av一区二区在线观看_亚洲男人的天堂网站_日韩亚洲视频_在线成人免费_欧美日韩精品免费观看视频_久草视

您的位置:首頁技術(shù)文章
文章詳情頁

Spring Boot 2結(jié)合Spring security + JWT實(shí)現(xiàn)微信小程序登錄

瀏覽:154日期:2022-06-25 08:45:35

項(xiàng)目源碼:https://gitee.com/tanwubo/jwt-spring-security-demo

登錄

通過自定義的WxAppletAuthenticationFilter替換默認(rèn)的UsernamePasswordAuthenticationFilter,在UsernamePasswordAuthenticationFilter中可任意定制自己的登錄方式。

用戶認(rèn)證

需要結(jié)合JWT來實(shí)現(xiàn)用戶認(rèn)證,第一步登錄成功后如何頒發(fā)token。

public class CustomAuthenticationSuccessHandler implements AuthenticationSuccessHandler { @Autowired private JwtTokenUtils jwtTokenUtils; @Override public void onAuthenticationSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException { // 使用jwt管理,所以封裝用戶信息生成jwt響應(yīng)給前端 String token = jwtTokenUtils.generateToken(((WxAppletAuthenticationToken)authentication).getOpenid()); Map<String, Object> result = Maps.newHashMap(); result.put(ConstantEnum.AUTHORIZATION.getValue(), token); httpServletResponse.setContentType(ContentType.JSON.toString()); httpServletResponse.getWriter().write(JSON.toJSONString(result)); }}

第二步,棄用spring security默認(rèn)的session機(jī)制,通過token來管理用戶的登錄狀態(tài)。這里有倆段關(guān)鍵代碼。

@Override protected void configure(HttpSecurity http) throws Exception { http.csrf().disable().sessionManagement()// 不創(chuàng)建Session, 使用jwt來管理用戶的登錄狀態(tài).sessionCreationPolicy(SessionCreationPolicy.STATELESS)......; }

第二步,添加token的認(rèn)證過濾器。

public class JwtAuthenticationTokenFilter extends OncePerRequestFilter { @Autowired private AuthService authService; @Autowired private JwtTokenUtils jwtTokenUtils; @Override protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { log.debug('processing authentication for [{}]', request.getRequestURI()); String token = request.getHeader(ConstantEnum.AUTHORIZATION.getValue()); String openid = null; if (token != null) { try {openid = jwtTokenUtils.getUsernameFromToken(token); } catch (IllegalArgumentException e) {log.error('an error occurred during getting username from token', e);throw new BasicException(ExceptionEnum.JWT_EXCEPTION.customMessage('an error occurred during getting username from token , token is [%s]', token)); } catch (ExpiredJwtException e) {log.warn('the token is expired and not valid anymore', e);throw new BasicException(ExceptionEnum.JWT_EXCEPTION.customMessage('the token is expired and not valid anymore, token is [%s]', token)); }catch (SignatureException e) {log.warn('JWT signature does not match locally computed signature', e);throw new BasicException(ExceptionEnum.JWT_EXCEPTION.customMessage('JWT signature does not match locally computed signature, token is [%s]', token)); } }else { log.warn('couldn’t find token string'); } if (openid != null && SecurityContextHolder.getContext().getAuthentication() == null) { log.debug('security context was null, so authorizing user'); Account account = authService.findAccount(openid); List<Permission> permissions = authService.acquirePermission(account.getAccountId()); List<SimpleGrantedAuthority> authorities = permissions.stream().map(permission -> new SimpleGrantedAuthority(permission.getPermission())).collect(Collectors.toList()); log.info('authorized user [{}], setting security context', openid); SecurityContextHolder.getContext().setAuthentication(new WxAppletAuthenticationToken(openid, authorities)); } filterChain.doFilter(request, response); }}接口鑒權(quán)

第一步,開啟注解@EnableGlobalMethodSecurity。

@SpringBootApplication@EnableGlobalMethodSecurity(prePostEnabled = true)public class JwtSpringSecurityDemoApplication { public static void main(String[] args) { SpringApplication.run(JwtSpringSecurityDemoApplication.class, args); }}

第二部,在需要鑒權(quán)的接口上添加@PreAuthorize注解。

@RestController@RequestMapping('/test')public class TestController { @GetMapping @PreAuthorize('hasAuthority(’user:test’)') public String test(){ return 'test success'; } @GetMapping('/authority') @PreAuthorize('hasAuthority(’admin:test’)') public String authority(){ return 'test authority success'; }}

到此這篇關(guān)于Spring Boot 2結(jié)合Spring security + JWT實(shí)現(xiàn)微信小程序登錄的文章就介紹到這了,更多相關(guān)Spring Boot Spring security JWT微信小程序登錄內(nèi)容請搜索好吧啦網(wǎng)以前的文章或繼續(xù)瀏覽下面的相關(guān)文章希望大家以后多多支持好吧啦網(wǎng)!

標(biāo)簽: 微信
相關(guān)文章:
主站蜘蛛池模板: 国产精品69毛片高清亚洲 | 亚洲一区二区在线 | av网址在线 | 老司机67194精品线观看 | 超碰伊人| 成人性视频免费网站 | 久久99视频免费观看 | 国产精品视频免费观看 | 伦理片97| 欧美在线综合 | 免费观看国产视频在线 | 丁香六月激情 | 日韩在线不卡 | 拍真实国产伦偷精品 | 亚洲精品专区 | 亚洲精品在线免费 | 老外黄色一级片 | 亚洲高清视频在线观看 | 中文字幕三区 | 在线播放第一页 | 久在线 | av影音资源| 在线综合视频 | 国产精品久久久久永久免费观看 | 成人欧美在线 | 久久爆操 | 亚洲国产欧美一区 | 国产成人高清 | 精品欧美一区二区三区久久久 | 久久看精品 | 一区二区三区视频在线观看 | 高清欧美性猛交xxxx黑人猛交 | 欧美aaa一级片 | 91久久综合亚洲鲁鲁五月天 | av在线一区二区三区 | 亚洲成av人片在线观看 | 日韩一区二区三区av | 亚洲图片一区二区三区 | 日日夜夜精品视频 | 精品欧美一区二区中文字幕视频 | 中文字幕亚洲区一区二 |