package me.zhengjie.core.security;

import com.fasterxml.jackson.annotation.JsonIgnore;

import lombok.AllArgsConstructor;

import lombok.Getter;

import org.springframework.security.core.GrantedAuthority;

import org.springframework.security.core.userdetails.UserDetails;

import java.sql.Timestamp;

import java.util.*;

/**

 * @author jie

 * @date 2018-11-23

 */

@Getter

@AllArgsConstructor

public class JwtUser implements UserDetails {

    @JsonIgnore

    private final Long id;

    private final String username;

    @JsonIgnore

    private final String password;

    private final String avatar;

    private final String email;

    @JsonIgnore

    private final Collection<? extends GrantedAuthority> authorities;

    private final boolean enabled;

    private Timestamp createTime;

    @JsonIgnore

    private final Date lastPasswordResetDate;

    @JsonIgnore

    @Override

    public boolean isAccountNonExpired() {

        return true;

    }

    @JsonIgnore

    @Override

    public boolean isAccountNonLocked() {

        return true;

    }

    @JsonIgnore

    @Override

    public boolean isCredentialsNonExpired() {

        return true;

    }

    @JsonIgnore

    @Override

    public String getPassword() {

        return password;

    }

    @Override

    public boolean isEnabled() {

        return enabled;

    }

    /**

     * 在我们保存权限的时候加上了前缀ROLE_,因此在这里需要处理下数据

     * @return

     */

    public Collection getRoles() {

        Set<String> roles = new LinkedHashSet<>();

        for (GrantedAuthority authority : authorities) {

            roles.add(authority.getAuthority().substring(5));

        }

        return roles;

    }

}
package me.zhengjie.core.security;

import org.springframework.security.core.AuthenticationException;

import org.springframework.security.web.AuthenticationEntryPoint;

import org.springframework.stereotype.Component;

import javax.servlet.http.HttpServletRequest;

import javax.servlet.http.HttpServletResponse;

import java.io.IOException;

import java.io.Serializable;

@Component

public class

JwtAuthenticationEntryPoint implements AuthenticationEntryPoint, Serializable {

    private static final long serialVersionUID = -8970718410437077606L;

    @Override

    public void commence(HttpServletRequest request,

                         HttpServletResponse response,

                         AuthenticationException authException) throws IOException {

        /**

         * 当用户尝试访问安全的REST资源而不提供任何凭据时,将调用此方法发送401 响应

         */

        response.sendError(HttpServletResponse.SC_UNAUTHORIZED, authException==null?"Unauthorized":authException.getMessage());

    }

}
package me.zhengjie.core.security;

import org.springframework.security.core.AuthenticationException;

import org.springframework.security.web.AuthenticationEntryPoint;

import org.springframework.stereotype.Component;

import javax.servlet.http.HttpServletRequest;

import javax.servlet.http.HttpServletResponse;

import java.io.IOException;

import java.io.Serializable;

@Component

public class

JwtAuthenticationEntryPoint implements AuthenticationEntryPoint, Serializable {

    private static final long serialVersionUID = -8970718410437077606L;

    @Override

    public void commence(HttpServletRequest request,

                         HttpServletResponse response,

                         AuthenticationException authException) throws IOException {

        /**

         * 当用户尝试访问安全的REST资源而不提供任何凭据时,将调用此方法发送401 响应

         */

        response.sendError(HttpServletResponse.SC_UNAUTHORIZED, authException==null?"Unauthorized":authException.getMessage());

    }

}
package me.zhengjie.core.security;

import io.jsonwebtoken.ExpiredJwtException;

import me.zhengjie.core.utils.JwtTokenUtil;

import org.slf4j.Logger;

import org.slf4j.LoggerFactory;

import org.springframework.beans.factory.annotation.Qualifier;

import org.springframework.beans.factory.annotation.Value;

import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;

import org.springframework.security.core.context.SecurityContextHolder;

import org.springframework.security.core.userdetails.UserDetails;

import org.springframework.security.core.userdetails.UserDetailsService;

import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;

import org.springframework.stereotype.Component;

import org.springframework.web.filter.OncePerRequestFilter;

import javax.servlet.FilterChain;

import javax.servlet.ServletException;

import javax.servlet.http.HttpServletRequest;

import javax.servlet.http.HttpServletResponse;

import java.io.IOException;

@Component

public class JwtAuthorizationTokenFilter extends OncePerRequestFilter {

    private final Logger logger = LoggerFactory.getLogger(this.getClass());

    private final UserDetailsService userDetailsService;

    private final JwtTokenUtil jwtTokenUtil;

    private final String tokenHeader;

    public JwtAuthorizationTokenFilter(@Qualifier("jwtUserDetailsService") UserDetailsService userDetailsService, JwtTokenUtil jwtTokenUtil, @Value("${jwt.header}") String tokenHeader) {

        this.userDetailsService = userDetailsService;

        this.jwtTokenUtil = jwtTokenUtil;

        this.tokenHeader = tokenHeader;

    }

    @Override

    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws ServletException, IOException {

        logger.debug("processing authentication for '{}'", request.getRequestURL());

        final String requestHeader = request.getHeader(this.tokenHeader);

        String username = null;

        String authToken = null;

        if (requestHeader != null && requestHeader.startsWith("Bearer ")) {

            authToken = requestHeader.substring(7);

            try {

                username = jwtTokenUtil.getUsernameFromToken(authToken);

            } catch (ExpiredJwtException e) {

               logger.error(e.getMessage());

            }

        }

        logger.debug("checking authentication for user '{}'", username);

        if (username != null && SecurityContextHolder.getContext().getAuthentication() == null) {

            logger.debug("security context was null, so authorizating user");

            // It is not compelling necessary to load the use details from the database. You could also store the information

            // in the token and read it from it. It's up to you ;)

            UserDetails userDetails = this.userDetailsService.loadUserByUsername(username);

            // For simple validation it is completely sufficient to just check the token integrity. You don't have to call

            // the database compellingly. Again it's up to you ;)

            if (jwtTokenUtil.validateToken(authToken, userDetails)) {

                UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());

                authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));

                logger.info("authorizated user '{}', setting security context", username);

                SecurityContextHolder.getContext().setAuthentication(authentication);

            }

        }

        chain.doFilter(request, response);

    }

}
package me.zhengjie.core.service;

import me.zhengjie.common.exception.EntityNotFoundException;

import me.zhengjie.common.utils.ValidationUtil;

import me.zhengjie.core.security.JwtUser;

import me.zhengjie.system.domain.Permission;

import me.zhengjie.system.domain.Role;

import me.zhengjie.system.domain.User;

import me.zhengjie.system.repository.PermissionRepository;

import me.zhengjie.system.repository.UserRepository;

import org.springframework.beans.factory.annotation.Autowired;

import org.springframework.cache.annotation.CacheConfig;

import org.springframework.cache.annotation.Cacheable;

import org.springframework.security.core.GrantedAuthority;

import org.springframework.security.core.authority.SimpleGrantedAuthority;

import org.springframework.security.core.userdetails.UserDetails;

import org.springframework.security.core.userdetails.UserDetailsService;

import org.springframework.stereotype.Service;

import org.springframework.transaction.annotation.Propagation;

import org.springframework.transaction.annotation.Transactional;

import java.util.ArrayList;

import java.util.HashSet;

import java.util.List;

import java.util.Set;

import java.util.stream.Collectors;

/**

 * @author jie

 * @date 2018-11-22

 */

@Service

@Transactional(propagation = Propagation.SUPPORTS, readOnly = true, rollbackFor = Exception.class)

public class JwtUserDetailsService implements UserDetailsService {

    @Autowired

    private UserRepository userRepository;

    @Autowired

    private PermissionRepository permissionRepository;

    @Override

    public UserDetails loadUserByUsername(String username){

        User user = null;

        if(ValidationUtil.isEmail(username)){

            user = userRepository.findByEmail(username);

        } else {

            user = userRepository.findByUsername(username);

        }

        if (user == null) {

            throw new EntityNotFoundException(User.class, "name", username);

        } else {

            return create(user);

        }

    }

    public UserDetails create(User user) {

        return new JwtUser(

                user.getId(),

                user.getUsername(),

                user.getPassword(),

                user.getAvatar(),

                user.getEmail(),

                mapToGrantedAuthorities(user.getRoles(),permissionRepository),

                user.getEnabled(),

                user.getCreateTime(),

                user.getLastPasswordResetTime()

        );

    }

    private static List<GrantedAuthority> mapToGrantedAuthorities(Set<Role> roles,PermissionRepository permissionRepository) {

        Set<Permission> permissions = new HashSet<>();

        for (Role role : roles) {

            Set<Role> roleSet = new HashSet<>();

            roleSet.add(role);

            permissions.addAll(permissionRepository.findByRoles(roleSet));

        }

        return permissions.stream()

                .map(permission -> new SimpleGrantedAuthority("ROLE_"+permission.getName()))

                .collect(Collectors.toList());

    }

}
package me.zhengjie.core.service;

import me.zhengjie.common.exception.EntityNotFoundException;

import me.zhengjie.common.utils.ValidationUtil;

import me.zhengjie.core.security.JwtUser;

import me.zhengjie.system.domain.Permission;

import me.zhengjie.system.domain.Role;

import me.zhengjie.system.domain.User;

import me.zhengjie.system.repository.PermissionRepository;

import me.zhengjie.system.repository.UserRepository;

import org.springframework.beans.factory.annotation.Autowired;

import org.springframework.cache.annotation.CacheConfig;

import org.springframework.cache.annotation.Cacheable;

import org.springframework.security.core.GrantedAuthority;

import org.springframework.security.core.authority.SimpleGrantedAuthority;

import org.springframework.security.core.userdetails.UserDetails;

import org.springframework.security.core.userdetails.UserDetailsService;

import org.springframework.stereotype.Service;

import org.springframework.transaction.annotation.Propagation;

import org.springframework.transaction.annotation.Transactional;

import java.util.ArrayList;

import java.util.HashSet;

import java.util.List;

import java.util.Set;

import java.util.stream.Collectors;

/**

 * @author jie

 * @date 2018-11-22

 */

@Service

@Transactional(propagation = Propagation.SUPPORTS, readOnly = true, rollbackFor = Exception.class)

public class JwtUserDetailsService implements UserDetailsService {

    @Autowired

    private UserRepository userRepository;

    @Autowired

    private PermissionRepository permissionRepository;

    @Override

    public UserDetails loadUserByUsername(String username){

        User user = null;

        if(ValidationUtil.isEmail(username)){

            user = userRepository.findByEmail(username);

        } else {

            user = userRepository.findByUsername(username);

        }

        if (user == null) {

            throw new EntityNotFoundException(User.class, "name", username);

        } else {

            return create(user);

        }

    }

    public UserDetails create(User user) {

        return new JwtUser(

                user.getId(),

                user.getUsername(),

                user.getPassword(),

                user.getAvatar(),

                user.getEmail(),

                mapToGrantedAuthorities(user.getRoles(),permissionRepository),

                user.getEnabled(),

                user.getCreateTime(),

                user.getLastPasswordResetTime()

        );

    }

    private static List<GrantedAuthority> mapToGrantedAuthorities(Set<Role> roles,PermissionRepository permissionRepository) {

        Set<Permission> permissions = new HashSet<>();

        for (Role role : roles) {

            Set<Role> roleSet = new HashSet<>();

            roleSet.add(role);

            permissions.addAll(permissionRepository.findByRoles(roleSet));

        }

        return permissions.stream()

                .map(permission -> new SimpleGrantedAuthority("ROLE_"+permission.getName()))

                .collect(Collectors.toList());

    }

}
package me.zhengjie.core.rest;

import lombok.extern.slf4j.Slf4j;

import me.zhengjie.common.aop.log.Log;

import me.zhengjie.core.security.AuthenticationToken;

import me.zhengjie.core.security.AuthorizationUser;

import me.zhengjie.core.utils.JwtTokenUtil;

import me.zhengjie.core.security.JwtUser;

import me.zhengjie.core.utils.EncryptUtils;

import org.springframework.beans.factory.annotation.Autowired;

import org.springframework.beans.factory.annotation.Qualifier;

import org.springframework.beans.factory.annotation.Value;

import org.springframework.http.ResponseEntity;

import org.springframework.security.authentication.AccountExpiredException;

import org.springframework.security.authentication.AuthenticationManager;

import org.springframework.security.core.userdetails.UserDetails;

import org.springframework.security.core.userdetails.UserDetailsService;

import org.springframework.web.bind.annotation.*;

import javax.servlet.http.HttpServletRequest;

/**

 * @author jie

 * @date 2018-11-23

 * 授权、根据token获取用户详细信息

 */

@Slf4j

@RestController

@RequestMapping("auth")

public class AuthenticationController {

    @Value("${jwt.header}")

    private String tokenHeader;

    @Autowired

    private AuthenticationManager authenticationManager;

    @Autowired

    private JwtTokenUtil jwtTokenUtil;

    @Autowired

    @Qualifier("jwtUserDetailsService")

    private UserDetailsService userDetailsService;

    /**

     * 登录授权

     * @param authorizationUser

     * @return

     */

    @Log(description = "用户登录")

    @PostMapping(value = "${jwt.auth.path}")

    public ResponseEntity<?> authenticationLogin(@RequestBody AuthorizationUser authorizationUser){

        final UserDetails userDetails = userDetailsService.loadUserByUsername(authorizationUser.getUsername());

        if(!userDetails.getPassword().equals(EncryptUtils.encryptPassword(authorizationUser.getPassword()))){

            throw new AccountExpiredException("密码错误");

        }

        if(!userDetails.isEnabled()){

            throw new AccountExpiredException("账号已停用,请联系管理员");

        }

        // 生成令牌

        final String token = jwtTokenUtil.generateToken(userDetails);

        // 返回 token

        return ResponseEntity.ok(new AuthenticationToken(token));

    }

    /**

     * 获取用户信息

     * @param request

     * @return

     */

    @GetMapping(value = "${jwt.auth.account}")

    public ResponseEntity getUserInfo(HttpServletRequest request){

        JwtUser jwtUser = (JwtUser)userDetailsService.loadUserByUsername(jwtTokenUtil.getUserName(request));

        return ResponseEntity.ok(jwtUser);

    }

}
package me.zhengjie.core.security;

import lombok.AllArgsConstructor;

import lombok.Getter;

import java.io.Serializable;

/**

 * @author jie

 * @date 2018-11-23

 * 返回token

 */

@Getter

@AllArgsConstructor

public class AuthenticationToken implements Serializable {

    private final String token;

}
package me.zhengjie.core.security;

import lombok.Getter;

import lombok.Setter;

import javax.validation.constraints.NotBlank;

/**

 * @author jie

 * @date 2018-11-30

 */

@Getter

@Setter

public class AuthorizationUser {

    @NotBlank

    private String username;

    @NotBlank

    private String password;

    @Override

    public String toString() {

        return "{username=" + username  + ", password= ******}";

    }

}

JwtUser JwtAuthenticationEntryPoint JwtAuthorizationTokenFilter JwtUserDetailsService AuthenticationController的更多相关文章

  1. SpringBoot+SpringSecurity+jwt整合及初体验

    原来一直使用shiro做安全框架,配置起来相当方便,正好有机会接触下SpringSecurity,学习下这个.顺道结合下jwt,把安全信息管理的问题扔给客户端, 准备 首先用的是SpringBoot, ...

  2. 轻松上手SpringBoot Security + JWT Hello World示例

    前言 在本教程中,我们将开发一个Spring Boot应用程序,该应用程序使用JWT身份验证来保护公开的REST API.在此示例中,我们将使用硬编码的用户和密码进行用户身份验证. 在下一个教程中,我 ...

  3. WebSecurityConfig

    package me.zhengjie.core.config; import me.zhengjie.core.security.JwtAuthenticationEntryPoint; impor ...

  4. springboot2.0 web 开发标准目录架构

    ├── clean-run.sh ├── logs/ 日志文件目录 │ ├── sb2-web_test_2018-06-02_0959.0.log │ └── sb2-web_test.log | ...

  5. JWT和Spring Security集成

    通常情况下,把API直接暴露出去是风险很大的, 我们一般需要对API划分出一定的权限级别,然后做一个用户的鉴权,依据鉴权结果给予用户对应的API (一)JWT是什么,为什么要使用它? 互联网服务离不开 ...

  6. Spring Boot Security And JSON Web Token

    Spring Boot Security And JSON Web Token 说明 流程说明 何时生成和使用jwt,其实我们主要是token更有意义并携带一些信息 https://github.co ...

  7. Spring Boot 使用 JWT 进行身份和权限验证

    上周写了一个 适合初学者入门 Spring Security With JWT 的 Demo,这篇文章主要是对代码中涉及到的比较重要的知识点的说明. 适合初学者入门 Spring Security W ...

  8. Spring Boot Security JWT 整合实现前后端分离认证示例

    前面两章节我们介绍了 Spring Boot Security 快速入门 和 Spring Boot JWT 快速入门,本章节使用 JWT 和 Spring Boot Security 构件一个前后端 ...

  9. VerificationCodeService

    package me.zhengjie.system.domain; import lombok.AllArgsConstructor; import lombok.Data; import lomb ...

随机推荐

  1. 【数据结构】Hash表简介及leetcode两数之和python实现

    文章目录 Hash表简介 基本思想 建立步骤 问题 Hash表实现 Hash函数构造 冲突处理方法 leetcode两数之和python实现 题目描述 基于Hash思想的实现 Hash表简介 基本思想 ...

  2. Docker安装 - CentOS7环境

    Docker安装 - CentOS7环境 安装Docker 我是虚拟机装的Centos7,linux 3.10 内核,docker官方说至少3.8以上,建议3.10以上(ubuntu下要linux内核 ...

  3. POJ 1088 DP=记忆化搜索

    话说DP=记忆化搜索这句话真不是虚的. 面对这道题目,题意很简单,但是DP的时候,方向分为四个,这个时候用递推就好难写了,你很难得到当前状态的前一个真实状态,这个时候记忆化搜索就派上用场啦! 通过对四 ...

  4. 协程与异步IO

    协  程 协程,又称微线程,纤程. 协程的优势:              协程的特点在于是一个线程执行.              协程的最大优势是极高的执行效率,因为子程序切换不是线程切换,而是由 ...

  5. java笔记——手写+键入

    Frame.setDefaultCloseOpreation() Default:默认的 设置默认关闭操作 (0:什么都不干: 1:隐藏窗口: 2:关闭窗口但继续运行程序: 3:关闭窗口关闭程序:) ...

  6. Thread--synchronized不能被继承?!?!!!

    参考:http://bbs.csdn.net/topics/380248188 其实真相是这样的,“synchronized不能被继承”,这句话有2种不同意思,一种是比较正常的.很容易让人想到的意思: ...

  7. Java 面向对象 异常处理:RunTimeexception,try-catch,异常声明throws,自定义异常,throw和throws的区别,多异常处理(9)

    Java 面向对象 异常处理:RunTimeexception,try-catch,异常声明throws,自定义异常,throw和throws的区别,多异常处理(9)

  8. 63)对于STL基本概念东西 自己百度(没有整理)

    基础知识 看  C++进阶课程讲义的那个word文档

  9. CF 1096D Easy Problem [动态规划]

    题目链接:http://codeforces.com/problemset/problem/1096/D 题意: 有一长度为n的字符串,每一字符都有一个权值,要求现在从中取出若干个字符,使得字符串中没 ...

  10. 数据库T-SQL语言操作(T-SQL语句、数据库、表、视图、索引)

    T-SQL语言 按用途分四部分 数据定义语言(CREATE,DROP,ALTER) 数据操作语言(INSERT,DELETE,UPDATE) 数据查询语言(SELECT) 数据控制语言(GRANT,R ...