SpringBoot 整合 Spring Security 、JWT 实现认证、权限控制

已于 2023-05-09 17:40:11 修改
阅读量1.4k 收藏 6
点赞数 3
分类专栏: spring security spring boot jwt 文章标签: jwt spring boot
于 2021-02-16 13:43:39 首次发布
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/z1259678404/article/details/113822942
版权

此文章用到的版本

spring-boot : 2.6.8
java 1.8

引入依赖包(gradle) maven 请自行转换


dependencies {
    compile group: 'io.jsonwebtoken', name: 'jjwt', version: '0.9.1'
    implementation 'org.springframework.boot:spring-boot-starter-security'
    implementation 'org.springframework.boot:spring-boot-starter-web'
}

先说说原理

UsernamePasswordAuthenticationFilter 继承 AbstractAuthenticationProcessingFilter

AbstractAuthenticationProcessingFilter.doFilter() 会执行 抽象方法attemptAuthentication ()

通过观察发现 UsernamePasswordAuthenticationFilter 会拦截 POST /login 的请求

然后通过会通过Http parameter 获取 username 和 password 参数的值执行鉴权认证

	public static final String SPRING_SECURITY_FORM_USERNAME_KEY = "username";

	public static final String SPRING_SECURITY_FORM_PASSWORD_KEY = "password";

	private static final AntPathRequestMatcher DEFAULT_ANT_PATH_REQUEST_MATCHER = new AntPathRequestMatcher("/login",
			"POST");

	private String usernameParameter = SPRING_SECURITY_FORM_USERNAME_KEY;

	private String passwordParameter = SPRING_SECURITY_FORM_PASSWORD_KEY;

	private boolean postOnly = true;

	public UsernamePasswordAuthenticationFilter() {
		super(DEFAULT_ANT_PATH_REQUEST_MATCHER);
	}

	public UsernamePasswordAuthenticationFilter(AuthenticationManager authenticationManager) {
		super(DEFAULT_ANT_PATH_REQUEST_MATCHER, authenticationManager);
	}

	@Override
	public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)
			throws AuthenticationException {
		if (this.postOnly && !request.getMethod().equals("POST")) {
			throw new AuthenticationServiceException("Authentication method not supported: " + request.getMethod());
		}
		String username = obtainUsername(request);
		username = (username != null) ? username : "";
		username = username.trim();
		String password = obtainPassword(request);
		password = (password != null) ? password : "";
		UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username, password);
		// Allow subclasses to set the "details" property
		setDetails(request, authRequest);
		return this.getAuthenticationManager().authenticate(authRequest);
	}

	@Nullable
	protected String obtainUsername(HttpServletRequest request) {
		return request.getParameter(this.usernameParameter);
	}

成功会执行 SavedRequestAwareAuthenticationSuccessHandler  重定向到指定url

public class SavedRequestAwareAuthenticationSuccessHandler extends SimpleUrlAuthenticationSuccessHandler {

	protected final Log logger = LogFactory.getLog(this.getClass());

	private RequestCache requestCache = new HttpSessionRequestCache();

	@Override
	public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
			Authentication authentication) throws ServletException, IOException {
		SavedRequest savedRequest = this.requestCache.getRequest(request, response);
		if (savedRequest == null) {
			super.onAuthenticationSuccess(request, response, authentication);
			return;
		}
		String targetUrlParameter = getTargetUrlParameter();
		if (isAlwaysUseDefaultTargetUrl()
				|| (targetUrlParameter != null && StringUtils.hasText(request.getParameter(targetUrlParameter)))) {
			this.requestCache.removeRequest(request, response);
			super.onAuthenticationSuccess(request, response, authentication);
			return;
		}
		clearAuthenticationAttributes(request);
		// Use the DefaultSavedRequest URL
		String targetUrl = savedRequest.getRedirectUrl();
		getRedirectStrategy().sendRedirect(request, response, targetUrl);
	}

	public void setRequestCache(RequestCache requestCache) {
		this.requestCache = requestCache;
	}

}

失败会执行  SimpleUrlAuthenticationFailureHandler

	@Override
	public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
			AuthenticationException exception) throws IOException, ServletException {
		if (this.defaultFailureUrl == null) {
			if (this.logger.isTraceEnabled()) {
				this.logger.trace("Sending 401 Unauthorized error since no failure URL is set");
			}
			else {
				this.logger.debug("Sending 401 Unauthorized error");
			}
			response.sendError(HttpStatus.UNAUTHORIZED.value(), HttpStatus.UNAUTHORIZED.getReasonPhrase());
			return;
		}
		saveException(request, exception);
		if (this.forwardToDestination) {
			this.logger.debug("Forwarding to " + this.defaultFailureUrl);
			request.getRequestDispatcher(this.defaultFailureUrl).forward(request, response);
		}
		else {
			this.redirectStrategy.sendRedirect(request, response, this.defaultFailureUrl);
		}
	}

这种方式不兼容json方式提交的登录 而且不能返回token 供前端使用 所以我们需要改造此Filter

实现思路:

1.  拦截Post /login 请求

2.  获取请求中的body参数 username 以及password 

3. 返回 UsernamePasswordAuthenticationFilter 不携带权限集合

4. 重写 UserDetailsService 查询数据库

5. 重写 AuthenticationSuccessHandler 登录成功后返回jwt token令牌

6. 重写 AuthenticationFailureHandler 失败返回失败原因 例如:密码错误,账户锁定, 账户不存在

定义token常量

public class SecurityConstants
{
    public static final long EXPIRATION_TIME = 864_000_000; // 10 days
    public static final String TOKEN_PREFIX = "Bearer ";
    public static final String HEADER_STRING = "Authorization";

    private SecurityConstants()
    {
        throw new IllegalStateException("Utility class");
    }
}

实现工具类 JWTUtils 用户生成、解析token

@Component
public class JwtUtil
{

    /**
     * 签名用的密钥
     */
    private static String signKey = "nacl";


    /**
     * 用户登录成功后生成Jwt
     * 使用Hs256算法
     *
     * @param exp jwt过期时间
     * @param claims 保存在Payload(有效载荷)中的内容
     * @return token字符串
     */
    public static String createJWT(Date exp, Map<String, Object> claims)
    {
        //指定签名的时候使用的签名算法
        SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.HS256;

        //生成JWT的时间
        long nowMillis = System.currentTimeMillis();
        Date now = new Date(nowMillis);

        //创建一个JwtBuilder,设置jwt的body
        JwtBuilder builder = Jwts.builder()
            //保存在Payload(有效载荷)中的内容
            .setClaims(claims)
            //iat: jwt的签发时间
            .setIssuedAt(now)
            //设置过期时间
            .setExpiration(exp)
            //设置签名使用的签名算法和签名使用的秘钥
            .signWith(signatureAlgorithm, signKey);

        return builder.compact();
    }

    /**
     * 解析token,获取到Payload(有效载荷)中的内容,包括验证签名,判断是否过期
     *
     * @param token
     * @return
     */
    public static Claims parseJWT(String token)
    {
        //得到DefaultJwtParser
        return Jwts.parser()
            //设置签名的秘钥
            .setSigningKey(signKey)
            //设置需要解析的token
            .parseClaimsJws(token).getBody();
    }

}

开始实现身份认证过滤器(JWTAuthenticationFilter) 继承 UsernamePasswordAuthenticationFilter  重写 attemptAuthentication 方法

public class JWTAuthenticationFilter extends UsernamePasswordAuthenticationFilter
{


    @Override
    public Authentication attemptAuthentication(HttpServletRequest req,
                                                HttpServletResponse res)
    {
        Map<String, String> creds = new HashMap<>();
        try
        {
            creds = new ObjectMapper().readValue(req.getInputStream(), Map.class); // 获取body中的参数
        } catch (IOException e)
        {
            e.printStackTrace();
        }
        return this.getAuthenticationManager().authenticate(
            new UsernamePasswordAuthenticationToken(
                creds.get("username"),
                creds.get("password"),
                new ArrayList<>())
        );
    }
}

重写UserDetailService

返回一个测试用户 用户名:123 密码:123 角色权限: ROLE_ADMIN

@Service
public class UserDetailsService implements org.springframework.security.core.userdetails.UserDetailsService
{

    @Override
    public UserDetails loadUserByUsername(String username)
    {
        Collection<SimpleGrantedAuthority> authorities = new ArrayList<>();
        authorities.add(new SimpleGrantedAuthority("ROLE_ADMIN")); // 设定权限
        return new User(
            "123", // username
            new BCryptPasswordEncoder().encode("123") , // password
            true, // enabled – set to true if the user is enabled
            true, // accountNonExpired – set to true if the account has not expired
            true, // credentialsNonExpired – set to true if the credentials have not expired
            true, // accountNonLocked – set to true if the account is not locked
            authorities // authorities – the authorities that should be granted to the caller if they presented the
        );
    }
}

重写 AuthenticationSuccessHandler 成功后将生成的 token 放入 response header

@Component
public class CustomAuthenticateSuccessHandler implements AuthenticationSuccessHandler
{

    @Override
    public void onAuthenticationSuccess(
        HttpServletRequest request,
        HttpServletResponse response,
        Authentication auth) throws IOException, ServletException
    {
        Map<String, Object> claims = new HashMap<>();
        claims.put("username", ((User) auth.getPrincipal()).getUsername());

        String token = JwtUtil.createJWT(
            new Date(System.currentTimeMillis() + SecurityConstants.EXPIRATION_TIME),
            claims
        );

        response.addHeader(SecurityConstants.HEADER_STRING, SecurityConstants.TOKEN_PREFIX + token);
    }
}

重写 AuthenticationFailureHandler 返回账户失败原因

@Component
public class CustomAuthenticateFailureHandler implements AuthenticationFailureHandler
{
    @Override
    public void onAuthenticationFailure(
        HttpServletRequest request,
        HttpServletResponse response,
        AuthenticationException failed
    ) throws IOException, ServletException
    {
        String returnData = "";
        // 账号过期
        if (failed instanceof AccountExpiredException)
        {
            returnData = "账号过期";
        }
        // 密码错误
        else if (failed instanceof BadCredentialsException)
        {
            returnData = "密码错误";
        }
        // 密码过期
        else if (failed instanceof CredentialsExpiredException)
        {
            returnData = "密码过期";
        }
        // 账号不可用
        else if (failed instanceof DisabledException)
        {
            returnData = "账号不可用";
        }
        //账号锁定
        else if (failed instanceof LockedException)
        {
            returnData = "账号锁定";
        }
        // 用户不存在
        else if (failed instanceof InternalAuthenticationServiceException)
        {
            returnData = "用户不存在";
        }
        // 其他错误
        else
        {
            returnData = "未知异常";
        }

        // 处理编码方式 防止中文乱码
        response.setContentType("text/json;charset=utf-8");
        // 将反馈塞到HttpServletResponse中返回给前台
        response.getWriter().write(returnData);
    }
}


 

改造BasicAuthenticationFilter基于JWT解析 实现权限认证

认证过滤器 BasicAuthenticationFilter

header里头有Authorization,而且value是以Basic开头的,则走BasicAuthenticationFilter,提取参数构造UsernamePasswordAuthenticationToken进行认证,成功则填充SecurityContextHolder的Authentication

而我们要做的是 header里头有Authorization,而且value是以Bearer开头的, 解析jwt token填充SecurityContextHolder的Authentication

@Override
	protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
			throws IOException, ServletException {
		try {
			UsernamePasswordAuthenticationToken authRequest = this.authenticationConverter.convert(request);
			if (authRequest == null) {
				this.logger.trace("Did not process authentication request since failed to find "
						+ "username and password in Basic Authorization header");
				chain.doFilter(request, response);
				return;
			}
			String username = authRequest.getName();
			this.logger.trace(LogMessage.format("Found username '%s' in Basic Authorization header", username));
			if (authenticationIsRequired(username)) {
				Authentication authResult = this.authenticationManager.authenticate(authRequest);
				SecurityContextHolder.getContext().setAuthentication(authResult);
				if (this.logger.isDebugEnabled()) {
					this.logger.debug(LogMessage.format("Set SecurityContextHolder to %s", authResult));
				}
				this.rememberMeServices.loginSuccess(request, response, authResult);
				onSuccessfulAuthentication(request, response, authResult);
			}
		}
		catch (AuthenticationException ex) {
			SecurityContextHolder.clearContext();
			this.logger.debug("Failed to process authentication request", ex);
			this.rememberMeServices.loginFail(request, response);
			onUnsuccessfulAuthentication(request, response, ex);
			if (this.ignoreFailure) {
				chain.doFilter(request, response);
			}
			else {
				this.authenticationEntryPoint.commence(request, response, ex);
			}
			return;
		}

		chain.doFilter(request, response);
	}

@Override
	public UsernamePasswordAuthenticationToken convert(HttpServletRequest request) {
		String header = request.getHeader(HttpHeaders.AUTHORIZATION);
		if (header == null) {
			return null;
		}
		header = header.trim();
		if (!StringUtils.startsWithIgnoreCase(header, AUTHENTICATION_SCHEME_BASIC)) {
			return null;
		}
		if (header.equalsIgnoreCase(AUTHENTICATION_SCHEME_BASIC)) {
			throw new BadCredentialsException("Empty basic authentication token");
		}
		byte[] base64Token = header.substring(6).getBytes(StandardCharsets.UTF_8);
		byte[] decoded = decode(base64Token);
		String token = new String(decoded, getCredentialsCharset(request));
		int delim = token.indexOf(":");
		if (delim == -1) {
			throw new BadCredentialsException("Invalid basic authentication token");
		}
		UsernamePasswordAuthenticationToken result = new UsernamePasswordAuthenticationToken(token.substring(0, delim),
				token.substring(delim + 1));
		result.setDetails(this.authenticationDetailsSource.buildDetails(request));
		return result;
	}

开始实现 继承BasicAuthenticationFilter 并重写 doFilterInternal 方法

getAuthentication 获取 request header中的token 解析成username 并调用Userservice中的loadUserByName方法返回User鉴权信息

装入SecurityContextHolder

public class JWTAuthorizationFilter extends BasicAuthenticationFilter
{

    public JWTAuthorizationFilter(AuthenticationManager authManager)
    {
        super(authManager);
    }

    @Override
    protected void doFilterInternal(HttpServletRequest req,
                                    HttpServletResponse res,
                                    FilterChain chain) throws IOException, ServletException
    {
        String header = req.getHeader(SecurityConstants.HEADER_STRING);

        if (header == null || !header.startsWith(SecurityConstants.TOKEN_PREFIX))
        {
            chain.doFilter(req, res);
            return;
        }
        try
        {
            UsernamePasswordAuthenticationToken authentication = getAuthentication(req);
            SecurityContextHolder.getContext().setAuthentication(authentication);
            chain.doFilter(req, res);
        } catch (ExpiredJwtException e)
        {
            res.getWriter().write("token expired");
        } catch (JwtException e)
        {
            res.getWriter().write("token invalid");
        }

    }

    private UsernamePasswordAuthenticationToken getAuthentication(HttpServletRequest request)
    {
        String token = request.getHeader(SecurityConstants.HEADER_STRING);
        if (token != null)
        {
            // parse the token.
            Claims claims = JwtUtil.parseJWT(token.replace(SecurityConstants.TOKEN_PREFIX, ""));

            if (claims != null)
            {
                UserDetailsService userDetailsService = new UserDetailsService();
                User u = (User) userDetailsService.loadUserByUsername((String) claims.get("username"));
                return new UsernamePasswordAuthenticationToken(u.getUsername(), u.getPassword(), u.getAuthorities());
            }
        }
        return null;
    }
}
CustomAccessDeniedHandler 非匿名下的错误拦截器
@Component
public class CustomAccessDeniedHandler implements AccessDeniedHandler
{
    @Override
    public void handle(
        HttpServletRequest request,
        HttpServletResponse response,
        AccessDeniedException accessDeniedException) throws IOException, ServletException
    {
        response.setContentType("text/json;charset=utf-8");
        response.getWriter().write("权限错误");
    }
}

CustomAuthenticationEntryPoint 匿名下的错误拦截器
@Component
public class CustomAuthenticationEntryPoint implements AuthenticationEntryPoint
{
    @Override
    public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException, ServletException
    {
        response.getWriter().write("no login");
    }
}

OK 准备大功告成, 最后设定一下Spring Security的配置

@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter
{

    private final UserDetailsService userDetailsService;
    private final BCryptPasswordEncoder bCryptPasswordEncoder;
    private final CustomAccessDeniedHandler customAccessDeniedHandler;
    private final CustomAuthenticationEntryPoint customAuthenticationEntryPoint;
    private final CustomAuthenticateSuccessHandler customAuthenticateSuccessHandler;
    private final CustomAuthenticateFailureHandler customAuthenticateFailureHandler;

    public SpringSecurityConfig(
        UserDetailsService userDetailsService,
        BCryptPasswordEncoder bCryptPasswordEncoder,
        CustomAccessDeniedHandler customAccessDeniedHandler,
        CustomAuthenticationEntryPoint customAuthenticationEntryPoint,
        CustomAuthenticateSuccessHandler customAuthenticateSuccessHandler,
        CustomAuthenticateFailureHandler customAuthenticateFailureHandler
    )
    {
        this.userDetailsService = userDetailsService;
        this.bCryptPasswordEncoder = bCryptPasswordEncoder;
        this.customAccessDeniedHandler = customAccessDeniedHandler;
        this.customAuthenticationEntryPoint = customAuthenticationEntryPoint;
        this.customAuthenticateFailureHandler = customAuthenticateFailureHandler;
        this.customAuthenticateSuccessHandler = customAuthenticateSuccessHandler;
    }

    @Override
    public void configure(HttpSecurity http) throws Exception
    {
        http
            .sessionManagement()
            .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
            .and().csrf().disable()
            .authorizeRequests().antMatchers("/sign-up").permitAll()
            .anyRequest().authenticated()
            .and()
            .exceptionHandling()
            .accessDeniedHandler(customAccessDeniedHandler)
            .authenticationEntryPoint(customAuthenticationEntryPoint)
            .and()
            .addFilter(jwtAuthenticationFilter())
            .addFilter(jwtAuthorizationFilter());
    }

    @Override
    public void configure(AuthenticationManagerBuilder auth) throws Exception
    {
        auth.userDetailsService(userDetailsService).passwordEncoder(bCryptPasswordEncoder);
    }

    @Bean
    public JWTAuthenticationFilter jwtAuthenticationFilter() throws Exception
    {
        JWTAuthenticationFilter filter = new JWTAuthenticationFilter();
        filter.setAuthenticationManager(authenticationManager());
        filter.setAuthenticationSuccessHandler(customAuthenticateSuccessHandler);
        filter.setAuthenticationFailureHandler(customAuthenticateFailureHandler);
        return filter;
    }

    @Bean
    public JWTAuthorizationFilter jwtAuthorizationFilter () throws Exception
    {
        return new JWTAuthorizationFilter(authenticationManager());
    }
}

编写测试Controller

@RestController
public class TestController
{
    @PostMapping("/sign-up")
    public String signUp ()
    {
        return "1111";
    }

    @PostMapping("/admin")
    @PreAuthorize("hasRole('ADMIN')")
    public String admin ()
    {
        return "222";
    }

    @PostMapping("/user")
    @PreAuthorize("hasRole('USER')")
    public String user ()
    {
        return "333";
    }
}

测试 /login 登录

输入错误的账号密码

输入正确的账号密码

放行请求/sign-up 

身份鉴权认证

无token

错误token

正确token 无权限

正确token 有权限

Nacl.Zz
关注
专栏目录
【全网最细致】SpringBoot整合Spring Security + JWT实现用户认证
qq_44709990的博客
02-23 4万+
登录和用户认证是一个网站最基本的功能,在这篇博客里,将介绍如何用SpringBoot整合Spring Security + JWT实现登录及用户认证
SpringBoot整合SpringSecurity实现JWT认证
热门推荐
我的博客
03-30 3万+
前言 微服务架构,前后端分离目前已成为互联网项目开发的业界标准,其核心思想就是前端(APP、小程序、H5页面等)通过调用后端的API接口,提交及返回JSON数据进行交互。 在前后端分离项目中,首先要解决的就是登录及授权的问题。微服务架构下,传统的session认证限制了应用的扩展能力,无状态的JWT认证方法应运而生,该认证机制特别适用于分布式站点的单点登录(SSO)场景 目录 该文会通过创建...
jwt + spring security 登陆验证和权限管理
04-19
一个Spring Security+JWT认证和授权的demo,此demo为Spring安全性与OAuth(1a)和OAuth2结合使用提供了支持。它提供了在Spring安全编程模型和配置下实现分布式无状态授权。
Spring Security+JWT实现权限管理
LC的博客
03-14 6161
SpringSecurityspring全家桶中的一个安全管理框架,类似于shiro,但是比shiro功能更加的丰富。 主要核心功能是 认证 和 授权 : 认证:验证当前访问系统的是不是本系统的用户,并且要确定具体是哪个用户 授权:经过认证后判断当前用户是否有权限进行某个操作 一、快速入门 1.1初探 引入Spring Security的依赖 <!-- springsecurity--> <dependency> <groupId&g
Spring Security 整合 JWT
最新发布
Switch
10-08 1165
*** 指定用户登录的访问地址*/@Override// 解析提交的 JSON 数据// 判断用户名、密码是否为空throw new UsernameOrPasswordNullException("用户名或密码不能为空");// 将用户名、密码封装到 Token 中此过滤器继承了 AbstractAuthenticationProcessingFilter ,用于处理 JWT(JSON Web Token)的用户身份验证过程。
SpringBoot2.3集成Spring Security(二) JWT认证
我是你妹她哥的博客
06-21 1921
思路:登录认证获取token提供一个controller,将controller的地址加到spring Security 的config中不做权限控制,访问该controller,将用户名和密码的判断交给spring Security 的userDetailService处理,根据处理的返回结果决定是否生成对应的token值。。具体是怎么找到这个入口的,详情可以看步骤三。接口认证token值加入JWT生成的工具类Spring Security 提供多种认证方式,但我们需要熟悉的是。
SpringBoot整合SpringSecurity+JWT
qq_43975645的博客
07-18 769
注意:SIGNATURE是生成token的公钥,当外部token进来时需要公钥解密。
SpringBoot整合SpringSecurity+JWT实现web应用中的认证和授权
weixin_61779644的博客
05-09 1368
Spring SecuritySpring 家族中的一个安全管理框架。相比与另外一个安全框架Shiro,它提供了更 丰富的功能,社区资源也比Shiro丰富。一般来说中大型的项目都是使用SpringSecurity 来做安全框架。小项目有Shiro的比较多,因为相比与SpringSecurity,Shiro的上手更加的简单。一般Web应用的需要进行认证和授权。认证:验证当前访问系统的是不是本系统的用户,并且要确认具体是哪个用户授权:经过认证后判断当前用户是否有权限进行某个操作。
Spring Security整合JWT实现权限认证和授权
weixin_45818966的博客
11-05 4272
关于spring security整合jwt实现前后端权限认证和授权管理
Spring Security基于jwt实现权限校验
Instanceztt的博客
12-01 1506
在中我实现了基于jwt实现认证,本文在此基础上继续实现权限认证二 代码实现用户认证成功生成jwt时将权限信息加载到jwt中..................................................................................................定义和用于认证成功从jwt中解析jwt中的权限信息.....................................jwt校验成功后解析jwt并加载到安全上下文中.........
Springboot整合Spring security+Oauth2+JWT搭建认证服务器,网关,微服务之间权限认证及授权
04-22
4. **整合Spring Security与OAuth2**:在Spring Boot中,我们可以使用`spring-security-oauth2-autoconfigure`库来简化OAuth2的配置。通过设置`@EnableAuthorizationServer`和`@EnableResourceServer`注解,分别启动...
springboot+springSecurity+jwt实现登录认证后令牌授权
09-12
在这个项目中,我们将探讨如何利用Spring BootSpring SecurityJWT实现登录认证后的令牌授权。 首先,让我们从Spring Boot开始。Spring Boot简化了Spring应用的初始搭建以及开发过程。通过提供默认配置,它极...
SpringBoot+SpringSecurity+JWT+MybatisPlus实现基于注解的权限验证
08-26
SpringBoot+SpringSecurity+JWT+MybatisPlus实现基于注解的权限验证,可根据注解的格式不同,做到角色权限控制,角色加资源权限控制等,粒度比较细化。 @PreAuthorize("hasAnyRole('ADMIN','USER')"):具有admin或...
Spring security 整合JWT 接口权限控制
欢迎阅读程序猿小张的博客~
08-06 782
Spring security 整合 JWT 接口权限控制
诚之和:Springboot中如何集成Spring Security JWT实现接口权限认证
weixin_45378258的博客
08-16 204
本篇文章主要介绍了在Springboot项目中集成Spring-Security JWT实现接口权限认证的详细步骤,对于正在学习Springboot框架的小伙伴有一定的学习参考的价值。 1、添加依赖 <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> <
SpringBoot 整合SpringSecurity示例实现前后分离权限注解+JWT登录认证
weixin_42907150的博客
01-16 867
SpringSecurity是一个用于Java 企业级应用程序的安全框架,主要包含用户认证和用户授权两个方面.相比较Shiro而言,Security功能更加的强大,它可以很容易地扩展以满足更多安全控制方面的需求,但也相对它的学习成本会更高,两种框架各有利弊.实际开发中还是要根据业务和项目的需求来决定使用哪一种.
spring security6+springboot3+jwt实现权限控制
hepeike001的博客
05-12 3591
最近在学习spring security,看到网上的都是比较老的版本,所以从github上找了一个开源的最新的spring security6 的demo借鉴,然后结合官网文档自己鼓捣了一个demo出来,做个笔记方便以后忘记怎么搞了来看看,哈哈哈OVO。(本项目用的是jdk17,有些表达式jdk8是无法编译的,所以要跑起来的话记得安装17哦,反正现在也免费了)
SpringBoot+SpringSecurity+JWT整合
seeyouagain_的博客
01-04 1万+
SpringSecurity入门简单案例适合新手学习
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值