From 95688e400b6974953505c159f8fbf9d65784c724 Mon Sep 17 00:00:00 2001 From: 648540858 <648540858@qq.com> Date: 星期一, 13 三月 2023 09:45:00 +0800 Subject: [PATCH] 初步实现登录返回token --- /dev/null | 24 --- src/main/java/com/genersoft/iot/vmp/conf/security/JwtAuthenticationFilter.java | 65 ++++++++ src/main/java/com/genersoft/iot/vmp/conf/security/AnonymousAuthenticationEntryPoint.java | 16 + src/main/java/com/genersoft/iot/vmp/conf/security/JwtUtils.java | 138 +++++++++++++++++ src/main/java/com/genersoft/iot/vmp/conf/security/LoginSuccessHandler.java | 13 + src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java | 95 ++++++----- src/main/java/com/genersoft/iot/vmp/conf/security/SecurityUtils.java | 25 ++ src/main/java/com/genersoft/iot/vmp/conf/security/dto/JwtUser.java | 53 ++++++ src/main/java/com/genersoft/iot/vmp/conf/security/DefaultUserDetailsServiceImpl.java | 15 + src/main/java/com/genersoft/iot/vmp/vmanager/user/UserController.java | 8 pom.xml | 15 + 11 files changed, 378 insertions(+), 89 deletions(-) diff --git a/pom.xml b/pom.xml index bcc3c36..a675c6f 100644 --- a/pom.xml +++ b/pom.xml @@ -216,8 +216,6 @@ <version>4.10.0</version> </dependency> - - <!-- okhttp-digest --> <dependency> <groupId>io.github.rburgst</groupId> @@ -226,10 +224,17 @@ </dependency> <!-- https://mvnrepository.com/artifact/net.sf.kxml/kxml2 --> +<!-- <dependency>--> +<!-- <groupId>net.sf.kxml</groupId>--> +<!-- <artifactId>kxml2</artifactId>--> +<!-- <version>2.3.0</version>--> +<!-- </dependency>--> + + <!-- jwt瀹炵幇 --> <dependency> - <groupId>net.sf.kxml</groupId> - <artifactId>kxml2</artifactId> - <version>2.3.0</version> + <groupId>org.bitbucket.b_c</groupId> + <artifactId>jose4j</artifactId> + <version>0.9.3</version> </dependency> <!--鍙嶅悜浠g悊--> diff --git a/src/main/java/com/genersoft/iot/vmp/conf/security/AnonymousAuthenticationEntryPoint.java b/src/main/java/com/genersoft/iot/vmp/conf/security/AnonymousAuthenticationEntryPoint.java index 35c68d5..7a178d9 100644 --- a/src/main/java/com/genersoft/iot/vmp/conf/security/AnonymousAuthenticationEntryPoint.java +++ b/src/main/java/com/genersoft/iot/vmp/conf/security/AnonymousAuthenticationEntryPoint.java @@ -1,10 +1,11 @@ package com.genersoft.iot.vmp.conf.security; import com.alibaba.fastjson2.JSONObject; +import com.genersoft.iot.vmp.conf.security.dto.JwtUser; import com.genersoft.iot.vmp.vmanager.bean.ErrorCode; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; +import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.AuthenticationException; +import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.web.AuthenticationEntryPoint; import org.springframework.stereotype.Component; @@ -17,12 +18,17 @@ * @author lin */ @Component -public class AnonymousAuthenticationEntryPoint implements AuthenticationEntryPoint { - - private final static Logger logger = LoggerFactory.getLogger(DefaultUserDetailsServiceImpl.class); +public class AnonymousAuthenticationEntryPoint implements AuthenticationEntryPoint { @Override public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException e) { + System.err.println(e.getMessage()); + String jwt = request.getHeader(JwtUtils.getHeader()); + JwtUser jwtUser = JwtUtils.verifyToken(jwt); + String username = jwtUser.getUserName(); + UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(username, jwtUser.getPassword() ); + SecurityContextHolder.getContext().setAuthentication(token); + System.out.println(jwt); // 鍏佽璺ㄥ煙 String origin = request.getHeader("Origin"); response.setHeader("Access-Control-Allow-Credentials", "true"); diff --git a/src/main/java/com/genersoft/iot/vmp/conf/security/DefaultUserDetailsServiceImpl.java b/src/main/java/com/genersoft/iot/vmp/conf/security/DefaultUserDetailsServiceImpl.java index 509a1e0..0cda4a5 100644 --- a/src/main/java/com/genersoft/iot/vmp/conf/security/DefaultUserDetailsServiceImpl.java +++ b/src/main/java/com/genersoft/iot/vmp/conf/security/DefaultUserDetailsServiceImpl.java @@ -1,7 +1,9 @@ package com.genersoft.iot.vmp.conf.security; -import java.time.LocalDateTime; - +import com.alibaba.excel.util.StringUtils; +import com.genersoft.iot.vmp.conf.security.dto.LoginUser; +import com.genersoft.iot.vmp.service.IUserService; +import com.genersoft.iot.vmp.storager.dao.dto.User; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; @@ -10,10 +12,7 @@ import org.springframework.security.core.userdetails.UsernameNotFoundException; import org.springframework.stereotype.Component; -import com.alibaba.excel.util.StringUtils; -import com.genersoft.iot.vmp.conf.security.dto.LoginUser; -import com.genersoft.iot.vmp.service.IUserService; -import com.genersoft.iot.vmp.storager.dao.dto.User; +import java.time.LocalDateTime; /** * 鐢ㄦ埛鐧诲綍璁よ瘉閫昏緫 @@ -45,4 +44,8 @@ } + + + + } diff --git a/src/main/java/com/genersoft/iot/vmp/conf/security/InvalidSessionHandler.java b/src/main/java/com/genersoft/iot/vmp/conf/security/InvalidSessionHandler.java deleted file mode 100644 index f3fd068..0000000 --- a/src/main/java/com/genersoft/iot/vmp/conf/security/InvalidSessionHandler.java +++ /dev/null @@ -1,24 +0,0 @@ -package com.genersoft.iot.vmp.conf.security; - -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.security.web.session.InvalidSessionStrategy; - -import javax.servlet.ServletException; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import java.io.IOException; - -/** - * 鐧诲綍瓒呮椂鐨勫鐞� - */ -public class InvalidSessionHandler implements InvalidSessionStrategy { - - private final static Logger logger = LoggerFactory.getLogger(InvalidSessionHandler.class); - - @Override - public void onInvalidSessionDetected(HttpServletRequest request, HttpServletResponse httpServletResponse) throws IOException, ServletException { - String username = request.getParameter("username"); - logger.info("[鐧诲綍瓒呮椂] - [{}]", username); - } -} diff --git a/src/main/java/com/genersoft/iot/vmp/conf/security/JwtAuthenticationFilter.java b/src/main/java/com/genersoft/iot/vmp/conf/security/JwtAuthenticationFilter.java new file mode 100644 index 0000000..91709aa --- /dev/null +++ b/src/main/java/com/genersoft/iot/vmp/conf/security/JwtAuthenticationFilter.java @@ -0,0 +1,65 @@ +package com.genersoft.iot.vmp.conf.security; + +import com.genersoft.iot.vmp.conf.security.dto.JwtUser; +import org.apache.commons.lang3.StringUtils; +import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; +import org.springframework.security.core.context.SecurityContextHolder; +import org.springframework.stereotype.Component; +import org.springframework.web.filter.OncePerRequestFilter; + +import javax.servlet.FilterChain; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; +import java.util.ArrayList; + +/** + * jwt token 杩囨护鍣� + */ + +@Component +public class JwtAuthenticationFilter extends OncePerRequestFilter { + + + @Override + protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException { + String jwt = request.getHeader(JwtUtils.getHeader()); + // 杩欓噷濡傛灉娌℃湁jwt锛岀户缁線鍚庤蛋锛屽洜涓哄悗闈㈣繕鏈夐壌鏉冪鐞嗗櫒绛夊幓鍒ゆ柇鏄惁鎷ユ湁韬唤鍑瘉锛屾墍浠ユ槸鍙互鏀捐鐨� + // 娌℃湁jwt鐩稿綋浜庡尶鍚嶈闂紝鑻ユ湁涓�浜涙帴鍙f槸闇�瑕佹潈闄愮殑锛屽垯涓嶈兘璁块棶杩欎簺鎺ュ彛 + if (StringUtils.isBlank(jwt)) { + chain.doFilter(request, response); + return; + } + + + JwtUser jwtUser = JwtUtils.verifyToken(jwt); + String username = jwtUser.getUserName(); + // TODO 澶勭悊鍚勪釜鐘舵�� + switch (jwtUser.getStatus()){ + case EXPIRED: + response.setStatus(400); + chain.doFilter(request, response); + // 寮傚父 + return; + case EXCEPTION: + // 杩囨湡 + response.setStatus(400); + chain.doFilter(request, response); + return; + case EXPIRING_SOON: + // 鍗冲皢杩囨湡 +// return; + default: + } + +// String password = SecurityUtils.encryptPassword(jwtUser.getPassword()); +// user.setPassword(password); + + // 鏋勫缓UsernamePasswordAuthenticationToken,杩欓噷瀵嗙爜涓簄ull锛屾槸鍥犱负鎻愪緵浜嗘纭殑JWT,瀹炵幇鑷姩鐧诲綍 + UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(username, jwtUser.getPassword(), new ArrayList<>() ); + SecurityContextHolder.getContext().setAuthentication(token); + chain.doFilter(request, response); + } + +} diff --git a/src/main/java/com/genersoft/iot/vmp/conf/security/JwtUtils.java b/src/main/java/com/genersoft/iot/vmp/conf/security/JwtUtils.java new file mode 100644 index 0000000..378e5d6 --- /dev/null +++ b/src/main/java/com/genersoft/iot/vmp/conf/security/JwtUtils.java @@ -0,0 +1,138 @@ +package com.genersoft.iot.vmp.conf.security; + +import com.genersoft.iot.vmp.conf.security.dto.JwtUser; +import org.jose4j.json.JsonUtil; +import org.jose4j.jwk.RsaJsonWebKey; +import org.jose4j.jws.AlgorithmIdentifiers; +import org.jose4j.jws.JsonWebSignature; +import org.jose4j.jwt.JwtClaims; +import org.jose4j.jwt.NumericDate; +import org.jose4j.jwt.consumer.ErrorCodes; +import org.jose4j.jwt.consumer.InvalidJwtException; +import org.jose4j.jwt.consumer.JwtConsumer; +import org.jose4j.jwt.consumer.JwtConsumerBuilder; +import org.jose4j.lang.JoseException; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import java.security.PrivateKey; +import java.time.LocalDateTime; +import java.time.ZoneOffset; + +public class JwtUtils { + + private static final Logger logger = LoggerFactory.getLogger(JwtUtils.class); + + private static final String HEADER = "Access-Token"; + private static final String AUDIENCE = "Audience"; + + private static final long EXPIRED_THRESHOLD = 10 * 60; + + private static final String keyId = "3e79646c4dbc408383a9eed09f2b85ae"; + private static final String privateKeyStr = "{\"kty\":\"RSA\",\"kid\":\"3e79646c4dbc408383a9eed09f2b85ae\",\"alg\":\"RS256\",\"n\":\"gndmVdiOTSJ5et2HIeTM5f1m61x5ojLUi5HDfvr-jRrESQ5kbKuySGHVwR4QhwinpY1wQqBnwc80tx7cb_6SSqsTOoGln6T_l3k2Pb54ClVnGWiW_u1kmX78V2TZOsVmZmwtdZCMi-2zWIyAdIEXE-gncIehoAgEoq2VAhaCURbJWro_EwzzQwNmCTkDodLAx4npXRd_qSu0Ayp0txym9OFovBXBULRvk4DPiy3i_bPUmCDxzC46pTtFOe9p82uybTehZfULZtXXqRm85FL9n5zkrsTllPNAyEGhgb0RK9sE5nK1m_wNNysDyfLC4EFf1VXTrKm14XNVjc2vqLb7Mw\",\"e\":\"AQAB\",\"d\":\"ed7U_k3rJ4yTk70JtRSIfjKGiEb67BO1TabcymnljKO7RU8nage84zZYuSu_XpQsHk6P1f0Gzxkicghm_Er-FrfVn2pp70Xu52z3yRd6BJUgWLDFk97ngScIyw5OiULKU9SrZk2frDpftNCSUcIgb50F8m0QAnBa_CdPsQKbuuhLv8V8tBAV7F_lAwvSBgu56wRo3hPz5dWH8YeXM7XBfQ9viFMNEKd21sP_j5C7ueUnXT66nBxe3ZJEU3iuMYM6D6dB_KW2GfZC6WmTgvGhhxJD0h7aYmfjkD99MDleB7SkpbvoODOqiQ5Epb7Nyh6kv5u4KUv2CJYtATLZkUeMkQ\",\"p\":\"uBUjWPWtlGksmOqsqCNWksfqJvMcnP_8TDYN7e4-WnHL4N-9HjRuPDnp6kHvCIEi9SEfxm7gNxlRcWegvNQr3IZCz7TnCTexXc5NOklB9OavWFla6u-s3Thn6Tz45-EUjpJr0VJMxhO-KxGmuTwUXBBp4vN6K2qV6rQNFmgkWzk\",\"q\":\"tW_i7cCec56bHkhITL_79dXHz_PLC_f7xlynmlZJGU_d6mqOKmLBNBbTMLnYW8uAFiFzWxDeDHh1o5uF0mSQR-Z1Fg35OftnpbWpy0Cbc2la5WgXQjOwtG1eLYIY2BD3-wQ1VYDBCvowr4FDi-sngxwLqvwmrJ0xjhi99O-Gzcs\",\"dp\":\"q1d5jE85Hz_6M-eTh_lEluEf0NtPEc-vvhw-QO4V-cecNpbrCBdTWBmr4dE3NdpFeJc5ZVFEv-SACyei1MBEh0ItI_pFZi4BmMfy2ELh8ptaMMkTOESYyVy8U7veDq9RnBcr5i1Nqr0rsBkA77-9T6gzdvycBZdzLYAkAmwzEvk\",\"dq\":\"q29A2K08Crs-jmp2Bi8Q_8QzvIX6wSBbwZ4ir24AO-5_HNP56IrPS0yV2GCB0pqCOGb6_Hz_koDvhtuYoqdqvMVAtMoXR3YJBUaVXPt65p4RyNmFwIPe31zHs_BNUTsXVRMw4c16mci03-Af1sEm4HdLfxAp6sfM3xr5wcnhcek\",\"qi\":\"rHPgVTyHUHuYzcxfouyBfb1XAY8nshwn0ddo81o1BccD4Z7zo5It6SefDHjxCAbcmbiCcXBSooLcY-NF5FMv3fg19UE21VyLQltHcVjRRp2tRs4OHcM8yaXIU2x6N6Z6BP2tOksHb9MOBY1wAQzFOAKg_G4Sxev6-_6ud6RISuc\"}"; + private static final String publicKeyStr = "{\"kty\":\"RSA\",\"kid\":\"3e79646c4dbc408383a9eed09f2b85ae\",\"alg\":\"RS256\",\"n\":\"gndmVdiOTSJ5et2HIeTM5f1m61x5ojLUi5HDfvr-jRrESQ5kbKuySGHVwR4QhwinpY1wQqBnwc80tx7cb_6SSqsTOoGln6T_l3k2Pb54ClVnGWiW_u1kmX78V2TZOsVmZmwtdZCMi-2zWIyAdIEXE-gncIehoAgEoq2VAhaCURbJWro_EwzzQwNmCTkDodLAx4npXRd_qSu0Ayp0txym9OFovBXBULRvk4DPiy3i_bPUmCDxzC46pTtFOe9p82uybTehZfULZtXXqRm85FL9n5zkrsTllPNAyEGhgb0RK9sE5nK1m_wNNysDyfLC4EFf1VXTrKm14XNVjc2vqLb7Mw\",\"e\":\"AQAB\"}"; + + /** + * token杩囨湡鏃堕棿(鍒嗛挓) + */ + public static final long expirationTime = 30; + + public static String createToken(String username, String password) { + try { + /** + * 鈥渋ss鈥� (issuer) 鍙戣浜� + * + * 鈥渟ub鈥� (subject) 涓婚 + * + * 鈥渁ud鈥� (audience) 鎺ユ敹鏂� 鐢ㄦ埛 + * + * 鈥渆xp鈥� (expiration time) 鍒版湡鏃堕棿 + * + * 鈥渘bf鈥� (not before) 鍦ㄦ涔嬪墠涓嶅彲鐢� + * + * 鈥渋at鈥� (issued at) jwt鐨勭鍙戞椂闂� + */ + //Payload + JwtClaims claims = new JwtClaims(); + claims.setGeneratedJwtId(); + claims.setIssuedAtToNow(); + // 浠ょ墝灏嗚繃鏈熺殑鏃堕棿 鍒嗛挓 + claims.setExpirationTimeMinutesInTheFuture(expirationTime); + claims.setNotBeforeMinutesInThePast(0); + claims.setSubject("login"); + claims.setAudience(AUDIENCE); + //娣诲姞鑷畾涔夊弬鏁�,蹇呴』鏄瓧绗︿覆绫诲瀷 + claims.setClaim("username", username); + claims.setClaim("password", password); + + //jws + JsonWebSignature jws = new JsonWebSignature(); + //绛惧悕绠楁硶RS256 + jws.setAlgorithmHeaderValue(AlgorithmIdentifiers.RSA_USING_SHA256); + jws.setKeyIdHeaderValue(keyId); + jws.setPayload(claims.toJson()); + + PrivateKey privateKey = new RsaJsonWebKey(JsonUtil.parseJson(privateKeyStr)).getPrivateKey(); + jws.setKey(privateKey); + + //get token + String idToken = jws.getCompactSerialization(); + return idToken; + } catch (JoseException e) { + logger.error("[Token鐢熸垚澶辫触]锛� {}", e.getMessage()); + } + + return null; + } + + public static String getHeader() { + return HEADER; + } + + + public static JwtUser verifyToken(String token) { + + JwtUser jwtUser = new JwtUser(); + + try { + JwtConsumer consumer = new JwtConsumerBuilder() + .setRequireExpirationTime() + .setMaxFutureValidityInMinutes(5256000) + .setAllowedClockSkewInSeconds(30) + .setRequireSubject() + //.setExpectedIssuer("") + .setExpectedAudience(AUDIENCE) + .setVerificationKey(new RsaJsonWebKey(JsonUtil.parseJson(publicKeyStr)).getPublicKey()) + .build(); + + JwtClaims claims = consumer.processToClaims(token); + NumericDate expirationTime = claims.getExpirationTime(); + // 鍒ゆ柇鏄惁鍗冲皢杩囨湡, 榛樿鍓╀綑鏃堕棿灏忎簬5鍒嗛挓鏈嵆灏嗚繃鏈� + // 鍓╀綑鏃堕棿 锛堢锛� + long timeRemaining = LocalDateTime.now().toEpochSecond(ZoneOffset.ofHours(8)) - expirationTime.getValue(); + if (timeRemaining < 5 * 60) { + jwtUser.setStatus(JwtUser.TokenStatus.EXPIRING_SOON); + }else { + jwtUser.setStatus(JwtUser.TokenStatus.NORMAL); + } + + String username = (String) claims.getClaimValue("username"); + String password = (String) claims.getClaimValue("password"); + jwtUser.setUserName(username); + jwtUser.setPassword(password); + + return jwtUser; + } catch (InvalidJwtException e) { + if (e.hasErrorCode(ErrorCodes.EXPIRED)) { + jwtUser.setStatus(JwtUser.TokenStatus.EXPIRED); + }else { + jwtUser.setStatus(JwtUser.TokenStatus.EXCEPTION); + } + return jwtUser; + }catch (Exception e) { + logger.error("[Token瑙f瀽澶辫触]锛� {}", e.getMessage()); + jwtUser.setStatus(JwtUser.TokenStatus.EXPIRED); + return jwtUser; + } + } +} diff --git a/src/main/java/com/genersoft/iot/vmp/conf/security/LoginSuccessHandler.java b/src/main/java/com/genersoft/iot/vmp/conf/security/LoginSuccessHandler.java index 2d7e8a1..d26342e 100644 --- a/src/main/java/com/genersoft/iot/vmp/conf/security/LoginSuccessHandler.java +++ b/src/main/java/com/genersoft/iot/vmp/conf/security/LoginSuccessHandler.java @@ -21,7 +21,16 @@ @Override public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException { - String username = request.getParameter("username"); - logger.info("[鐧诲綍鎴愬姛] - [{}]", username); +// String username = request.getParameter("username"); +// httpServletResponse.setContentType("application/json;charset=UTF-8"); +// // 鐢熸垚JWT锛屽苟鏀剧疆鍒拌姹傚ご涓� +// String jwt = JwtUtils.createToken(authentication.getName(), ); +// httpServletResponse.setHeader(JwtUtils.getHeader(), jwt); +// ServletOutputStream outputStream = httpServletResponse.getOutputStream(); +// outputStream.write(JSON.toJSONString(ErrorCode.SUCCESS).getBytes(StandardCharsets.UTF_8)); +// outputStream.flush(); +// outputStream.close(); + +// logger.info("[鐧诲綍鎴愬姛] - [{}]", username); } } diff --git a/src/main/java/com/genersoft/iot/vmp/conf/security/SecurityUtils.java b/src/main/java/com/genersoft/iot/vmp/conf/security/SecurityUtils.java index fd29d11..76f1162 100644 --- a/src/main/java/com/genersoft/iot/vmp/conf/security/SecurityUtils.java +++ b/src/main/java/com/genersoft/iot/vmp/conf/security/SecurityUtils.java @@ -1,6 +1,7 @@ package com.genersoft.iot.vmp.conf.security; import com.genersoft.iot.vmp.conf.security.dto.LoginUser; +import com.genersoft.iot.vmp.storager.dao.dto.User; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.Authentication; @@ -9,6 +10,7 @@ import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import javax.security.sasl.AuthenticationException; +import java.time.LocalDateTime; public class SecurityUtils { @@ -25,10 +27,16 @@ public static LoginUser login(String username, String password, AuthenticationManager authenticationManager) throws AuthenticationException { //浣跨敤security妗嗘灦鑷甫鐨勯獙璇乼oken鐢熸垚鍣� 涔熷彲浠ヨ嚜瀹氫箟銆� UsernamePasswordAuthenticationToken token =new UsernamePasswordAuthenticationToken(username,password); - Authentication authenticate = authenticationManager.authenticate(token); - SecurityContextHolder.getContext().setAuthentication(authenticate); - LoginUser user = (LoginUser) authenticate.getPrincipal(); - return user; +// Authentication authenticate = authenticationManager.authenticate(token); +// SecurityContextHolder.getContext().setAuthentication(authenticate); + SecurityContextHolder.getContext().setAuthentication(token); + + +// LoginUser user = (LoginUser) authenticate.getPrincipal(); + User user = new User(); + user.setUsername(username); + LoginUser loginUser = new LoginUser(user, LocalDateTime.now()); + return loginUser; } /** @@ -49,8 +57,13 @@ if(authentication!=null){ Object principal = authentication.getPrincipal(); if(principal!=null && !"anonymousUser".equals(principal)){ - LoginUser user = (LoginUser) authentication.getPrincipal(); - return user; +// LoginUser user = (LoginUser) authentication.getPrincipal(); + + String username = (String) principal; + User user = new User(); + user.setUsername(username); + LoginUser loginUser = new LoginUser(user, LocalDateTime.now()); + return loginUser; } } return null; diff --git a/src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java b/src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java index cce0d11..c700b8c 100644 --- a/src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java +++ b/src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java @@ -15,7 +15,9 @@ import org.springframework.security.config.annotation.web.builders.WebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; +import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; import java.util.List; @@ -56,22 +58,14 @@ */ @Autowired private AnonymousAuthenticationEntryPoint anonymousAuthenticationEntryPoint; -// /** -// * 瓒呮椂澶勭悊 -// */ -// @Autowired -// private InvalidSessionHandler invalidSessionHandler; + @Autowired + private JwtAuthenticationFilter jwtAuthenticationFilter; -// /** -// * 椤跺彿澶勭悊 -// */ -// @Autowired -// private SessionInformationExpiredHandler sessionInformationExpiredHandler; -// /** -// * 鐧诲綍鐢ㄦ埛娌℃湁鏉冮檺璁块棶璧勬簮 -// */ -// @Autowired -// private LoginUserAccessDeniedHandler accessDeniedHandler; +// @Bean +// JwtAuthenticationFilter jwtAuthenticationFilter() throws Exception { +// JwtAuthenticationFilter jwtAuthenticationFilter = new JwtAuthenticationFilter(authenticationManager()); +// return jwtAuthenticationFilter; +// } /** @@ -126,35 +120,56 @@ @Override protected void configure(HttpSecurity http) throws Exception { - http.cors().and().csrf().disable(); - // 璁剧疆鍏佽娣诲姞闈欐�佹枃浠� - http.headers().contentTypeOptions().disable(); - http.authorizeRequests() - // 鏀捐鎺ュ彛 + http.headers().contentTypeOptions().disable() + .and().cors() + .and().csrf().disable() + .sessionManagement() + .sessionCreationPolicy(SessionCreationPolicy.STATELESS) + + // 閰嶇疆鎷︽埅瑙勫垯 + .and() + .authorizeRequests() .antMatchers("/api/user/login","/index/hook/**").permitAll() - // 闄や笂闈㈠鐨勬墍鏈夎姹傚叏閮ㄩ渶瑕侀壌鏉冭璇� .anyRequest().authenticated() - // 寮傚父澶勭悊(鏉冮檺鎷掔粷銆佺櫥褰曞け鏁堢瓑) - .and().exceptionHandling() - //鍖垮悕鐢ㄦ埛璁块棶鏃犳潈闄愯祫婧愭椂鐨勫紓甯稿鐞� + // 寮傚父澶勭悊鍣� + .and() + .exceptionHandling() .authenticationEntryPoint(anonymousAuthenticationEntryPoint) -// .accessDeniedHandler(accessDeniedHandler)//鐧诲綍鐢ㄦ埛娌℃湁鏉冮檺璁块棶璧勬簮 - // 鐧诲叆 鍏佽鎵�鏈夌敤鎴� - .and().formLogin().permitAll() - //鐧诲綍鎴愬姛澶勭悊閫昏緫 - .successHandler(loginSuccessHandler) - //鐧诲綍澶辫触澶勭悊閫昏緫 - .failureHandler(loginFailureHandler) - // 鐧诲嚭 - .and().logout().logoutUrl("/api/user/logout").permitAll() - //鐧诲嚭鎴愬姛澶勭悊閫昏緫 - .logoutSuccessHandler(logoutHandler) - .deleteCookies("JSESSIONID") - // 浼氳瘽绠$悊 -// .and().sessionManagement().invalidSessionStrategy(invalidSessionHandler) // 瓒呮椂澶勭悊 -// .maximumSessions(1)//鍚屼竴璐﹀彿鍚屾椂鐧诲綍鏈�澶х敤鎴锋暟 -// .expiredSessionStrategy(sessionInformationExpiredHandler) // 椤跺彿澶勭悊 +// .accessDeniedHandler(jwtAccessDeniedHandler) + // 閰嶇疆鑷畾涔夌殑杩囨护鍣� +// .and() +// .addFilter(jwtAuthenticationFilter) + // 楠岃瘉鐮佽繃婊ゅ櫒鏀惧湪UsernamePassword杩囨护鍣ㄤ箣鍓� +// .addFilterBefore(captchaFilter, UsernamePasswordAuthenticationFilter.class) ; + http.addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class); +// // 璁剧疆鍏佽娣诲姞闈欐�佹枃浠� +// http.headers().contentTypeOptions().disable(); +// http.authorizeRequests() +// // 鏀捐鎺ュ彛 +// .antMatchers("/api/user/login","/index/hook/**").permitAll() +// // 闄や笂闈㈠鐨勬墍鏈夎姹傚叏閮ㄩ渶瑕侀壌鏉冭璇� +// .anyRequest().authenticated() +// // 绂佺敤session +// .and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS) +// // 寮傚父澶勭悊(鏉冮檺鎷掔粷銆佺櫥褰曞け鏁堢瓑) +// .and().exceptionHandling() +// // 鍖垮悕鐢ㄦ埛璁块棶鏃犳潈闄愯祫婧愭椂鐨勫紓甯稿鐞� +// .authenticationEntryPoint(anonymousAuthenticationEntryPoint) +// // 鐧诲綍 鍏佽鎵�鏈夌敤鎴� +// .and().formLogin() +// // 鐧诲綍鎴愬姛澶勭悊閫昏緫 鍦ㄨ繖閲岀粰鍑篔WT +// .successHandler(loginSuccessHandler) +// // 鐧诲綍澶辫触澶勭悊閫昏緫 +// .failureHandler(loginFailureHandler) +// // 鐧诲嚭 +// .and().logout().logoutUrl("/api/user/logout").permitAll() +// // 鐧诲嚭鎴愬姛澶勭悊閫昏緫 +// .logoutSuccessHandler(logoutHandler) +// // 閰嶇疆鑷畾涔夌殑杩囨护鍣� +// .and() +// .addFilter(jwtAuthenticationFilter()) +// ; } diff --git a/src/main/java/com/genersoft/iot/vmp/conf/security/dto/JwtUser.java b/src/main/java/com/genersoft/iot/vmp/conf/security/dto/JwtUser.java new file mode 100644 index 0000000..1639d1f --- /dev/null +++ b/src/main/java/com/genersoft/iot/vmp/conf/security/dto/JwtUser.java @@ -0,0 +1,53 @@ +package com.genersoft.iot.vmp.conf.security.dto; + +public class JwtUser { + + public enum TokenStatus{ + /** + * 姝e父鐨勪娇鐢ㄧ姸鎬� + */ + NORMAL, + /** + * 杩囨湡鑰屽け鏁� + */ + EXPIRED, + /** + * 鍗冲皢杩囨湡 + */ + EXPIRING_SOON, + /** + * 寮傚父 + */ + EXCEPTION + } + + private String userName; + + private String password; + + private TokenStatus status; + + public String getUserName() { + return userName; + } + + public void setUserName(String userName) { + this.userName = userName; + } + + public TokenStatus getStatus() { + return status; + } + + public void setStatus(TokenStatus status) { + this.status = status; + } + + public String getPassword() { + return password; + } + + public void setPassword(String password) { + this.password = password; + } +} diff --git a/src/main/java/com/genersoft/iot/vmp/vmanager/user/UserController.java b/src/main/java/com/genersoft/iot/vmp/vmanager/user/UserController.java index 127e83b..826dd51 100644 --- a/src/main/java/com/genersoft/iot/vmp/vmanager/user/UserController.java +++ b/src/main/java/com/genersoft/iot/vmp/vmanager/user/UserController.java @@ -1,6 +1,7 @@ package com.genersoft.iot.vmp.vmanager.user; import com.genersoft.iot.vmp.conf.exception.ControllerException; +import com.genersoft.iot.vmp.conf.security.JwtUtils; import com.genersoft.iot.vmp.conf.security.SecurityUtils; import com.genersoft.iot.vmp.conf.security.dto.LoginUser; import com.genersoft.iot.vmp.service.IRoleService; @@ -21,6 +22,8 @@ import org.springframework.web.bind.annotation.*; import javax.security.sasl.AuthenticationException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; import java.util.List; @Tag(name = "鐢ㄦ埛绠$悊") @@ -43,7 +46,7 @@ @Operation(summary = "鐧诲綍") @Parameter(name = "username", description = "鐢ㄦ埛鍚�", required = true) @Parameter(name = "password", description = "瀵嗙爜锛�32浣峬d5鍔犲瘑锛�", required = true) - public LoginUser login(@RequestParam String username, @RequestParam String password){ + public LoginUser login(HttpServletRequest request, HttpServletResponse response, @RequestParam String username, @RequestParam String password){ LoginUser user = null; try { user = SecurityUtils.login(username, password, authenticationManager); @@ -52,6 +55,9 @@ } if (user == null) { throw new ControllerException(ErrorCode.ERROR100.getCode(), "鐢ㄦ埛鍚嶆垨瀵嗙爜閿欒"); + }else { + String jwt = JwtUtils.createToken(username, password); + response.setHeader(JwtUtils.getHeader(), jwt); } return user; } -- Gitblit v1.8.0