SpringBoot集成Spring Security实现登录流程

最新推荐文章于 2024-03-14 06:06:49 发布

VIP文章构造性_二难

最新推荐文章于 2024-03-14 06:06:49 发布

阅读量838

点赞数 1

分类专栏：一个简单的前后台分离系统文章标签： spring boot

本文链接：https://blog.csdn.net/wwyywwsaber/article/details/123979872

版权

前篇：https://blog.csdn.net/wwyywwsaber/article/details/123979279

登录验证码

使用kaptcha实现验证码

        <dependency>
            <groupId>com.github.axet</groupId>
            <artifactId>kaptcha</artifactId>
            <version>0.0.9</version>
        </dependency>

添加KaptchaConfig.java配置类

package com.gis.config;

import com.google.code.kaptcha.impl.DefaultKaptcha;
import com.google.code.kaptcha.util.Config;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import java.util.Properties;

@Configuration
public class KaptchaConfig {
    @Bean
    public DefaultKaptcha producer() {
        Properties properties = new Properties();
        properties.put("kaptcha.border", "no");
        properties.put("kaptcha.textproducer.font.color", "black");
        properties.put("kaptcha.textproducer.char.space", "5");
        Config config = new Config(properties);
        DefaultKaptcha defaultKaptcha = new DefaultKaptcha();
        defaultKaptcha.setConfig(config);
        return defaultKaptcha;
    }
}

修改LoginController.java代码

package com.gis.controller;
import com.gis.service.SysUserService;
import com.google.code.kaptcha.Constants;
import com.google.code.kaptcha.Producer;
import org.apache.tomcat.util.http.fileupload.IOUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

import javax.imageio.ImageIO;
import javax.servlet.ServletOutputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.awt.image.BufferedImage;

@RestController
@RequestMapping("/login")
public class LoginController {
    @Autowired
    private Producer producer;
    @Autowired
    SysUserService sysUserService;
    @GetMapping(value="/findAllUser")
    public Object findAllUser(){
        return sysUserService.findAll();
    }
    @GetMapping("/captcha.jpg")
    public void captcha(HttpServletRequest req, HttpServletResponse res) throws Exception{
        res.setHeader("Cache-Control", "no-store, no-cache");
        res.setContentType("image/jpeg");

        // 生成文字验证码
        String text = producer.createText();
        // 生成图片验证码
        BufferedImage image = producer.createImage(text);
        // 保存到验证码到 session
        req.getSession().setAttribute(Constants.KAPTCHA_SESSION_KEY, text);

        ServletOutputStream out = res.getOutputStream();
        ImageIO.write(image, "jpg", out);
        IOUtils.closeQuietly(out);
    }
}

运行测试

集成Spring Security 和 JWT

Spring Security使用目的：验证，授权，攻击防护。

原理：创建大量的filter和interceptor来进行请求的验证和拦截，以此来达到安全的效果。

JWT(JSON Web Token)是Token令牌生成方案。

注意集成JWT时的坑：JAXB API是java EE 的API，java 9 .0开始引入了模块的概念，默认情况下，Java 9.0以上版本中将不再包含java EE 的Jar包！

一：添加依赖

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency>
        <dependency>
            <groupId>io.jsonwebtoken</groupId>
            <artifactId>jjwt</artifactId>
            <version>0.9.1</version>
        </dependency>
        <dependency>
            <groupId>javax.xml.bind</groupId>
            <artifactId>jaxb-api</artifactId>
            <version>2.3.0</version>
        </dependency>

二：Swagger添加令牌参数

package com.gis.config;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import springfox.documentation.builders.ApiInfoBuilder;
import springfox.documentation.builders.ParameterBuilder;
import springfox.documentation.builders.PathSelectors;
import springfox.documentation.builders.RequestHandlerSelectors;
import springfox.documentation.schema.ModelRef;
import springfox.documentation.service.ApiInfo;
import springfox.documentation.spi.DocumentationType;
import springfox.documentation.spring.web.plugins.Docket;
import springfox.documentation.swagger2.annotations.EnableSwagger2;
import springfox.documentation.service.Parameter;

import java.util.ArrayList;
import java.util.List;

@Configuration
@EnableSwagger2
public class SwaggerConfig {

    @Bean
    public Docket createRestApi(){
        // 添加请求参数，我们这里把token作为请求头部参数传入后端
        ParameterBuilder parameterBuilder = new ParameterBuilder();
        List<Parameter> parameters = new ArrayList<Parameter>();
        parameterBuilder.name("token").description("令牌")
                .modelRef(new ModelRef("string")).parameterType("header").required(false).build();
        parameters.add(parameterBuilder.build());
        return new Docket(DocumentationType.SWAGGER_2).apiInfo(apiInfo()).select()
                .apis(RequestHandlerSelectors.any()).paths(PathSelectors.any())
                .build().globalOperationParameters(parameters);
    }

    private ApiInfo apiInfo(){
        return new ApiInfoBuilder().build();
    }

}

三：创建PasswordEncoder，使用java.security.MessageDigest加密密码

package com.gis.utils;

import java.security.MessageDigest;

/**
 * 密码加密
 */
public class PasswordEncoder {
    private final static String[] hexDigits = { "0", "1", "2", "3", "4", "5", "6", "7", "8", "9", "a", "b", "c", "d",
            "e", "f" };
    private

最低0.47元/天解锁文章

构造性_二难

关注

1
点赞
踩
4

收藏

觉得还不错? 一键收藏
0
评论
SpringBoot集成Spring Security实现登录流程

前篇：https://blog.csdn.net/wwyywwsaber/article/details/123979279登录验证码使用kaptcha实现验证码 <dependency> <groupId>com.github.axet</groupId> <artifactId>kaptcha</artifactId> <version&g
复制链接

扫一扫