刚开始学习的时候,一直没有找到springsecurity+jwt较好的博客教程,导致我学了很长时间都没学会,后来不断的研究,写下此随笔,供大家参考!
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
LoginFilter loginFilter;
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf()
.disable()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests()
.antMatchers("/login")
.permitAll()
.anyRequest()
.authenticated();
http.addFilterBefore(loginFilter, UsernamePasswordAuthenticationFilter.class);
}
}
@Component
public class LoginFilter extends OncePerRequestFilter {
@Autowired
JwtUtil jwtUtil;
@Autowired
PasswordEncoder passwordEncoder;
@Override
protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
System.out.println("OncePerRequestFilter");
String token = httpServletRequest.getHeader("token");
System.out.println(token);
if(!jwtUtil.validateToken(token)){
System.out.println("验证失败");
}else {
UserDetails userDetails = loadUserByUsername("admin");
UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
SecurityContextHolder.getContext().setAuthentication(authentication);
filterChain.doFilter(httpServletRequest, httpServletResponse);
}
}
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
List<GrantedAuthority> authorityList = new ArrayList<>();
authorityList.add(new SimpleGrantedAuthority("ROLE_USER"));
return new org.springframework.security.core.userdetails.User(username, passwordEncoder.encode("123456"), authorityList);
}
}
【推荐】还在用 ECharts 开发大屏?试试这款永久免费的开源 BI 工具!
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步