本篇文章为你整理了3.SpringSecurity+登录功能+jwt校验过滤器+redis配置(springboot登录过滤器)的详细内容,包含有spring jwt认证 springboot登录过滤器 spring 验证器 spring security jwt redis 3.SpringSecurity+登录功能+jwt校验过滤器+redis配置,希望能帮助你了解 3.SpringSecurity+登录功能+jwt校验过滤器+redis配置。
public ResponseResult login(User user) {
//1,使用springsecurity功能认证,把用户名密码存入令牌
UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(user.getUserName(),user.getPassword());
//2.1,默认使用UserDetailService去内存中找user用户,需要定义Impl实现类来重写查询方法,改成从数据库查询
//2.2,UserDetailServiceImpl从数据库查询出user返回到authenticate这里。具体查看a类
Authentication authenticate = authenticationManager.authenticate(authenticationToken);
//2.3,判断是否认证通过
if(Objects.isNull(authenticate)){
throw new RuntimeException("用户名或密码错误");
//3.1,获取userid 生成token
LoginUser loginUser = (LoginUser) authenticate.getPrincipal();
String userId = loginUser.getUser().getId().toString();
//3.2,生成jwt
String jwt = JwtUtil.createJWT(userId);
//3.3,把用户信息存入redis
redisCache.setCacheObject("bloglogin:"+userId,loginUser);
//4.1,把token和userinfo封装 返回
//4.2,把User转换成UserInfoVo
UserInfoVo userInfoVo = BeanCopyUtils.copyBean(loginUser.getUser(), UserInfoVo.class);
BlogUserLoginVo vo = new BlogUserLoginVo(jwt,userInfoVo);
return ResponseResult.okResult(vo);
2.a类:UserDetailsServiceImpl
@Service
public class UserDetailsServiceImpl implements UserDetailsService {
@Autowired
private UserMapper userMapper;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
//根据用户名查询用户信息
LambdaQueryWrapper User queryWrapper = new LambdaQueryWrapper ();
queryWrapper.eq(User::getUserName,username);
User user = userMapper.selectOne(queryWrapper);
//判断是否查到用户 如果没查到抛出异常
if(Objects.isNull(user)){
throw new RuntimeException("用户不存在");
//返回用户信息
// TODO 查询权限信息封装
return new LoginUser(user);
3.SecurityConfig配置类
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Bean
public PasswordEncoder passwordEncoder(){
return new BCryptPasswordEncoder();
@Override
protected void configure(HttpSecurity http) throws Exception {
http
//关闭csrf
.csrf().disable()
//不通过Session获取SecurityContext
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests()
// 对于登录接口 允许匿名访问
.antMatchers("/login").anonymous()
// 除上面外的所有请求全部不需要认证即可访问
.anyRequest().permitAll();
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
三、登录校验过滤器代码实现(校验jwt)
1.登录校验过滤器
@Component
public class JwtAuthenticationTokenFilter extends OncePerRequestFilter {
@Autowired
private RedisCache redisCache;
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException, IOException, ServletException {
//1,获取请求头中的token
String token = request.getHeader("token");
if(!StringUtils.hasText(token)){
//说明该接口不需要登录直接放行,如果是第一次登陆的话跳转到登陆去获取token
filterChain.doFilter(request, response);
return;
//2,解析获取userid
Claims claims = null;
try {
//String jwt = JwtUtil.createJWT(userId);jwt内容为id
claims = JwtUtil.parseJWT(token);
} catch (Exception e) {
e.printStackTrace();
//token超时 token非法
//响应告诉前端需要重新登录
ResponseResult result = ResponseResult.errorResult(AppHttpCodeEnum.NEED_LOGIN);
WebUtils.renderString(response, JSON.toJSONString(result));
return;
String userId = claims.getSubject();
//3,从redis中获取用户信息
LoginUser loginUser = redisCache.getCacheObject("bloglogin:" + userId);
//如果获取不到
if(Objects.isNull(loginUser)){
//说明登录过期 提示重新登录
ResponseResult result = ResponseResult.errorResult(AppHttpCodeEnum.NEED_LOGIN);
WebUtils.renderString(response, JSON.toJSONString(result));
return;
//4,存入SecurityContextHolder
UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(loginUser,null,null);
//UPToken令牌存入Security上下文的设置身份验证属性中,后面过滤器会从Security上下文这里获取用户信息
SecurityContextHolder.getContext().setAuthentication(authenticationToken);
filterChain.doFilter(request, response);
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
//1,注入登录校验过滤器
@Autowired
private JwtAuthenticationTokenFilter jwtAuthenticationTokenFilter;
@Override
protected void configure(HttpSecurity http) throws Exception {
http
//关闭csrf
.csrf().disable()
//不通过Session获取SecurityContext
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests()
// 对于登录接口 允许匿名访问
.antMatchers("/login").anonymous()
//jwt过滤器测试用,如果测试没有问题吧这里删除了
.antMatchers("/link/getAllLink").authenticated()
// 除上面外的所有请求全部不需要认证即可访问
.anyRequest().permitAll();
http.logout().disable();
//***2,把jwtAuthenticationTokenFilter添加到SpringSecurity的过滤器链中
http.addFilterBefore(jwtAuthenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);
//允许跨域
http.cors();
@Bean
public PasswordEncoder passwordEncoder(){
return new BCryptPasswordEncoder();
*** Redis使用FastJson序列化
package com.lwq.config;
import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.serializer.SerializerFeature;
import com.fasterxml.jackson.databind.JavaType;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.type.TypeFactory;
import org.springframework.data.redis.serializer.RedisSerializer;
import org.springframework.data.redis.serializer.SerializationException;
import com.alibaba.fastjson.parser.ParserConfig;
import org.springframework.util.Assert;
import java.nio.charset.Charset;
* Redis使用FastJson序列化
* @author sg
public class FastJsonRedisSerializer T implements RedisSerializer T
public static final Charset DEFAULT_CHARSET = Charset.forName("UTF-8");
private Class T clazz;
static
ParserConfig.getGlobalInstance().setAutoTypeSupport(true);
public FastJsonRedisSerializer(Class T clazz)
super();
this.clazz = clazz;
@Override
public byte[] serialize(T t) throws SerializationException
if (t == null)
return new byte[0];
return JSON.toJSONString(t, SerializerFeature.WriteClassName).getBytes(DEFAULT_CHARSET);
@Override
public T deserialize(byte[] bytes) throws SerializationException
if (bytes == null bytes.length = 0)
return null;
String str = new String(bytes, DEFAULT_CHARSET);
return JSON.parseObject(str, clazz);
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.data.redis.connection.RedisConnectionFactory;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.data.redis.serializer.StringRedisSerializer;
@Configuration
public class RedisConfig {
@Bean
@SuppressWarnings(value = { "unchecked", "rawtypes" })
public RedisTemplate Object, Object redisTemplate(RedisConnectionFactory connectionFactory)
RedisTemplate Object, Object template = new RedisTemplate ();
template.setConnectionFactory(connectionFactory);
FastJsonRedisSerializer serializer = new FastJsonRedisSerializer(Object.class);
// 使用StringRedisSerializer来序列化和反序列化redis的key值
template.setKeySerializer(new StringRedisSerializer());
template.setValueSerializer(serializer);
// Hash的key也采用StringRedisSerializer的序列化方式
template.setHashKeySerializer(new StringRedisSerializer());
template.setHashValueSerializer(serializer);
template.afterPropertiesSet();
return template;
以上就是3.SpringSecurity+登录功能+jwt校验过滤器+redis配置(springboot登录过滤器)的详细内容,想要了解更多 3.SpringSecurity+登录功能+jwt校验过滤器+redis配置的内容,请持续关注盛行IT软件开发工作室。
郑重声明:本文由网友发布,不代表盛行IT的观点,版权归原作者所有,仅为传播更多信息之目的,如有侵权请联系,我们将第一时间修改或删除,多谢。