经验首页 前端设计 程序设计 Java相关 移动开发 数据库/运维 软件/图像 大数据/云计算 其他经验
当前位置:技术经验 » Java相关 » Spring Boot » 查看文章
Spring Boot 2结合Spring security + JWT实现微信小程序登录
来源:jb51  时间:2021/1/25 12:19:59  对本文有异议

项目源码:https://gitee.com/tanwubo/jwt-spring-security-demo

登录

通过自定义的WxAppletAuthenticationFilter替换默认的UsernamePasswordAuthenticationFilter,在UsernamePasswordAuthenticationFilter中可任意定制自己的登录方式。

用户认证

需要结合JWT来实现用户认证,第一步登录成功后如何颁发token。

  1. public class CustomAuthenticationSuccessHandler implements AuthenticationSuccessHandler {
  2.  
  3. @Autowired
  4. private JwtTokenUtils jwtTokenUtils;
  5.  
  6. @Override
  7. public void onAuthenticationSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException {
  8. // 使用jwt管理,所以封装用户信息生成jwt响应给前端
  9. String token = jwtTokenUtils.generateToken(((WxAppletAuthenticationToken)authentication).getOpenid());
  10. Map<String, Object> result = Maps.newHashMap();
  11. result.put(ConstantEnum.AUTHORIZATION.getValue(), token);
  12. httpServletResponse.setContentType(ContentType.JSON.toString());
  13. httpServletResponse.getWriter().write(JSON.toJSONString(result));
  14. }
  15. }

第二步,弃用spring security默认的session机制,通过token来管理用户的登录状态。这里有俩段关键代码。

  1. @Override
  2. protected void configure(HttpSecurity http) throws Exception {
  3. http.csrf()
  4. .disable()
  5. .sessionManagement()
  6. // 不创建Session, 使用jwt来管理用户的登录状态
  7. .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
  8. ......;
  9. }

第二步,添加token的认证过滤器。

  1. public class JwtAuthenticationTokenFilter extends OncePerRequestFilter {
  2.  
  3. @Autowired
  4. private AuthService authService;
  5.  
  6. @Autowired
  7. private JwtTokenUtils jwtTokenUtils;
  8.  
  9. @Override
  10. protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
  11. log.debug("processing authentication for [{}]", request.getRequestURI());
  12. String token = request.getHeader(ConstantEnum.AUTHORIZATION.getValue());
  13. String openid = null;
  14. if (token != null) {
  15. try {
  16. openid = jwtTokenUtils.getUsernameFromToken(token);
  17. } catch (IllegalArgumentException e) {
  18. log.error("an error occurred during getting username from token", e);
  19. throw new BasicException(ExceptionEnum.JWT_EXCEPTION.customMessage("an error occurred during getting username from token , token is [%s]", token));
  20. } catch (ExpiredJwtException e) {
  21. log.warn("the token is expired and not valid anymore", e);
  22. throw new BasicException(ExceptionEnum.JWT_EXCEPTION.customMessage("the token is expired and not valid anymore, token is [%s]", token));
  23. }catch (SignatureException e) {
  24. log.warn("JWT signature does not match locally computed signature", e);
  25. throw new BasicException(ExceptionEnum.JWT_EXCEPTION.customMessage("JWT signature does not match locally computed signature, token is [%s]", token));
  26. }
  27. }else {
  28. log.warn("couldn't find token string");
  29. }
  30. if (openid != null && SecurityContextHolder.getContext().getAuthentication() == null) {
  31. log.debug("security context was null, so authorizing user");
  32. Account account = authService.findAccount(openid);
  33. List<Permission> permissions = authService.acquirePermission(account.getAccountId());
  34. List<SimpleGrantedAuthority> authorities = permissions.stream().map(permission -> new SimpleGrantedAuthority(permission.getPermission())).collect(Collectors.toList());
  35. log.info("authorized user [{}], setting security context", openid);
  36. SecurityContextHolder.getContext().setAuthentication(new WxAppletAuthenticationToken(openid, authorities));
  37. }
  38. filterChain.doFilter(request, response);
  39. }
  40. }

接口鉴权

第一步,开启注解@EnableGlobalMethodSecurity

  1. @SpringBootApplication
  2. @EnableGlobalMethodSecurity(prePostEnabled = true)
  3. public class JwtSpringSecurityDemoApplication {
  4.  
  5. public static void main(String[] args) {
  6. SpringApplication.run(JwtSpringSecurityDemoApplication.class, args);
  7. }
  8.  
  9. }

第二部,在需要鉴权的接口上添加@PreAuthorize注解。

  1. @RestController
  2. @RequestMapping("/test")
  3. public class TestController {
  4.  
  5. @GetMapping
  6. @PreAuthorize("hasAuthority('user:test')")
  7. public String test(){
  8. return "test success";
  9. }
  10.  
  11. @GetMapping("/authority")
  12. @PreAuthorize("hasAuthority('admin:test')")
  13. public String authority(){
  14. return "test authority success";
  15. }
  16.  
  17. }

到此这篇关于Spring Boot 2结合Spring security + JWT实现微信小程序登录的文章就介绍到这了,更多相关Spring Boot Spring security JWT微信小程序登录内容请搜索w3xue以前的文章或继续浏览下面的相关文章希望大家以后多多支持w3xue!

 友情链接:直通硅谷  点职佳  北美留学生论坛

本站QQ群:前端 618073944 | Java 606181507 | Python 626812652 | C/C++ 612253063 | 微信 634508462 | 苹果 692586424 | C#/.net 182808419 | PHP 305140648 | 运维 608723728

W3xue 的所有内容仅供测试,对任何法律问题及风险不承担任何责任。通过使用本站内容随之而来的风险与本站无关。
关于我们  |  意见建议  |  捐助我们  |  报错有奖  |  广告合作、友情链接(目前9元/月)请联系QQ:27243702 沸活量
皖ICP备17017327号-2 皖公网安备34020702000426号