学习内容:权限管理系统实现spring security认证和授权
程序目录结构
config
package com.manong.config.mybatis;
import com.baomidou.mybatisplus.core.handlers.MetaObjectHandler;
import org.apache.ibatis.reflection.MetaObject;
import org.springframework.stereotype.Component;
import java.util.Date;
@Component
public class CommonMetaObjectHandler implements MetaObjectHandler {
/**
* 新增
* @param metaObject
*/
@Override
public void insertFill(MetaObject metaObject) {
//参数1:元数据对象
//参数2:属性名称
//参数3:类对象
//参数4:当前系统时间
this.strictInsertFill(metaObject, "createTime", Date.class, new Date());
this.strictUpdateFill(metaObject, "updateTime", Date.class, new Date());
}
/**
* 修改
* @param metaObject
*/
@Override
public void updateFill(MetaObject metaObject) {
this.strictUpdateFill(metaObject, "updateTime", Date.class, new Date());
}
}
package com.manong.config.mybatis;
import com.baomidou.mybatisplus.annotation.DbType;
import com.baomidou.mybatisplus.extension.plugins.MybatisPlusInterceptor;
import com.baomidou.mybatisplus.extension.plugins.inner.PaginationInnerInterceptor;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
@Configuration
public class MyBatisPlusConfig {
// 最新版
@Bean
public MybatisPlusInterceptor mybatisPlusInterceptor() {
MybatisPlusInterceptor interceptor = new MybatisPlusInterceptor();
PaginationInnerInterceptor paginationInnerInterceptor =
new PaginationInnerInterceptor(DbType.MYSQL);
paginationInnerInterceptor.setOverflow(true);//溢出后从第1页开始
//指定数据库类型
interceptor.addInnerInterceptor(paginationInnerInterceptor);
return interceptor;
}
}
package com.manong.config.redis;
import com.fasterxml.jackson.annotation.JsonAutoDetect;
import com.fasterxml.jackson.annotation.PropertyAccessor;
import com.fasterxml.jackson.databind.ObjectMapper;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.data.redis.cache.RedisCacheConfiguration;
import org.springframework.data.redis.cache.RedisCacheManager;
import org.springframework.data.redis.connection.RedisConnectionFactory;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.data.redis.serializer.Jackson2JsonRedisSerializer;
import org.springframework.data.redis.serializer.RedisSerializationContext;
import org.springframework.data.redis.serializer.RedisSerializer;
import org.springframework.data.redis.serializer.StringRedisSerializer;
import java.time.Duration;
/**
* redis配置类
*/
@Configuration
public class RedisConfig {
//缓存过期时间
@Value("${spring.redis.expire}")
private Long expire;
@Bean
public RedisTemplate<String, Object> redisTemplate(RedisConnectionFactory factory) {
RedisTemplate<String, Object> template = new RedisTemplate<String, Object>();
template.setConnectionFactory(factory);// 配置连接工厂
//使用Jackson2JsonRedisSerialize 替换默认序列化(默认采用的是JDK序列化)
Jackson2JsonRedisSerializer jackson2JsonRedisSerializer = new Jackson2JsonRedisSerializer(Object.class);
//解决查询缓存转换异常的问题
ObjectMapper om = new ObjectMapper();
//设置在生成 json 串时,对象中的成员的可见性
om.setVisibility(PropertyAccessor.ALL, JsonAutoDetect.Visibility.ANY);
//存储到redis的json将是有类型的数据
//指定序列化输入的类型,类必须是非final修饰的,final修饰的类,比如String,Integer等会跑出异常
om.activateDefaultTyping(om.getPolymorphicTypeValidator(), ObjectMapper.DefaultTyping.NON_FINAL);
jackson2JsonRedisSerializer.setObjectMapper(om);
StringRedisSerializer stringRedisSerializer = new StringRedisSerializer();
template.setKeySerializer(stringRedisSerializer);// key采用String的序列化方式
template.setHashKeySerializer(stringRedisSerializer);// hash的key也采用String的序列化方式
template.setValueSerializer(jackson2JsonRedisSerializer);// value序列化方式采用jackson
template.setHashValueSerializer(jackson2JsonRedisSerializer);// hash的value序列化方式采用jackson
template.afterPropertiesSet();
return template;
}
//@Cacheable注解字符集编码配置
@Bean
public RedisCacheManager cacheManager(RedisConnectionFactory factory) {
RedisCacheConfiguration config = RedisCacheConfiguration.defaultCacheConfig();
config.entryTtl(Duration.ofMinutes(expire))//缓存过期时间
.serializeKeysWith(RedisSerializationContext.SerializationPair.fromSerializer(RedisSerializer.string()))
.serializeValuesWith(RedisSerializationContext.SerializationPair.fromSerializer(RedisSerializer.json()));
return RedisCacheManager
.builder(factory)
.cacheDefaults(config)
.build();
}
}
package com.manong.config.redis;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.stereotype.Component;
import java.util.concurrent.TimeUnit;
@Component
public class RedisService {
@Autowired
private RedisTemplate<String, Object> redisTemplate;
//存缓存
public void set(String key ,String value,Long timeOut){
redisTemplate.opsForValue().set(key,value,timeOut, TimeUnit.SECONDS);
}
//取缓存
public String get(String key){
return (String) redisTemplate.opsForValue().get(key);
}
//清除缓存
public void del(String key){
redisTemplate.delete(key);
}
}
package com.manong.config.security.exception;
import org.springframework.security.core.AuthenticationException;
/**
* 自定义验证异常类
*/
public class CustomerAuthenticationException extends AuthenticationException {
public CustomerAuthenticationException(String message){
super(message);
}
}
package com.manong.config.security.filter;
import com.manong.config.redis.RedisService;
import com.manong.config.security.exception.CustomerAuthenticationException;
import com.manong.config.security.handler.LoginFailureHandler;
import com.manong.config.security.service.CustomerUserDetailsService;
import com.manong.utils.JwtUtils;
import lombok.Data;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
import org.springframework.stereotype.Component;
import org.springframework.util.ObjectUtils;
import org.springframework.web.filter.OncePerRequestFilter;
import javax.annotation.Resource;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
/**
* token验证过滤器
*/
@Data
@Component
public class CheckTokenFilter extends OncePerRequestFilter {
@Resource
private JwtUtils jwtUtils;
@Resource
private CustomerUserDetailsService customerUserDetailsService;
@Resource
private LoginFailureHandler loginFailureHandler;
@Resource
private RedisService redisService;
//获取登录请求地址
@Value("${request.login.url}")
private String loginUrl;
@Override
protected void doFilterInternal(HttpServletRequest request,
HttpServletResponse response,
FilterChain filterChain) throws ServletException, IOException {
try {
String url = request.getRequestURI(); //获取当前请求的url地址
if (!url.equals(loginUrl)) {
this.validateToken(request); //如果当前请求不是登录请求,则需要进行token验证
}
} catch (AuthenticationException e) {
loginFailureHandler.onAuthenticationFailure(request, response, e);
}
doFilter(request, response, filterChain); //登录请求不需要验证token
}
/**
* 验证token
*
* @param request
*/
private void validateToken(HttpServletRequest request) throws AuthenticationException {
String token = request.getHeader("token"); //从头部获取token信息
if (ObjectUtils.isEmpty(token)) {
token = request.getParameter("token"); //如果请求头部没有获取到token,则从请求的参数中进行获取
}
if (ObjectUt
这篇博客介绍了如何在权限管理系统中运用Spring Security进行认证和授权。博主详细阐述了程序的目录结构,包括config、controller、dao、entity、service和utils等模块,并分享了解决构建Spring项目时遇到的HTTP Proxy问题。未来两天的学习计划是观看视频课程的51-60集,目前学习进度已达第50集。
最低0.47元/天 解锁文章
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
