SpringSecurity+JWT使用

小白划水

已于 2022-05-12 21:30:45 修改

阅读量1.5k

点赞数 1

文章标签： java

于 2022-03-20 22:30:32 首次发布

本文链接：https://blog.csdn.net/qq_42218187/article/details/123623413

版权

该博客详细介绍了如何在Java项目中结合SpringSecurity和JWT进行用户登录接口设计、请求拦截、Security配置以及JWT工具和FastJsonUtil的使用。同时，深入探讨了SpringSecurity的授权流程、过滤器链和自定义权限校验方法，并提到了CSRF防护在前后端不分离项目中的重要性。

摘要由CSDN通过智能技术生成

maven依赖

      <dependencies>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-freemarker</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
            <scope>test</scope>
        </dependency>
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-test</artifactId>
            <scope>test</scope>
        </dependency>
        <dependency>
            <groupId>com.baomidou</groupId>
            <artifactId>mybatis-plus-boot-starter</artifactId>
            <version>3.5.0</version>
        </dependency>
        <dependency>
            <groupId>mysql</groupId>
            <artifactId>mysql-connector-java</artifactId>
            <version>8.0.26</version>
        </dependency>
        <dependency>
            <groupId>org.projectlombok</groupId>
            <artifactId>lombok</artifactId>
            <version>1.18.22</version>
        </dependency>
        <dependency>
            <groupId>com.auth0</groupId>
            <artifactId>java-jwt</artifactId>
            <version>3.18.2</version>
        </dependency>
        <dependency>
            <groupId>joda-time</groupId>
            <artifactId>joda-time</artifactId>
            <version>2.10.1</version>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-data-redis</artifactId>
        </dependency>
        <dependency>
            <groupId>org.apache.commons</groupId>
            <artifactId>commons-pool2</artifactId>
            <version>2.9.0</version>
        </dependency>
        <dependency>
            <groupId>com.alibaba</groupId>
            <artifactId>fastjson</artifactId>
            <version>1.2.79</version>
        </dependency>
        <dependency>
            <groupId>org.apache.commons</groupId>
            <artifactId>commons-lang3</artifactId>
            <version>3.12.0</version>
        </dependency>
    </dependencies>

用户登录接口

  /**
     * 登录验证
     *
     * @param username 用户名
     * @param password 密码
     * @return 结果
     */
    public LoginUser login(String username, String password) throws JsonProcessingException {
   
        // 用户验证
        Authentication authentication = null;
        try {
   
            authentication = authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(username, password));
        } catch (Exception e) {
   
            e.printStackTrace();
        }

        LoginUser loginUser = (LoginUser) authentication.getPrincipal();
        loginUser.setIpaddr("127.0.0.1");
        loginUser.setLoginTime(new Date().getTime());
        loginUser.setExpireTime(new Date().getTime() + JwtTokenUtils.REDIS_TOKEN_EXPIRATION);
        String token = JwtTokenUtils.createToken(loginUser);
        loginUser.setToken(token);
        // 设置缓存的数据
        redisTemplate.opsForValue().set("sys:token:string:" + token, token, JwtTokenUtils.REDIS_TOKEN_EXPIRATION, TimeUnit.MILLISECONDS);
        // 生成token
        return loginUser;
    }<