springboot快速整合security
之后关于springboot的快速整合,请先参考我之前的一篇文章**[快速搭建SpringBoot项目]**
1.相关依赖与配置
<dependencies>
<!--实体类管理-->
<dependency>
<groupId>repository.org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<version>1.18.6</version>
</dependency>
<!-- 数据库Mysql驱动-->
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<scope>runtime</scope>
</dependency>
<!--整合mybatis-->
<dependency>
<groupId>org.mybatis.spring.boot</groupId>
<artifactId>mybatis-spring-boot-starter</artifactId>
<version>1.3.2</version>
</dependency>
<!--整合security-->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
</dependencies>
server:
port: 8080
spring:
datasource:
url: jdbc:mysql://localhost:3306/day_04?&useSSL=false&serverTimezone=UTC
username: root
password: 178121
driver-class-name: com.mysql.jdbc.Driver
mybatis:
mapper-locations: com/itheima/mapper/*.xml
type-aliases-package: com.itheima.entity
configuration:
log-impl: org.apache.ibatis.logging.stdout.StdOutImpl
<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
<mapper namespace="com.itheima.mapper.MenuMapper">
<resultMap id="BaseResultMap" type="com.itheima.entity.Menu">
<id column="id" property="id"></id>
<result property="pattern" column="pattern"></result>
<collection ofType="com.itheima.entity.Role" property="roles">
<id property="id" column="id2"></id>
<result property="name" column="name"></result>
<result property="nameZh" column="nameZh"></result>
</collection>
</resultMap>
<select id="findAllMenusWithRoles" resultMap="BaseResultMap">
SELECT m.*, r.id as id2, r.`name` as name, r.nameZh as nameZh FROM menu m, menu_role mr, role r
WHERE m.id = mr.mid AND r.id = mr.rid
</select>
</mapper>
<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
<mapper namespace="com.itheima.mapper.UserMapper">
<select id="loadUserByUsername" parameterType="java.lang.String" resultType="com.itheima.entity.User">
SELECT * FROM user WHERE username = #{s}
</select>
<select id="findRolesByUserId" parameterType="java.lang.Integer" resultType="com.itheima.entity.Role">
SELECT r.id as id, r.`name` as name, r.nameZh as nameZh FROM user_role ur, role r
WHERE ur.rid = r.id AND ur.uid = #{id}
</select>
</mapper>
2.实体类
package com.itheima.entity;
import lombok.AllArgsConstructor;
import lombok.Getter;
import lombok.NoArgsConstructor;
import lombok.Setter;
import lombok.ToString;
import java.util.List;
@NoArgsConstructor
@AllArgsConstructor
@Getter
@Setter
@ToString
public class Menu {
private Integer id;
private String pattern;
private List<Role> roles;
}
package com.itheima.entity;
import lombok.AllArgsConstructor;
import lombok.Getter;
import lombok.NoArgsConstructor;
import lombok.Setter;
import lombok.ToString;
@NoArgsConstructor
@AllArgsConstructor
@Getter
@Setter
@ToString
public class Role {
private Integer id;
private String name;
private String nameZh;
}
package com.itheima.entity;
import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
/**
* @author Zeng
* @date 2020/2/24 22:27
*/
public class User implements UserDetails {
private Integer id;
private String username;
private String password;
private Boolean enabled;
private Boolean locked;
//用户具备的角色
private List<Role> roles;
//登录后返回的token
private String token;
public String getToken() {
return token;
}
public void setToken(String token) {
this.token = token;
}
public List<Role> getRoles() {
return roles;
}
public void setRoles(List<Role> roles) {
this.roles = roles;
}
public Integer getId() {
return id;
}
public void setId(Integer id) {
this.id = id;
}
@Override
public String getUsername() {
return username;
}
//账户是否未过期
@Override
public boolean isAccountNonExpired() {
return true;
}
//账户是否未锁定
@Override
public boolean isAccountNonLocked() {
return !locked;
}
//账户密码是否未过期
@Override
public boolean isCredentialsNonExpired() {
return true;
}
public void setUsername(String username) {
this.username = username;
}
//获取用户的角色
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
List<SimpleGrantedAuthority> list = new ArrayList<>(roles.size());
roles.forEach(role -> {
list.add(new SimpleGrantedAuthority(role.getName()));
});
return list;
}
@Override
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
@Override
public boolean isEnabled() {
return enabled;
}
public void setEnabled(Boolean enabled) {
this.enabled = enabled;
}
public Boolean getLocked() {
return locked;
}
public void setLocked(Boolean locked) {
this.locked = locked;
}
}
package com.itheima.entity;
import lombok.AllArgsConstructor;
import lombok.Builder;
import lombok.Getter;
import lombok.NoArgsConstructor;
import lombok.Setter;
import lombok.ToString;
@NoArgsConstructor
@AllArgsConstructor
@Getter
@Setter
@ToString
@Builder
public class ResultVo {
private Integer code;
private String message;
private Object obj;
public static ResultVo success(String message, Object obj) {
ResultVo vo = ResultVo.builder().code(200).message(message).obj(obj).build();
return vo;
}
public static ResultVo failure(String message, Object obj) {
ResultVo vo = ResultVo.builder().code(500).message(message).obj(obj).build();
return vo;
}
}
3.持久层
package com.itheima.mapper;
import com.itheima.entity.Menu;
import java.util.List;
public interface MenuMapper {
List<Menu> findAllMenusWithRoles();
}
package com.itheima.mapper;
import com.itheima.entity.Role;
import com.itheima.entity.User;
import java.util.List;
public interface UserMapper {
User loadUserByUsername(String s);
List<Role> findRolesByUserId(Integer id);
}
4.逻辑层
package com.itheima.service;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
public interface UserService extends UserDetailsService {
public UserDetails loadUserByUsername(String s);
}
package com.itheima.service;
import com.itheima.entity.Menu;
import java.util.List;
public interface MenuService {
public List<Menu> findAllMenusWithRoles();
}
package com.itheima.service.impl;
import com.itheima.entity.Menu;
import com.itheima.mapper.MenuMapper;
import com.itheima.service.MenuService;
import org.springframework.beans.factory.annotation.Autowired;
import java.util.List;
public class MenuServiceImpl implements MenuService {
@Autowired
private MenuMapper menuMapper;
@Override
public List<Menu> findAllMenusWithRoles() {
List<Menu> menus = menuMapper.findAllMenusWithRoles();
return menus;
}
}
package com.itheima.service.impl;
import com.itheima.entity.User;
import com.itheima.mapper.UserMapper;
import com.itheima.service.UserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
public class UserServiceImpl implements UserService {
@Autowired
private UserMapper userMapper;
@Override
public UserDetails loadUserByUsername(String s) {
User user = userMapper.loadUserByUsername(s);
if(user == null){
throw new UsernameNotFoundException("用户不存在!");
}
user.setRoles(userMapper.findRolesByUserId(user.getId()));
return user;
}
}
5.表现层
package com.itheima.controller;
import com.itheima.entity.ResultVo;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;
@RestController
public class HelloController {
@GetMapping("/hello")
public ResultVo hello() {
return ResultVo.success("成功访问公共接口", null);
}
@GetMapping("/db/hello")
public ResultVo db() {
return ResultVo.success("成功访问dba角色的接口", null);
}
@GetMapping("/admin/hello")
public ResultVo admin() {
return ResultVo.success("成功访问admin角色的接口", null);
}
@GetMapping("/user/hello")
public ResultVo user() {
return ResultVo.success("成功访问user角色的接口", null);
}
}
6.sql语句
/*
Navicat Premium Data Transfer
Source Server : localhost
Source Server Type : MySQL
Source Server Version : 80018
Source Host : localhost:3306
Source Schema : security
Target Server Type : MySQL
Target Server Version : 80018
File Encoding : 65001
Date: 25/02/2020 00:03:01
*/
SET NAMES utf8mb4;
SET FOREIGN_KEY_CHECKS = 0;
-- ----------------------------
-- Table structure for menu
-- ----------------------------
DROP TABLE IF EXISTS `menu`;
CREATE TABLE `menu` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`pattern` varchar(255) CHARACTER SET utf8mb4 NOT NULL COMMENT '请求路径匹配规则',
PRIMARY KEY (`id`) USING BTREE
) ENGINE = InnoDB CHARACTER SET = utf8mb4 ;
-- ----------------------------
-- Records of menu
-- ----------------------------
INSERT INTO `menu` VALUES (1, '/db/**');
INSERT INTO `menu` VALUES (2, '/admin/**');
INSERT INTO `menu` VALUES (3, '/user/**');
-- ----------------------------
-- Table structure for menu_role
-- ----------------------------
DROP TABLE IF EXISTS `menu_role`;
CREATE TABLE `menu_role` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`mid` int(11) NOT NULL COMMENT 'menu表外键',
`rid` int(11) NOT NULL COMMENT 'role表外键',
PRIMARY KEY (`id`) USING BTREE
) ENGINE = InnoDB CHARACTER SET = utf8mb4 ;
-- ----------------------------
-- Records of menu_role
-- ----------------------------
INSERT INTO `menu_role` VALUES (1, 1, 1);
INSERT INTO `menu_role` VALUES (2, 2, 2);
INSERT INTO `menu_role` VALUES (3, 3, 3);
-- ----------------------------
-- Table structure for role
-- ----------------------------
DROP TABLE IF EXISTS `role`;
CREATE TABLE `role` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`name` varchar(32) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
`nameZh` varchar(32) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
PRIMARY KEY (`id`) USING BTREE
) ENGINE = InnoDB AUTO_INCREMENT = 4 CHARACTER SET = utf8 COLLATE = utf8_general_ci ROW_FORMAT = Dynamic;
-- ----------------------------
-- Records of role
-- ----------------------------
INSERT INTO `role` VALUES (1, 'dba', '数据库管理员');
INSERT INTO `role` VALUES (2, 'admin', '系统管理员');
INSERT INTO `role` VALUES (3, 'user', '用户');
-- ----------------------------
-- Table structure for user
-- ----------------------------
DROP TABLE IF EXISTS `user`;
CREATE TABLE `user` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`username` varchar(32) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
`password` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
`enabled` tinyint(1) NULL DEFAULT NULL,
`locked` tinyint(1) NULL DEFAULT NULL,
PRIMARY KEY (`id`) USING BTREE
) ENGINE = InnoDB AUTO_INCREMENT = 4 CHARACTER SET = utf8 COLLATE = utf8_general_ci ROW_FORMAT = Dynamic;
-- ----------------------------
-- Records of user
-- ----------------------------
INSERT INTO `user` VALUES (1, 'root', '$2a$10$RMuFXGQ5AtH4wOvkUqyvuecpqUSeoxZYqilXzbz50dceRsga.WYiq', 1, 0);
INSERT INTO `user` VALUES (2, 'admin', '$2a$10$RMuFXGQ5AtH4wOvkUqyvuecpqUSeoxZYqilXzbz50dceRsga.WYiq', 1, 0);
INSERT INTO `user` VALUES (3, 'sang', '$2a$10$RMuFXGQ5AtH4wOvkUqyvuecpqUSeoxZYqilXzbz50dceRsga.WYiq', 1, 0);
-- ----------------------------
-- Table structure for user_role
-- ----------------------------
DROP TABLE IF EXISTS `user_role`;
CREATE TABLE `user_role` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`uid` int(11) NULL DEFAULT NULL,
`rid` int(11) NULL DEFAULT NULL,
PRIMARY KEY (`id`) USING BTREE
) ENGINE = InnoDB AUTO_INCREMENT = 5 CHARACTER SET = utf8 COLLATE = utf8_general_ci ROW_FORMAT = Dynamic;
-- ----------------------------
-- Records of user_role
-- ----------------------------
INSERT INTO `user_role` VALUES (1, 1, 1);
INSERT INTO `user_role` VALUES (2, 1, 2);
INSERT INTO `user_role` VALUES (3, 2, 2);
INSERT INTO `user_role` VALUES (4, 3, 3);
SET FOREIGN_KEY_CHECKS = 1;
7.基本测试
以上代码完成了测试与基本查询的接口实现,下面开始配置security的配置,在这测试一下其他的接口,会发现全部不能访问,会报错401
还有就是User类不能使用lombok注解,会报错(在进行权限验证的时候)
同时,由于没有重载configure(AuthenticationManagerBuilder),所有系统没有用户存储支撑认证过程,所以系统相当于没有用户,所以没有人可以认证成功。
package com.itheima.config;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
//所有接口不做拦截
http.authorizeRequests()
.antMatchers("/**").permitAll()
.anyRequest().authenticated();
}
}
8.开始进行配置
package com.itheima.config;
import com.itheima.filter.JwtFilter;
import com.itheima.filter.JwtLoginFilter;
import com.itheima.filter.MyPermissionFilter;
import com.itheima.service.UserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.ObjectPostProcessor;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private UserService userService;
@Autowired
private MyPermissionFilter myPermissionFilter;
@Autowired
private CustomAccessDecisionManager customAccessDecisionManager;
//使用的密码加密方式
@Bean
PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
//注册登录用户来源
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userService);
}
//并在服务器端建立一个拦截器来验证这个 token,如果请求中没有token或者token内容不正确,
// 则认为可能是 CSRF 攻击而拒绝该请求.
@Override
protected void configure(HttpSecurity http) throws Exception {
http
//设置路径拦截规则
.authorizeRequests()
//路径为“/doLogin”的POST请求自动放行
.antMatchers(HttpMethod.POST, "/doLogin").permitAll()
.withObjectPostProcessor(new ObjectPostProcessor<FilterSecurityInterceptor>() {
@Override
public <O extends FilterSecurityInterceptor> O postProcess(O o) {
o.setAccessDecisionManager(customAccessDecisionManager);
o.setSecurityMetadataSource(myPermissionFilter);
return o;
}
})
//其他请求全部进行认证
.anyRequest().authenticated()
.and()
//关闭csrf
.csrf().disable()
//关闭session
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
//添加登录的过滤器,当请求路径为"/doLogin"时该过滤器截取请求
.and()
.addFilterBefore(new JwtLoginFilter("/doLogin",
authenticationManager()), UsernamePasswordAuthenticationFilter.class)
//添加token校验的过滤器,每次发起请求都被该过滤器截取
.addFilterBefore(new JwtFilter(), UsernamePasswordAuthenticationFilter.class)
//注册MyFilter和customAccessDecisionManager进行权限管理
;
}
}
package com.itheima.config;
import org.springframework.security.access.AccessDecisionManager;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.authentication.InsufficientAuthenticationException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.stereotype.Component;
import java.util.Collection;
@Component
public class CustomAccessDecisionManager implements AccessDecisionManager {
/**
* 核心方法,判断用户是否可以有权限访问该路径
* @param authentication 可以获取登录的用户信息
* @param o 实际是FilterInvocation对象,可以获取请求路径
* @param collection 访问该路径所需要的角色,是MyFilter中的返回值
* @throws AccessDeniedException 非法请求,权限不够
* @throws InsufficientAuthenticationException
*/
@Override
public void decide(Authentication authentication, Object o, Collection<ConfigAttribute> collection) throws AccessDeniedException, InsufficientAuthenticationException {
//遍历访问该路径所需要的所有角色名字
for (ConfigAttribute configAttribute : collection) {
//如果是登录后可访问,直接放行
if("ROLE_login".equals(configAttribute.getAttribute())){
//判断用户是否登录
if(authentication instanceof AnonymousAuthenticationToken){
throw new AccessDeniedException("尚未登录,请前往登录!");
}
return ;
}
//获取当前用户所具有的所有角色
Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
//遍历该用户的所有角色并判断是否具有必须具备的角色
for (GrantedAuthority authority : authorities) {
if(authority.getAuthority().equals(configAttribute.getAttribute())){
return ;
}
}
}
throw new AccessDeniedException("权限不足,请联系管理员!");
}
@Override
public boolean supports(ConfigAttribute configAttribute) {
return true;
}
@Override
public boolean supports(Class<?> aClass) {
return true;
}
}
9.过滤器
package com.itheima.filter;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.itheima.entity.ResultVo;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jws;
import io.jsonwebtoken.JwtException;
import io.jsonwebtoken.Jwts;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Component;
import org.springframework.util.StringUtils;
import org.springframework.web.filter.GenericFilterBean;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.List;
@SuppressWarnings("ALL")
public class JwtFilter extends GenericFilterBean {
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
response.setCharacterEncoding("utf8");
//获取token
String tokenHeader = request.getHeader("token");
PrintWriter pw=null;
if( StringUtils.isEmpty(tokenHeader)){
pw = response.getWriter();
response.setContentType("application/json;charset=utf-8");
ResultVo jsonResult = ResultVo.failure("必须传递用户的认证信息", null);
pw.write(new ObjectMapper().writeValueAsString(jsonResult));
pw.flush();
pw.close();
return ;
}
//解析token
Jws<Claims> jws=null;
try {
jws = Jwts.parser()
.setSigningKey("turing-team") //设置生成jwt时使用的密钥
.parseClaimsJws(tokenHeader);
}catch (JwtException ex){
pw = response.getWriter();
response.setContentType("application/json;charset=utf-8");
ResultVo jsonResult = ResultVo.failure("登录已过期,请重新登陆", null);
pw.write(new ObjectMapper().writeValueAsString(jsonResult));
pw.flush();
pw.close();
return ;
}
Claims claims = jws.getBody();
//获取用户的用户名,在生成token时指定了主题为用户名
String username = claims.getSubject();
//获取用户的所有角色,以逗号分割的字符串
String authoritiesStr = (String) claims.get("authorities");
//转成用户的所有角色对象
List<GrantedAuthority> authorities = AuthorityUtils.commaSeparatedStringToAuthorityList(authoritiesStr);
//对用户进行校验
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(username, null, authorities);
SecurityContextHolder.getContext().setAuthentication(token);
//放行
filterChain.doFilter(servletRequest, servletResponse);
}
}
package com.itheima.filter;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.itheima.entity.ResultVo;
import com.itheima.entity.User;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.stereotype.Component;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.Collection;
import java.util.Date;
@SuppressWarnings("ALL")
public class JwtLoginFilter extends AbstractAuthenticationProcessingFilter {
public JwtLoginFilter(String defaultFilterProcessesUrl, AuthenticationManager authenticationManager) {
super(new AntPathRequestMatcher(defaultFilterProcessesUrl));
setAuthenticationManager(authenticationManager);
}
/**
* 从登录参数中提取出用户名密码, 然后调用 AuthenticationManager.authenticate() 方法去进行自动校验
* @param req
* @param resp
* @return
* @throws AuthenticationException
* @throws IOException
* @throws ServletException
*/
@Override
public Authentication attemptAuthentication(HttpServletRequest req, HttpServletResponse resp) throws AuthenticationException, IOException, ServletException {
String username = req.getParameter("username");
String password = req.getParameter("password");
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(username, password);
return getAuthenticationManager().authenticate(token);
}
/**
* 校验成功的回调函数,生成jwt的token
* @param req
* @param resp
* @param chain
* @param authResult
* @throws IOException
* @throws ServletException
*/
@Override
protected void successfulAuthentication(HttpServletRequest req, HttpServletResponse resp, FilterChain chain, Authentication authResult) throws IOException, ServletException {
Collection<? extends GrantedAuthority> authorities = authResult.getAuthorities();
StringBuffer roles = new StringBuffer();
//遍历用户角色,将其写入jwt中
for (GrantedAuthority authority : authorities) {
roles.append(authority.getAuthority())
.append(",");
}
String jwt = Jwts.builder()
.claim("authorities", roles)//配置用户角色
.setSubject(authResult.getName())//设置jwt的主题为用户的用户名
.setExpiration(new Date(System.currentTimeMillis() + 10 * 60 * 1000))//设置过期时间为10分钟
.signWith(SignatureAlgorithm.HS512,"turing-team") //使用密钥对头部和载荷进行签名
.compact();//生成jwt
//返回给前端
resp.setContentType("application/json;charset=utf-8");
PrintWriter out = resp.getWriter();
User user = (User) authResult.getPrincipal();
user.setToken(jwt);
ResultVo resultVo = ResultVo.success("登录成功", user);
out.write(new ObjectMapper().writeValueAsString(resultVo));
out.flush();
out.close();
}
/**
* 校验失败的回调函数
* @param req
* @param resp
* @param failed
* @throws IOException
* @throws ServletException
*/
@Override
protected void unsuccessfulAuthentication(HttpServletRequest req, HttpServletResponse resp, AuthenticationException failed) throws IOException, ServletException {
resp.setContentType("application/json;charset=utf-8");
PrintWriter out = resp.getWriter();
ResultVo failure = ResultVo.failure("用户名或密码错误,请重新登录!", null);
out.write(new ObjectMapper().writeValueAsString(failure));
out.flush();
out.close();
}
}
package com.itheima.filter;
import com.itheima.entity.Menu;
import com.itheima.entity.Role;
import com.itheima.service.MenuService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.SecurityConfig;
import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
import org.springframework.stereotype.Component;
import org.springframework.util.AntPathMatcher;
import java.util.Collection;
import java.util.List;
@Component
public class MyPermissionFilter implements FilterInvocationSecurityMetadataSource {
//路径匹配类,用于检查用户的请求路径是否与数据库中某个路径规则匹配
private AntPathMatcher antPathMatcher = new AntPathMatcher();
@Autowired
private MenuService menuService;
//每次用户发出请求都会先进入该方法,分析出该请求地址需要哪些角色
@Override
public Collection<ConfigAttribute> getAttributes(Object o) throws IllegalArgumentException {
//强转对象
FilterInvocation filterInvocation = (FilterInvocation) o;
//获取用户请求地址
String requestUrl = filterInvocation.getRequestUrl();
//获取所有路径规则
List<Menu> menus = menuService.findAllMenusWithRoles();
//遍历路径规则
for (Menu menu : menus) {
//判断与哪一条路由规则匹配
if(antPathMatcher.match(menu.getPattern(), requestUrl)){
//获取访问该路径所需要的所有角色
List<Role> roles = menu.getRoles();
//转化为返回值类型
String[] rolesStr = new String[roles.size()];
for (int i = 0; i < rolesStr.length; i++) {
rolesStr[i] = roles.get(i).getName();
}
return SecurityConfig.createList(rolesStr);
}
}
//全部都匹配不上,则返回一个默认的标识符,表示该路径是登录后就可以访问的路径
return SecurityConfig.createList("ROLE_login");
}
@Override
public Collection<ConfigAttribute> getAllConfigAttributes() {
return null;
}
//是否支持该方式,返回true
@Override
public boolean supports(Class<?> aClass) {
return true;
}
}