SpringSecurity实现JWT模式的登录的简单实现步骤
源码代码托管在gitee上了源码可自行下载
- 写好common的工具类模块
- 写好RsaKeyProperties配置
(1)重写父类UsernamePasswordAuthenticationFilter的attemptAuthentication认证方法:
原本认证信息是从post表单获取,现在要从异步请求中获取
(2)重写的UsernamePasswordAuthenticationFilter父类AbstractAuthenticationProcessingFilter的successfulAuthentication方法。即用于认证成功后发送给客户端的信息操作 - 在我们SpringSecurity的配置文件中进行配置
(1)添加我们的写的两个拦截器(步骤二中完成的两个拦截器)
//添加登录拦截器
http.addFilter(new JwtLoginFilter(super.authenticationManager(),rsaKeyProperties));
//添加认真返回的拦截器
http.addFilter(new JwtVerifyFilter(super.authenticationManager(),rsaKeyProperties));
(2)禁用session管理,因为我们已经使用的是token,不在使用session了
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
- 注意坑,不然会有很多麻烦的操作
(1)角色类需要继承GrantedAuthority
@Data
@Setter
@Getter
@NoArgsConstructor
@AllArgsConstructor
public class SystemRole implements GrantedAuthority {
private String rName;
@JsonIgnore
@Override
public String getAuthority() {
return rName;
}
}
(2)用户类需要继承UserDetails
@Data
@Setter
@Getter
@NoArgsConstructor
@AllArgsConstructor
public class SystemUser implements UserDetails {
private String username;
private String password;
private List<SystemRole> roles;
public void setUsername(String username) {
this.username = username;
}
public void setPassword(String password) {
this.password = password;
}
public List<SystemRole> getRoles() {
return roles;
}
public void setRoles(List<SystemRole> roles) {
this.roles = roles;
}
//复写父类方法
@Override
public String getPassword() {
return password;
}
@Override
public String getUsername() {
return username;
}
//实现接口
@JsonIgnore
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
return roles;
}
@JsonIgnore
@Override
public boolean isAccountNonExpired() {
return true;
}
@JsonIgnore
@Override
public boolean isAccountNonLocked() {
return true;
}
@JsonIgnore
@Override
public boolean isCredentialsNonExpired() {
return true;
}
@JsonIgnore
@Override
public boolean isEnabled() {
return true;
}
}