1、在pom.xml中添加security和jwt的相关依赖,并在启动类上添加注解@EnableWebSecurity
<!-- 权限相关依赖(security和jwt)-->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
<version>2.0.4.RELEASE</version>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt</artifactId>
<version>0.9.1</version>
</dependency>
2、在application.yml中配置mysql及jwt等
server:
port: 9696
servlet:
context-path: /demo
spring:
datasource:
driver-class-name: com.mysql.jdbc.Driver
url: jdbc:mysql://127.0.0.1:3306/security-jwt?useUnicode=true&characterEncoding=utf8&allowMultiQueries=true&useSSL=false&serverTimezone=GMT%2B8
username: root
password: 12345
jpa:
show-sql: true
mybatis-plus:
mapper-locations: classpath:/mapper/*Mapper.xml
type-aliases-package: com.lan.demo.entity
configuration:
map-underscore-to-camel-case: true
logging:
level:
com.lan.demo.mapper: debug
jwt:
tokenHeader: Authorization
tokenPrefix: Bearer
secret: lanjwt
expiration: 3600
rememberExpiration: 604800
3、新建用户实体类,实现userDetails的方法,用于用户登录的授权验证
/**
* @author: Lan
* @date: 2019/4/9 11:28
* @description:登录成功返回
*/
@Data
public class LoginSuccessVO {
/**
* 用户编号
*/
private String userId;
/**
* 用户手机号码
*/
private String userPhone;
/**
* 角色信息
*/
private List<String> roles;
/**
* 用户名
*/
private String name;
}
/**
* @author: Lan
* @date: 2019/4/8 14:07
* @description:用于校验的用户对象
*/
@Data
public class UserDTO extends LoginSuccessVO implements UserDetails {
/**
* 是否记住密码
*/
private Boolean remember;
/**
* 用户名
*/
private String userName;
/**
* 用户密码
*/
private String userPassword;
/**
* 获取权限信息
*
* @return
*/
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
List<GrantedAuthority> grantedAuthorities =
getRoles().stream().map(roleName -> new SimpleGrantedAuthority("ROLE_" + roleName)).collect(Collectors.toList());
return grantedAuthorities;
}
@Override
public String getPassword() {
return userPassword;
}
@Override
public String getUsername() {
return userName;
}
/**
* 账户是否未过期
*
* @return
*/
@Override
public boolean isAccountNonExpired() {
return true;
}
/**
* 账户是否未锁定
*
* @return
*/
@Override
public boolean isAccountNonLocked() {
return true;
}
/**
* 账户凭证是否未过期
*
* @return
*/
@Override
public boolean isCredentialsNonExpired() {
return true;
}
@Override
public boolean isEnabled() {
return true;
}
}
4、在业务逻辑层重写UserDetailsService的loadUserByUsername方法,按实际需求来写相对应的“验证规则”即登录成功的评判或标准,返回实现UserDetails的userDTO对象。