本文介绍如何在Spring Security框架中实现基于数据库的身份认证,并整合JWT进行用户验证及权限管理。主要内容包括创建UserDetailsService实现类完成用户登录认证过程,以及通过自定义过滤器JwtAuthenticationTokenFilter实现JWT的校验与刷新。
w1、各个服务包名前面要一致
SpringSecurity
https://www.cnblogs.com/crazy-lc/p/12361118.html
https://blog.youkuaiyun.com/u012702547/article/details/89629415
内部用ThreadLocal存储用户信息
如何配置数据库到SpringSecurity中呢
先创建方法实现UserDetailsService(做身份认证,登入时调用),数据库查询用户信息和角色信息返回UserDetails对象,用户信息放在session中
@Service
public class SecurityUserDetailsService implements UserDetailsService {
@Autowired
private AdminService adminService;
@Autowired
private RoleService roleService;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
QueryWrapper<Admin> queryWrapper = new QueryWrapper<>();
queryWrapper.eq(SQLConf.USER_NAME, username);
Admin admin = adminService.getOne(queryWrapper);
if (admin == null) {
throw new UsernameNotFoundException(String.format("No user found with username '%s'.", username));
} else {
//查询出角色信息封装到admin中
List<String> roleNames = new ArrayList<>();
Role role = roleService.getById(admin.getRoleUid());
roleNames.add(role.getRoleName());
admin.setRoleNames(roleNames);
return SecurityUserFactory.create(admin);
}
}
}
在config方法中加入这个类
https://www.cnblogs.com/pjjlt/p/10960690.html
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService);
}
SpringSecurity整合jwt
在config方法中添加jwtfitter
httpSecurity.addFilterBefore(registrationBean(new JwtAuthenticationTokenFilter()).getFilter(), UsernamePasswordAuthenticationFilter.class);
jwtfitter
@Slf4j
public class JwtAuthenticationTokenFilter extends OncePerRequestFilter {
@Autowired
private Audience audience;
@Resource
private UserDetailsService userDetailsService;
@Autowired
private JwtHelper jwtHelper;
// @Value(value="${base64Secret}")
// private String base64Secret;
@Value(value = "${tokenHead}")
private String tokenHead;
@Value(value = "${tokenHeader}")
private String tokenHeader;
/**
* token过期的时间
*/
@Value(value = "${audience.expiresSecond}")
private Long expiresSecond;
/**
* token刷新的时间
*/
@Value(value = "${audience.refreshSecond}")
private Long refreshSecond;
@Autowired
private RedisUtil redisUtil;
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
throws ServletException, IOException {
//得到请求头信息authorization信息
String authHeader = request.getHeader(tokenHeader);
// 从picture服务传递过来的token,如果有说明执行了上传操作
final String pictureToken = request.getHeader("pictureToken");
if (StringUtils.isNotEmpty(pictureToken)) {
authHeader = pictureToken;
}
//请求头 'Authorization': tokenHead + token
if (authHeader != null && authHeader.startsWith(tokenHead)) {
log.error("传递过来的token为: {}", authHeader);
final String token = authHeader.substring(tokenHead.length());
// 获取在线的管理员信息
String onlineAdmin = redisUtil.get(RedisConf.LOGIN_TOKEN_KEY + RedisConf.SEGMENTATION + authHeader);
if(StringUtils.isNotEmpty(onlineAdmin) && !jwtHelper.isExpiration(token, audience.getBase64Secret())) {
/**
* 得到过期时间
*/
Date expirationDate = jwtHelper.getExpiration(token, audience.getBase64Secret());
long nowMillis = System.currentTimeMillis();
Date nowDate = new Date(nowMillis);
// 得到两个日期相差的间隔,秒
Integer second = DateUtils.getSecondByTwoDay(expirationDate, nowDate);
// 如果小于5分钟,那么更新过期时间
if(second < refreshSecond) {
// 生成一个新的Token
String newToken = tokenHead + jwtHelper.refreshToken(token, audience.getBase64Secret(), expiresSecond * 1000);
// 生成新的token,发送到客户端
CookieUtils.setCookie("Admin-Token", newToken, expiresSecond.intValue());
// 重新更新Redis中的过期时间
redisUtil.setEx(RedisConf.LOGIN_TOKEN_KEY + RedisConf.SEGMENTATION + newToken, onlineAdmin, expiresSecond, TimeUnit.SECONDS);
}
} else {
chain.doFilter(request, response);
return;
}
String username = jwtHelper.getUsername(token, audience.getBase64Secret());
String adminUid = jwtHelper.getUserUid(token, audience.getBase64Secret());
//把adminUid存储到request中
request.setAttribute(SysConf.ADMIN_UID, adminUid);
request.setAttribute(SysConf.USER_NAME, username);
request.setAttribute(SysConf.TOKEN, authHeader);
log.info("解析出来用户: {}" ,username);
log.info("解析出来的用户Uid: {}", adminUid);
if (username != null && SecurityContextHolder.getContext().getAuthentication() == null) {
UserDetails userDetails = this.userDetailsService.loadUserByUsername(username);
if (jwtHelper.validateToken(token, userDetails, audience.getBase64Secret())) {
UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(
userDetails, null, userDetails.getAuthorities());
authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(
request));
//以后可以security中取得SecurityUser信息
SecurityContextHolder.getContext().setAuthentication(authentication);
}
}
}
chain.doFilter(request, response);
}
}
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
