security-jwt

父依赖

<modules>
  <module>security-jwt</module>
  <module>web-jwt</module>
  <module>shiro-jwt</module>
</modules>

<packaging>pom</packaging>

<properties>
  <java.version>8</java.version>
  <skipTests>true</skipTests>
  <spring-boot.version>2.6.13</spring-boot.version>
  <mybatis-plus.version>3.5.5</mybatis-plus.version>
  <mysql.version>8.0.33</mysql.version>
  <lombok.version>1.18.30</lombok.version>
</properties>

<dependencyManagement>
  <dependencies>
    <dependency>
      <groupId>org.springframework.boot</groupId>
      <artifactId>spring-boot-starter-parent</artifactId>
      <version>${spring-boot.version}</version>
      <type>pom</type>
      <scope>import</scope>
    </dependency>
  </dependencies>

</dependencyManagement>

<dependencies>
  <dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-data-redis</artifactId>
  </dependency>

  <!-- Hutool 全部模块 -->
  <dependency>
    <groupId>cn.hutool</groupId>
    <artifactId>hutool-all</artifactId>
    <version>5.8.11</version> <!-- 请根据需要选择版本 -->
  </dependency>
  <dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter</artifactId>
  </dependency>
  <dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-test</artifactId>
    <scope>test</scope>
  </dependency>
  <dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-validation</artifactId>
  </dependency>
  <dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-web</artifactId>
  </dependency>
  <dependency>
    <groupId>com.baomidou</groupId>
    <artifactId>mybatis-plus-boot-starter</artifactId>
    <version>${mybatis-plus.version}</version>
  </dependency>
  <dependency>
    <groupId>mysql</groupId>
    <artifactId>mysql-connector-java</artifactId>
    <version>${mysql.version}</version>
  </dependency>

  <dependency>
    <groupId>org.projectlombok</groupId>
    <artifactId>lombok</artifactId>
    <version>${lombok.version}</version>
  </dependency>
</dependencies>

<build>
  <plugins>
    <plugin>
      <groupId>org.springframework.boot</groupId>
      <artifactId>spring-boot-maven-plugin</artifactId>
    </plugin>
  </plugins>
</build>

子依赖

<dependencies>
  <dependency>
    <groupId>io.jsonwebtoken</groupId>
    <artifactId>jjwt</artifactId>
    <version>0.9.1</version>
  </dependency>
  <dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-security</artifactId>
  </dependency>

</dependencies>

配置文件yml

server:
  port: 9003
spring:
  application:
    name: security
  datasource:
    driver-class-name: com.mysql.cj.jdbc.Driver
    url: jdbc:mysql://59.110.47.222:3306/work?useUnicode=true&characterEncoding=utf-8&useSSL=false&serverTimezone=UTC
    username: root
    password: 196691
  jackson:
    date-format: yyyy-MM-dd HH:mm:ss
    time-zone: GMT+8
    defaultPropertyInclusion: non_null
  mvc:
    throw-exception-if-no-handler-found: true
  web:
    resources:
      add-mappings: false
mybatis-plus:
  mapper-locations: classpath:mapper/*.xml
  configuration:
    log-impl: org.apache.ibatis.logging.stdout.StdOutImpl
    call-setters-on-nulls: true

包

结果封装

CommonResult

package cn.zou.demo1.result;

import lombok.Data;

@Data
public class CommonResult<T> {
    private int code;
    private String msg;

    private T data;

    CommonResult(int code ,String msg){
        this.code = code;
        this.msg = msg;
    }

}

CommonResultEnum

package cn.zou.demo1.result;

public enum CommonResultEnum {

    USER_NOT_EXIST_ERROR(512, "用户不存在"),
    PASSWORD_ERROR(511, "用户密码错误"),

    SUCCESS(200, "请求成功"),
    REGISTER_SUCCESS(200, "注册成功"),


    USER_OR_PASSWORD_ERROR(511, "用户或者密码失败"),
    USER_EXIT_ERROR(513, "用户已存在"),
    LOGIN_ERROR(511, "用户密码错误"),
    //参数错误
    COMMON_ERROR_MISSING_REQUIRED_PARAMETER(501, "缺少必传参数"),
    //全局异常,仅过滤器可用,其他地方不允许使用
    COMMON_EXCEPTION(500, "服务器错误"),
    //权限不够
    ACCESS_DENIED(403, "权限不够"),
    //认证失败
    AUTHENTICATION_FAILED(401, "用户名或者密码错误"),
    //token无效
    //TOKEN_INVALID(401, "token无效")
    TOKEN_INVALID(401, "token无效");
    private final CommonResult<?> result;

    CommonResultEnum(int code, String msg) {
        result = new CommonResult<>(code, msg);
    }

    public <T> CommonResult<T> getResult() {
        return (CommonResult<T>) result;
    }

    public <T> CommonResult<T> setData(T data) {
        CommonResult<T> commonResult = new CommonResult<>(result.getCode(), result.getMsg());
        commonResult.setData(data);
        return commonResult;
    }

    public <T> CommonResult<T> setMsg(String msg) {
        return new CommonResult<>(result.getCode(), result.getMsg());
    }

}

异常

package cn.zou.demo1.exception;

import lombok.AllArgsConstructor;
import lombok.Data;
import lombok.EqualsAndHashCode;
import lombok.NoArgsConstructor;


@Data
@NoArgsConstructor
@AllArgsConstructor
@EqualsAndHashCode(callSuper = true)
public class CustomerException extends RuntimeException{
    private String msg;
}
package cn.zou.demo1.exception;

import cn.zou.demo1.result.CommonResult;
import cn.zou.demo1.result.CommonResultEnum;
import lombok.extern.slf4j.Slf4j;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.validation.FieldError;
import org.springframework.web.bind.MethodArgumentNotValidException;
import org.springframework.web.bind.annotation.ExceptionHandler;
import org.springframework.web.bind.annotation.RestControllerAdvice;



@Slf4j
@RestControllerAdvice
public class GlobalExceptionHandler {

    /**
     * 参数校验异常捕获
     */
    @ExceptionHandler(MethodArgumentNotValidException.class)
    public CommonResult<Object> methodArgumentNotValidException(MethodArgumentNotValidException e) {
        FieldError fieldError = e.getBindingResult().getFieldError();
        if (fieldError == null) return CommonResultEnum.COMMON_ERROR_MISSING_REQUIRED_PARAMETER.getResult();
        log.error("[{}]{}", fieldError.getField(), fieldError.getDefaultMessage());
        return CommonResultEnum.COMMON_ERROR_MISSING_REQUIRED_PARAMETER.setMsg("[" + fieldError.getField() + "]" + fieldError.getDefaultMessage());
    }

    /**
     * 无权限异常
     */
    @ExceptionHandler(AccessDeniedException.class)
    public CommonResult<CommonResultEnum> AccessDeniedException(AccessDeniedException e) {
        log.error("无权限");
        return CommonResultEnum.ACCESS_DENIED.getResult();
    }
    /**
     * 所有错误请求方式异常捕获
     */
    @ExceptionHandler(Exception.class)
    public CommonResult<Object> exception(Exception e) {
        log.error("未知异常", e);
        return CommonResultEnum.COMMON_EXCEPTION.getResult();
    }
    /**
     * 自定义异常捕获
     */
    @ExceptionHandler(CustomerException.class)
    public CommonResult<Object> CustomerException(CustomerException e  ) {
        return CommonResultEnum.COMMON_EXCEPTION.setMsg(e.getMsg());

    }
}

CorsFilter跨域

package cn.zou.demo1.filter;

import org.springframework.context.annotation.Configuration;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

@Configuration
public class CorsFilter extends HttpFilter {

    @Override
    protected void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {
        //允许跨域访问
        response.setHeader("Access-Control-Allow-Origin", "*");
        //允许header
        response.setHeader("Access-Control-Allow-Headers", "*");
        //放行方法
        response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS");
        //预检结果缓存一小时
        response.setHeader("Access-Control-Max-Age", "3600");
        super.doFilter(request, response, chain);
    }
}

WebSecurityConfigurer

package cn.zou.demo1.auth;

import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

@Slf4j
@Configuration
@RequiredArgsConstructor
@EnableGlobalMethodSecurity(prePostEnabled = true)//注解开启相关配置
public class WebSecurityConfigurer extends WebSecurityConfigurerAdapter {

    private final JwtAuthenticationTokenFilter jwtAuthenticationTokenFilter;
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .csrf().disable()
                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                .and()
                .authorizeRequests()
                .antMatchers("/user/login","/user/register").permitAll()
                .antMatchers(HttpMethod.OPTIONS).permitAll()
                .anyRequest().authenticated();



        http.addFilterBefore(jwtAuthenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);
    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

    @Bean
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }
}

JwtAuthenticationTokenFilter

package cn.zou.demo1.auth;

import cn.zou.demo1.config.JwtUtil;
import cn.zou.demo1.result.CommonResult;
import cn.zou.demo1.result.CommonResultEnum;
import cn.zou.demo1.service.UserDetailsServiceImpl;
import com.fasterxml.jackson.databind.ObjectMapper;
import io.jsonwebtoken.Claims;
import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
import org.springframework.stereotype.Component;
import org.springframework.util.StringUtils;
import org.springframework.web.filter.OncePerRequestFilter;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.OutputStream;

@Slf4j
@RequiredArgsConstructor
@Component
public class JwtAuthenticationTokenFilter extends OncePerRequestFilter {
    private final JwtUtil jwtUtil;
    private final UserDetailsServiceImpl userDetailsService;
    private final ObjectMapper objectMapper;
    @Override
    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {

        String token = request.getHeader("Authorization");
        log.info("获取token: {}", token);

        if (!StringUtils.hasText(token) || !token.startsWith("Bearer ")) {
            filterChain.doFilter(request, response);
            return;
        }

        token = token.substring(7);
        try {
            if (jwtUtil.validateJwt(token)) {
                Claims claims = jwtUtil.parserJwt(token);
                String username = claims.get("username", String.class);

                UserDetails userDetails = userDetailsService.loadUserByUsername(username);
                UsernamePasswordAuthenticationToken authenticationToken =
                        new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
                authenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
                SecurityContextHolder.getContext().setAuthentication(authenticationToken);


            }else{

                sendUnauthorizedResponse(response, "Invalid JWT token: " );
                return; // 确保在发生异常后不再继续过滤链
            }
        } catch (UsernameNotFoundException e) {

        }
        filterChain.doFilter(request, response);
    }

    private void sendUnauthorizedResponse(HttpServletResponse response, String message) throws IOException {
        CommonResult<Object> result = CommonResultEnum.TOKEN_INVALID.getResult();

        response.setContentType(MediaType.APPLICATION_JSON_VALUE);
        response.setStatus(HttpStatus.UNAUTHORIZED.value());

        OutputStream outputStream = response.getOutputStream();
        objectMapper.writeValue(outputStream, result); // 将CommonResult对象序列化为JSON并写入到OutputStream
        outputStream.flush(); // 确保所有数据都被写出
    }
}

JwtUtil

package cn.zou.demo1.config;

import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import org.springframework.stereotype.Component;

import java.util.Date;
import java.util.HashMap;

@Component
public class JwtUtil {
    String secret = "zouWen"; // 密钥
    long expire = 60 * 60 * 1000; // 1小时

    // 生成token
    public String createJwt(String username) {
        HashMap<String, Object> claims = new HashMap<>();
        claims.put("username", username);
        return Jwts.builder()
                .setClaims(claims) //载荷
                .setIssuedAt(new Date())
                .setExpiration(new Date(System.currentTimeMillis() + expire)) //失效时间
                .signWith(SignatureAlgorithm.HS256, secret) //加密
                .compact();
    }

    // 解析token
    public Claims parserJwt(String token) {
        return Jwts.parser()
                .setSigningKey(secret)
                .parseClaimsJws(token)
                .getBody();
    }
    // 校验token
    public boolean validateJwt(String token){
        try{
            Jwts.parser().setSigningKey(secret).parseClaimsJws(token);
            return true;
        }catch (Exception e){
            return false;
        }
    }
}

mapper

package cn.zou.demo1.mapper;

import cn.zou.demo1.entity.RoleEntity;
import cn.zou.demo1.entity.UserEntity;
import com.baomidou.mybatisplus.core.mapper.BaseMapper;
import org.apache.ibatis.annotations.Select;

import java.util.List;

public interface UserMapper extends BaseMapper<UserEntity> {


    @Select("select r.role_name from my_user as u " +
            "LEFT JOIN user_role as ur on u.id =ur.user_id " +
            "left join my_role as r on r.id = ur.role_id " +
            "where u.username = #{username}")
    List<RoleEntity> getRoleByUsername(String username);

    @Select("select p.perm_name from my_user as u " +
            "LEFT JOIN user_role as ur on u.id = ur.user_id " +
            "left join role_perm as rp on ur.role_id = rp.role_id " +
            "left join my_perm as p on p.id = rp.perm_id " +
            "where u.username  = #{username}")
    List<String> getPermByUsername(String username);
}

service

userDetail

package cn.zou.demo1.service;


import cn.zou.demo1.entity.RoleEntity;
import cn.zou.demo1.entity.UserEntity;
import lombok.Data;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;

import java.util.ArrayList;
import java.util.Collection;
import java.util.List;

@Data
public class UserDetail implements UserDetails {
    private final UserEntity user;
    private List<String> permissions;

    public UserDetail(UserEntity user,List<String> permissions) {
        this.user = user;
        this.permissions = permissions;
    }

    @Override
    public Collection<? extends GrantedAuthority> getAuthorities() {

        List<GrantedAuthority> grantedAuthorities = new ArrayList<>();

        // 添加角色（假设 RoleEntity 包含 roleName 字段）
        for (RoleEntity role : user.getRoleList()) { // 假设 UserEntity 包含 roles 列表
            grantedAuthorities.add(new SimpleGrantedAuthority("ROLE_"+role.getRoleName()));
        }
        // 添加权限
        for (String permission : permissions) {
            grantedAuthorities.add(new SimpleGrantedAuthority(permission));
        }

        return grantedAuthorities;
    }

    @Override
    public String getPassword() {
        return user.getPassword();
    }

    @Override
    public String getUsername() {
        return user.getUsername();
    }

    @Override
    public boolean isAccountNonExpired() {
        return true;
    }

    @Override
    public boolean isAccountNonLocked() {
        return true;
    }

    @Override
    public boolean isCredentialsNonExpired() {
        return true;
    }

    @Override
    public boolean isEnabled() {
        return true;
    }
}

UserDetailsServiceImpl

package cn.zou.demo1.service;

import cn.zou.demo1.entity.RoleEntity;
import cn.zou.demo1.entity.UserEntity;
import cn.zou.demo1.mapper.UserMapper;
import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
import lombok.RequiredArgsConstructor;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;
import java.util.List;

@Service
@RequiredArgsConstructor
public class UserDetailsServiceImpl implements UserDetailsService {
    private final UserMapper userMapper;

    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
        LambdaQueryWrapper<UserEntity> wrapper = new LambdaQueryWrapper<>();
        wrapper.select(UserEntity::getId, UserEntity::getUsername, UserEntity::getPassword)
                .eq(UserEntity::getUsername, username);
        UserEntity user = userMapper.selectOne(wrapper);
        if (user == null)
            throw new UsernameNotFoundException("用户名或密码错误");

        // 角色
        List<RoleEntity> roles = userMapper.getRoleByUsername(user.getUsername());
        user.setRoleList(roles);
        // 权限
        List<String> permissions = userMapper.getPermByUsername(user.getUsername());

        return new UserDetail(user,permissions);
    }
}

controller

package cn.zou.demo1.controller;

import cn.zou.demo1.config.JwtUtil;
import cn.zou.demo1.result.CommonResult;
import cn.zou.demo1.result.CommonResultEnum;
import cn.zou.demo1.entity.UserEntity;
import cn.zou.demo1.mapper.UserMapper;
import cn.zou.demo1.service.UserDetailsServiceImpl;
import cn.zou.demo1.valid.AddGroup;
import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import io.jsonwebtoken.Claims;
import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.validation.annotation.Validated;
import org.springframework.web.bind.annotation.*;

import javax.servlet.http.HttpServletRequest;
import java.util.List;

@Slf4j
@RestController
@RequiredArgsConstructor
@RequestMapping(value = "user", name = "用户")
public class UserController {
    private final PasswordEncoder passwordEncoder;
    private final UserMapper userMapper;
    private final AuthenticationManager authenticationManager;
    private final HttpServletRequest request;
    private final JwtUtil jwtUtil;
    private final UserDetailsServiceImpl userDetailsService;

    @PostMapping(value = "login", name = "登录")
    public CommonResult<String> login(@RequestBody UserEntity user) {
        Authentication authenticate = null;

        try {
            //用户名和密码封装Authentication对象
            UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken =
                    new UsernamePasswordAuthenticationToken(user.getUsername(), user.getPassword());

            //调用AuthenticationManager的authenticate方法进行认证
            authenticate = authenticationManager.authenticate(usernamePasswordAuthenticationToken);
            System.out.println("Authentication: " + authenticate);
        } catch (AuthenticationException e) {
            log.info("用户{}登录失败，原因：{}", user.getUsername(), e.getMessage());
            return CommonResultEnum.USER_OR_PASSWORD_ERROR.setMsg(e.getMessage());
        }

        JwtUtil jwtUtil = new JwtUtil();

        log.info("用户{}登录成功", user.getUsername());
        //认证成功生成jwt令牌
        String jwt = jwtUtil.createJwt(user.getUsername());

        return CommonResultEnum.SUCCESS.setData("Bearer " + jwt);
    }

    @PostMapping(value = "getAll", name = "查询所有用户")
    public CommonResult<List<UserEntity>> getAll() {
        //查询所有用户
        List<UserEntity> users = userMapper.selectList(null);
        return CommonResultEnum.SUCCESS.setData(users);
    }

    @PostMapping(value = "/register", name = "注册用户")
    public CommonResult<?> register(@Validated(AddGroup.class) @RequestBody UserEntity user) {
        LambdaQueryWrapper<UserEntity> wrapper = new LambdaQueryWrapper<UserEntity>()
                .eq(UserEntity::getUsername, user.getUsername());
        UserEntity user1 = userMapper.selectOne(wrapper);
        //查询用户名是否重复
        if (user1 != null) {
            return CommonResultEnum.USER_EXIT_ERROR.getResult();
        }
        //密码加密
        user.setPassword(passwordEncoder.encode(user.getPassword())); //注册用户
        userMapper.insert(user);
        return CommonResultEnum.REGISTER_SUCCESS.getResult();
    }


    @PostMapping("/admin")
    @PreAuthorize("hasRole('管理员')")
    public String admin() {
        return "管理员权限!";
    }

    @PostMapping("/common")
    @PreAuthorize("hasRole('普通用户')")
    public String common() {
        return "普通用户权限";
    }

    @PostMapping("/query")
    @PreAuthorize("hasAuthority('query')")
    public String query() {
        return "query success!";
    }

    @PostMapping("/add")
    @PreAuthorize("hasAuthority('add')")
    public String add() {
        return "add success!";
    }

    @PostMapping("/delete")
    @PreAuthorize("hasAuthority('delete')")
    public String delete() {
        return "delete success!";
    }

    @PostMapping("/update")
    @PreAuthorize("hasAuthority('update')")
    public String update() {
        return "update success!";
    }

    @PostMapping("/getinfo")
    public CommonResult<UserDetails> getInfo (@RequestHeader("Authorization") String BearerToken){
       String  token = BearerToken.substring(7);
        Claims claims = jwtUtil.parserJwt(token);
        String username = (String) claims.get("username");
        UserDetails userDetails = userDetailsService.loadUserByUsername(username);
        System.out.println("userdetail:"+userDetails);
        return CommonResultEnum.SUCCESS.setData(userDetails);

    }

}