原github项目地址:https://github.com/bfwg/springboot-jwt-starter
一、配置本地h2(方便开发)
1. Application.java
@SpringBootApplication
public class Application {
private CorsConfiguration buildConfig() {
CorsConfiguration corsConfiguration = new CorsConfiguration();
corsConfiguration.addAllowedOrigin("*");
corsConfiguration.addAllowedHeader("*");
corsConfiguration.addAllowedMethod("*");
return corsConfiguration;
}
/**
* 跨域过滤器
* @return
*/
@Bean
public CorsFilter corsFilter() {
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", buildConfig()); // 4
return new CorsFilter(source);
}
public static void main(String[] args) {
SpringApplication.run(Application.class, args);
}
}
2. application.yml
app:
name: springboot-jwt-demo
jwt:
header: Authorization
expires_in: 300 # 5 minutes
mobile_expires_in: 600 # 10 minutes
secret: queenvictoria
spring:
application:
name: rsapm-prometheus-data
datasource:
platform: h2
driver-class-name: org.h2.Driver
url: jdbc:h2:file:./h2/testdb
username: sa
password: sa
jpa:
hibernate:
possible values: validate | update | create | create-drop
ddl-auto: create
properties:
hibernate:
dialect: org.hibernate.dialect.MySQL5Dialect
show-sql: false
h2:
console:
enabled: true
path: /h2
settings:
web-allow-others: true
logging:
level:
root: INFO
org:
springframework:
security: INFO
web: ERROR
hibernate: ERROR
path: ./logs
3. WebSecurityConfig.java
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Autowired
private CustomUserDetailsService jwtUserDetailsService;
@Autowired
private RestAuthenticationEntryPoint restAuthenticationEntryPoint;
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Autowired
public void configureGlobal( AuthenticationManagerBuilder auth ) throws Exception {
auth.userDetailsService( jwtUserDetailsService )
.passwordEncoder( passwordEncoder() );
}
@Autowired
TokenHelper tokenHelper;
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.sessionManagement().sessionCreationPolicy( SessionCreationPolicy.STATELESS ).and()
.exceptionHandling().authenticationEntryPoint( restAuthenticationEntryPoint ).and()
.authorizeRequests()
.antMatchers(
HttpMethod.GET,
"/",
"/auth/**",
"/h2/**",
"/webjars/**",
"/*.html",
"/favicon.ico",
"/**/*.html",
"/**/*.css",
"/**/*.js"
).permitAll()
.antMatchers("/auth/**").permitAll()
.antMatchers("/h2/**").permitAll()
.anyRequest().authenticated().and()
.addFilterBefore(new TokenAuthenticationFilter(tokenHelper, jwtUserDetailsService), BasicAuthenticationFilter.class);
http.csrf().disable();
http.headers().frameOptions().disable();
}
@Override
public void configure(WebSecurity web) throws Exception {
// TokenAuthenticationFilter will ignore the below paths
web.ignoring().antMatchers(
HttpMethod.POST,
"/auth/login"
);
web.ignoring().antMatchers(
HttpMethod.GET,
"/",
"/webjars/**",
"/*.html",
"/favicon.ico",
"/**/*.html",
"/**/*.css",
"/**/*.js"
);
}
}