前后端分离通过SpringSecurity+JWT实现权限控制

最新推荐文章于 2024-04-18 19:15:59 发布
最新推荐文章于 2024-04-18 19:15:59 发布
阅读量1.1k 收藏 8
点赞数 1
文章标签: java spring boot
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/qq_42190578/article/details/107133844
版权

SpringSecurity+JWT

在这里插入图片描述
我丢到了一个包下没有细分,请勿模仿

数据库表

在这里插入图片描述
在这里插入图片描述
在这里插入图片描述
在这里插入图片描述
在这里插入图片描述

application.yml

jwt:
  secret: secret
  expiration: 7200000
  token: Authorization

SecurityUserDetails

这里继承了我自己的实体类

package com.experiment.blog.security;


import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.experiment.blog.mapper.UserBlogMapper;
import com.experiment.blog.pojo.DTO.UserUpload;
import com.experiment.blog.pojo.UserBlog;
import com.experiment.blog.service.UserBlogService;
import lombok.Data;
import lombok.EqualsAndHashCode;
import lombok.experimental.Accessors;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import java.util.Collection;

@Data
@EqualsAndHashCode(callSuper = false)
@Accessors(chain = true)
public class SecurityUserDetails extends UserBlog implements UserDetails {
    private Collection<? extends GrantedAuthority> authorities;


    public SecurityUserDetails(String userName, String password, Collection<? extends GrantedAuthority> authorities){       this.authorities = authorities;
        this.setUsername(userName);
        this.setPassword(password);
        this.setAuthorities(authorities);
    }
    /**
     * 账户是否过期
     * @return
     */
    @Override
    public boolean isAccountNonExpired() {
        return true;
    }

    /**
     * 是否禁用
     * @return
     */
    @Override
    public boolean isAccountNonLocked() {
        return true;
    }

    /**
     * 密码是否过期
     * @return
     */
    @Override
    public boolean isCredentialsNonExpired() {
        return true;
    }

    /**
     * 是否启用
     * @return
     */
    @Override
    public boolean isEnabled() {
        return true;
    }
}

UserDetailsService

这里RoleBlog实体类要实现GrantedAuthority接口,实现它的getAuthority方法,返回权限名roleName

package com.experiment.blog.security;

import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.experiment.blog.exception.MyDefineException;
import com.experiment.blog.pojo.RoleBlog;
import com.experiment.blog.pojo.UserBlog;
import com.experiment.blog.service.*;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;

import java.util.ArrayList;
import java.util.List;

@Service
public class JwtUserDetailsService implements UserDetailsService {

   @Autowired
    UserBlogService userBlogService;
    @Autowired
    RoleBlogService roleBlogService;
    @Autowired
    RoleUserBlogService roleUserBlogService;
    @Override
    /**
     * 这里通过UserName从数据库里取出权限和密码

     */
    public UserDetails loadUserByUsername (String userName) throws UsernameNotFoundException {
        System.out.println("JwtUserDetailsService:" + userName);
        Long userId = userBlogService.getIdByUserName(userName);
        if (null==userId){
            throw new UsernameNotFoundException("用户名不存在");
        }
        List<Long> roleIds = roleUserBlogService.getRoleIdByUserId(userId);
        String password = userBlogService.getOne(new QueryWrapper<UserBlog>().eq("username",userName)).getPassword();
        return new SecurityUserDetails(userName,password,roleBlogService.list(new QueryWrapper<RoleBlog>().in("role_id",roleIds)));
    }
}

JWT模块

JwtTokenUtil

package com.experiment.blog.security;

import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Clock;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import io.jsonwebtoken.impl.DefaultClock;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.stereotype.Component;

import java.io.Serializable;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import java.util.function.Function;

@Component
public class JwtTokenUtil implements Serializable {
    private static final long serialVersionUID = -3301605591108950415L;

    @Value("${jwt.secret}")
    private  String secret;

    @Value("${jwt.expiration}")
    private Long expiration;

    @Value("${jwt.token}")
    private String tokenHeader;

    private Clock clock = DefaultClock.INSTANCE;

    public String generateToken(UserDetails userDetails) {
        Map<String, Object> claims = new HashMap<>();
        claims.put(tokenHeader,userDetails.getUsername());
        claims.put("created",new Date());
        return doGenerateToken(claims, userDetails.getUsername());
    }

    private String doGenerateToken(Map<String, Object> claims, String subject) {
        final Date createdDate = clock.now();
        final Date expirationDate = calculateExpirationDate(createdDate);

        return Jwts.builder()
                .setClaims(claims)
                .setSubject(subject)
                .setIssuedAt(createdDate)
                .setExpiration(expirationDate)
                .signWith(SignatureAlgorithm.HS512, secret)
                .compact();
    }

    private Date calculateExpirationDate(Date createdDate) {
        return new Date(createdDate.getTime() + expiration);
    }

    public Boolean validateToken(String token, UserDetails userDetails) {
        SecurityUserDetails user = (SecurityUserDetails) userDetails;
        final String username = getUsernameFromToken(token);
        return (username.equals(user.getUsername())
                && !isTokenExpired(token)
        );
    }

    public String getUsernameFromToken(String token) {
        return getClaimFromToken(token, Claims::getSubject);
    }

    public <T> T getClaimFromToken(String token, Function<Claims, T> claimsResolver) {
        final Claims claims = getAllClaimsFromToken(token);
        return claimsResolver.apply(claims);
    }

    private Claims getAllClaimsFromToken(String token) {
        return Jwts.parser()
                .setSigningKey(secret)
                .parseClaimsJws(token)
                .getBody();
    }


    private Boolean isTokenExpired(String token) {
        final Date expiration = getExpirationDateFromToken(token);
        return expiration.before(clock.now());
    }

    public Date getExpirationDateFromToken(String token) {
        return getClaimFromToken(token, Claims::getExpiration);
    }
}

JwtAuthorizationTokenFilter

package com.experiment.blog.security;

import io.jsonwebtoken.ExpiredJwtException;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.stereotype.Component;
import org.springframework.web.filter.OncePerRequestFilter;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

@Component
public class JwtAuthorizationTokenFilter extends OncePerRequestFilter {
    private final UserDetailsService userDetailsService;
    private final JwtTokenUtil jwtTokenUtil;
    private final String tokenHeader;

    public JwtAuthorizationTokenFilter(@Qualifier("jwtUserDetailsService") UserDetailsService userDetailsService,
                                       JwtTokenUtil jwtTokenUtil, @Value("${jwt.token}") String tokenHeader) {
        this.userDetailsService = userDetailsService;
        this.jwtTokenUtil = jwtTokenUtil;
        this.tokenHeader = tokenHeader;
    }

    @Override
    protected void doFilterInternal (HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws ServletException, IOException {
        final String requestHeader = request.getHeader(this.tokenHeader);
        String username = null;
        String authToken = null;
        if (requestHeader != null && requestHeader.startsWith("Bearer ")) {
            authToken = requestHeader.substring(7);
            try {
                username = jwtTokenUtil.getUsernameFromToken(authToken);
            } catch (ExpiredJwtException e) {
            }
        }

        if (username != null && SecurityContextHolder.getContext().getAuthentication() == null) {

            UserDetails userDetails = this.userDetailsService.loadUserByUsername(username);

            if (jwtTokenUtil.validateToken(authToken, userDetails)) {
                UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
                SecurityContextHolder.getContext().setAuthentication(authentication);
            }

        }
        chain.doFilter(request, response);
    }
}

JwtAuthenticationEntryPoint

没有凭证时的处理

package com.experiment.blog.security;

import com.alibaba.fastjson.JSON;
import com.experiment.blog.common.CommonResult;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.stereotype.Component;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;

@Component
public class JwtAuthenticationEntryPoint implements AuthenticationEntryPoint {
    //没有凭证时走这里
    @Override
    public void commence (HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException e) throws IOException, ServletException {
        System.out.println("JwtAuthenticationEntryPoint:"+e.getMessage());
        returnFailure(httpServletResponse);
    }
    public void returnFailure(HttpServletResponse response) throws IOException{
        response.setCharacterEncoding("utf-8");
        response.setContentType("application/json;charset=utf-8");
        PrintWriter writer = response.getWriter();
        CommonResult commonResult = new CommonResult<>(403,"没有凭证");
        writer.write(JSON.toJSONString(commonResult));
        writer.flush();
    }
}

获取传入的用户名密码

UsernamePasswordFilter

package com.experiment.blog.security;

import com.experiment.blog.exception.MyDefineException;
import com.fasterxml.jackson.databind.ObjectMapper;
import org.springframework.http.MediaType;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.Map;

public class UsernamePasswordFilter extends UsernamePasswordAuthenticationFilter {
    @Override
    public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {
        if(MediaType.APPLICATION_JSON_VALUE.equals(request.getContentType())){
            String username=null;
            String password=null;
            try{
//                Map<String,String > map = new ObjectMapper().readValue(request.getInputStream(), Map.class);
                username =request.getParameter("username");
                password=request.getParameter("password");
            }catch (Exception e){
                throw new MyDefineException(405,"传入账号密码出错");
            }
            if(username==null){ throw new MyDefineException(405,"用户名为空");};
            if(password==null){throw new MyDefineException(405,"密码为空");}
            username = username.trim();
            UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username, password);
            this.setDetails(request, authRequest);
            return this.getAuthenticationManager().authenticate(authRequest);
        }

        return super.attemptAuthentication(request, response);
    }
}

验证访问权限

MyInvocationSecurityMetadataSourceService

package com.experiment.blog.security;

import com.experiment.blog.pojo.DTO.RolePermission;
import com.experiment.blog.service.PermissionBlogService;
import com.experiment.blog.service.RolePermissionBlogService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.SecurityConfig;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.stereotype.Component;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.util.*;

@Component
public class MyInvocationSecurityMetadataSourceService implements FilterInvocationSecurityMetadataSource {

    @Autowired
    PermissionBlogService permissionBlogService;
    @Autowired
    RolePermissionBlogService rolePermissionBlogService;
    private static HashMap<String,Collection<ConfigAttribute>> map = null;
    @Override
    public Collection<ConfigAttribute> getAttributes (Object o) throws IllegalArgumentException {
        if (null == map){
            loadResourceDefine();
        }
        HttpServletRequest request = ((FilterInvocation)o).getHttpRequest();
        for (Iterator<String> it = map.keySet().iterator();it.hasNext();){
            String url = it.next();
            if (new AntPathRequestMatcher(url).matches(request)){
                return map.get(url);
            }
        }
        return null;
    }

    /**
     * 初始化资源
     */
    public void loadResourceDefine(){
        map=new HashMap<>(16);
        List<RolePermission> rolePermissions = rolePermissionBlogService.getRolePermission();
        rolePermissions.forEach(rolePermission -> {
            String url = rolePermission.getPermissionUrl();
            ConfigAttribute role = new SecurityConfig(rolePermission.getRoleName());
            if (map.containsKey(url)){
                map.get(url).add(role);
            }
            else {
                List<ConfigAttribute> list = new ArrayList<>();
                list.add(role);
                map.put(url,list);
            }
        });

    }

    @Override
    public Collection<ConfigAttribute> getAllConfigAttributes () {
        return null;
    }

    @Override
    public boolean supports (Class<?> aClass) {
        return true;
    }
}

MyAccessDecisionManager

package com.experiment.blog.security;

import org.mybatis.logging.Logger;
import org.mybatis.logging.LoggerFactory;
import org.springframework.security.access.AccessDecisionManager;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.authentication.InsufficientAuthenticationException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.stereotype.Component;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.Collection;
import java.util.Iterator;

@Component
public class MyAccessDecisionManager implements AccessDecisionManager {
    private final static Logger logger = LoggerFactory.getLogger(MyAccessDecisionManager.class);
    /**
     * 通过传递的参数来决定用户是否有访问对应受保护对象的权限
     *
     * @param authentication 包含了当前的用户信息,包括拥有的权限。这里的权限来源就是前面登录时UserDetailsService中设置的authorities。
     * @param o  就是FilterInvocation对象,可以得到request等web资源
     * @param collection configAttributes是本次访问需要的权限
     */
    @Override
    public void decide (Authentication authentication, Object o, Collection<ConfigAttribute> collection) throws AccessDeniedException, InsufficientAuthenticationException {
        if(null == collection || 0>=collection.size()){
            return;
        }
        else {
            String needRole;
            for(Iterator<ConfigAttribute> iter = collection.iterator(); iter.hasNext(); ) {
                needRole = iter.next().getAttribute();
                for(GrantedAuthority ga : authentication.getAuthorities()) {
                    if(needRole.trim().equals(ga.getAuthority().trim())) {
                        return;
                    }
                }
            }
            throw new AccessDeniedException("当前访问没有权限");
        }
    }

    @Override
    public boolean supports (ConfigAttribute configAttribute) {
        return true;
    }

    @Override
    public boolean supports (Class<?> aClass) {
        return true;
    }
}

MyFilterSecurityInterceptor

package com.experiment.blog.security;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.security.SecurityProperties;
import org.springframework.security.access.SecurityMetadataSource;
import org.springframework.security.access.intercept.AbstractSecurityInterceptor;
import org.springframework.security.access.intercept.InterceptorStatusToken;
import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
import org.springframework.stereotype.Component;

import javax.servlet.*;
import java.io.IOException;

@Component
public class MyFilterSecurityInterceptor extends AbstractSecurityInterceptor implements Filter {
    @Autowired
    private FilterInvocationSecurityMetadataSource securityMetadataSource;

    @Autowired
    public void setMyAccessDecisionManager(MyAccessDecisionManager myAccessDecisionManager)
    {
        super.setAccessDecisionManager(myAccessDecisionManager);
    }
    @Override
    public Class<?> getSecureObjectClass() {
        return FilterInvocation.class;
    }

    @Override
    public SecurityMetadataSource obtainSecurityMetadataSource() {
        return this.securityMetadataSource;
    }

    @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        FilterInvocation fi = new FilterInvocation(servletRequest, servletResponse, filterChain);
        invoke(fi);
    }

    public void invoke(FilterInvocation fi) throws IOException, ServletException {

        InterceptorStatusToken token = super.beforeInvocation(fi);
        try {
            //执行下一个拦截器
            fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
        } finally {
            super.afterInvocation(token, null);
        }
    }
}

登陆成功返回token

LoginSuccessHandler

package com.experiment.blog.security;

import com.alibaba.fastjson.JSON;
import com.experiment.blog.common.CommonResult;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.stereotype.Component;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.HashMap;
import java.util.Map;

@Component
public class LoginSuccessHandler implements AuthenticationSuccessHandler {
    @Autowired
    UserDetailsService userDetailsService;
    @Autowired
    private JwtTokenUtil jwtTokenUtil;
    @Override
    public void onAuthenticationSuccess (HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException {
        final UserDetails userDetails = userDetailsService.loadUserByUsername(authentication.getName());
        final String token = jwtTokenUtil.generateToken(userDetails);
        returnToken(httpServletResponse,token);
    }
    public void returnToken(HttpServletResponse response,String token) throws IOException {
        response.setCharacterEncoding("utf-8");
        response.setContentType("application/json;charset=utf-8");
        PrintWriter writer = response.getWriter();
        Map<String,String> map=new HashMap<>();
        map.put("token",token);
        CommonResult<Map<String, String>> mapCommonResult = new CommonResult<>(200,"登入成功",map);
        writer.write(JSON.toJSONString(mapCommonResult));
        writer.flush();
    }
}

登陆失败

LoginFailureHandler

package com.experiment.blog.security;

import com.alibaba.fastjson.JSON;
import com.experiment.blog.common.CommonResult;
import com.experiment.blog.exception.MyDefineException;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.stereotype.Component;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.HashMap;
import java.util.Map;

@Component
public class LoginFailureHandler implements AuthenticationFailureHandler {
    @Override
    public void onAuthenticationFailure (HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException e) throws IOException, ServletException {
        returnFailure(httpServletResponse);
    }
    public void returnFailure(HttpServletResponse response) throws IOException{
        response.setCharacterEncoding("utf-8");
        response.setContentType("application/json;charset=utf-8");
        PrintWriter writer = response.getWriter();
        CommonResult commonResult = new CommonResult<>(401,"用户名或密码错误");
        writer.write(JSON.toJSONString(commonResult));
        writer.flush();
    }
}

SecurityConfig

package com.experiment.blog.security;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.util.DigestUtils;

@Configuration
@EnableWebSecurity //开启Security
@EnableGlobalMethodSecurity(prePostEnabled = true)//判断用户对某个控制层的方法是否具有访问权限
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Autowired
    JwtAuthenticationEntryPoint jwtAuthenticationEntryPoint;
    @Autowired
    JwtUserDetailsService jwtUserDetailsService;
    @Autowired
    JwtAuthorizationTokenFilter jwtAuthorizationTokenFilter;
    @Autowired
    LoginSuccessHandler loginSuccessHandler;
    @Autowired
    LoginFailureHandler loginFailureHandler;

    //先来这里认证一下
    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService( jwtUserDetailsService ).passwordEncoder( new PasswordEncoder() {
            //对密码进行加密
            @Override
            public String encode(CharSequence charSequence) {
                System.out.println("/*********charSequence.toString()"+charSequence.toString());
                return new BCryptPasswordEncoder().encode(charSequence);
            }
            //对密码进行判断匹配
            @Override
            public boolean matches(CharSequence charSequence, String s) {
                BCryptPasswordEncoder bCryptPasswordEncoder = new BCryptPasswordEncoder();
                return bCryptPasswordEncoder.matches(charSequence,s);
            }
        } );

    }

    //拦截在这配
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.cors().and().csrf().disable()
                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                .and()
                .authorizeRequests()
                .antMatchers("/login**","/blog/user-blog/insert").permitAll()
                .anyRequest().authenticated();


        http.addFilterAt(usernamePasswordFilter(),UsernamePasswordAuthenticationFilter.class)
             .addFilterBefore(jwtAuthorizationTokenFilter, UsernamePasswordAuthenticationFilter.class);
    }
    //加密

    @Bean
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }
    @Override
    public void configure(WebSecurity web){
        web.ignoring().antMatchers("/js/**","/css/**","/fail_url","/static/**","/img/**","/img/carousel/**","/swagger-ui.html","/webjars/**","/v2/**","/swagger-resources/**");
    }
    @Bean
    public UsernamePasswordFilter usernamePasswordFilter() throws Exception {
        UsernamePasswordFilter filter=new UsernamePasswordFilter();
        //重用WebSecurityConfigurerAdapter配置的AuthenticationManager
        filter.setAuthenticationManager(super.authenticationManager());
        filter.setFilterProcessesUrl("/login");
        filter.setAuthenticationSuccessHandler(loginSuccessHandler);
        filter.setAuthenticationFailureHandler(loginFailureHandler);
        return filter;
    }

参考

  • https://www.cnblogs.com/pjjlt/p/10960690.html
  • https://www.cnblogs.com/foshuo-cv/archive/2020/05/07/12842075.html
梧桐落ccccccccc
关注
  • 1
    点赞
  • 8
    收藏
    觉得还不错? 一键收藏
  • 1
    评论
springboot + spring security + jwt实现api权限控制
qq_35494808的博客
08-09 2万+
1、在pom.xml中添加securityjwt的相关依赖,并在启动类上添加注解@EnableWebSecurity <!-- 权限相关依赖(securityjwt)--> <dependency> <groupId>org.springframework.boot</groupId> ...
权限管理与jwt鉴权
骚戴的博客
10-14 937
权限管理与jwt鉴权
SpringBoot集成JWT token实现权限验证
m0_63077733的博客
09-01 785
经过Base64 Url编码后形成的JWT的第一部分。,通过Base64 Url编码后形成JWT的第三部分。signature--签名。使用标头的算法和私钥对。Payload---有效负载。JDK1.8以下的加入JWT依赖即可。JDK1.8以下的加入JWT依赖即可。JDK1.8以上的还要加上以下依赖。,以Base64进行编码。JDK1.8以上的加上其他。Header:标头。
使用springbootspringSecurityjwt实现基于token的权限管理
kandan_cc的博客
04-18 440
首先进行用户的注册登录获取请求头获取到请求头后就可以携带请求头进行有关权限的测试了,这里就不在描述。
Spring Security整合JWT实现权限认证和授权
weixin_45818966的博客
11-05 4127
关于spring security整合jwt实现前后端权限认证和授权管理
基于若依框架springsecurity添加多种用户登录解决方案(springsecurity多用户登录:前端用户、后端用户)
rg10szc的博客
03-17 1万+
自己需求如下(多种用户登录): 后端pc管理员账号、手机app用户,若依框架使用springsecurity框架到验证数据库那一步只能继承UserDetailsService(String username)这个方法,而且只能传递一个username,由于我是多张用户表,就自己想了个方案解决这个问题(把username改成JSON:{username:"admin",userType:"admin"}字符串),为了尽量少改若依原框架,且满足自己项目需求。熟悉springsecurity的可以修改增加filt
基于springBoot+springSecurity+jwt实现前后端分离用户权限认证
12-09
springSecurity也有很多种权限认证方式,本项目主要实现基于接口授权,也就是说通过注解给controller赋予权限,用户只有拥有某个接口的权限才能成功访问这个接口,从而实现不同用户拥有不同访问权限;
Spring-Boot结合Security+JWT 简单实现前后端分离用户登录、授权案例
07-12
Spring-Security结合JWT 实现前后端分离完成权限验证功能案例,案例中,主要完成用户登录获取Token,通过Token访问Rest接口,没有权限或授权失败时返回JSON,前端根据状态码进行重新登录;案例中的用户名称: jake_j...
SpringBoot+Vue前后端分离,使用SpringSecurity完美处理权限问题
10-12
转载他人 https://blog.csdn.net/u012702547/article/details/79010010 https://blog.csdn.net/u012702547/article/details/79019510
基于Springboot+Springsecurity+jwt+redis+vue的前后端分离权限系统
最新发布
05-15
该项目利用了基于springboot + vue + mysql的开发模式框架实现的课设系统,包括了项目的源码资源、sql文件、相关指引文档等等。 【项目资源】:包含前端、后端、移动开发、操作系统、人工智能、物联网、信息化管理...
Springboot前后端分离JWT+Security+Redis实现登录拦截及权限认证,包含全局异常处理以及统一返回风格
12-25
Springboot前后端分离JWT+Security+Redis实现登录拦截及权限认证,包含全局异常处理以及统一返回风格
jwt + spring security 登陆验证和权限管理
04-19
一个Spring Security+JWT认证和授权的demo,此demo为Spring安全性与OAuth(1a)和OAuth2结合使用提供了支持。它提供了在Spring安全编程模型和配置下实现分布式无状态授权。
Spring Boot+Spring Security+JWT 实现 RESTful Api 认证 (一)
热门推荐
https://gitee.com/micai-code
09-13 9万+
摘要:用spring-boot开发RESTful API非常的方便,在生产环境中,对发布的API增加授权保护是非常必要的。现在我们来看如何利用JWT技术为API增加授权保护,保证只有获得授权的用户才能够访问API。 一:开发一个简单的API 在IDEA开发工具中新建一个maven工程,添加对应的依赖如下: <dependency> <gro...
Spring 授权 (Authorization) 流程要点
小汤圆
08-16 444
授权前提 所有的认证令牌对象Authentication保存了一组GrantedAuthority对象,表示授予访问者(当事人principal)的权限。 GrantedAuthority对象是被AuthenticationManager在认证访问者期间插入到Authentication中的。这些GrantedAuthority对象会被AccessDecisionManager在对该访问者对于某个安全对象做出授权决定时使用; GrantedAuthority是一个接口,仅有一个方法定义String get.
jwt如何防止token被窃取_SpringBoot系列之前后端接口安全技术JWT
weixin_39847437的博客
11-22 6028
作者|smileNicky来源 |cnblogs.com/mzq123/p/13278935.html1.什么是JWT?JWT的全称为Json Web Token (JWT),是目前最流行的跨域认证解决方案,是在网络应用环境间传递声明而执行的一种基于JSON的开放标准((RFC 7519),JWT 是一种JSON风格的轻量级的授权和身份认证规范,可实现无状态、分布式的W...
springboot+springsecurity+mybatis+JWT+Redis 实现前后端离(实战篇)
zzxzzxhao的博客
10-26 5万+
写在开头:这篇是实战篇,即默认各位看官具备相应的基础 目录 一、springboot 1.新建项目 2.application.yml的配置 3.写一个小demo 二、druid 三、springsecurity 1.引入相关依赖 2.写了几个工具类 3.实现springsecurity各个核心接口,处理用户各种状态 2.权限访问控制 3.jwt生成token的工具类 4...
史上最简单的Spring Security教程(二十一):AccessDecisionManager简介及自定义访问决策管理器
银河架构师的博客
08-10 1万+
AccessDecisionManager顾名思义,访问决策管理器。 Makesafinalaccesscontrol(authorization)decision 做出最终的访问控制(授权)决定。 而常用的AccessDecisionManager有三个,分别介绍一下其权限决策逻辑。 AffirmativeBased Spring Security框架默认的AccessDecisionManager。 /** * Simple concrete ...
前后端分离 SpringBoot整合SpringSecurity权限控制(动态拦截url)
摸鱼佬的博客
11-26 1万+
前后端分离 SpringBoot整合SpringSecurity权限控制 Spring Security是一个功能强大且可高度自定义的身份验证和访问控制框架。它是保护基于Spring的应用程序的事实上的标准。 Spring Security是一个专注于为Java应用程序提供身份验证和授权的框架。与所有Spring项目一样,Spring Security的真正强大之处在于它可以轻松扩展以满足自定义要...
JwtTokenUtil
qq_37377082的博客
02-27 2566
import io.jsonwebtoken.Claims; import io.jsonwebtoken.Jwts; import io.jsonwebtoken.SignatureAlgorithm; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Value; import org.springframework.security.c
spring securityjwt和redis实现前后端分离
05-31
好的,这是一个关于Spring SecurityJWT和Redis实现前后端分离的问题。 首先,Spring Security是一个基于Spring框架的安全框架,可以用来实现用户认证、授权等功能。 JWT(JSON Web Token)是一种用于在网络上...

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论 1
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值