脚本之家 服务器常用软件
快捷导航
您的位置:首页软件编程java → springsecurity 登录认证

springsecurity 登录认证流程分析一(ajax)

 更新时间:2024年08月20日 15:33:12   作者:星空寻流年  
这篇文章主要介绍了springsecurity 登录认证一(ajax篇),本文通过实例代码图文相结合给大家介绍的非常详细,感兴趣的朋友跟随小编一起看看吧

一、准备工作

1.1 导入依赖

  因springboot 3.0 + 以上版本只能支持java17 顾使用2.5.0 版本 

  <parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
        <version>2.5.0</version>
       <!-- <version>2.7.18</version>-->
    </parent>
 <dependencies>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency>
        <dependency>
            <groupId>org.projectlombok</groupId>
            <artifactId>lombok</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
        </dependency>
        <!-- thymeleaf 相关依赖 -->
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-thymeleaf</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-devtools</artifactId>
            <scope>runtime</scope>
            <optional>true</optional>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-logging</artifactId>
        </dependency>
        <dependency>
            <groupId>cn.hutool</groupId>
            <artifactId>hutool-all</artifactId>
            <version>5.8.11</version>
        </dependency>
        <!-- mybatis坐标 -->
        <dependency>
            <groupId>org.mybatis.spring.boot</groupId>
            <artifactId>mybatis-spring-boot-starter</artifactId>
            <version>2.2.2</version>
        </dependency>
        <!-- mysql -->
        <dependency>
            <groupId>mysql</groupId>
            <artifactId>mysql-connector-java</artifactId>
           <!-- <version>8.0.28</version>-->
        </dependency>
        <!--validation依赖-->
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-validation</artifactId>
        </dependency>
        <!--redis坐标-->
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-data-redis</artifactId>
        </dependency>
        <!--springdoc-openapi-->
        <dependency>
            <groupId>org.springdoc</groupId>
            <artifactId>springdoc-openapi-starter-webmvc-ui</artifactId>
            <version>2.1.0</version>
        </dependency>
        <dependency>
            <groupId>org.springdoc</groupId>
            <artifactId>springdoc-openapi-starter-webmvc-api</artifactId>
            <version>2.1.0</version>
        </dependency>
        <!--fastjson依赖-->
        <dependency>
            <groupId>com.alibaba</groupId>
            <artifactId>fastjson</artifactId>
            <version>1.2.33</version>
        </dependency>
        <!--jwt依赖-->
        <dependency>
            <groupId>io.jsonwebtoken</groupId>
            <artifactId>jjwt</artifactId>
            <version>0.9.0</version>
        </dependency>
    </dependencies>
 <build>
        <plugins>
            <plugin>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-maven-plugin</artifactId>
            </plugin>
        </plugins>
    </build>

二、认证        

2.1 登录认证流程

接口解释

        Authentication接口: 它的实现类,表示当前访问系统的用户,封装了用户相关信息;

        AuthenticationManager接口:定义了认证Authentication的方法;

        UserDetailsService接口:加载用户特定数据的核心接口。里面定义了一个根据用户名查询用户信息的 方法;

      UserDetails接口:提供核心用户信息。通过UserDetailsService根据用户名获取处理的用户信息要封装 成UserDetails对象返回。然后将这些信息封装到Authentication对象中;  

2.3  自定义数据源分析

①自定义登录接口 调用ProviderManager的方法进行认证 如果认证通过生成jwt 把用户信息存入redis中;

②自定义UserDetailsService 在这个实现类中去查询数据库;

2.4  自定义数据源查询代码实现(可实现多数据源模式,db2,mysql)  

2.4.1 自定义数据源扫描mapper

package com.fashion.config.datasource;
import com.zaxxer.hikari.HikariDataSource;
import org.apache.ibatis.session.SqlSessionFactory;
import org.mybatis.spring.SqlSessionFactoryBean;
import org.mybatis.spring.annotation.MapperScan;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Primary;
import org.springframework.core.io.ClassPathResource;
import org.springframework.core.io.support.PathMatchingResourcePatternResolver;
import javax.sql.DataSource;
/**
 * @Author: LQ
 * @Date 2024/8/17 14:23
 * @Description: mysql 配置
 */
@Configuration
@MapperScan(basePackages = "com.fashion.mapper.mysql",sqlSessionFactoryRef = "mysqlSqlSessionFactory")
public class MysqlDataSourceConfig {
    @Primary
    @Bean
    public DataSource mysqlDataSource() {
        HikariDataSource dataSource = new HikariDataSource();
        dataSource.setJdbcUrl("jdbc:mysql://localhost:3306/lq");
        dataSource.setDriverClassName("com.mysql.cj.jdbc.Driver");
        dataSource.setUsername("root");
        dataSource.setPassword("123456");
        return dataSource;
    }
    @Primary
    @Bean
    public SqlSessionFactory mysqlSqlSessionFactory(@Autowired DataSource mysqlDataSource){
        SqlSessionFactoryBean sessionFactory = new SqlSessionFactoryBean();
        sessionFactory.setDataSource(mysqlDataSource);
        sessionFactory.setConfigLocation(new ClassPathResource("/mybatis/mybatis-config.xml"));
        try {
            // mapper xml 文件位置
            sessionFactory.setMapperLocations(
                    new PathMatchingResourcePatternResolver()
                            .getResources("classpath:mybatis/mapper/mysql/*.xml"));
          //  sessionFactory.setMapperLocations(new ClassPathResource("/mybatis/mapper/mysql/*.xml"));
            return sessionFactory.getObject();
        } catch (Exception e) {
            e.printStackTrace();
        }
        return null;
    }
}

2.4.2 自定义 UserDetailsService

package com.fashion.service;
import com.fashion.domain.LoginSessionUserInf;
import com.fashion.domain.mysql.TUserInf;
import com.fashion.exception.CustomerAuthenticationException;
import com.fashion.mapper.mysql.TUserInfMapper;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Component;
import org.springframework.util.ObjectUtils;
import java.util.Arrays;
import java.util.List;
/**
 * @Author: LQ
 * @Date 2024/8/13 21:12
 * @Description:
 */
@Component
public class UserDetailsServiceImpl implements UserDetailsService {
    @Autowired
    private TUserInfMapper userInfMapper;
    @Override
    public UserDetails loadUserByUsername(String loginId) throws UsernameNotFoundException {
        // 根据用户名获取用户信息
        if (ObjectUtils.isEmpty(loginId)) {
            throw new CustomerAuthenticationException("用户名不能为空!");
        }
        TUserInf tUserInf = userInfMapper.selectByLoginId(loginId);
        if (ObjectUtils.isEmpty(tUserInf)) {
            throw new CustomerAuthenticationException("用户不存在!");
        }
        // 获取权限信息 todo:后期从数据库查询
        List<String> perList = Arrays.asList("new:query", "news:delete");
        LoginSessionUserInf loginSessionUserInf = new LoginSessionUserInf(tUserInf, perList);
        return loginSessionUserInf;
    }
}

2.4.3 自定义 UserDetails

package com.fashion.domain;
import com.alibaba.fastjson.annotation.JSONField;
import com.fashion.domain.mysql.TUserInf;
import com.fasterxml.jackson.annotation.JsonIgnore;
import lombok.Data;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import java.util.Collection;
import java.util.List;
import java.util.stream.Collectors;
/**
 * @Author: LQ
 * @Date 2024/8/17 15:57
 * @Description: 用户登录信息
 */
@Data
public class LoginSessionUserInf implements UserDetails {
    private TUserInf userInf;
    public LoginSessionUserInf() {
    }
    @JsonIgnore
    @JSONField(serialize=false)
    private List<GrantedAuthority> grantedAuthorities;
    // 权限列表
    private List<String> perList;
    public LoginSessionUserInf(TUserInf userInf, List<String> perList) {
        this.userInf = userInf;
        this.perList = perList;
    }
    @Override
    public Collection<? extends GrantedAuthority> getAuthorities() {
        if (grantedAuthorities != null) {
            return grantedAuthorities;
        }
        grantedAuthorities = perList.stream()
                .map(SimpleGrantedAuthority::new)
                .collect(Collectors.toList());
        return grantedAuthorities;
    }
    @Override
    public String getPassword() {
        return userInf.getLoginPwd();
    }
    @Override
    public String getUsername() {
        return userInf.getLoginId();
    }
    //判断账号是否未过期
    @Override
    public boolean isAccountNonExpired() {
        return "1".equals(userInf.getStatus());
    }
    //判断账号是否没有锁定
    @Override
    public boolean isAccountNonLocked() {
        return true;
    }
    //判断账号是否没有超时
    @Override
    public boolean isCredentialsNonExpired() {
        return true;
    }
    //判断账号是否可用
    @Override
    public boolean isEnabled() {
        return true;
    }
}

2.4.4 创建用户sql 

create table t_user_inf(
    id int primary key auto_increment comment '主键id',
    login_id varchar(64) default '' comment '登录账号id',
    login_pwd varchar(128) default '' comment '登录密码',
    user_nm varchar(126) default '' comment '登录账号名称',
    status varchar(2) default '1' comment '状态 1正常',
    phone varchar(11) default '' comment '手机号',
    source_type varchar(2) default '1' comment '登录来源 1 账密  2 githup',
    address varchar(128) default '' comment '家庭住址',
    cre_date datetime default now() comment '创建时间',
    upd_date datetime default now() comment '更新时间',
    upd_usr varchar(64) default '' comment '更新人'
);

2.4.5  其他实体类(用户类)

package com.fashion.domain.mysql;
import java.util.Date;
import lombok.Data;
@Data
public class TUserInf {
    /**
    * 主键id
    */
    private Integer id;
    /**
    * 登录账号id
    */
    private String loginId;
    /**
    * 登录密码
    */
    private String loginPwd;
    /**
    * 登录账号名称
    */
    private String userNm;
    /**
    * 状态 1正常
    */
    private String status;
    /**
    * 手机号
    */
    private String phone;
    /**
    * 登录来源 1 账密  2 githup
    */
    private String sourceType;
    /**
    * 家庭住址
    */
    private String address;
    /**
    * 创建时间
    */
    private Date creDate;
    /**
    * 更新时间
    */
    private Date updDate;
    /**
    * 更新人
    */
    private String updUsr;
}

2.4.6 通用返回类

package com.fashion.domain;
import lombok.Data;
import java.util.HashMap;
import java.util.Map;
/**
 * @Author: LQ
 * @Date 2024/8/17 15:08
 * @Description:
 */
@Data
public class R {
    private Boolean success; //返回的成功或者失败的标识符
    private Integer code; //返回的状态码
    private String message; //提示信息
    private Map<String, Object> data = new HashMap<String, Object>(); //数据
    //把构造方法私有
    private R() {}
    //成功的静态方法
    public static R ok(){
        R r=new R();
        r.setSuccess(true);
        r.setCode(ResultCode.SUCCESS);
        r.setMessage("成功");
        return r;
    }
    //失败的静态方法
    public static R error(){
        R r=new R();
        r.setSuccess(false);
        r.setCode(ResultCode.ERROR);
        r.setMessage("失败");
        return r;
    }
    //使用下面四个方法,方面以后使用链式编程
// R.ok().success(true)
// r.message("ok).data("item",list)
    public R success(Boolean success){
        this.setSuccess(success);
        return this; //当前对象 R.success(true).message("操作成功").code().data()
    }
    public R message(String message){
        this.setMessage(message);
        return this;
    }
    public R code(Integer code){
        this.setCode(code);
        return this;
    }
    public R data(String key, Object value){
        this.data.put(key, value);
        return this;
    }
    public R data(Map<String, Object> map){
        this.setData(map);
        return this;
    }
}

2.5  配置类/工具类

package com.fashion.utils;
import cn.hutool.core.util.IdUtil;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.JwtBuilder;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import java.util.Base64;
import java.util.Date;
/**
 * @Author: LQ
 * @Date 2024/8/17 15:38
 * @Description: jwt 工具类
 */
public class JwtUtil {
    //有效期为
    public static final Long JWT_TTL = 60 * 60 *1000L;// 60 * 60 *1000 一个小时
    //设置秘钥明文(盐)
    public static final String JWT_KEY = "LQlacd";
    //生成令牌
    public static String getUUID(){
        String token = IdUtil.fastSimpleUUID();
        return token;
    }
    /**
     * 生成jtw
     * @param subject token中要存放的数据(json格式) 用户数据
     * @param ttlMillis token超时时间
     * @return
     */
    public static String createJWT(String subject, Long ttlMillis) {
        JwtBuilder builder = getJwtBuilder(subject, ttlMillis, getUUID());// 设置
        //过期时间
        return builder.compact();
    }
    //生成jwt的业务逻辑代码
    private static JwtBuilder getJwtBuilder(String subject, Long ttlMillis,
                                            String uuid) {
        SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.HS256;
        SecretKey secretKey = generalKey();
        long nowMillis = System.currentTimeMillis();//获取到系统当前的时间戳
        Date now = new Date(nowMillis);
        if(ttlMillis==null){
            ttlMillis=JwtUtil.JWT_TTL;
        }
        long expMillis = nowMillis + ttlMillis;
        Date expDate = new Date(expMillis);
        return Jwts.builder()
                .setId(uuid) //唯一的ID
                .setSubject(subject) // 主题 可以是JSON数据
                .setIssuer("xx") // 签发者
                .setIssuedAt(now) // 签发时间
                .signWith(signatureAlgorithm, secretKey) //使用HS256对称加密算法签名, 第二个参数为秘钥
                .setExpiration(expDate);
    }
    /**
     * 创建token
     * @param id
     * @param subject
     * @param ttlMillis
    添加依赖
    2.3.5 认证的实现
    1 配置数据库校验登录用户
    从之前的分析我们可以知道,我们可以自定义一个UserDetailsService,让SpringSecurity使用我们的
    UserDetailsService。我们自己的UserDetailsService可以从数据库中查询用户名和密码。
    我们先创建一个用户表, 建表语句如下:
     * @return
     */
    public static String createJWT(String id, String subject, Long ttlMillis) {
        JwtBuilder builder = getJwtBuilder(subject, ttlMillis, id);// 设置过期时间
        return builder.compact();
    }
    /**
     * 生成加密后的秘钥 secretKey
     * @return
     */
    public static SecretKey generalKey() {
        byte[] encodedKey = Base64.getDecoder().decode(JwtUtil.JWT_KEY);
        SecretKey key = new SecretKeySpec(encodedKey, 0, encodedKey.length,
                "AES");
        return key;
    }
    /**
     * 解析jwt
     *
     * @param jwt
     * @return
     * @throws Exception
     */
    public static Claims parseJWT(String jwt) throws Exception {
        SecretKey secretKey = generalKey();
        return Jwts.parser()
                .setSigningKey(secretKey)
                .parseClaimsJws(jwt)
                .getBody();
    }
}

 2.5.1  webUtild 工具类

package com.fashion.utils;
import cn.hutool.json.JSONUtil;
import lombok.extern.slf4j.Slf4j;
import javax.servlet.ServletOutputStream;
import javax.servlet.http.HttpServletResponse;
import java.awt.*;
import java.nio.charset.StandardCharsets;
/**
 * @Author: LQ
 * @Date 2024/8/17 16:56
 * @Description:
 */
@Slf4j
public class WebUtils {
    /**
     *  写内容到客户端
     * @param response
     * @param obj
     */
    public static void writeResp(HttpServletResponse response,Object obj) {
      try {
          //设置客户端的响应的内容类型
          response.setContentType("application/json;charset=UTF-8");
          //获取输出流
          ServletOutputStream outputStream = response.getOutputStream();
          //消除循环引用
          String result = JSONUtil.toJsonStr(obj);
          SerializerFeature.DisableCircularReferenceDetect);
          outputStream.write(result.getBytes(StandardCharsets.UTF_8));
          outputStream.flush();
          outputStream.close();
      } catch (Exception e) {
          log.error("写出字符流失败",e);
      }
    }
}

2.5.2  redis 工具类配置 

package com.fashion.config.datasource;
import com.fasterxml.jackson.annotation.JsonAutoDetect;
import com.fasterxml.jackson.annotation.JsonTypeInfo;
import com.fasterxml.jackson.annotation.PropertyAccessor;
import com.fasterxml.jackson.databind.DeserializationFeature;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.jsontype.impl.LaissezFaireSubTypeValidator;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.data.redis.connection.RedisConnectionFactory;
import org.springframework.data.redis.connection.RedisStandaloneConfiguration;
import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.data.redis.serializer.Jackson2JsonRedisSerializer;
import org.springframework.data.redis.serializer.StringRedisSerializer;
import org.springframework.web.client.RestTemplate;
/**
 * @Author: LQ
 * @Date 2024/8/17 15:18
 * @Description:
 */
@Configuration
public class RedisConfig {
    @Bean
    public RedisConnectionFactory redisConnectionFactory() {
        LettuceConnectionFactory lettuceConnectionFactory =
                new LettuceConnectionFactory(new RedisStandaloneConfiguration("127.0.0.1", 6379));
        return lettuceConnectionFactory;
    }
    @Bean
    public RedisTemplate<Object, Object> redisTemplate(RedisConnectionFactory redisConnectionFactory) {
        RedisTemplate<Object, Object> template = new RedisTemplate<>();
        template.setConnectionFactory(redisConnectionFactory);
        template.setKeySerializer(new StringRedisSerializer());
        template.setValueSerializer(new Jackson2JsonRedisSerializer<>(Object.class));
        template.setHashKeySerializer(jackson2JsonRedisSerializer());
        template.setHashValueSerializer(jackson2JsonRedisSerializer());
        template.afterPropertiesSet();
        return template;
    }
    @Bean
    public RestTemplate restTemplate(){
        return new RestTemplate();
    }
    /**
     *  redis 值序列化方式
     * @return
     */
    private Jackson2JsonRedisSerializer<Object> jackson2JsonRedisSerializer() {
        Jackson2JsonRedisSerializer<Object> jackson2JsonRedisSerializer =
                new Jackson2JsonRedisSerializer<>(Object.class);
        ObjectMapper objectMapper = new ObjectMapper();
        // 自动检测所有类的全部属性
        objectMapper.setVisibility(PropertyAccessor.FIELD, JsonAutoDetect.Visibility.ANY) ;
        // 此项必须配置,否则会报java.lang.ClassCastException: java.util.LinkedHashMap cannot be cast to XXX
        objectMapper.activateDefaultTyping(LaissezFaireSubTypeValidator.instance , ObjectMapper.DefaultTyping.NON_FINAL, JsonTypeInfo.As.PROPERTY);
        // 此设置默认为true,就是在反序列化遇到未知属性时抛异常,这里设置为false,目的为忽略部分序列化对象存入缓存时误存的其他方法的返回值
        objectMapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
        jackson2JsonRedisSerializer.setObjectMapper(objectMapper);
        return jackson2JsonRedisSerializer;
    }
}

2.5.3 spring security 配置

HttpSecurity参数说明 SecurityFilterChain : 一个表示安全过滤器链的对象 http.antMatchers(...).permitAll() 通过 antMatchers 方法,你可以指定哪些请求路径不 需要进行身份验证。

http.authorizeRequests() 可以配置请求的授权规则。 例 如, .anyRequest().authenticated() 表示任何请求都需要经过身份验证。 http.requestMatchers 表示某个请求不需要进行身份校验,permitAll 随意访问。 http.httpBasic() 配置基本的 HTTP 身份验证。 http.csrf() 通过 csrf 方法配置 CSRF 保护。 http.sessionManagement() 不会创建会话。这意味着每个请求都是独立的,不依赖于之前的 请求。适用于 RESTful 风格的应用。

package com.fashion.config;
import com.fashion.filter.ImgVerifyFilter;
import com.fashion.filter.JwtAuthenticationTokenFilter;
import com.fashion.handler.AnonymousAuthenticationHandler;
import com.fashion.handler.CustomerAccessDeniedHandler;
import com.fashion.service.UserDetailsServiceImpl;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import java.util.Arrays;
import java.util.List;
/**
 * @Author: LQ
 * @Date 2024/8/13 21:12
 * @Description:
 */
@Configuration
public class SecurityFilterConfig extends WebSecurityConfigurerAdapter {
    @Autowired
    private UserDetailsServiceImpl userDetailsService;
    @Autowired
    private ImgVerifyFilter imgVerifyFilter;
    @Autowired
    private AuthenticationFailureHandler loginFailureHandler;
//    @Autowired
//    private LoginSuccessHandler loginSuccessHandler;
    @Autowired
    private CustomerAccessDeniedHandler customerAccessDeniedHandler;
    @Autowired
    private AnonymousAuthenticationHandler anonymousAuthenticationHandler;
    @Autowired
    private JwtAuthenticationTokenFilter jwtAuthenticationTokenFilter;
    private static List<String> EXCLUDE_URL_LIST = Arrays.asList("/static/**","/user/**","/comm/**","/","/favicon.ico");
    /**
     * 登录时需要调用AuthenticationManager.authenticate执行一次校验
     *
     */
    @Bean
    @Override
    protected AuthenticationManager authenticationManager() throws Exception {
        return super.authenticationManager();
    }
    // 入口配置
    @Override
    protected void configure(HttpSecurity http) throws Exception {
         // 关闭crsf
         http.csrf(csrf -> csrf.disable());
         // 放行静态资源,以及登录接口放行
         http.authorizeRequests().antMatchers(EXCLUDE_URL_LIST.toArray(new String[]{}))
                 .permitAll()
                 .anyRequest().authenticated();
         // 设置数据源
         http.userDetailsService(userDetailsService);
         // 配置异常过滤器
         //http.formLogin().failureHandler(loginFailureHandler);
        // 其他异常处理
         http.exceptionHandling(config ->
                 {
                     config.accessDeniedHandler(customerAccessDeniedHandler);
                     config.authenticationEntryPoint(anonymousAuthenticationHandler);
                 }
         );
         // 添加图形验证码过滤器
         http.addFilterBefore(imgVerifyFilter, UsernamePasswordAuthenticationFilter.class);
         // jwt token 校验
         http.addFilterBefore(jwtAuthenticationTokenFilter,UsernamePasswordAuthenticationFilter.class);
    }
    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }
}

2.5.4  web 配置静态资源放行等信息

package com.fashion.config;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
/**
 * @Author: LQ
 * @Date 2024/8/17 16:32
 * @Description:
 */
@Configuration
public class WebConfig implements WebMvcConfigurer {
    /**
     *  放行静态资源
     * @param registry
     */
    @Override
    public void addResourceHandlers(ResourceHandlerRegistry registry) {
        registry.addResourceHandler("/static/**")
                .addResourceLocations("classpath:/static/");
    }
    /**
     *  配置默认首页地址
     * @param registry
     */
    @Override
    public void addViewControllers(ViewControllerRegistry registry) {
        registry.addViewController("/").setViewName("index");
    }
//    @Override
//    public void addCorsMappings(CorsRegistry registry) {
//        registry.addMapping("/**")
//                .allowedOrigins("*")
//                .allowedMethods("GET", "POST", "PUT", "DELETE", "OPTIONS")
//                .allowedHeaders("*")
//                .allowCredentials(true);
//    }
}

2.5.5  异常类编写

/**
 * @Author: LQ
 * @Date 2024/8/17 20:29
 * @Description:
 */
public class CustomerAccessException extends AccessDeniedException {
    public CustomerAccessException(String msg) {
        super(msg);
    }
}
/**
 * @Author: LQ
 * @Date 2024/8/17 15:35
 * @Description: 无权限资源时异常
 */
public class CustomerAuthenticationException extends AuthenticationException {
    public CustomerAuthenticationException(String msg) {
        super(msg);
    }
}

2.5.6  过滤器(图形验证码过滤器)

package com.fashion.filter;
import com.fashion.constants.ComConstants;
import com.fashion.domain.R;
import com.fashion.handler.AnonymousAuthenticationHandler;
import com.fashion.utils.WebUtils;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.springframework.web.filter.OncePerRequestFilter;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
/**
 * @Author: LQ
 * @Date 2024/8/17 19:29
 * @Description: 图像验证码过滤器
 */
@Component
@Slf4j
public class ImgVerifyFilter extends OncePerRequestFilter {
    @Autowired
    private HttpServletRequest request;
    @Autowired
    private AnonymousAuthenticationHandler anonymousAuthenticationHandler;
    @Override
    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        String reqUrl = httpServletRequest.getRequestURI();
        log.info("请求url:{}",reqUrl);
        if (ComConstants.LOGIN_URL.equals(reqUrl)) {
            // 开始校验图形验证码
            Object imgCode = request.getParameter("imageCode");
            Object sessCode = request.getSession().getAttribute(ComConstants.SESSION_IMAGE);
            // 判断是否和库里面相等
            log.info("传过来的验证码为:{},session中的为:{}",imgCode,sessCode);
            if (!sessCode.equals(imgCode)) {
                //throw new CustomerAuthenticationException("图像验证码错误");
                WebUtils.writeResp(httpServletResponse, R.error().code(400).message("图像验证码失败!"));
                return;
            }
        }
        filterChain.doFilter(httpServletRequest,httpServletResponse);
    }
}

2.5.7  jwt 过滤器

  作用:因为禁用了session所以需要将 SecurityContextHolder.getContext() 中

package com.fashion.filter;
import cn.hutool.json.JSONUtil;
import com.alibaba.fastjson.JSON;
import com.fashion.constants.ComConstants;
import com.fashion.constants.RedisPreConst;
import com.fashion.domain.JwtToken;
import com.fashion.domain.LoginSessionUserInf;
import com.fashion.exception.CustomerAuthenticationException;
import com.fashion.handler.LoginFailureHandler;
import com.fashion.utils.JwtUtil;
import io.jsonwebtoken.Claims;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.redis.core.StringRedisTemplate;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Component;
import org.springframework.util.ObjectUtils;
import org.springframework.web.filter.OncePerRequestFilter;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
/**
 * @Author: LQ
 * @Date 2024/8/17 22:12
 * @Description: jwt 认证
 */
@Component
@Slf4j
public class JwtAuthenticationTokenFilter extends OncePerRequestFilter {
    @Autowired
    private LoginFailureHandler loginFailureHandler;
    @Autowired
    private StringRedisTemplate stringRedisTemplate;
    @Override
    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
        try {
            //获取当前请求的url地址
            String url = request.getRequestURI();
            //如果当前请求不是登录请求,则需要进行token验证
            if (!url.equals(ComConstants.LOGIN_URL) && !url.startsWith("/user/") && !url.startsWith("/comm")
                    && !url.equals("/") && !url.startsWith("/favicon.ico") && !url.endsWith("js") && !url.endsWith("map")) {
                this.validateToken(request);
            }
        } catch (AuthenticationException e) {
            log.error("jwt异常");
            loginFailureHandler.onAuthenticationFailure(request, response, e);
        }
        //登录请求不需要验证token
        doFilter(request, response, filterChain);
    }
    /**
     *  校验token有效性
     * @param request
     * @throws AuthenticationException
     */
    private void validateToken(HttpServletRequest request) throws
            AuthenticationException {
        //从头部获取token信息
        String token = request.getHeader("token");
        //如果请求头部没有获取到token,则从请求的参数中进行获取
        if (ObjectUtils.isEmpty(token)) {
            token = request.getParameter("token");
        }
        if (ObjectUtils.isEmpty(token)) {
            throw new CustomerAuthenticationException("token不存在");
        }
        //如果存在token,则从token中解析出用户名
        Claims claims = null;
        try {
            claims = JwtUtil.parseJWT(token);
        } catch (Exception e) {
            throw new CustomerAuthenticationException("token解析失败");
        }
        //获取到主题
        String loginUserString = claims.getSubject();
        //把字符串转成loginUser对象
        JwtToken jwtToken = JSON.parseObject(loginUserString, JwtToken.class);
        // 拿到中间的uuid去库里面得到用户信息
        String userTokenPre = String.format(RedisPreConst.LOGIN_TOKEN,jwtToken.getToken());
        // 将用户信息放到redis中  24小时后过期
        String redisUser = stringRedisTemplate.opsForValue().get(userTokenPre);
        if (ObjectUtils.isEmpty(redisUser)) {
            throw new CustomerAuthenticationException("用户信息过期,请重新登录!");
        }
        LoginSessionUserInf loginUser = JSONUtil.toBean(redisUser,LoginSessionUserInf.class);
        //创建身份验证对象
        UsernamePasswordAuthenticationToken authenticationToken = new
                UsernamePasswordAuthenticationToken(loginUser, null,
                loginUser.getAuthorities());
        //设置到Spring Security上下文
        SecurityContextHolder.getContext().setAuthentication(authenticationToken);
    }
}

2.6 自定义登录接口

2.6.1  登录controller 接口

package com.fashion.controller;
import com.fashion.domain.R;
import com.fashion.domain.req.LoginUserReq;
import com.fashion.service.UserLoginService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
/**
 * @Author: LQ
 * @Date 2024/8/17 16:05
 * @Description: 用户登录接口
 */
@RestController
@RequestMapping("user/")
public class UserLoginController {
    @Autowired
    private UserLoginService userLoginService;
    /**
     *  用户登录
     * @param req
     * @return
     */
    @RequestMapping("login")
    public R userLogin(LoginUserReq req) {
        return userLoginService.login(req);
    }
}

2.6.2  UserLoginService 用户自定义接口

package com.fashion.service;
import com.fashion.domain.R;
import com.fashion.domain.req.LoginUserReq;
/**
 * @Author: LQ
 * @Date 2024/8/17 16:07
 * @Description: 用户自定义登录重写 ProviderManager的方法进行认证 如果认证通过生成jw
 */
public interface UserLoginService {
    /**
     *  登录
     * @param userInf
     * @return
     */
   R login(LoginUserReq userInf);
}
@Service
@Slf4j
public class UserLoginServiceImpl implements UserLoginService {
    @Autowired
    private AuthenticationManager authenticationManager;
    @Autowired
    private StringRedisTemplate stringRedisTemplate;
    @Override
    public R login(LoginUserReq userInf) {
        // 1 封装 authenticationToken 对象,密码校验等信息
        UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(userInf.getLoginId(),userInf.getLoginPwd());
        // 2 开始调用进行校验
        Authentication authenticate = authenticationManager.authenticate(usernamePasswordAuthenticationToken);
        //3、如果authenticate为空
        if(ObjectUtils.isEmpty(authenticate)){
            throw new CustomerAuthenticationException("登录失败!");
        }
        //放入的用户信息
        LoginSessionUserInf loginSessionUserInf = (LoginSessionUserInf)authenticate.getPrincipal();
        //生成jwt,将用户名+uuid 放进去 这样jwt 就比较小,更好校验,将token 作为key 把loginsesionUser信息放到redis中
        JwtToken jwtToken = new JwtToken();
        jwtToken.setLoginId(loginSessionUserInf.getUsername());
        jwtToken.setToken(JwtUtil.getUUID());
        String loginUserString = JSONUtil.toJsonStr(jwtToken);
        //调用JWT工具类,生成jwt令牌
        String jwtStr = JwtUtil.createJWT(jwtToken.getToken(), loginUserString, JwtUtil.JWT_TTL);
        log.info("jwt token 生成成功:{}",jwtStr);
        String userTokenPre = String.format(RedisPreConst.LOGIN_TOKEN,jwtToken.getToken());
        log.info("用户拼接后的前缀信息:{}",userTokenPre);
        // 将用户信息放到redis中  24小时后过期
        stringRedisTemplate.opsForValue().set(userTokenPre, JSONObject.toJSONString(loginSessionUserInf),24, TimeUnit.HOURS);
        // 跳转到页面
        return R.ok().data("token",jwtStr).message("/main/index");
    }
}

2.6.3  代码截图

2.6.4  验证码controller

package com.fashion.controller;
import cn.hutool.captcha.CaptchaUtil;
import cn.hutool.captcha.LineCaptcha;
import cn.hutool.captcha.generator.RandomGenerator;
import com.fashion.constants.ComConstants;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.awt.*;
import java.io.IOException;
/**
 * @Author: LQ
 * @Date 2024/8/17 16:05
 * @Description: 通用接口,不用拦截
 */
@Controller
@RequestMapping("comm/")
@Slf4j
public class ComController {
    @Autowired
    private HttpServletRequest request;
    /**
     *  获取图像验证码
     * @param response
     */
    @RequestMapping("getVerifyImage")
    public void getVerifyImage(HttpServletResponse response) {
        RandomGenerator randomGenerator = new RandomGenerator("0123456789", 4);
        //定义图形验证码的长、宽、验证码位数、干扰线数量
        LineCaptcha lineCaptcha = CaptchaUtil.createLineCaptcha(120, 40,4,19);
        lineCaptcha.setGenerator(randomGenerator);
        lineCaptcha.createCode();
        //设置背景颜色
        lineCaptcha.setBackground(new Color(249, 251, 220));
        //生成四位验证码
        String code = lineCaptcha.getCode();
        log.info("图形验证码生成成功:{}",code);
        request.getSession().setAttribute(ComConstants.SESSION_IMAGE,code);
        response.setContentType("image/jpeg");
        response.setHeader("Pragma", "no-cache");
        response.setHeader("Cache-Control", "no-cache");
        try {
            lineCaptcha.write(response.getOutputStream());
        } catch (IOException e) {
            log.error("图像验证码获取失败:",e);
        }
    }
}

2.6.5  登录首页

package com.fashion.controller;
import lombok.extern.slf4j.Slf4j;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
/**
 * @Author: LQ
 * @Date 2024/8/17 22:06
 * @Description: main的主页
 */
@Controller
@RequestMapping("main/")
@Slf4j
public class MainController {
    @RequestMapping("index")
    public String index() {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        Object principal = authentication.getPrincipal();
        log.info("我来首页了,用户信息:{}",principal);
        return "main";
    }
}

2.7 前端页面

2.7.1 前端效果

2.7.2 前端代码

<!DOCTYPE html>
<html lang="en" xmlns:th="http://www.thymeleaf.org">
<head>
    <meta charset="UTF-8">
    <title>登录页</title>
    <!-- 引入样式 -->
    <link rel="stylesheet" href="https://unpkg.com/element-ui/lib/theme-chalk/index.css" rel="external nofollow"  rel="external nofollow" >
    <style type="text/css">
        #app{width: 600px;margin: 28px auto 10px }
        img{cursor: pointer;}
    </style>
</head>
<body>
   <div id="app">
       <el-container>
           <el-header>
               <h2 style="margin-left: 140px;">欢迎进入springsecurity</h2>
           </el-header>
           <el-main>
               <el-form ref="form" :model="form" label-width="140px" :rules="rules">
                   <el-form-item label="用户名" prop="loginId">
                       <el-input v-model="form.loginId" ></el-input>
                   </el-form-item>
                   <el-form-item label="登录密码" prop="loginPwd">
                       <el-input v-model="form.loginPwd"></el-input>
                   </el-form-item>
                   <el-form-item label="图像验证码" prop="imageCode">
                       <el-col :span="10">
                           <el-input v-model="form.imageCode"></el-input>
                       </el-col>
                       <!--<el-col class="line" :span="4"></el-col>-->
                       <el-col :span="5" :offset="1">
                           <img :src="form.imageCodeUrl" @click="getVerifyCode">
                       </el-col>
                  </el-form-item>
                   <!--  <el-form-item label="即时配送">
                        <el-switch v-model="form.delivery"></el-switch>
                    </el-form-item>-->
                   <el-form-item>
                       <el-button type="primary" :loading="status.loading" @click="onSubmit('form')" style="width: 400px;">登录</el-button>
                      <!-- <el-button>取消</el-button>-->
                   </el-form-item>
               </el-form>
           </el-main>
          <!-- <el-footer>Footer</el-footer>-->
       </el-container>
   </div>
<script type="text/javascript" th:src="@{/static/js/axios.js}"></script>
<script type="text/javascript" th:src="@{/static/js/vue2.js }"></script>
<!-- 引入组件库 -->
<script src="https://unpkg.com/element-ui/lib/index.js"></script>
<script type="text/javascript">
    var app = new Vue({
        el:"#app",
        data:{
            form: {
                loginId: 'admin',
                loginPwd: '12345678',
                imageCode: '1111',
                imageCodeUrl: '/comm/getVerifyImage'
            }
            ,status: {
                "loading": false
            }
            ,
            rules: {
                loginId: [
                    { required: true, message: '请填写登录账号', trigger: 'blur' },
                    { min: 3, max: 15, message: '长度在 3 到 15 个字符', trigger: 'blur' }
                ],
                loginPwd: [
                    { required: true, message: '请填写登录密码', trigger: 'blur' },
                    { min: 3, max: 15, message: '长度在 3 到 15 个字符', trigger: 'blur' }
                ],
                imageCode: [
                    { required: true, message: '请填写图像验证码', trigger: 'blur' },
                    { min: 4, max: 4, message: '长度在4个', trigger: 'blur' }
                ],
            }
        }
        ,methods:{
            onSubmit:function(formName) {
                let that = this;
                that.status.loading = true;
                this.$refs[formName].validate((valid) => {
                    if (valid) {
                        let forData =  JSON.stringify(that.form);
                        let formData = new FormData();
                        formData.append('loginId', that.form.loginId);
                        formData.append('loginPwd', that.form.loginPwd);
                        formData.append('imageCode', that.form.imageCode);
                        //console.log(forData);
                        axios.post("/user/login",
                            formData
                        )
                            .then(function (response) {
                                let resData = response.data;
                                console.log(resData);
                                that.status.loading = false;
                                if (resData.code != '0000') {
                                    that.$message.error(resData.message);
                                    // 刷新验证码
                                    that.getVerifyCode();
                                } else {
                                    that.$message({
                                        showClose: true,
                                        message: '登录成功,稍后进行跳转',
                                        type: 'success'
                                    });
                                    let url = resData.message + "?token=" + resData.data.token
                                    window.location.href = url;
                                }
                            })
                    } else {
                        that.$message.error('请完整填写信息');
                        return false;
                    }
                });
            },
            resetForm(formName) {
                this.$refs[formName].resetFields();
            }
            ,getVerifyCode: function () {
                console.log("getVerifyCode")
                this.form.imageCodeUrl = '/comm/getVerifyImage?v='+new Date();
            }
        }
    });
</script>
</body>
</html>

2.7.3  登录成功页面

2.7.4  htm 代码

<!DOCTYPE html>
<html lang="en" xmlns:th="http://www.thymeleaf.org">
<head>
    <meta charset="UTF-8">
    <title>主页菜单</title>
    <!-- 引入样式 -->
    <link rel="stylesheet" href="https://unpkg.com/element-ui/lib/theme-chalk/index.css" rel="external nofollow"  rel="external nofollow" >
    <style type="text/css">
    </style>
</head>
<body>
   <div id="app">
       <el-container>
           <el-header>
               <h2 >欢迎进入springsecurity 配置主页</h2>
           </el-header>
           <el-container>
               <el-aside width="400px">
                   <el-row class="tac">
                       <el-col :span="12">
                           <h5>菜单</h5>
                           <el-menu
                                   default-active="2"
                                   class="el-menu-vertical-demo"
                                   @open="handleOpen"
                                   @close="handleClose">
                               <el-submenu index="1">
                                   <template slot="title">
                                       <i class="el-icon-location"></i>
                                       <span>导航一</span>
                                   </template>
                                   <el-menu-item-group>
                                       <!-- <template slot="title">分组一</template>-->
                                       <el-menu-item index="1-1">选项1</el-menu-item>
                                       <el-menu-item index="1-2">选项2</el-menu-item>
                                   </el-menu-item-group>
                               </el-submenu>
                               <el-menu-item index="2">
                                   <i class="el-icon-menu"></i>
                                   <span slot="title">导航二</span>
                               </el-menu-item>
                               <el-menu-item index="3" disabled>
                                   <i class="el-icon-document"></i>
                                   <span slot="title">导航三</span>
                               </el-menu-item>
                               <el-menu-item index="4">
                                   <i class="el-icon-setting"></i>
                                   <span slot="title">导航四</span>
                               </el-menu-item>
                           </el-menu>
                       </el-col>
                   </el-row>
               </el-aside>
               <el-main>我是内容</el-main>
           </el-container>
          <!-- <el-footer>Footer</el-footer>-->
       </el-container>
   </div>
<script type="text/javascript" th:src="@{/static/js/axios.js}"></script>
<script type="text/javascript" th:src="@{/static/js/vue2.js }"></script>
<!-- 引入组件库 -->
<script src="https://unpkg.com/element-ui/lib/index.js"></script>
<script type="text/javascript">
    var app = new Vue({
        el:"#app",
        data:{
        }
        ,methods:{
            handleOpen(key, keyPath) {
                console.log(key, keyPath);
            },
            handleClose(key, keyPath) {
                console.log(key, keyPath);
            }
        }
    });
</script>
</body>
</html>

到此这篇关于springsecurity 登录认证一(ajax)的文章就介绍到这了,更多相关springsecurity 登录认证内容请搜索脚本之家以前的文章或继续浏览下面的相关文章希望大家以后多多支持脚本之家!

您可能感兴趣的文章:

相关文章

  • 浅谈springboot自动装配原理

    浅谈springboot自动装配原理

    作为Spring Boot的精髓,自动配置原理首当其冲.今天就带大家了解一下springboot自动装配的原理,文中有非常详细的代码示例,对正在学习java的小伙伴们很有帮助,需要的朋友可以参考下
    2021-05-05
  • XML解析四种方式代码示例详解

    XML解析四种方式代码示例详解

    这篇文章主要介绍了XML解析四种方式代码示例详解,文中通过示例代码介绍的非常详细,对大家的学习或者工作具有一定的参考学习价值,需要的朋友可以参考下
    2020-12-12
  • 详解Java的按位操作符

    详解Java的按位操作符

    Java的位操作符用来操作整数基本数据类型中的单个“比特”(bit),即代进制位。下面通过本文给大家分享Java的按位操作符,感兴趣的朋友一起看看吧
    2017-09-09
  • Spring Cloud项目前后端分离跨域的操作

    Spring Cloud项目前后端分离跨域的操作

    这篇文章主要介绍了Spring Cloud项目前后端分离跨域的操作,具有很好的参考价值,希望对大家有所帮助。如有错误或未考虑完全的地方,望不吝赐教
    2021-06-06
  • 一文详解Java中流程控制语句

    一文详解Java中流程控制语句

    在一个程序执行的过程中,各条语句的执行顺序对程序的结果是有直接影响的。也就是说,程序的流程对运行结果有直接的影响。所以,我们必须清楚每条语句的执行流程。本文就来通过一些示例带大家详细了解一下
    2022-10-10
  • 一个通用的Java分页基类代码详解

    一个通用的Java分页基类代码详解

    这篇文章主要介绍了一个通用的Java分页基类代码详解,具有一定借鉴价值,需要的朋友可以参考下。
    2017-12-12
  • 如何在mybatis中向BLOB字段批量插入数据

    如何在mybatis中向BLOB字段批量插入数据

    这篇文章主要介绍了如何在mybatis中向BLOB字段批量插入数据的相关知识,本文通过实例代码给大家介绍的非常详细,对大家的学习或工作具有一定的参考借鉴价值,需要的朋友参考下吧
    2020-10-10
  • Java集合Set、List、Map的遍历方法

    Java集合Set、List、Map的遍历方法

    这篇文章主要介绍了Java集合Set、List、Map的遍历方法,是非常实用的遍历技巧,需要的朋友可以参考下
    2014-09-09
  • 阿里SpringBoot应用自动化部署实现IDEA版Jenkins

    阿里SpringBoot应用自动化部署实现IDEA版Jenkins

    这篇文章主要为大家介绍了阿里SpringBoot应用自动化部署实现IDEA版Jenkins过程详解,有需要的朋友可以借鉴参考下,希望能够有所帮助,祝大家多多进步,早日升职加薪
    2022-07-07
  • 解决SpringMVC同时接收Json和Restful时Request里有Map的问题

    解决SpringMVC同时接收Json和Restful时Request里有Map的问题

    今天小编就为大家分享一篇解决SpringMVC同时接收Json和Restful时Request里有Map的问题,具有很好的参考价值,希望对大家有所帮助。一起跟随小编过来看看吧
    2018-08-08

最新评论