenLogoutHandler(TokenManager tokenManager) {
        this.tokenManager = tokenManager;
    }

    /**
     * Causes a logout to be completed. The method must complete successfully.
     *
     * @param request        the HTTP request
     * @param response       the HTTP response
     * @param authentication the current principal details
     */
    @Override
    public void logout(HttpServletRequest request, HttpServletResponse response, Authentication authentication) {

    }
}

6、service代码

UserDetailsServiceImpl

import com.wztsl.springboo.utils.Md5;
import com.wztsl.springboo.vo.SecurityUser;
import com.wztsl.springboo.vo.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;

import java.util.ArrayList;
import java.util.List;

/**
 * @author szsw
 * @date 2023/2/3 19:48:10
 */
@Service
public class UserDetailsServiceImpl implements UserDetailsService {
    /**
     * Locates the user based on the username. In the actual implementation, the search
     * may possibly be case sensitive, or case insensitive depending on how the
     * implementation instance is configured. In this case, the <code>UserDetails</code>
     * object that comes back may have a username that is of a different case than what
     * was actually requested..
     *
     * @param username the username identifying the user whose data is required.
     * @return a fully populated user record (never <code>null</code>)
     * @throws UsernameNotFoundException if the user could not be found or the user has no
     *                                   GrantedAuthority
     */
    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
        User user = new User();
        SecurityUser securityUser = new SecurityUser(user);
        if ("admin".equals(username)) {
            user.setPassword(Md5.encrypt("123456"));
            user.setUsername(username);
            List<String> authList = new ArrayList<>();
            authList.add("start/add");
            securityUser.setAuthList(authList);
        }
        return securityUser;
    }
}

7、maven依赖

<jwt.version>0.7.0</jwt.version>

<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
    <groupId>io.jsonwebtoken</groupId>
    <artifactId>jjwt</artifactId>
    <version>${jwt.version}</version>
</dependency>

XiangXi响希
关注
  • 1
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 打赏
    打赏
  • 0
    评论
专栏目录
springsecurity笔记
雪儿的博客
06-05 307
package com.imooc.security.browser; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.security.core.authority.AuthorityUtils; import org.springframework.sec...
SpringSecurity笔记
weixin_42437610的博客
11-07 1064
1. Spring Security学习 1.1 简介 安全框架就是解决系统安全的框架。如果没有安全框架,我们需要手动的处理每个资源的访问控制,这是非常麻烦的。使用了安全框架,我们可以通过配置的方式实现对资源的访问限制。 1.2 核心功能 认证 (你是谁) 认证:验证某个用户是否为系统中的合法主体,也就是说用户能否访问该系统。用户认证一般要求用户提供用户名和密码。系统通过校验用户名和密码来完成认证过程。通俗点说就是系统认为用户是否能登录 授权 (你能干什么) 授权指的是验证某个用户是否有权限执行
Spring Security系列(一):自定义AuthenticationFilter
u013244613的博客
03-27 1963
Spring Security自定义AuthenTokenFilter
自定义Spring Security过滤器 JwtAuthenticationTokenFilter
最新发布
zyx1234321的博客
11-19 456
这个过滤器的作用是在请求到达时验证 JWT,并将用户信息存储到 Spring Security 的上下文和 ThreadLocal 中,方便后续的权限验证和用户信息获取。放在所有过滤器前面,检查浏览器携带的token是否合法。
认证过滤器
Leon_Jinhai_Sun的博客
06-05 2207
认证
jwt+token验证
qq_51127361的博客
09-19 2049
导入依赖 <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency> <dependency> <groupId
SpringSecurity 实现token 认证
qq_45535340的博客
06-07 4615
实现token 认证
Spring Security 资料合集
01-24
Spring Security 是一个强大的安全框架,主要用于Java应用的安全管理,它为Web应用和企业级应用提供了全面的安全服务。这个框架能够处理认证、授权以及各种安全相关的功能,帮助开发者构建安全、可扩展的应用。以下...
springsecurity6.x实战学习笔记,可完美的移植到生产环境
03-28
本实战学习笔记聚焦于如何利用SpringBoot 3.x集成SpringSecurity 6.x,实现灵活的用户认证和授权机制。 首先,SpringBoot 3.x是Spring框架的最新稳定版本,它提供了自动配置、内嵌Web服务器等特性,使得快速开发变...
Spring Security笔记
08-14
以下是一些常见的Spring Security笔记: 1. Spring Security的核心概念:Spring Security基于一些核心概念,如认证(Authentication)、授权(Authorization)、用户(User)、角色(Role)等。了解这些概念对于...
韩顺平Spring笔记
04-30
《韩顺平Spring笔记》是针对Java开发人员深入学习Spring框架的重要参考资料,它源自知名IT教育专家韩顺平的Spring教程。这篇笔记详尽地记录了Spring的核心概念、使用方法和实战技巧,对于理解Spring的工作原理和提升...
SpringSecurity系列文章学习笔记
weixin_38370441的博客
04-13 882
SpringSecurity系列文章学习笔记学习链接第一篇:入门程序第二篇:自动登录第三篇:异常处理第四篇:自定义表单登录第五章:权限控制第六章:登录管理第七章:认证流程第八章:短信验证码登录 学习链接 https://blog.csdn.net/yuanlaijike/category_9283872.html 第一篇:入门程序 文章目录: 一、导入依赖 二、创建数据库 三、准备页面 四、配置application.properties 配置了数据库驱动、URL、账户密码、开启mybatis的部分配置 五
spring boot中常用的安全框架 Security框架 利用Security框架实现用户登录验证token和用户授权(接口权限控制)
Json的知识梦工厂
07-23 5025
org.springframework.security.crypto.password.PasswordEncoder 接口。
SpringSecurity安全框架
weixin_60257072的博客
12-11 3157
1、框架介绍Spring 是一个非常流行和成功的 Java 应用开发框架。Spring Security 基于 Spring 框架,提供了一套 Web 应用安全性的完整解决方案。一般来说,Web 应用的安全性包括用户认证()和用户授权()两个部分。(1)用户认证指的是:验证某个用户是否为系统中的合法主体,也就是说用户能否访问该系统。用户认证一般要求用户提供用户名和密码。系统通过校验用户名和密码来完成认证过程。(2)用户授权指的是验证某个用户是否有权限执行某个操作。
SpringBoot+SpringSecurity+JWT实现认证和授权
热门推荐
oyc的博客
01-17 5万+
一、背景: 在 B/S 系统中,登录功基本都是依靠 Cookie 来实现的,用户登录成功之后主要需要客户端和服务端完成以下两项工作: (1)服务端将登录状态记录到 Session 中,或者签发Token; (2)客户端利用Cookie保存于服务端对应的 Session ID 或 Token。之后每次请求都会带上Cookie信息(包含Session ID或者Token),当服务端收到请求后,通过验证 Cookie 中的信息来判断用户是否登录 。 单点登录:单点登录(Single Sign On, S.
spring-security+jwt认证
weixin_40361868的博客
05-05 217
SpringSecurity的最基本的使用(没有深入的查看源码) security依赖导入 <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dep...
请求时,校验accessToken访问令牌
随风why
11-03 563
校验accessToken
第8章 Spring Security 会话
Shiro框架02
10-20 2507
本章节就学习Spring Security会话的应用。例如,配置会话并发数、会话固定攻击与防御、Session共享等等。 会话并发管理 会话并发管理是指当前用户可以在系统存在多少会话,默认情况,会话是没有限制。当然我们配置一个用户只能有一个会话,这样就可以显示踢人下线。 配置 基于前面配置改造,这里主要罗列最主要的配置代码 @Configuration public class UserWebSecurityConfig extends WebSecurityConfigurerAdapter {
SpringSecurity-10-Session会话管理
zhoubangbang1的博客
03-29 1929
SpringSecurity-10-Session会话管理理解Session Http协议是一种无状态协议所以当服务端需要记录用户的状态时,需要某种机制用于识别用户,这个机制就是Session。服务器通过和用户约定每一个请求携带一个id信息,用于统一用户的请求有了管理,并且区分不同用户。基于session方案,为让用户请求都携带同一个id,并且不妨碍用户体验的情况下,选择cookie作为载体是一个不错的选择,用户第一次访问服务器的时候,没有携带id,服务器端会生成sessionid:session键值对,并
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包

打赏作者

XiangXi响希

你的鼓励将是我创作的最大动力

¥1 ¥2 ¥4 ¥6 ¥10 ¥20
扫码支付:¥1
获取中
扫码支付

您的余额不足,请更换扫码支付或充值

打赏作者

实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值