zoukankan      html  css  js  c++  java
  • springsecurity+jwt 实现前后端分离

    刚开始学习的时候,一直没有找到springsecurity+jwt较好的博客教程,导致我学了很长时间都没学会,后来不断的研究,写下此随笔,供大家参考!
    
    @Configuration
    public class SecurityConfig extends WebSecurityConfigurerAdapter {
    
        @Autowired
        LoginFilter loginFilter;
    
        @Bean
        public PasswordEncoder passwordEncoder() {
            return new BCryptPasswordEncoder();
        }
    
        @Override
        protected void configure(HttpSecurity http) throws Exception {
            http.csrf()
                    .disable()
                    .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                    //.formLogin()
                    .and()
                    .authorizeRequests()
                    .antMatchers("/login")
                    .permitAll()
                    .anyRequest()
                    .authenticated();
            http.addFilterBefore(loginFilter, UsernamePasswordAuthenticationFilter.class);
        }
    }
    
    @Component
    public class LoginFilter extends OncePerRequestFilter {
    
        @Autowired
        JwtUtil jwtUtil;
    
        @Autowired
        PasswordEncoder passwordEncoder;
    
    
        @Override
        protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
            System.out.println("OncePerRequestFilter");
    
            String token = httpServletRequest.getHeader("token");
            System.out.println(token);
    
    
            if(!jwtUtil.validateToken(token)){
                System.out.println("验证失败");
            }else {
                UserDetails userDetails = loadUserByUsername("admin");
                UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
                SecurityContextHolder.getContext().setAuthentication(authentication);
                filterChain.doFilter(httpServletRequest, httpServletResponse);
            }
        }
    
    
        public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
            List<GrantedAuthority> authorityList = new ArrayList<>();
            /* 此处查询数据库得到角色权限列表,这里可以用Redis缓存以增加查询速度 */
            authorityList.add(new SimpleGrantedAuthority("ROLE_USER"));
            return new org.springframework.security.core.userdetails.User(username, passwordEncoder.encode("123456"), authorityList);
        }
    }
    
  • 相关阅读:
    C# DES加密解密
    VC SOCKET 压缩通信学习
    ASPX一句话爆破工具
    VC读取文件内容
    VC查找字符串
    (学习记录)代码注入之远程线程篇
    WINSOCK 传送文件
    VC数据类型
    占用字节数求法
    HDU
  • 原文地址:https://www.cnblogs.com/botaoJava/p/14392887.html
Copyright © 2011-2022 走看看