• 配置类

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled=true)
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {

	
    @Bean
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

	// 由于过滤器 比 servelt 先加载 在这里注入一下 负责  TokenAuthenticationTokenFilter 中redisuntity 
    @Bean
    public TokenAuthenticationTokenFilter getTokenFiter(){
        return new TokenAuthenticationTokenFilter();
    }
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        //http.addFilterBefore(new VerCodeFi    lter("/Login/Login"), UsernamePasswordAuthenticationFilter.class);


        http.addFilterBefore(getTokenFiter(), UsernamePasswordAuthenticationFilter.class);


        http
                .authorizeRequests()
                .antMatchers("/Login/**").permitAll() // 放行Login
                .anyRequest().authenticated() // 所有请求都需要验证
                .and()
                .formLogin() // 使用默认的登录页面
                .and()
                .sessionManagement()
                .sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
                .csrf().disable();// post请求要关闭csrf验证,不然访问报错;实际开发中开启,需要前端配合传递其他参数
    }


}

  • 定义token 验证过滤器


public class TokenAuthenticationTokenFilter extends OncePerRequestFilter {

    @Autowired
    private RedisUtils redisUtils;

    public TokenAuthenticationTokenFilter(){
    }

    @Override
    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
        //1、获取请求头携带的token

        String token = request.getHeader("token");

        if(!StringUtils.hasText(token)){
            //不需要token的路由可以直接放行
            filterChain.doFilter(request,response);
            return;
        }

        Object o =redisUtils.get(token);

        if (o==null){

            response.setStatus(200);

            response.setCharacterEncoding("utf-8");
            response.getWriter().write(JSON.toJSONString(Result.failed(401,"token 非法","")));
            return;
        }

        Map<String,String> maps=new HashMap<>();

        Map Values = JSON.parseObject(o.toString(), maps.getClass());


        Collection<GrantedAuthority> authorities = new ArrayList<>();

        authorities.add(new SimpleGrantedAuthority(Values.get("role").toString()));


        UsernamePasswordAuthenticationToken authenticationToken=new UsernamePasswordAuthenticationToken(new Userdto(), null, authorities);

        SecurityContextHolder.getContext().setAuthentication(authenticationToken);



        filterChain.doFilter(request,response); //放行
    }
}
# spring boot
Logo
Authing身份云

Authing 是一款以开发者为中心的全场景身份云产品,集成了所有主流身份认证协议,为企业和开发者提供完善安全的用户认证和访问管理服务

更多推荐

cover

管理员分级管控三大模式,提高企业内部管理效率

avatar Authing身份云
cover

构建用户身份基础设施,推动新能源汽车高质量发展

avatar Authing身份云
cover

建立统一网络身份认证平台,赋能用户信息安全

avatar Authing身份云