SpringBoot 結合SpringSecurity+Jwt實現許可權認證
阿新 • • 發佈:2018-12-09
首先建立RBAC 許可權系統表
/* MySQL Backup Database: test Backup Time: 2018-09-12 11:53:20 */ SET FOREIGN_KEY_CHECKS=0; DROP TABLE IF EXISTS `test`.`role`; DROP TABLE IF EXISTS `test`.`user`; DROP TABLE IF EXISTS `test`.`user_role`; CREATE TABLE `role` ( `role_id` int(11) NOT NULL, `role_name` varchar(255) DEFAULT NULL, `version` timestamp(6) NULL DEFAULT NULL, PRIMARY KEY (`role_id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8; CREATE TABLE `user` ( `user_id` int(11) NOT NULL AUTO_INCREMENT COMMENT '使用者主鍵', `user_name` varchar(40) NOT NULL DEFAULT '未命名' COMMENT '使用者名稱', `user_pwd` varchar(255) NOT NULL DEFAULT '未命名' COMMENT '使用者密碼', `version` datetime NOT NULL ON UPDATE CURRENT_TIMESTAMP COMMENT '版本號', PRIMARY KEY (`user_id`) ) ENGINE=MyISAM AUTO_INCREMENT=6 DEFAULT CHARSET=utf8; CREATE TABLE `user_role` ( `id` int(11) NOT NULL AUTO_INCREMENT, `user_id` int(11) DEFAULT NULL, `role_id` int(11) DEFAULT NULL, PRIMARY KEY (`id`) ) ENGINE=InnoDB AUTO_INCREMENT=6 DEFAULT CHARSET=utf8; BEGIN; LOCK TABLES `test`.`role` WRITE; DELETE FROM `test`.`role`; INSERT INTO `test`.`role` (`role_id`,`role_name`,`version`) VALUES (1, 'ROLE_ADMIN', '2018-08-14 12:15:49.000000'),(2, 'ROLE_USER', '2018-08-08 12:16:04.000000'); UNLOCK TABLES; COMMIT; BEGIN; LOCK TABLES `test`.`user` WRITE; DELETE FROM `test`.`user`; INSERT INTO `test`.`user` (`user_id`,`user_name`,`user_pwd`,`version`) VALUES (1, 'admin', '$2a$10$.8baftxWLye9qoSsLZCR9OrkCyE/TmBmlc5hWd0xCCWiIb20CuLUe', '2018-08-24 18:59:58'),(2, 'login', '$2a$10$.8baftxWLye9qoSsLZCR9OrkCyE/TmBmlc5hWd0xCCWiIb20CuLUe', '2018-08-21 12:16:39'),(3, 'zhangsan', '$2a$10$mp0UA9FgWDahU0vMGojiAuS862.LG4FFNpAkBy3skEGCyYTeXcEx.', '2018-08-27 11:01:52'),(4, 'gaoadmin', '123', '2018-08-28 10:29:35'),(5, 'gaouser', '123', '2018-08-28 10:29:51'); UNLOCK TABLES; COMMIT; BEGIN; LOCK TABLES `test`.`user_role` WRITE; DELETE FROM `test`.`user_role`; INSERT INTO `test`.`user_role` (`id`,`user_id`,`role_id`) VALUES (1, 1, 1),(2, 1, 1),(3, 2, 2),(4, 4, 1),(5, 5, 2); UNLOCK TABLES; COMMIT;
第一步:新增pom依賴
<?xml version="1.0" encoding="UTF-8"?> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion>4.0.0</modelVersion> <groupId>com.longfor</groupId> <artifactId>security</artifactId> <version>0.0.1-SNAPSHOT</version> <packaging>jar</packaging> <name>security</name> <description>Demo project for Spring Boot</description> <parent> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-parent</artifactId> <version>2.0.4.RELEASE</version> <relativePath/> <!-- lookup parent from repository --> </parent> <properties> <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding> <java.version>1.8</java.version> </properties> <dependencies> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-data-redis</artifactId> </dependency> <dependency> <groupId>org.springframework.security.oauth</groupId> <artifactId>spring-security-oauth2</artifactId> <version>2.0.14.RELEASE</version> </dependency> <dependency> <groupId>io.jsonwebtoken</groupId> <artifactId>jjwt</artifactId> <version>0.9.0</version> </dependency> <dependency> <groupId>org.mybatis.spring.boot</groupId> <artifactId>mybatis-spring-boot-starter</artifactId> <version>1.3.2</version> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-thymeleaf</artifactId> </dependency> <dependency> <groupId>org.thymeleaf.extras</groupId> <artifactId>thymeleaf-extras-springsecurity4</artifactId> <version>3.0.2.RELEASE</version> </dependency> <dependency> <groupId>com.alibaba</groupId> <artifactId>fastjson</artifactId> <version>1.2.47</version> </dependency> <!--SpringSecurity支援--> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency> <dependency> <groupId>mysql</groupId> <artifactId>mysql-connector-java</artifactId> <scope>runtime</scope> </dependency> <dependency> <groupId>io.jsonwebtoken</groupId> <artifactId>jjwt</artifactId> <version>0.9.0</version> </dependency> <dependency> <groupId>org.projectlombok</groupId> <artifactId>lombok</artifactId> <optional>true</optional> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-aop</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-test</artifactId> <scope>test</scope> </dependency> </dependencies> <build> <plugins> <plugin> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-maven-plugin</artifactId> </plugin> <plugin> <groupId>org.mybatis.generator</groupId> <artifactId>mybatis-generator-maven-plugin</artifactId> <version>1.3.2</version> <configuration> <verbose>true</verbose> <overwrite>true</overwrite> </configuration> </plugin> </plugins> <resources> <resource> <directory>src/main/java</directory> <includes> <include>**/*.xml</include> </includes> </resource> <resource> <directory>src/main/resources</directory> </resource> </resources> </build> </project>
第二步:SpringBoot 配置 application.properties
#資料來源配置 spring.datasource.url=jdbc:mysql://127.0.0.1:3306/test?useUnicode=true&characterEncoding=UTF-8 spring.datasource.username=root spring.datasource.password=root spring.datasource.driver-class-name=com.mysql.jdbc.Driver #服務埠配置 server.port=8080 server.servlet.context-path=/security #thymeleaf模板的配置 spring.thymeleaf.prefix=classpath:/templates/ spring.thymeleaf.suffix=.html spring.thymeleaf.cache=false #AOP日誌配置 spring.aop.auto=true spring.aop.proxy-target-class=false management.endpoint.health.show-details=always #dao層日誌執行列印 logging.level.com.longfor.security.dao=debug #對SpringSecurity日誌的列印 logging.level.org.springframework.security=info #jwt jwt.secret=mySecret jwt.header=Authorization jwt.expiration=604800 jwt.tokenHead=Bearer #redis spring.redis.host=127.0.0.1 spring.redis.port=6379 # spring session使用儲存型別 spring.session.store-type=redis
第三步 對User物件的封裝
package com.longfor.security.bean;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import java.util.List;
import lombok.Data;
/**
* @Author: gaoleijie.
* @Description:
* @Date:Created in 2018/8/24 16:56.
*/
@Data
public class User implements UserDetails {
private Integer userId;
private String userName;
private String userPwd;
private Date version;
private List<Role> roles;
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
List<GrantedAuthority> authorities = new ArrayList<>();
for (Role role : roles) {
authorities.add(new SimpleGrantedAuthority(role.getRolename()));
}
return authorities;
}
@Override
public String getPassword() {
return userPwd;
}
@Override
public String getUsername() {
return userName;
}
@Override
public boolean isAccountNonExpired() {
return true;
}
@Override
public boolean isAccountNonLocked() {
return true;
}
@Override
public boolean isCredentialsNonExpired() {
return true;
}
@Override
public boolean isEnabled() {
return true;
}
}
第四部 對Userservice的封裝
package com.longfor.security.service;
import com.longfor.security.bean.User;
import com.longfor.security.dao.UserMapper;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;
/**
* @Author: gaoleijie.
* @Description:
* @Date:Created in 2018/8/23 18:25.
*/
@Service
public class UserService implements UserDetailsService {
@Autowired
UserMapper userMapper;
@Override
public UserDetails loadUserByUsername(String s) throws UsernameNotFoundException {
User user =userMapper.selectUserByUsername(s);
if(null == user){
throw new UsernameNotFoundException(String.format("未找到名字為'%s'.",s));
}
return user;
}
}
第五步:SecurityConfig
package com.longfor.security.config.security;
import com.longfor.security.config.jwt.JwtAuthenticationTokenFilter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.BeanIds;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
/**
* @Author: gaoleijie.
* @Description:SpringSecurity 核心配置類
* @Date:Created in 2018/8/25 22:01.
*/
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private JwtAuthenticationTokenFilter jwtAuthenticationTokenFilter;
@Autowired
private UserDetailsService userDetailsService;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(this.userDetailsService).passwordEncoder(passwordEncoder());//新增自定義的userDetailsService認證
}
// 裝載BCrypt密碼編碼器
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Bean
public GoAuthenticationSuccessHandler goAuthenticationSuccessHandler(){
return new GoAuthenticationSuccessHandler();
}
@Bean(name = BeanIds.AUTHENTICATION_MANAGER)
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
/** http
// 關閉csrf
.csrf().disable()
// .anonymous().disable()
//.cors().and().httpBasic()
.authorizeRequests()
// 任何使用者都可以訪問URL以"/resources/", equals "/signup", 或者 "/about"開頭的URL。
.antMatchers("/resources/**","/login").permitAll()
//以 "/admin/" 開頭的URL只能由擁有 "ROLE_ADMIN"角色的使用者訪問。請注意我們使用 hasRole 方法
.antMatchers("/admin/**").hasRole("ADMIN")
// 任何以"/db/" 開頭的URL需要使用者同時具有 "ROLE_ADMIN" 和 "ROLE_DBA"。.
.antMatchers("/db/**").access("hasRole('ADMIN') and hasRole('DBA')")
// 尚未匹配的任何URL要求使用者進行身份驗證
.anyRequest().authenticated()
.and().formLogin()
.loginPage("/login")
// 登陸成功
.loginProcessingUrl("/login").defaultSuccessUrl("/index",true)
/** // 認證成功
.successHandler(new GoAuthenticationSuccessHandler())
// 認證失敗
.failureHandler(new GoAuthenticationFailureHandler())
.and().exceptionHandling()
// 已經認證的使用者訪問自己沒有許可權的資源處理
.accessDeniedHandler(new GoAccessDeniedHandler())
// 未經過認證的永固訪問受保護的資源
.authenticationEntryPoint(new GoAuthenticationEntryPoint())**/
/**.and().logout().permitAll()
// 登出功能
//.logoutUrl("/login")
// 登出之後跳轉的URL。預設是/login?logout。具體檢視 the JavaDoc文件.
// .logoutSuccessUrl("/login")
// 讓你設定定製的 LogoutSuccessHandler。如果指定了這個選項那麼logoutSuccessUrl()的設定會被忽略
// .logoutSuccessHandler()
// 指定是否在登出時讓HttpSession無效。 預設設定為 true。
.invalidateHttpSession(true)
// 允許指定在登出成功時將移除的cookie。
.deleteCookies("\"JSESSIONID\"")
// cookie 失效時間,預設有效期為14天
.and().rememberMe()
.tokenValiditySeconds(1800)
.key("token_key");*/
http.csrf().disable()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS) // 使用 JWT,關閉token
.and()
.httpBasic()
// 未經過認證的使用者訪問受保護的資源
.authenticationEntryPoint(new GoAuthenticationEntryPoint())
.and()
.authorizeRequests()
// 任何使用者都可以訪問URL以"/resources/", equals "/signup", 或者 "/about"開頭的URL。
.antMatchers("/resources/**", "/login", "/auth/**").permitAll()
//以 "/admin/" 開頭的URL只能由擁有 "ROLE_ADMIN"角色的使用者訪問。請注意我們使用 hasRole 方法
.antMatchers("/admin").hasRole("ADMIN")
.antMatchers("/uuu").access("hasRole('USER') or hasRole('ADMIN') ")
.anyRequest().authenticated()
.and()
.formLogin()
// .loginPage("/login")
//.loginProcessingUrl("/login").defaultSuccessUrl("/index", true).failureUrl("/login?error")
.successHandler(goAuthenticationSuccessHandler())
// 認證失敗
.failureHandler(new GoAuthenticationFailureHandler())
.permitAll()
.and()
.logout()
.logoutSuccessHandler(new GoLogoutSuccessHandler())
.permitAll();
// 記住我
http.rememberMe().rememberMeParameter("remember-me")
.userDetailsService(userDetailsService).tokenValiditySeconds(300);
http.exceptionHandling()
// 已經認證的使用者訪問自己沒有許可權的資源處理
.accessDeniedHandler(new GoAccessDeniedHandler())
.and().addFilterBefore(jwtAuthenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);
}
}
SpringSecurity 登陸成功後或者登陸失敗後,可進行配置到指定的類進行後續處理
有的用到了,有的沒有用到,具體可根據自己的實際情況去處理
package com.longfor.security.config.security;
import com.alibaba.fastjson.JSON;
import com.longfor.security.bean.ResponseBean;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.web.access.AccessDeniedHandler;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
* @Author: gaoleijie.
* @Description:如果使用者已經通過身份驗證,試圖訪問受保護的(該使用者沒有許可權的)資源
* @Date:Created in 2018/8/25 23:06.
*/
public class GoAccessDeniedHandler implements AccessDeniedHandler {
@Override
public void handle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AccessDeniedException e) throws IOException, ServletException {
httpServletResponse.setHeader("Content-Type", "application/json;charset=utf-8");
ResponseBean responseBean=new ResponseBean(403,"您的許可權不足,無法訪問該資源",null,null);
httpServletResponse.getWriter().write(JSON.toJSONString(responseBean));
httpServletResponse.getWriter().flush();
}
}
package com.longfor.security.config.security;
import com.alibaba.fastjson.JSON;
import com.longfor.security.bean.ResponseBean;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.AuthenticationEntryPoint;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
* @Author: gaoleijie.
* @Description:它負責啟動未經過身份驗證的使用者的身份驗證過程(當他們試圖訪問受保護的資源
* @Date:Created in 2018/8/25 23:11.
*/
public class GoAuthenticationEntryPoint implements AuthenticationEntryPoint {
@Override
public void commence(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException e) throws IOException, ServletException {
// httpServletResponse.setHeader("Access-Control-Allow-Origin", "*");
// httpServletResponse.getWriter().print("{\"code\":401,\"未登陸時無法訪問該資源\":\""+e.getMessage()+"\"}");
// httpServletResponse.getWriter().flush();
//
httpServletResponse.setHeader("Content-Type", "application/json;charset=utf-8");
ResponseBean responseBean=new ResponseBean(403,"無法訪問該資源",null,null);
httpServletResponse.getWriter().write(JSON.toJSONString(responseBean));
httpServletResponse.getWriter().flush();
}
}
package com.longfor.security.config.security;
import com.alibaba.fastjson.JSON;
import com.longfor.security.bean.ResponseBean;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
* @Author: gaoleijie.
* @Description:如果身份驗證失敗時呼叫
* @Date:Created in 2018/8/25 23:01.
*/
public class GoAuthenticationFailureHandler implements AuthenticationFailureHandler {
@Override
public void onAuthenticationFailure(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException e) throws IOException, ServletException {
// httpServletResponse.setHeader("Content-Type", "application/json;charset=utf-8");
// httpServletResponse.getWriter().print("{\"code\":1,\"message\":\""+e.getMessage()+"\"}");
// httpServletResponse.getWriter().flush();
httpServletResponse.setHeader("Content-Type", "application/json;charset=utf-8");
ResponseBean responseBean=new ResponseBean(401,"驗證失敗",null,null);
httpServletResponse.getWriter().write(JSON.toJSONString(responseBean));
httpServletResponse.getWriter().flush();
}
}
package com.longfor.security.config.security;
import com.alibaba.fastjson.JSON;
import com.longfor.security.bean.ResponseBean;
import com.longfor.security.config.jwt.JwtTokenUtil;
import com.longfor.security.config.redis.RedisUtil;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
* @Author: gaoleijie.
* @Description:用於處理一個成功的身份驗證實現執行是處理導航到後續的目標.
* @Date:Created in 2018/8/25 22:57.
*/
public class GoAuthenticationSuccessHandler implements AuthenticationSuccessHandler {
@Autowired
JwtTokenUtil jwtTokenUtil;
/**
* //有效期
*/
@Value("${jwt.expiration}")
private Long expiration;
@Override
public void onAuthenticationSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException {
// httpServletResponse.setHeader("Content-Type", "application/json;charset=utf-8");
// httpServletResponse.getWriter().print("{\"code\":0,\"message\":\"登入成功\"}");
// httpServletResponse.getWriter().flush();
httpServletResponse.setHeader("Content-Type", "application/json;charset=utf-8");
UserDetails userDetails = (UserDetails) authentication.getPrincipal();
String jwtToken = jwtTokenUtil.generateToken(userDetails);
jwtTokenUtil.setExpire(jwtToken,userDetails.getUsername(),expiration+100000);
ResponseBean responseBean = new ResponseBean(200, "登入成功", jwtToken);
httpServletResponse.getWriter().write(JSON.toJSONString(responseBean));
httpServletResponse.getWriter().flush();
}
}
package com.longfor.security.config.security;
import com.alibaba.fastjson.JSON;
import com.longfor.security.bean.ResponseBean;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
* @Author: gaoleijie.
* @Description:
* @Date:Created in 2018/9/4 14:07.
*/
public class GoLogoutSuccessHandler implements LogoutSuccessHandler {
@Override
public void onLogoutSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException {
httpServletResponse.setHeader("Content-Type", "application/json;charset=utf-8");
ResponseBean responseBean=new ResponseBean(200,"登出成功",null,null);
httpServletResponse.getWriter().write(JSON.toJSONString(responseBean));
httpServletResponse.getWriter().flush();
}
}
到該步SpringSecurity基本已經配置完畢了
下面該繼承JWT了
第一步 新增過濾器
package com.longfor.security.config.jwt;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
import org.springframework.stereotype.Component;
import org.springframework.web.filter.OncePerRequestFilter;
import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
* @Author: gaoleijie.
* @Description:
* @Date:Created in 2018/8/26 18:30.
*/
@Component
public class JwtAuthenticationTokenFilter extends OncePerRequestFilter {
@Value("${jwt.header}")
private String tokenHeader;
@Value("${jwt.tokenHead}")
private String tokenHead;
private UserDetailsService userDetailsService;
private JwtTokenUtil jwtTokenUtil;
@Autowired
public JwtAuthenticationTokenFilter(UserDetailsService userDetailsService, JwtTokenUtil jwtTokenUtil) {
this.userDetailsService = userDetailsService;
this.jwtTokenUtil = jwtTokenUtil;
}
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
String authHeader = request.getHeader(tokenHeader);
if (authHeader != null && authHeader.startsWith(tokenHead)) {
String authToken = authHeader.substring(tokenHead.length());
String username = jwtTokenUtil.getUsernameFromToken(authToken);
if (username != null && SecurityContextHolder.getContext().getAuthentication() == null) {
UserDetails userDetails = userDetailsService.loadUserByUsername(username);
if(jwtTokenUtil.validateToken(authToken)) {
if (jwtTokenUtil.validateToken(authToken, userDetails)) {
UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
SecurityContextHolder.getContext().setAuthentication(authentication);
} else {
jwtTokenUtil.del(authToken);
}
}
}
}
filterChain.doFilter(request, response);
}
}
工具類
package com.longfor.security.config.jwt;
import com.longfor.security.bean.User;
import com.longfor.security.config.redis.RedisUtil;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.stereotype.Component;
import java.io.Serializable;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
/**
* @Author: gaoleijie.
* @Description:JWT工具類
* @Date:Created in 2018/8/26 18:27.
*/
@Component
public class JwtTokenUtil implements Serializable {
private static final String CLAIM_KEY_USERNAME = "sub";
private static final String CLAIM_KEY_CREATED = "created";
private static final long serialVersionUID = -8305152446124853696L;
@Autowired
RedisUtil redisUtil;
/**
* 金鑰
*/
@Value("${jwt.secret}")
private String secret;
/**
* //有效期
*/
@Value("${jwt.expiration}")
private Long expiration;
/**
* 從資料宣告生成令牌
*
* @param claims 資料宣告
* @return 令牌
*/
private String generateToken(Map<String, Object> claims) {
Date expirationDate = new Date(System.currentTimeMillis() + expiration * 1000);
return Jwts.builder().setClaims(claims).setExpiration(expirationDate).signWith(SignatureAlgorithm.HS512, secret).compact();
}
/**
* 將token儲存到redis
*/
public void setExpire(String key, String val, long time) {
redisUtil.setExpire(key, val, time);
}
/**
* 移除
*/
public void del(String key) {
redisUtil.del(key);
}
/**
* 判斷是否有效
* @param authToken
* @return
*/
public Boolean validateToken(String authToken) {
Object o = redisUtil.get(authToken);
if(null != o){
return true;
}
return false;
}
/**
* 從令牌中獲取資料宣告
*
* @param token 令牌
* @return 資料宣告
*/
private Claims getClaimsFromToken(String token) {
Claims claims;
try {
claims = Jwts.parser().setSigningKey(secret).parseClaimsJws(token).getBody();
} catch (Exception e) {
claims = null;
}
return claims;
}
/**
* 生成令牌
*
* @param userDetails 使用者
* @return 令牌
*/
public String generateToken(UserDetails userDetails) {
Map<String, Object> claims = new HashMap<>(2);
claims.put(CLAIM_KEY_USERNAME, userDetails.getUsername());
claims.put(CLAIM_KEY_CREATED, new Date());
return generateToken(claims);
}
/**
* 從令牌中獲取使用者名稱
*
* @param token 令牌
* @return 使用者名稱
*/
public String getUsernameFromToken(String token) {
String username;
try {
Claims claims = getClaimsFromToken(token);
username = claims.getSubject();
} catch (Exception e) {
username = null;
}
return username;
}
/**
* 判斷令牌是否過期
*
* @param token 令牌
* @return 是否過期
*/
public Boolean isTokenExpired(String token) {
try {
Claims claims = getClaimsFromToken(token);
Date expiration = claims.getExpiration();
return expiration.before(new Date());
} catch (Exception e) {
return false;
}
}
/**
* 重新整理令牌
*
* @param token 原令牌
* @return 新令牌
*/
public String refreshToken(String token) {
String refreshedToken;
try {
Claims claims = getClaimsFromToken(token);
claims.put(CLAIM_KEY_CREATED, new Date());
refreshedToken = generateToken(claims);
} catch (Exception e) {
refreshedToken = null;
}
return refreshedToken;
}
/**
* 驗證令牌
*
* @param token 令牌
* @param userDetails 使用者
* @return 是否有效
*/
public Boolean validateToken(String token, UserDetails userDetails) {
User user = (User) userDetails;
String username = getUsernameFromToken(token);
return (username.equals(user.getUsername()) && !isTokenExpired(token));
}
}
下面是Redis工具類
package com.longfor.security.config.redis;
import org.springframework.data.redis.connection.RedisServerCommands;
import org.springframework.data.redis.connection.jedis.JedisConnectionFactory;
import org.springframework.data.redis.core.HashOperations;
import org.springframework.data.redis.core.ListOperations;
import org.springframework.data.redis.core.RedisCallback;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.data.redis.serializer.RedisSerializer;
import org.springframework.data.redis.support.atomic.RedisAtomicLong;
import org.springframework.stereotype.Component;
import java.nio.charset.Charset;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import lombok.extern.slf4j.Slf4j;
/**
*
* @Description
*Redis工具類
* @author gaoleijie
* @Date 2018年1月15日
*/
@Component
@Slf4j
public class RedisUtil {
/**
* 預設編碼
*/
private static final Charset DEFAULT_CHARSET = Charset.forName("UTF-8");
/**
* Spring Redis Template
*/
private RedisTemplate<String, String> redisTemplate;
private JedisConnectionFactory jedisConnectionFactory;
public RedisUtil(RedisTemplate<String, String> redisTemplate) {
this.redisTemplate = redisTemplate;
}
/**
* 新增到帶有 過期時間的 快取
*
* @param key redis主鍵
* @param value 值
* @param time 過期時間
*/
public void setExpire(final byte[] key, final byte[] value, final long time) {
redisTemplate.execute((RedisCallback<Long>) connection -> {
connection.set(key, value);
connection.expire(key, time);
log.info("[redisTemplate redis]放入 快取 url:{} ========快取時間為{}秒", key, time);
return 1L;
});
}
/**
* 新增到帶有 過期時間的 快取
*
* @param key redis主鍵
* @param value 值
* @param time 過期時間
*/
public void setExpire(final String key, final String value, final long time) {
redisTemplate.execute((RedisCallback<Long>) connection -> {
RedisSerializer<String> serializer = getRedisSerializer();
byte[] keys = serializer.serialize(key);
byte[] values = serializer.serialize(value);
connection.set(keys, values);
connection.expire(keys, time);
log.info("[redisTemplate redis]放入 快取 url:{} ========快取時間為{}秒", key, time);
return 1L;
});
}
/**
* 一次性新增陣列到 過期時間的 快取,不用多次連線,節省開銷
*
* @param keys redis主鍵陣列
* @param values 值陣列
* @param time 過期時間
*/
public void setExpire(final String[] keys, final String[] values, final long time) {
redisTemplate.execute((RedisCallback<Long>) connection -> {
RedisSerializer<String> serializer = getRedisSerializer();
for (int i = 0; i < keys.length; i++) {
byte[] bKeys = serializer.serialize(keys[i]);
byte[] bValues = serializer.serialize(values[i]);
connection.set(bKeys, bValues);
connection.expire(bKeys, time);
log.info("[redisTemplate redis]放入 快取 url:{} ========快取時間為:{}秒", keys[i], time);
}
return 1L;
});
}
/**
* 一次性新增陣列到 過期時間的 快取,不用多次連線,節省開銷
*
* @param keys the keys
* @param values the values
*/
public void set(final String[] keys, final String[] values) {
redisTemplate.execute((RedisCallback<Long>) connection -> {
RedisSerializer<String> serializer = getRedisSerializer();
for (int i = 0; i < keys.length; i++) {
byte[] bKeys = serializer.serialize(keys[i]);
byte[] bValues = serializer.serialize(values[i]);
connection.set(bKeys, bValues);
log.info("[redisTemplate redis]放入 快取 url:{}", keys[i]);
}
return 1L;
});
}
/**
* 新增到快取
*
* @param key the key
* @param value the value
*/
public void set(final String key, final String value) {
redisTemplate.execute((RedisCallback<Long>) connection -> {
RedisSerializer<String> serializer = getRedisSerializer();
byte[] keys = serializer.serialize(key);
byte[] values = serializer.serialize(value);
connection.set(keys, values);
log.info("[redisTemplate redis]放入 快取 url:{}", key);
return 1L;
});
}
/**
* 查詢在這個時間段內即將過期的key
*
* @param key the key
* @param time the time
* @return the list
*/
public List<String> willExpire(final String key, final long time) {
final List<String> keysList = new ArrayList<>();
redisTemplate.execute((RedisCallback<List<String>>) connection -> {
Set<String> keys = redisTemplate.keys(key + "*");
for (String key1 : keys) {
Long ttl = connection.ttl(key1.getBytes(DEFAULT_CHARSET));
if (0 <= ttl && ttl <= 2 * time) {
keysList.add(key1);
}
}
return keysList;
});
return keysList;
}
/**
* 查詢在以keyPatten的所有 key
*
* @param keyPatten the key patten
* @return the set
*/
public Set<String> keys(final String keyPatten) {
return redisTemplate.execute((RedisCallback<Set<String>>) connection -> redisTemplate.keys(keyPatten + "*"));
}
/**
* 根據key獲取物件
*
* @param key the key
* @return the byte [ ]
*/
public byte[] get(final byte[] key) {
byte[] result = redisTemplate.execute((RedisCallback<byte[]>) connection -> connection.get(key));
log.info("[redisTemplate redis]取出 快取 url:{} ", key);
return result;
}
/**
* 根據key獲取物件
*
* @param key the key
* @return the string
*/
public String get(final String key) {
String resultStr = redisTemplate.execute((RedisCallback<String>) connection -> {
RedisSerializer<String> serializer = getRedisSerializer();
byte[] keys = serializer.serialize(key);
byte[] values = connection.get(keys);
return serializer.deserialize(values);
});
log.info("[redisTemplate redis]取出 快取 url:{} ", key);
return resultStr;
}
/**
* 根據key獲取物件
*
* @param keyPatten the key patten
* @return the keys values
*/
public Map<String, String> getKeysValues(final String keyPatten) {
log.info("[redisTemplate redis] getValues() patten={} ", keyPatten);
return redisTemplate.execute((RedisCallback<Map<String, String>>) connection -> {
RedisSerializer<String> serializer = getRedisSerializer();
Map<String, String> maps = new HashMap<>();
Set<String> keys = redisTemplate.keys(keyPatten + "*");
for (String key : keys) {
byte[] bKeys = serializer.serialize(key);
byte[] bValues = connection.get(bKeys);
String value = serializer.deserialize(bValues);
maps.put(key, value);
}
return maps;
});
}
/**
* Ops for hash hash operations.
*
* @return the hash operations
*/
public HashOperations<String, String, String> opsForHash() {
return redisTemplate.opsForHash();
}
/**
* 對HashMap操作
*
* @param key the key
* @param hashKey the hash key
* @param hashValue the hash value
*/
public void putHashValue(String key, String hashKey, String hashValue) {
log.info("[redisTemplate redis] putHashValue() key={},hashKey={},hashValue={} ", key, hashKey, hashValue);
opsForHash().put(key, hashKey, hashValue);
}
/**
* 獲取單個field對應的值
*
* @param key the key
* @param hashKey the hash key
* @return the hash values
*/
public Object getHashValues(String key, String hashKey) {
log.info("[redisTemplate redis] getHashValues() key={},hashKey={}", key, hashKey);
return opsForHash().get(key, hashKey);
}
/**
* 根據key值刪除
*
* @param key the key
* @param hashKeys the hash keys
*/
public void delHashValues(String key, Object... hashKeys) {
log.info("[redisTemplate redis] delHashValues() key={}", key);
opsForHash().delete(key, hashKeys);
}
/**
* key只匹配map
*
* @param key the key
* @return the hash value
*/
public Map<String, String> getHashValue(String key) {
log.info("[redisTemplate redis] getHashValue() key={}", key);
return opsForHash().entries(key);
}
/**
* 批量新增
*
* @param key the key
* @param map the map
*/
public void putHashValues(String key, Map<String, String> map) {
opsForHash().putAll(key, map);
}
/**
* 集合數量
*
* @return the long
*/
public long dbSize() {
return redisTemplate.execute(RedisServerCommands::dbSize);
}
/**
* 清空redis儲存的資料
*
* @return the string
*/
public String flushDB() {
return redisTemplate.execute((RedisCallback<String>) connection -> {
connection.flushDb();
return "ok";
});
}
/**
* 判斷某個主鍵是否存在
*
* @param key the key
* @return the boolean
*/
public boolean exists(final String key) {
return redisTemplate.execute((RedisCallback<Boolean>) connection -> connection.exists(key.getBytes(DEFAULT_CHARSET)));
}
/**
* 刪除key
*
* @param keys the keys
* @return the long
*/
public long del(final String... keys) {
return redisTemplate.execute((RedisCallback<Long>) connection -> {
long result = 0;
for (String key : keys) {
result = connection.del(key.getBytes(DEFAULT_CHARSET));
}
return result;
});
}
/**
* 獲取 RedisSerializer
*
* @return the redis serializer
*/
protected RedisSerializer<String> getRedisSerializer() {
return redisTemplate.getStringSerializer();
}
/**
* 對某個主鍵對應的值加一,value值必須是全數字的字串
*
* @param key the key
* @return the long
*/
public long incr(final String key) {
return redisTemplate.execute((RedisCallback<Long>) connection -> {
RedisSerializer<String> redisSerializer = getRedisSerializer();
return connection.incr(redisSerializer.serialize(key));
});
}
/**
* redis List 引擎
*
* @return the list operations
*/
public ListOperations<String, String> opsForList() {
return redisTemplate.opsForList();
}
/**
* redis List資料結構 : 將一個或多個值 value 插入到列表 key 的表頭
*
* @param key the key
* @param value the value
* @return the long
*/
public Long leftPush(String key, String value) {
return opsForList().leftPush(key, value);
}
/**
* redis List資料結構 : 移除並返回列表 key 的頭元素
*
* @param key the key
* @return the string
*/
public String leftPop(String key) {
return opsForList().leftPop(key);
}
/**
* redis List資料結構 :將一個或多個值 value 插入到列表 key 的表尾(最右邊)。
*
* @param key the key
* @param value the value
* @return the long
*/
public Long in(String key, String value) {
return opsForList().rightPush(key, value);
}
/**
* redis List資料結構 : 移除並返回列表 key 的末尾元素
*
* @param key the key
* @return the string
*/
public String rightPop(String key) {
return opsForList().rightPop(key);
}
/**
* redis List資料結構 : 返回列表 key 的長度 ; 如果 key 不存在,則 key 被解釋為一個空列表,返回 0 ; 如果 key 不是列表型別,返回一個錯誤。
*
* @param key the key
* @return the long
*/
public Long length(String key) {
return opsForList().size(key);
}
/**
* redis List資料結構 : 根據引數 i 的值,移除列表中與引數 value 相等的元素
*
* @param key the key
* @param i the
* @param value the value
*/
public void remove(String key, long i, String value) {
opsForList().remove(key, i, value);
}
/**
* redis List資料結構 : 將列表 key 下標為 index 的元素的值設定為 value
*
* @param key the key
* @param index the index
* @param value the value
*/
public void set(String key, long index, String value) {
opsForList().set(key, index, value);
}
/**
* redis List資料結構 : 返回列表 key 中指定區間內的元素,區間以偏移量 start 和 end 指定。
*
* @param key the key
* @param start the start
* @param end the end
* @return the list
*/
public List<String> getList(String key, int start, int end) {
return opsForList().range(key, start, end);
}
/**
* redis List資料結構 : 批量儲存
*
* @param key the key
* @param list the list
* @return the long
*/
public Long leftPushAll(String key, List<String> list) {
return opsForList().leftPushAll(key, list);
}
/**
* redis List資料結構 : 將值 value 插入到列表 key 當中,位於值 index 之前或之後,預設之後。
*
* @param key the key
* @param index the index
* @param value the value
*/
public void insert(String key, long index, String value) {
opsForList().set(key, index, value);
}
/**
* 利用redis的單執行緒原子自增性保證資料自增的唯一性
*
* @param key
* @return
*/
public RedisAtomicLong getRedisAtomicLong(String key) {
return new RedisAtomicLong(key, jedisConnectionFactory);
}
/**
* ZINCRBY key increment member
*
* @param key
* @param increment
* @param member
*/
public void doZincrby(String key, Integer increment, String member) {
redisTemplate.execute((RedisCallback<Double>) connection -> {
RedisSerializer<String> redisSerializer = getRedisSerializer();
return connection.zIncrBy(redisSerializer.serialize(key), increment, redisSerializer.serialize(member));
});
}
/**
* ZREVRANGE key start stop [WITHSCORES]
*
* @return
*/
public List<String> doZrevrange(String key, Integer start, Integer end) {
List<String> stringList = new ArrayList<>();
RedisSerializer<String> redisSerializer = getRedisSerializer();
Set<byte[]> strBytes = redisTemplate.execute((RedisCallback<Set<byte[]>>) connection -> connection.zRevRange(redisSerializer.serialize(key), start, end));
Iterator byteIter = strBytes.iterator();
while (byteIter.hasNext()) {
stringList.add(redisSerializer.deserialize((byte[]) byteIter.next()));
}
return stringList;
}
}