首页 > 美文鉴赏

前后端分离架构--SpringSecurity用法+自定义token校验

更新时间:2023-06-29 06:13:33 阅读: 评论:0

前后端分离架构--SpringSecurity⽤法+⾃定义token校验说明:本节介绍得是 前后端分离结构 SpringSecurity整个流程基本⽤法。
⼀、项⽬⾻架介绍:
1、安全模块
2、⽤户模块
⼆、curity模块代码
1、创建spring curity核⼼配置类
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled =true)
葱花手撕饼public class TokenWebSecurityConfig extends WebSecurityConfigurerAdapter {
private UrDetailsService urDetailsService;
private TokenManager tokenManager;
private DefaultPasswordEncoder defaultPasswordEncoder;
private RedisTemplate redisTemplate;
@Autowired
public TokenWebSecurityConfig(UrDetailsService urDetailsService, DefaultPasswordEncoder d
efaultPasswordEncoder,                                  TokenManager tokenManager, RedisTemplate redisTemplate){
this.urDetailsService = urDetailsService;
this.defaultPasswordEncoder = defaultPasswordEncoder;
}
/**花蛤蒸蛋
* 配置设置
* @param http
* @throws Exception
*/
@Overrideqq怎么批量删除好友
protected void configure(HttpSecurity http)throws Exception {
.authenticationEntryPoint(new UnauthorizedEntryPoint())
初中英语论文.and().csrf().disable()
.authorizeRequests()
.anyRequest().authenticated()
.and().logout().logoutUrl("/admin/acl/index/logout")
.addLogoutHandler(new TokenLogoutHandler(tokenManager,redisTemplate)).and()
.addFilter(new TokenLoginFilter(authenticationManager(), tokenManager, redisTemplate))
.addFilter(new TokenAuthenticationFilter(authenticationManager(), tokenManager, redisTemplate)).httpBasic();
http.addFilterBefore(new VerificationCodeFilter(), UrnamePasswordAuthenticationFilter.class);
}
/**
* 密码处理
* @param auth
* @throws Exception
*/
@Override
public void configure(AuthenticationManagerBuilder auth)throws Exception {
auth.urDetailsService(urDetailsService).passwordEncoder(defaultPasswordEncoder);
}
/
**
* 配置哪些请求不拦截
* @param web
* @throws Exception
*/
@Override
public void configure(WebSecurity web)throws Exception {
web.ignoring().antMatchers("/api/**",
猪八戒的媳妇
"/swagger-resources/**","/webjars/**","/v2/**","/swagger-ui.html/**"
);
}
}
2、创建认证授权相关的⼯具类
1. DefaultPasswordEncoder:密码处理的⽅法
public class DefaultPasswordEncoder implements PasswordEncoder {
public DefaultPasswordEncoder(){
this(-1);
}
关于改变的作文/**
* @param strength
*            the log rounds to u, between 4 and 31
*/
public DefaultPasswordEncoder(int strength){
}
public String encode(CharSequence rawPassword){
String());
}
public boolean matches(CharSequence rawPassword, String encodedPassword){姑洗
return encodedPassword.String()));
}
}
2. TokenManager:token操作的⼯具类
@Component
public class TokenManager {
private long tokenExpiration =24*60*60*1000;
private String tokenSignKey ="123456";
public String createToken(String urname){
String token = Jwts.builder().tSubject(urname)
.tExpiration(new Date(System.currentTimeMillis()+ tokenExpiration))
.signWith(SignatureAlgorithm.HS512, tokenSignKey).compressWith(CompressionCodecs.GZIP).compact();
return token;
}
public String getUrFromToken(String token){
String ur = Jwts.parr().tSigningKey(tokenSignKey).parClaimsJws(token).getBody().getSubject();
return ur;
水培地瓜}
public void removeToken(String token){
//jwttoken⽆需删除,客户端扔掉即可。
}
}
3. TokenLogoutHandler:退出实现
public class TokenLogoutHandler implements LogoutHandler {
private TokenManager tokenManager;
private RedisTemplate redisTemplate;
public TokenLogoutHandler(TokenManager tokenManager, RedisTemplate redisTemplate){
}
@Override
public void logout(HttpServletRequest request, HttpServletRespon respon, Authentication authentication){        String token = Header("token");
if(token !=null){
//清空当前⽤户缓存中的权限数据
String urName = UrFromToken(token);
redisTemplate.delete(urName);
}
ResponUtil.out(respon, R.ok());
}
}
4. UnauthorizedEntryPoint:未授权统⼀处理
public class UnauthorizedEntryPoint implements AuthenticationEntryPoint {
@Override
public void commence(HttpServletRequest request, HttpServletRespon respon,
AuthenticationException authException)throws IOException, ServletException {
ResponUtil.out(respon, R.error());
}
}
3、创建认证授权实体类
@Data
@Slf4j
public class SecurityUr implements UrDetails {
//当前登录⽤户
private transient Ur currentUrInfo;
//当前权限
private List<String> permissionValueList;
public SecurityUr(){
}
public SecurityUr(Ur ur){
if(ur !=null){
this.currentUrInfo = ur;
}
}
@Override
public Collection<?extends GrantedAuthority>getAuthorities(){
Collection<GrantedAuthority> authorities =new ArrayList<>();
for(String permissionValue : permissionValueList){
if(StringUtils.isEmpty(permissionValue))continue;
SimpleGrantedAuthority authority =new SimpleGrantedAuthority(permissionValue);

本文发布于:2023-06-29 06:13:33,感谢您对本站的认可!

本文链接:https://www.wtabcd.cn/fanwen/fan/89/1059747.html

版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系,我们将在24小时内删除。

上一篇:clap和slap的区别试解
下一篇:有关香水的英语表达
标签:删除   授权   说明
相关文章
留言与评论(共有 0 条评论)
   
验证码:
推荐文章
排行榜
热门标签
Copyright ©2019-2022 Comsenz Inc.Powered by © 专利检索| 网站地图