依赖pom

  1.               <dependency>
  2.             <groupId>org.springframework.boot</groupId>
  3.             <artifactId>spring-boot-starter-security</artifactId>
  4.               <version>2.3.2.RELEASE</version>
  5.         </dependency>
  6.                  <dependency>
  7.             <groupId>io.jsonwebtoken</groupId>
  8.             <artifactId>jjwt</artifactId>
  9.             <version>0.9.1</version>
  10.         </dependency>
  11.         <dependency>
  12.             <groupId>commons-io</groupId>
  13.             <artifactId>commons-io</artifactId>
  14.            <version>2.3</version>
  15.         </dependency>

认证入口AuthenticationFilter

  1. import org.springframework.lang.Nullable;
  2. import org.springframework.security.authentication.AuthenticationManager;
  3. import org.springframework.security.authentication.AuthenticationServiceException;
  4. import org.springframework.security.core.Authentication;
  5. import org.springframework.security.core.AuthenticationException;
  6. import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
  7. import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
  9. import javax.servlet.ServletException;
  10. import javax.servlet.http.HttpServletRequest;
  11. import javax.servlet.http.HttpServletResponse;
  12. import java.io.IOException;
  14. /**
  15.  * 拦截登录请求
  16.  *
  17.  * @author mori
  18.  * @date 2021-08-17 11:14:00
  19.  */
  20. public class JwtAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
  22.     private final static String USERNAME_PARAMETER = "username";
  23.     private final static String PASSWORD_PARAMETER = "password";
  24.     private final static String POST_METHOD = "POST";
  25.     private final static boolean POST_ONLY = true;
  26.     private final AuthenticationManager authenticationManager;
  28.     public JwtAuthenticationFilter(AuthenticationManager authenticationManager) {
  29.         super(new AntPathRequestMatcher("/auth/login", "POST"));
  30.         this.authenticationManager = authenticationManager;
  31.     }
  33.     @Override
  34.     public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException, IOException, ServletException {
  35.         if (POST_ONLY && !POST_METHOD.equals(request.getMethod())) {
  36.             throw new AuthenticationServiceException("Authentication method not supported: " + request.getMethod());
  37.         } else {
  38.             String username = this.obtainUsername(request);
  39.             String password = this.obtainPassword(request);
  40.             if (username == null) {
  41.                 username = "";
  42.             }
  43.             if (password == null) {
  44.                 password = "";
  45.             }
  46.             username = username.trim();
  47.             JwtToken authRequest = new JwtToken(username, password);
  48.             this.setDetails(request, authRequest);
  49.             return this.authenticationManager.authenticate(authRequest);
  50.         }
  51.     }
  53.     @Nullable
  54.     protected String obtainPassword(HttpServletRequest request) {
  55.         return request.getParameter(PASSWORD_PARAMETER);
  56.     }
  58.     @Nullable
  59.     protected String obtainUsername(HttpServletRequest request) {
  60.         return request.getParameter(USERNAME_PARAMETER);
  61.     }
  63.     protected void setDetails(HttpServletRequest request, JwtToken authRequest) {
  64.         authRequest.setDetails(this.authenticationDetailsSource.buildDetails(request));
  65.     }
  66. }

自定义Token对象JwtToken

  1. public class JwtToken extends AbstractAuthenticationToken {
  3.     private final Object principal;
  5.     private final Object credential;
  7.     public JwtToken(Object principal, Object credential) {
  8.         super(null);
  9.         this.principal = principal;
  10.         this.credential = credential;
  11.         setAuthenticated(false);
  12.     }
  14.     public JwtToken(Collection<? extends GrantedAuthority> authorities, Object principal, Object credential) {
  15.         super(authorities);
  16.         this.principal = principal;
  17.         this.credential = credential;
  18.         setAuthenticated(true);
  19.     }
  21.     @Override
  22.     public Object getCredentials() {
  23.         return this.credential;
  24.     }
  26.     @Override
  27.     public Object getPrincipal() {
  28.         return this.principal;
  29.     }
  31. }

JWT 认证服务提供JwtAuthenticationProvider

  1. import org.springframework.security.authentication.AuthenticationProvider;
  2. import org.springframework.security.authentication.BadCredentialsException;
  3. import org.springframework.security.core.Authentication;
  4. import org.springframework.security.core.AuthenticationException;
  5. import org.springframework.security.core.userdetails.UserDetails;
  6. import org.springframework.security.core.userdetails.UserDetailsService;
  7. import org.springframework.security.crypto.password.PasswordEncoder;
  9. /**
  10.  * jwt认证
  11.  *
  12.  * @author mori
  13.  * @date 2021-08-17 13:56:00
  14.  */
  15. public class JwtAuthenticationProvider implements AuthenticationProvider {
  17.     private final UserDetailsService userDetailsService;
  19.     private final PasswordEncoder passwordEncoder;
  21.     public JwtAuthenticationProvider(UserDetailsService userDetailsService, PasswordEncoder passwordEncoder) {
  22.         this.userDetailsService = userDetailsService;
  23.         this.passwordEncoder = passwordEncoder;
  24.     }
  27.       @Override
  28.     public Authentication authenticate(Authentication authentication) throws AuthenticationException {
  29.         JwtToken jwtToken = (JwtToken) authentication;
  30.         UserDetails details = userDetailsService.loadUserByUsername(jwtToken.getName());
  31.         checkCredentials(details, jwtToken);
  32.         checkUserDetails(details);
  33.         return new JwtToken(details.getAuthorities(), details, jwtToken.getCredentials());
  34.     }
  36.     public void checkCredentials(UserDetails details, JwtToken jwtToken) {
  37.         if (jwtToken.getCredentials() == null) {
  38.             throw new BadCredentialsException("The password not null");
  39.         }
  40.         if (!passwordEncoder.matches(jwtToken.getCredentials().toString(), details.getPassword())) {
  41.             throw new BadCredentialsException("The Password verification failed");
  42.         }
  43.     }
  45.     public void checkUserDetails(UserDetails details) {
  46.         if (!details.isAccountNonLocked()) {
  47.             throw new BadCredentialsException("The Account is locked");
  48.         }
  49.     }
  51.     @Override
  52.     public boolean supports(Class<?> clazz) {
  53.         return JwtToken.class.isAssignableFrom(clazz);
  54.     }
  55. }

获取用户信息JwtUserDetailsService

  1. import com.lenton.inner.entity.SystemUser;
  2. import com.lenton.inner.service.ISystemUserService;
  3. import org.springframework.security.core.GrantedAuthority;
  4. import org.springframework.security.core.userdetails.UserDetails;
  5. import org.springframework.security.core.userdetails.UserDetailsService;
  6. import org.springframework.security.core.userdetails.UsernameNotFoundException;
  8. import java.util.ArrayList;
  9. import java.util.Collection;
  11. /**
  12.  * @author mori
  13.  * @date 2021-08-17 11:17:00
  14.  */
  15. public class JwtUserDetailsService implements UserDetailsService {
  17.     private final ISystemUserService systemUserService;
  19.     public JwtUserDetailsService(ISystemUserService systemUserService) {
  20.         this.systemUserService = systemUserService;
  21.     }
  23.     @Override
  24.     public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
  25.         SystemUser systemUser = systemUserService.loadUserByUsername(username);
  26.         if(systemUser == null){
  27.             throw new UsernameNotFoundException("User not found");
  28.         }
  29.         String encodedPassword = systemUser.getPassword();
  30.         Collection<GrantedAuthority> collection = new ArrayList<>();
  31.         SecurityUser securityUser = new SecurityUser(username, encodedPassword, collection);
  32.         securityUser.setUserId(systemUser.getSystemUserId());
  33.         return securityUser;
  34.     }
  35. }

自定义用户信息SecurityUser

  1. import org.springframework.security.core.GrantedAuthority;
  2. import org.springframework.security.core.userdetails.User;
  4. import java.util.Collection;
  6. /**
  7.  * 自定义保存用户信息
  8.  * @author mori
  9.  * @date 2021-08-17 11:12:00
  10.  */
  11. public class SecurityUser extends User {
  13.     private String userId;
  15.     public SecurityUser(String username, String password, Collection<? extends GrantedAuthority> authorities) {
  16.         super(username, password, authorities);
  17.     }
  19.     public SecurityUser(String username, String password, boolean enabled, boolean accountNonExpired, boolean credentialsNonExpired, boolean accountNonLocked, Collection<? extends GrantedAuthority> authorities) {
  20.         super(username, password, enabled, accountNonExpired, credentialsNonExpired, accountNonLocked, authorities);
  21.     }
  23.     public String getUserId() {
  24.         return userId;
  25.     }
  27.     public void setUserId(String userId) {
  28.         this.userId = userId;
  29.     }
  31.     @Override
  32.     public Collection<GrantedAuthority> getAuthorities() {
  33.         return super.getAuthorities();
  34.     }
  35. }

自定义密码编码器JwtPasswordEncoder

  1. import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
  2. import org.springframework.security.crypto.password.PasswordEncoder;
  4. /**
  5.  * 凭证编码器
  6.  *
  7.  * @author mori
  8.  * @date 2021-08-17 13:59:00
  9.  */
  10. public class JwtPasswordEncoder implements PasswordEncoder {
  12.     private static final BCryptPasswordEncoder ENCODER = new BCryptPasswordEncoder();
  14.     @Override
  15.     public String encode(CharSequence rawPassword) {
  16.         return ENCODER.encode(rawPassword);
  17.     }
  19.     @Override
  20.     public boolean matches(CharSequence rawPassword, String encodedPassword) {
  21.         return ENCODER.matches(rawPassword, encodedPassword);
  22.     }
  24.     @Override
  25.     public boolean upgradeEncoding(String encodedPassword) {
  26.         return ENCODER.upgradeEncoding(encodedPassword);
  27.     }
  28. }

JWT请求过滤器JwtRequestFilter

  1. import com.lenton.inner.common.Result;
  2. import com.lenton.inner.common.util.SpringWebUtil;
  3. import io.jsonwebtoken.ExpiredJwtException;
  4. import org.springframework.security.core.context.SecurityContextHolder;
  5. import org.springframework.security.web.authentication.WebAuthenticationDetails;
  6. import org.springframework.web.filter.OncePerRequestFilter;
  8. import javax.servlet.FilterChain;
  9. import javax.servlet.ServletException;
  10. import javax.servlet.http.HttpServletRequest;
  11. import javax.servlet.http.HttpServletResponse;
  12. import java.io.IOException;
  14. /**
  15.  * @author mori
  16.  * @date 2021-08-17 11:09:00
  17.  */
  18. public class JwtRequestFilter extends OncePerRequestFilter {
  20.     private final static String TOKEN_PREFIX = "Bearer ";
  21.     private final static String TOKEN_HEADER_NAME = "Authorization";
  22.     private final static String UNAUTHORIZED_CODE = "401";
  24.     public String getToken(HttpServletRequest request) {
  25.         return request.getHeader(TOKEN_HEADER_NAME);
  26.     }
  28.     @Override
  29.     protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
  30.             throws ServletException, IOException {
  31.         final String originalToken = getToken(request);
  32.         if (originalToken == null || originalToken.isEmpty()) {
  33.             chain.doFilter(request, response);
  34.             return;
  35.         }
  36.         SecurityUser securityUser = null;
  37.         String token = originalToken;
  38.         if (token.startsWith(TOKEN_PREFIX)) {
  39.             token = token.substring(7);
  40.             try {
  41.                 securityUser = JwtTokenUtil.getSecurityUser(token);
  42.             } catch (IllegalArgumentException e) {
  43.                 response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
  44.                 SpringWebUtil.response(response, Result.fail(UNAUTHORIZED_CODE, "The token parsing failed:" + e.getMessage()));
  45.                 return;
  46.             } catch (ExpiredJwtException e) {
  47.                 response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
  48.                 SpringWebUtil.response(response, Result.fail(UNAUTHORIZED_CODE, "The token expired"));
  49.                 return;
  50.             } catch (Exception e) {
  51.                 response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
  52.                 SpringWebUtil.response(response, Result.fail(UNAUTHORIZED_CODE, e.getMessage()));
  53.                 return;
  54.             }
  55.         }
  56.         if (securityUser == null) {
  57.             response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
  58.             SpringWebUtil.response(response, Result.fail(UNAUTHORIZED_CODE, "The token parsing failed"));
  59.             return;
  60.         }
  61.         JwtToken jwtToken = new JwtToken(securityUser.getAuthorities(), securityUser, "");
  62.         jwtToken.setDetails(new WebAuthenticationDetails(request));
  63.         SecurityContextHolder.getContext().setAuthentication(jwtToken);
  64.         chain.doFilter(request, response);
  65.     }
  66. }

JWT token生成JwtTokenUtil

  1. import io.jsonwebtoken.Claims;
  2. import io.jsonwebtoken.Jwts;
  3. import io.jsonwebtoken.SignatureAlgorithm;
  5. import java.util.ArrayList;
  6. import java.util.Date;
  7. import java.util.HashMap;
  8. import java.util.Map;
  9. import java.util.function.Function;
  11. /**
  12.  * jwt工具类
  13.  *
  14.  * @author mori
  15.  * @date 2021-08-17 11:20:00
  16.  */
  17. public class JwtTokenUtil {
  19.     public static final long JWT_TOKEN_VALIDITY = 2 * 60 * 60;
  21.     private static final String SECRET = "secret";
  23.     public static SecurityUser getSecurityUser(String token) {
  24.         Claims claims = getAllClaimsFromToken(token);
  25.         String userId = claims.getSubject();
  26.         String username = (String) claims.get("username");
  27.         SecurityUser securityUser = new SecurityUser(username, "", new ArrayList<>());
  28.         securityUser.setUserId(userId);
  29.         return securityUser;
  30.     }
  32.     public static Date getExpirationDateFromToken(String token) {
  33.         return getClaimFromToken(token, Claims::getExpiration);
  34.     }
  36.     public static <T> T getClaimFromToken(String token, Function<Claims, T> claimsResolver) {
  37.         final Claims claims = getAllClaimsFromToken(token);
  38.         return claimsResolver.apply(claims);
  39.     }
  41.     private static Claims getAllClaimsFromToken(String token) {
  42.         return Jwts.parser().setSigningKey(SECRET).parseClaimsJws(token).getBody();
  43.     }
  45.     private static Boolean isTokenExpired(String token) {
  46.         final Date expiration = getExpirationDateFromToken(token);
  47.         return expiration.before(new Date());
  48.     }
  50.     public static String generateToken(SecurityUser userDetails) {
  51.         Map<String, Object> claims = new HashMap<>(1 << 2);
  52.         claims.put("username", userDetails.getUsername());
  53.         return doGenerateToken(claims, userDetails.getUserId());
  54.     }
  56.     private static String doGenerateToken(Map<String, Object> claims, String subject) {
  57.         return Jwts.builder()
  58.                 .setClaims(claims)
  59.                 .setSubject(subject)
  60.                 .setIssuedAt(new Date(System.currentTimeMillis()))
  61.                 .setExpiration(new Date(System.currentTimeMillis() + JWT_TOKEN_VALIDITY * 1000))
  62.                 .signWith(SignatureAlgorithm.HS512, SECRET).compact();
  63.     }
  65. }

认证成功处理JwtAuthenticationSuccessHandler

  1. import com.lenton.inner.common.Result;
  2. import com.lenton.inner.common.util.SpringWebUtil;
  3. import org.springframework.security.core.Authentication;
  4. import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
  6. import javax.servlet.ServletException;
  7. import javax.servlet.http.HttpServletRequest;
  8. import javax.servlet.http.HttpServletResponse;
  9. import java.io.IOException;
  10. import java.util.HashMap;
  11. import java.util.Map;
  13. /**
  14.  * jwt认证成功
  15.  *
  16.  * @author mori
  17.  * @date 2021-08-17 14:15:00
  18.  */
  19. public class JwtAuthenticationSuccessHandler implements AuthenticationSuccessHandler {
  21.     @Override
  22.     public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
  23.         SecurityUser userDetails = (SecurityUser)authentication.getPrincipal();
  24.         Map<String, String> map = new HashMap<>(1 << 2);
  25.         map.put("token", JwtTokenUtil.generateToken(userDetails));
  26.         SpringWebUtil.response(response, Result.ok(map));
  27.     }
  28. }

认证失败处理JwtAuthenticationFailureHandler

  1. import com.lenton.inner.common.Result;
  2. import com.lenton.inner.common.util.SpringWebUtil;
  3. import lombok.extern.slf4j.Slf4j;
  4. import org.springframework.security.core.AuthenticationException;
  5. import org.springframework.security.web.authentication.AuthenticationFailureHandler;
  7. import javax.servlet.ServletException;
  8. import javax.servlet.http.HttpServletRequest;
  9. import javax.servlet.http.HttpServletResponse;
  10. import java.io.IOException;
  12. /**
  13.  * @author mori
  14.  * @date 2021-08-17 14:53:00
  15.  */
  16. @Slf4j
  17. public class JwtAuthenticationFailureHandler implements AuthenticationFailureHandler {
  19.     private final static String UNAUTHORIZED_CODE = "401";
  21.     @Override
  22.     public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException e) throws IOException, ServletException {
  23.         log.debug(e.getMessage(),e);
  24.         response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
  25.         SpringWebUtil.response(response, Result.fail(UNAUTHORIZED_CODE, e.getMessage()));
  26.     }
  27. }

无权限访问处理JwtAuthenticationEntryPoint

  1. import com.lenton.inner.common.Result;
  2. import com.lenton.inner.common.util.SpringWebUtil;
  3. import lombok.extern.slf4j.Slf4j;
  4. import org.springframework.security.core.AuthenticationException;
  5. import org.springframework.security.web.AuthenticationEntryPoint;
  7. import javax.servlet.http.HttpServletRequest;
  8. import javax.servlet.http.HttpServletResponse;
  9. import java.io.IOException;
  11. /**
  12.  * @author mori
  13.  * @date 2021-08-17 11:10:00
  14.  */
  15. @Slf4j
  16. public class JwtAuthenticationEntryPoint implements AuthenticationEntryPoint {
  18.     private final static String UNAUTHORIZED_CODE = "401";
  20.     @Override
  21.     public void commence(HttpServletRequest request, HttpServletResponse response,
  22.                          AuthenticationException e) throws IOException {
  23.         log.debug(e.getMessage(),e);
  24.         response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
  25.         SpringWebUtil.response(response,Result.fail(UNAUTHORIZED_CODE, e.getMessage()));
  26.     }
  27. }

拒绝访问处理JwtAccessDeniedHandler

  1. import com.lenton.inner.common.Result;
  2. import com.lenton.inner.common.util.SpringWebUtil;
  3. import lombok.extern.slf4j.Slf4j;
  4. import org.springframework.security.access.AccessDeniedException;
  5. import org.springframework.security.web.access.AccessDeniedHandler;
  7. import javax.servlet.http.HttpServletRequest;
  8. import javax.servlet.http.HttpServletResponse;
  9. import java.io.IOException;
  11. /**
  12.  * @author mori
  13.  * @date 2021-08-17 11:11:00
  14.  */
  15. @Slf4j
  16. public class JwtAccessDeniedHandler implements AccessDeniedHandler {
  18.     private final static String ACCESS_DENIED_CODE = "403";
  20.     @Override
  21.     public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException e) throws IOException {
  22.         log.debug(e.getMessage(),e);
  23.         response.setStatus(HttpServletResponse.SC_FORBIDDEN);
  24.         SpringWebUtil.response(response, Result.fail(ACCESS_DENIED_CODE,"JWT token authentication failed."));
  25.     }
  26. }

web安全配置WebSecurityConfig

  1. import com.lenton.inner.service.ISystemUserService;
  2. import com.lenton.inner.web.common.config.security.*;
  3. import org.springframework.security.authentication.AuthenticationManager;
  4. import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
  5. import org.springframework.security.config.annotation.web.builders.HttpSecurity;
  6. import org.springframework.security.config.annotation.web.builders.WebSecurity;
  7. import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
  8. import org.springframework.security.config.http.SessionCreationPolicy;
  9. import org.springframework.security.core.userdetails.UserDetailsService;
  10. import org.springframework.security.crypto.password.PasswordEncoder;
  11. import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
  12. import org.springframework.context.annotation.Configuration;
  13. import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
  15. /**
  16.  * @author mori
  17.  * @date 2021-08-17 11:05:00
  18.  */
  19. @EnableWebSecurity
  20. @Configuration
  21. public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
  24.     private final ISystemUserService systemUserService;
  26.     public BaseWebSecurityConfig(ISystemUserService systemUserService) {
  27.         this.systemUserService = systemUserService;
  28.     }
  30.     public PasswordEncoder jwtPasswordEncoder() {
  31.         return new JwtPasswordEncoder();
  32.     }
  34.     public JwtAuthenticationSuccessHandler jwtAuthenticationSuccessHandler() {
  35.         return new JwtAuthenticationSuccessHandler();
  36.     }
  38.     public JwtAuthenticationFailureHandler jwtAuthenticationFailureHandler() {
  39.         return new JwtAuthenticationFailureHandler();
  40.     }
  42.     public JwtAccessDeniedHandler jwtAccessDeniedHandler() {
  43.         return new JwtAccessDeniedHandler();
  44.     }
  46.     public JwtAuthenticationEntryPoint jwtAuthenticationEntryPoint() {
  47.         return new JwtAuthenticationEntryPoint();
  48.     }
  50.     @Override
  51.     public AuthenticationManager authenticationManagerBean() throws Exception {
  52.         return super.authenticationManagerBean();
  53.     }
  55.     @Override
  56.     public void configure(WebSecurity web) throws Exception {
  57.         web.ignoring().antMatchers(
  58.                 "/swagger-ui/index.html",
  59.                 "/swagger-resources/**",
  60.                 "/swagger-ui/**",
  61.                 "/webjars/**",
  62.                 "/v3/**",
  63.                 "/api/**",
  64.                 "/actuator/**");
  65.     }
  67.     @Override
  68.     protected void configure(AuthenticationManagerBuilder authenticationManagerBuilder) {
  69.         UserDetailsService userDetailsService = new JwtUserDetailsService(systemUserService);
  70.         JwtAuthenticationProvider jwtAuthenticationProvider = new JwtAuthenticationProvider(userDetailsService, jwtPasswordEncoder());
  71.         authenticationManagerBuilder.authenticationProvider(jwtAuthenticationProvider);
  72.     }
  75.     @Override
  76.     protected void configure(HttpSecurity httpSecurity) throws Exception {
  77.         JwtAuthenticationFilter authenticationFilter = new JwtAuthenticationFilter(authenticationManagerBean());
  78.         authenticationFilter.setAuthenticationFailureHandler(jwtAuthenticationFailureHandler());
  79.         authenticationFilter.setAuthenticationSuccessHandler(jwtAuthenticationSuccessHandler());
  80.         httpSecurity.authorizeRequests()
  81.                 .antMatchers("/auth/**").permitAll()
  82.                 .anyRequest().authenticated();
  83.         httpSecurity.addFilterAt(authenticationFilter, UsernamePasswordAuthenticationFilter.class)
  84.                 .addFilterAfter(new JwtRequestFilter(), JwtAuthenticationFilter.class)
  85.                 .exceptionHandling()
  86.                 .accessDeniedHandler(jwtAccessDeniedHandler())
  87.                 .authenticationEntryPoint(jwtAuthenticationEntryPoint())
  88.                 .and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
  89.                 .and().csrf().disable();
  90.     }
  92. }

认证上下文AuthenticationContextHolder

  1. import com.alibaba.fastjson.JSONObject;
  2. import lombok.extern.slf4j.Slf4j;
  3. import org.springframework.security.core.Authentication;
  4. import org.springframework.security.core.context.SecurityContext;
  5. import org.springframework.security.core.context.SecurityContextHolder;
  7. import java.util.Optional;
  9. /**
  10.  * 认证上下文,获取当前登录user
  11.  * @author mori
  12.  * @date 2021-08-18 16:15:00
  13.  */
  14. @Slf4j
  15. public class AuthenticationContextHolder {
  17.     /**
  18.      * 查询身份验证主题,user_id
  19.      *
  20.      * @return {@link String}
  21.      */
  22.     public static String getAuthenticationPrincipal() {
  23.         String userInfo = Optional.ofNullable(SecurityContextHolder.getContext())
  24.                 .map(SecurityContext::getAuthentication)
  25.                 .map(Authentication::getPrincipal)
  26.                 .map(JSONObject::toJSONString)
  27.                 .orElse(null);
  28.         log.debug("Authentication Principal :" + userInfo);
  29.         if (userInfo == null) {
  30.             return null;
  31.         }
  32.         JSONObject user = JSONObject.parseObject(userInfo);
  33.         return user.getString("userId");
  34.     }
  37.     /**
  38.      * 查询身份验证的名字,username
  39.      *
  40.      * @return {@link String}
  41.      */
  42.     public static String getAuthenticationName() {
  43.         String authenticationName = Optional.ofNullable(SecurityContextHolder.getContext())
  44.                 .map(SecurityContext::getAuthentication)
  45.                 .map(Authentication::getName)
  46.                 .orElse(null);
  47.         log.debug("Authentication getName :" + authenticationName);
  48.         return authenticationName;
  49.     }
  50. }

web工具类SpringWebUtil

  1. import com.alibaba.fastjson.JSONObject;
  2. import com.lenton.inner.common.Result;
  3. import eu.bitwalker.useragentutils.Browser;
  4. import eu.bitwalker.useragentutils.OperatingSystem;
  5. import eu.bitwalker.useragentutils.UserAgent;
  6. import org.apache.commons.lang3.StringUtils;
  7. import org.springframework.web.context.request.RequestContextHolder;
  8. import org.springframework.web.context.request.ServletRequestAttributes;
  10. import javax.servlet.http.HttpServletRequest;
  11. import javax.servlet.http.HttpServletResponse;
  12. import java.io.IOException;
  13. import java.io.PrintWriter;
  14. import java.util.*;
  16. /**
  17.  * spring web工具类
  18.  *
  19.  * @author mori
  20.  * @date 2021/07/27
  21.  */
  22. public final class SpringWebUtil {
  24.     private static final String UNKNOWN = "unknown";
  25.     private static final int IP_MAX_LENGTH = 15;
  27.     /**
  28.      * 获取请求
  29.      *
  30.      * @return {@link HttpServletRequest}
  31.      */
  32.     public static HttpServletRequest getRequest() {
  33.         ServletRequestAttributes requestAttributes =
  34.                 (ServletRequestAttributes) RequestContextHolder.getRequestAttributes();
  35.         return requestAttributes == null ? null : requestAttributes.getRequest();
  36.     }
  38.     /**
  39.      * 获取响应
  40.      *
  41.      * @return {@link HttpServletResponse}
  42.      */
  43.     public static HttpServletResponse getResponse() {
  44.         ServletRequestAttributes requestAttributes =
  45.                 (ServletRequestAttributes) RequestContextHolder.getRequestAttributes();
  46.         return requestAttributes == null ? null : requestAttributes.getResponse();
  47.     }
  50.     /**
  51.      * 查询ip地址
  52.      *
  53.      * @param request 请求
  54.      * @return {@link String}
  55.      */
  56.     public static String getIpAddress(HttpServletRequest request) {
  57.         try {
  58.             if (request == null) {
  59.                 return "";
  60.             }
  61.             // 获取请求主机IP地址,如果通过代理进来,则透过防火墙获取真实IP地址
  62.             String ip = request.getHeader("X-Forwarded-For");
  63.             if (ip == null || ip.length() == 0 || UNKNOWN.equalsIgnoreCase(ip)) {
  64.                 if (ip == null || ip.length() == 0 || UNKNOWN.equalsIgnoreCase(ip)) {
  65.                     ip = request.getHeader("Proxy-Client-IP");
  66.                 }
  67.                 if (ip == null || ip.length() == 0 || UNKNOWN.equalsIgnoreCase(ip)) {
  68.                     ip = request.getHeader("WL-Proxy-Client-IP");
  69.                 }
  70.                 if (ip == null || ip.length() == 0 || UNKNOWN.equalsIgnoreCase(ip)) {
  71.                     ip = request.getHeader("HTTP_CLIENT_IP");
  72.                 }
  73.                 if (ip == null || ip.length() == 0 || UNKNOWN.equalsIgnoreCase(ip)) {
  74.                     ip = request.getHeader("HTTP_X_FORWARDED_FOR");
  75.                 }
  76.                 if (ip == null || ip.length() == 0 || UNKNOWN.equalsIgnoreCase(ip)) {
  77.                     ip = request.getRemoteAddr();
  78.                 }
  79.             } else if (ip.length() > IP_MAX_LENGTH) {
  80.                 String[] ips = ip.split(",");
  81.                 for (String strIp : ips) {
  82.                     if (!(UNKNOWN.equalsIgnoreCase(strIp))) {
  83.                         ip = strIp;
  84.                         break;
  85.                     }
  86.                 }
  87.             }
  88.             return ip;
  89.         } catch (Exception e) {
  90.             return "";
  91.         }
  92.     }
  94.     /**
  95.      * 获取服务部署根路径 http:// + ip + port
  96.      *
  97.      * @return {@link String}
  98.      */
  99.     public static String getServerIpAndPort() {
  100.         //+ ":" + request.getServerPort()
  101.         return Objects.requireNonNull(getRequest()).getScheme() + "://" + getRequest().getServerName() + ":" + getRequest().getServerPort();
  102.     }
  104.     /**
  105.      * 获取当前用户浏览器信息
  106.      *
  107.      * @param request HttpServletRequest
  108.      * @return 当前用户浏览器信息
  109.      */
  110.     public static String getHeader(HttpServletRequest request) {
  111.         return request.getHeader("User-Agent");
  112.     }
  114.     /**
  115.      * 获取当前用户浏览器型号
  116.      *
  117.      * @return 当前用户浏览器型号
  118.      */
  119.     public static String getUserBrowser(HttpServletRequest request) {
  120.         try {
  121.             UserAgent userAgent = UserAgent.parseUserAgentString(Objects.requireNonNull(request).getHeader("User-Agent"));
  122.             Browser browser = userAgent.getBrowser();
  123.             return browser.toString();
  124.         } catch (Exception e) {
  125.             return StringUtils.EMPTY;
  126.         }
  127.     }
  129.     /**
  130.      * 获取当前用户系统型号
  131.      *
  132.      * @return 当前用户系统型号
  133.      */
  134.     public static String getUserOperatingSystem(HttpServletRequest request) {
  135.         try {
  136.             UserAgent userAgent = UserAgent.parseUserAgentString(Objects.requireNonNull(request).getHeader("User-Agent"));
  137.             OperatingSystem operatingSystem = userAgent.getOperatingSystem();
  138.             return operatingSystem.toString();
  139.         } catch (Exception e) {
  140.             return StringUtils.EMPTY;
  141.         }
  142.     }
  144.     /**
  145.      * 获取请求头
  146.      *
  147.      * @param request 请求
  148.      * @return {@link Map}
  149.      */
  150.     public static Map<String, Object> getRequestHeaders(HttpServletRequest request) {
  151.         Map<String, Object> headers = new HashMap<>(1 << 4);
  152.         Enumeration<String> headerNames = request.getHeaderNames();
  153.         while (headerNames.hasMoreElements()) {
  154.             String headerName = headerNames.nextElement();
  155.             headers.put(headerName, request.getHeader(headerName));
  156.         }
  157.         return headers;
  158.     }
  160.     /**
  161.      * 获取响应头
  162.      *
  163.      * @param response 响应
  164.      * @return {@link Map}
  165.      */
  166.     public static Map<String, Object> getResponseHeaders(HttpServletResponse response) {
  167.         Map<String, Object> headers = new HashMap<>(1 << 4);
  168.         Collection<String> headerNames = response.getHeaderNames();
  169.         for (String headerName : headerNames) {
  170.             headers.put(headerName, response.getHeader(headerName));
  171.         }
  172.         return headers;
  173.     }
  175.     public static void response(HttpServletResponse response,Result<?> result) {
  176.         String resp = JSONObject.toJSONString(result);
  177.         response.setContentType("application/json;charset=utf-8");
  178.         try (PrintWriter writer = response.getWriter()) {
  179.             writer.print(resp);
  180.         } catch (IOException e) {
  181.             // NOOP
  182.         }
  183.     }
  185. }

前端统一返回对象Result

  1. import com.alibaba.fastjson.annotation.JSONField;
  2. import com.fasterxml.jackson.annotation.JsonIgnore;
  3. import com.lenton.inner.common.exception.CommonErrorCode;
  4. import lombok.Data;
  6. import java.util.Objects;
  8. /**
  9.  * 前端统一返回格式
  10.  *
  11.  * @author mori
  12.  * @date 2021-07-28 12:06:00
  13.  */
  14. @Data
  15. public class Result<T> {
  17.     private T data;
  18.     private String code;
  19.     private String msg;
  21.     public Result() {
  22.     }
  24.     public Result(String code, String msg) {
  25.         this(null, code, msg);
  26.     }
  28.     public Result(T data, String code) {
  29.         this(data, code, null);
  30.     }
  32.     public Result(T data, String code, String msg) {
  33.         this.data = data;
  34.         this.code = code;
  35.         this.msg = msg;
  36.     }
  38.     public static <T> Result<T> ok(T body) {
  39.         return new Result<>(body, CommonErrorCode.SUCCESS.getCode());
  40.     }
  42.     public static Result<Void> fail(String code, String msg) {
  43.         return new Result<>(code, msg);
  44.     }
  46.     /**
  47.      * 是否成功
  48.      *
  49.      * @return boolean
  50.      */
  51.     @JSONField(serialize = false)
  52.     @JsonIgnore
  53.     public boolean isSuccess() {
  54.         return Objects.equals(CommonErrorCode.SUCCESS.getCode(), this.code);
  55.     }
  57.     /**
  58.      * 是否出错
  59.      *
  60.      * @return boolean
  61.      */
  62.     @JSONField(serialize = false)
  63.     @JsonIgnore
  64.     public boolean isError() {
  65.         return !isSuccess();
  66.     }
  68. }