From 95688e400b6974953505c159f8fbf9d65784c724 Mon Sep 17 00:00:00 2001
From: 648540858 <648540858@qq.com>
Date: 星期一, 13 三月 2023 09:45:00 +0800
Subject: [PATCH] 初步实现登录返回token

---
 /dev/null                                                                                |   24 ---
 src/main/java/com/genersoft/iot/vmp/conf/security/JwtAuthenticationFilter.java           |   65 ++++++++
 src/main/java/com/genersoft/iot/vmp/conf/security/AnonymousAuthenticationEntryPoint.java |   16 +
 src/main/java/com/genersoft/iot/vmp/conf/security/JwtUtils.java                          |  138 +++++++++++++++++
 src/main/java/com/genersoft/iot/vmp/conf/security/LoginSuccessHandler.java               |   13 +
 src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java                 |   95 ++++++-----
 src/main/java/com/genersoft/iot/vmp/conf/security/SecurityUtils.java                     |   25 ++
 src/main/java/com/genersoft/iot/vmp/conf/security/dto/JwtUser.java                       |   53 ++++++
 src/main/java/com/genersoft/iot/vmp/conf/security/DefaultUserDetailsServiceImpl.java     |   15 +
 src/main/java/com/genersoft/iot/vmp/vmanager/user/UserController.java                    |    8 
 pom.xml                                                                                  |   15 +
 11 files changed, 378 insertions(+), 89 deletions(-)

diff --git a/pom.xml b/pom.xml
index bcc3c36..a675c6f 100644
--- a/pom.xml
+++ b/pom.xml
@@ -216,8 +216,6 @@
 			<version>4.10.0</version>
 		</dependency>
 
-
-
 		<!-- okhttp-digest -->
 		<dependency>
 			<groupId>io.github.rburgst</groupId>
@@ -226,10 +224,17 @@
 		</dependency>
 
 		<!-- https://mvnrepository.com/artifact/net.sf.kxml/kxml2 -->
+<!--		<dependency>-->
+<!--			<groupId>net.sf.kxml</groupId>-->
+<!--			<artifactId>kxml2</artifactId>-->
+<!--			<version>2.3.0</version>-->
+<!--		</dependency>-->
+
+		<!-- jwt瀹炵幇 -->
 		<dependency>
-			<groupId>net.sf.kxml</groupId>
-			<artifactId>kxml2</artifactId>
-			<version>2.3.0</version>
+			<groupId>org.bitbucket.b_c</groupId>
+			<artifactId>jose4j</artifactId>
+			<version>0.9.3</version>
 		</dependency>
 
 		<!--鍙嶅悜浠g悊-->
diff --git a/src/main/java/com/genersoft/iot/vmp/conf/security/AnonymousAuthenticationEntryPoint.java b/src/main/java/com/genersoft/iot/vmp/conf/security/AnonymousAuthenticationEntryPoint.java
index 35c68d5..7a178d9 100644
--- a/src/main/java/com/genersoft/iot/vmp/conf/security/AnonymousAuthenticationEntryPoint.java
+++ b/src/main/java/com/genersoft/iot/vmp/conf/security/AnonymousAuthenticationEntryPoint.java
@@ -1,10 +1,11 @@
 package com.genersoft.iot.vmp.conf.security;
 
 import com.alibaba.fastjson2.JSONObject;
+import com.genersoft.iot.vmp.conf.security.dto.JwtUser;
 import com.genersoft.iot.vmp.vmanager.bean.ErrorCode;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.web.AuthenticationEntryPoint;
 import org.springframework.stereotype.Component;
 
@@ -17,12 +18,17 @@
  * @author lin
  */
 @Component
-public class AnonymousAuthenticationEntryPoint implements AuthenticationEntryPoint {
-
-    private final static Logger logger = LoggerFactory.getLogger(DefaultUserDetailsServiceImpl.class);
+public class    AnonymousAuthenticationEntryPoint implements AuthenticationEntryPoint {
 
     @Override
     public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException e) {
+        System.err.println(e.getMessage());
+        String jwt = request.getHeader(JwtUtils.getHeader());
+        JwtUser jwtUser = JwtUtils.verifyToken(jwt);
+        String username = jwtUser.getUserName();
+        UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(username, jwtUser.getPassword() );
+        SecurityContextHolder.getContext().setAuthentication(token);
+        System.out.println(jwt);
         // 鍏佽璺ㄥ煙
         String origin = request.getHeader("Origin");
         response.setHeader("Access-Control-Allow-Credentials", "true");
diff --git a/src/main/java/com/genersoft/iot/vmp/conf/security/DefaultUserDetailsServiceImpl.java b/src/main/java/com/genersoft/iot/vmp/conf/security/DefaultUserDetailsServiceImpl.java
index 509a1e0..0cda4a5 100644
--- a/src/main/java/com/genersoft/iot/vmp/conf/security/DefaultUserDetailsServiceImpl.java
+++ b/src/main/java/com/genersoft/iot/vmp/conf/security/DefaultUserDetailsServiceImpl.java
@@ -1,7 +1,9 @@
 package com.genersoft.iot.vmp.conf.security;
 
-import java.time.LocalDateTime;
-
+import com.alibaba.excel.util.StringUtils;
+import com.genersoft.iot.vmp.conf.security.dto.LoginUser;
+import com.genersoft.iot.vmp.service.IUserService;
+import com.genersoft.iot.vmp.storager.dao.dto.User;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -10,10 +12,7 @@
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.stereotype.Component;
 
-import com.alibaba.excel.util.StringUtils;
-import com.genersoft.iot.vmp.conf.security.dto.LoginUser;
-import com.genersoft.iot.vmp.service.IUserService;
-import com.genersoft.iot.vmp.storager.dao.dto.User;
+import java.time.LocalDateTime;
 
 /**
  * 鐢ㄦ埛鐧诲綍璁よ瘉閫昏緫
@@ -45,4 +44,8 @@
     }
 
 
+
+
+
+
 }
diff --git a/src/main/java/com/genersoft/iot/vmp/conf/security/InvalidSessionHandler.java b/src/main/java/com/genersoft/iot/vmp/conf/security/InvalidSessionHandler.java
deleted file mode 100644
index f3fd068..0000000
--- a/src/main/java/com/genersoft/iot/vmp/conf/security/InvalidSessionHandler.java
+++ /dev/null
@@ -1,24 +0,0 @@
-package com.genersoft.iot.vmp.conf.security;
-
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.security.web.session.InvalidSessionStrategy;
-
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
-
-/**
- * 鐧诲綍瓒呮椂鐨勫鐞�
- */
-public class InvalidSessionHandler implements InvalidSessionStrategy {
-
-    private final static Logger logger = LoggerFactory.getLogger(InvalidSessionHandler.class);
-
-    @Override
-    public void onInvalidSessionDetected(HttpServletRequest request, HttpServletResponse httpServletResponse) throws IOException, ServletException {
-        String username = request.getParameter("username");
-        logger.info("[鐧诲綍瓒呮椂] - [{}]", username);
-    }
-}
diff --git a/src/main/java/com/genersoft/iot/vmp/conf/security/JwtAuthenticationFilter.java b/src/main/java/com/genersoft/iot/vmp/conf/security/JwtAuthenticationFilter.java
new file mode 100644
index 0000000..91709aa
--- /dev/null
+++ b/src/main/java/com/genersoft/iot/vmp/conf/security/JwtAuthenticationFilter.java
@@ -0,0 +1,65 @@
+package com.genersoft.iot.vmp.conf.security;
+
+import com.genersoft.iot.vmp.conf.security.dto.JwtUser;
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.stereotype.Component;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.util.ArrayList;
+
+/**
+ * jwt token 杩囨护鍣�
+ */
+
+@Component
+public class JwtAuthenticationFilter extends OncePerRequestFilter {
+
+
+    @Override
+    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {
+        String jwt = request.getHeader(JwtUtils.getHeader());
+        // 杩欓噷濡傛灉娌℃湁jwt锛岀户缁線鍚庤蛋锛屽洜涓哄悗闈㈣繕鏈夐壌鏉冪鐞嗗櫒绛夊幓鍒ゆ柇鏄惁鎷ユ湁韬唤鍑瘉锛屾墍浠ユ槸鍙互鏀捐鐨�
+        // 娌℃湁jwt鐩稿綋浜庡尶鍚嶈闂紝鑻ユ湁涓�浜涙帴鍙f槸闇�瑕佹潈闄愮殑锛屽垯涓嶈兘璁块棶杩欎簺鎺ュ彛
+        if (StringUtils.isBlank(jwt)) {
+            chain.doFilter(request, response);
+            return;
+        }
+
+
+        JwtUser jwtUser = JwtUtils.verifyToken(jwt);
+        String username = jwtUser.getUserName();
+        // TODO 澶勭悊鍚勪釜鐘舵��
+        switch (jwtUser.getStatus()){
+            case EXPIRED:
+                response.setStatus(400);
+                chain.doFilter(request, response);
+                // 寮傚父
+                return;
+            case EXCEPTION:
+                // 杩囨湡
+                response.setStatus(400);
+                chain.doFilter(request, response);
+                return;
+            case EXPIRING_SOON:
+                // 鍗冲皢杩囨湡
+//                return;
+            default:
+        }
+
+//        String password = SecurityUtils.encryptPassword(jwtUser.getPassword());
+//        user.setPassword(password);
+
+        // 鏋勫缓UsernamePasswordAuthenticationToken,杩欓噷瀵嗙爜涓簄ull锛屾槸鍥犱负鎻愪緵浜嗘纭殑JWT,瀹炵幇鑷姩鐧诲綍
+        UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(username, jwtUser.getPassword(), new ArrayList<>() );
+        SecurityContextHolder.getContext().setAuthentication(token);
+        chain.doFilter(request, response);
+    }
+
+}
diff --git a/src/main/java/com/genersoft/iot/vmp/conf/security/JwtUtils.java b/src/main/java/com/genersoft/iot/vmp/conf/security/JwtUtils.java
new file mode 100644
index 0000000..378e5d6
--- /dev/null
+++ b/src/main/java/com/genersoft/iot/vmp/conf/security/JwtUtils.java
@@ -0,0 +1,138 @@
+package com.genersoft.iot.vmp.conf.security;
+
+import com.genersoft.iot.vmp.conf.security.dto.JwtUser;
+import org.jose4j.json.JsonUtil;
+import org.jose4j.jwk.RsaJsonWebKey;
+import org.jose4j.jws.AlgorithmIdentifiers;
+import org.jose4j.jws.JsonWebSignature;
+import org.jose4j.jwt.JwtClaims;
+import org.jose4j.jwt.NumericDate;
+import org.jose4j.jwt.consumer.ErrorCodes;
+import org.jose4j.jwt.consumer.InvalidJwtException;
+import org.jose4j.jwt.consumer.JwtConsumer;
+import org.jose4j.jwt.consumer.JwtConsumerBuilder;
+import org.jose4j.lang.JoseException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.security.PrivateKey;
+import java.time.LocalDateTime;
+import java.time.ZoneOffset;
+
+public class JwtUtils {
+
+    private static final Logger logger = LoggerFactory.getLogger(JwtUtils.class);
+
+    private static final String HEADER = "Access-Token";
+    private static final String AUDIENCE = "Audience";
+
+    private static final long EXPIRED_THRESHOLD = 10 * 60;
+
+    private static final String keyId = "3e79646c4dbc408383a9eed09f2b85ae";
+    private static final String privateKeyStr = "{\"kty\":\"RSA\",\"kid\":\"3e79646c4dbc408383a9eed09f2b85ae\",\"alg\":\"RS256\",\"n\":\"gndmVdiOTSJ5et2HIeTM5f1m61x5ojLUi5HDfvr-jRrESQ5kbKuySGHVwR4QhwinpY1wQqBnwc80tx7cb_6SSqsTOoGln6T_l3k2Pb54ClVnGWiW_u1kmX78V2TZOsVmZmwtdZCMi-2zWIyAdIEXE-gncIehoAgEoq2VAhaCURbJWro_EwzzQwNmCTkDodLAx4npXRd_qSu0Ayp0txym9OFovBXBULRvk4DPiy3i_bPUmCDxzC46pTtFOe9p82uybTehZfULZtXXqRm85FL9n5zkrsTllPNAyEGhgb0RK9sE5nK1m_wNNysDyfLC4EFf1VXTrKm14XNVjc2vqLb7Mw\",\"e\":\"AQAB\",\"d\":\"ed7U_k3rJ4yTk70JtRSIfjKGiEb67BO1TabcymnljKO7RU8nage84zZYuSu_XpQsHk6P1f0Gzxkicghm_Er-FrfVn2pp70Xu52z3yRd6BJUgWLDFk97ngScIyw5OiULKU9SrZk2frDpftNCSUcIgb50F8m0QAnBa_CdPsQKbuuhLv8V8tBAV7F_lAwvSBgu56wRo3hPz5dWH8YeXM7XBfQ9viFMNEKd21sP_j5C7ueUnXT66nBxe3ZJEU3iuMYM6D6dB_KW2GfZC6WmTgvGhhxJD0h7aYmfjkD99MDleB7SkpbvoODOqiQ5Epb7Nyh6kv5u4KUv2CJYtATLZkUeMkQ\",\"p\":\"uBUjWPWtlGksmOqsqCNWksfqJvMcnP_8TDYN7e4-WnHL4N-9HjRuPDnp6kHvCIEi9SEfxm7gNxlRcWegvNQr3IZCz7TnCTexXc5NOklB9OavWFla6u-s3Thn6Tz45-EUjpJr0VJMxhO-KxGmuTwUXBBp4vN6K2qV6rQNFmgkWzk\",\"q\":\"tW_i7cCec56bHkhITL_79dXHz_PLC_f7xlynmlZJGU_d6mqOKmLBNBbTMLnYW8uAFiFzWxDeDHh1o5uF0mSQR-Z1Fg35OftnpbWpy0Cbc2la5WgXQjOwtG1eLYIY2BD3-wQ1VYDBCvowr4FDi-sngxwLqvwmrJ0xjhi99O-Gzcs\",\"dp\":\"q1d5jE85Hz_6M-eTh_lEluEf0NtPEc-vvhw-QO4V-cecNpbrCBdTWBmr4dE3NdpFeJc5ZVFEv-SACyei1MBEh0ItI_pFZi4BmMfy2ELh8ptaMMkTOESYyVy8U7veDq9RnBcr5i1Nqr0rsBkA77-9T6gzdvycBZdzLYAkAmwzEvk\",\"dq\":\"q29A2K08Crs-jmp2Bi8Q_8QzvIX6wSBbwZ4ir24AO-5_HNP56IrPS0yV2GCB0pqCOGb6_Hz_koDvhtuYoqdqvMVAtMoXR3YJBUaVXPt65p4RyNmFwIPe31zHs_BNUTsXVRMw4c16mci03-Af1sEm4HdLfxAp6sfM3xr5wcnhcek\",\"qi\":\"rHPgVTyHUHuYzcxfouyBfb1XAY8nshwn0ddo81o1BccD4Z7zo5It6SefDHjxCAbcmbiCcXBSooLcY-NF5FMv3fg19UE21VyLQltHcVjRRp2tRs4OHcM8yaXIU2x6N6Z6BP2tOksHb9MOBY1wAQzFOAKg_G4Sxev6-_6ud6RISuc\"}";
+    private static final String publicKeyStr = "{\"kty\":\"RSA\",\"kid\":\"3e79646c4dbc408383a9eed09f2b85ae\",\"alg\":\"RS256\",\"n\":\"gndmVdiOTSJ5et2HIeTM5f1m61x5ojLUi5HDfvr-jRrESQ5kbKuySGHVwR4QhwinpY1wQqBnwc80tx7cb_6SSqsTOoGln6T_l3k2Pb54ClVnGWiW_u1kmX78V2TZOsVmZmwtdZCMi-2zWIyAdIEXE-gncIehoAgEoq2VAhaCURbJWro_EwzzQwNmCTkDodLAx4npXRd_qSu0Ayp0txym9OFovBXBULRvk4DPiy3i_bPUmCDxzC46pTtFOe9p82uybTehZfULZtXXqRm85FL9n5zkrsTllPNAyEGhgb0RK9sE5nK1m_wNNysDyfLC4EFf1VXTrKm14XNVjc2vqLb7Mw\",\"e\":\"AQAB\"}";
+
+    /**
+     * token杩囨湡鏃堕棿(鍒嗛挓)
+     */
+    public static final long expirationTime = 30;
+
+    public static String createToken(String username, String password) {
+        try {
+            /**
+             * 鈥渋ss鈥� (issuer)  鍙戣浜�
+             *
+             * 鈥渟ub鈥� (subject)  涓婚
+             *
+             * 鈥渁ud鈥� (audience) 鎺ユ敹鏂� 鐢ㄦ埛
+             *
+             * 鈥渆xp鈥� (expiration time) 鍒版湡鏃堕棿
+             *
+             * 鈥渘bf鈥� (not before)  鍦ㄦ涔嬪墠涓嶅彲鐢�
+             *
+             * 鈥渋at鈥� (issued at)  jwt鐨勭鍙戞椂闂�
+             */
+            //Payload
+            JwtClaims claims = new JwtClaims();
+            claims.setGeneratedJwtId();
+            claims.setIssuedAtToNow();
+            // 浠ょ墝灏嗚繃鏈熺殑鏃堕棿 鍒嗛挓
+            claims.setExpirationTimeMinutesInTheFuture(expirationTime);
+            claims.setNotBeforeMinutesInThePast(0);
+            claims.setSubject("login");
+            claims.setAudience(AUDIENCE);
+            //娣诲姞鑷畾涔夊弬鏁�,蹇呴』鏄瓧绗︿覆绫诲瀷
+            claims.setClaim("username", username);
+            claims.setClaim("password", password);
+
+            //jws
+            JsonWebSignature jws = new JsonWebSignature();
+            //绛惧悕绠楁硶RS256
+            jws.setAlgorithmHeaderValue(AlgorithmIdentifiers.RSA_USING_SHA256);
+            jws.setKeyIdHeaderValue(keyId);
+            jws.setPayload(claims.toJson());
+
+            PrivateKey privateKey = new RsaJsonWebKey(JsonUtil.parseJson(privateKeyStr)).getPrivateKey();
+            jws.setKey(privateKey);
+
+            //get token
+            String idToken = jws.getCompactSerialization();
+            return idToken;
+        } catch (JoseException e) {
+            logger.error("[Token鐢熸垚澶辫触]锛� {}", e.getMessage());
+        }
+
+        return null;
+    }
+
+    public static String getHeader() {
+        return HEADER;
+    }
+
+
+    public static JwtUser verifyToken(String token) {
+
+        JwtUser jwtUser = new JwtUser();
+
+        try {
+            JwtConsumer consumer = new JwtConsumerBuilder()
+                    .setRequireExpirationTime()
+                    .setMaxFutureValidityInMinutes(5256000)
+                    .setAllowedClockSkewInSeconds(30)
+                    .setRequireSubject()
+                    //.setExpectedIssuer("")
+                    .setExpectedAudience(AUDIENCE)
+                    .setVerificationKey(new RsaJsonWebKey(JsonUtil.parseJson(publicKeyStr)).getPublicKey())
+                    .build();
+
+            JwtClaims claims = consumer.processToClaims(token);
+            NumericDate expirationTime = claims.getExpirationTime();
+            // 鍒ゆ柇鏄惁鍗冲皢杩囨湡, 榛樿鍓╀綑鏃堕棿灏忎簬5鍒嗛挓鏈嵆灏嗚繃鏈�
+            // 鍓╀綑鏃堕棿 锛堢锛�
+            long timeRemaining = LocalDateTime.now().toEpochSecond(ZoneOffset.ofHours(8)) - expirationTime.getValue();
+            if (timeRemaining < 5 * 60) {
+                jwtUser.setStatus(JwtUser.TokenStatus.EXPIRING_SOON);
+            }else {
+                jwtUser.setStatus(JwtUser.TokenStatus.NORMAL);
+            }
+
+            String username = (String) claims.getClaimValue("username");
+            String password = (String) claims.getClaimValue("password");
+            jwtUser.setUserName(username);
+            jwtUser.setPassword(password);
+
+            return jwtUser;
+        } catch (InvalidJwtException e) {
+            if (e.hasErrorCode(ErrorCodes.EXPIRED)) {
+                jwtUser.setStatus(JwtUser.TokenStatus.EXPIRED);
+            }else {
+                jwtUser.setStatus(JwtUser.TokenStatus.EXCEPTION);
+            }
+            return jwtUser;
+        }catch (Exception e) {
+            logger.error("[Token瑙f瀽澶辫触]锛� {}", e.getMessage());
+            jwtUser.setStatus(JwtUser.TokenStatus.EXPIRED);
+            return jwtUser;
+        }
+    }
+}
diff --git a/src/main/java/com/genersoft/iot/vmp/conf/security/LoginSuccessHandler.java b/src/main/java/com/genersoft/iot/vmp/conf/security/LoginSuccessHandler.java
index 2d7e8a1..d26342e 100644
--- a/src/main/java/com/genersoft/iot/vmp/conf/security/LoginSuccessHandler.java
+++ b/src/main/java/com/genersoft/iot/vmp/conf/security/LoginSuccessHandler.java
@@ -21,7 +21,16 @@
 
     @Override
     public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException {
-        String username = request.getParameter("username");
-        logger.info("[鐧诲綍鎴愬姛] - [{}]", username);
+//        String username = request.getParameter("username");
+//        httpServletResponse.setContentType("application/json;charset=UTF-8");
+//        // 鐢熸垚JWT锛屽苟鏀剧疆鍒拌姹傚ご涓�
+//        String jwt = JwtUtils.createToken(authentication.getName(), );
+//        httpServletResponse.setHeader(JwtUtils.getHeader(), jwt);
+//        ServletOutputStream outputStream = httpServletResponse.getOutputStream();
+//        outputStream.write(JSON.toJSONString(ErrorCode.SUCCESS).getBytes(StandardCharsets.UTF_8));
+//        outputStream.flush();
+//        outputStream.close();
+
+//        logger.info("[鐧诲綍鎴愬姛] - [{}]", username);
     }
 }
diff --git a/src/main/java/com/genersoft/iot/vmp/conf/security/SecurityUtils.java b/src/main/java/com/genersoft/iot/vmp/conf/security/SecurityUtils.java
index fd29d11..76f1162 100644
--- a/src/main/java/com/genersoft/iot/vmp/conf/security/SecurityUtils.java
+++ b/src/main/java/com/genersoft/iot/vmp/conf/security/SecurityUtils.java
@@ -1,6 +1,7 @@
 package com.genersoft.iot.vmp.conf.security;
 
 import com.genersoft.iot.vmp.conf.security.dto.LoginUser;
+import com.genersoft.iot.vmp.storager.dao.dto.User;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
@@ -9,6 +10,7 @@
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 
 import javax.security.sasl.AuthenticationException;
+import java.time.LocalDateTime;
 
 public class SecurityUtils {
 
@@ -25,10 +27,16 @@
     public static LoginUser login(String username, String password, AuthenticationManager authenticationManager) throws AuthenticationException {
         //浣跨敤security妗嗘灦鑷甫鐨勯獙璇乼oken鐢熸垚鍣�  涔熷彲浠ヨ嚜瀹氫箟銆�
         UsernamePasswordAuthenticationToken token =new UsernamePasswordAuthenticationToken(username,password);
-        Authentication authenticate = authenticationManager.authenticate(token);
-        SecurityContextHolder.getContext().setAuthentication(authenticate);
-        LoginUser user = (LoginUser) authenticate.getPrincipal();
-        return user;
+//        Authentication authenticate = authenticationManager.authenticate(token);
+//        SecurityContextHolder.getContext().setAuthentication(authenticate);
+        SecurityContextHolder.getContext().setAuthentication(token);
+
+
+//        LoginUser user = (LoginUser) authenticate.getPrincipal();
+        User user = new User();
+        user.setUsername(username);
+        LoginUser loginUser = new LoginUser(user, LocalDateTime.now());
+        return loginUser;
     }
 
     /**
@@ -49,8 +57,13 @@
         if(authentication!=null){
             Object principal = authentication.getPrincipal();
             if(principal!=null && !"anonymousUser".equals(principal)){
-                LoginUser user = (LoginUser) authentication.getPrincipal();
-                return user;
+//                LoginUser user = (LoginUser) authentication.getPrincipal();
+
+                String username = (String) principal;
+                User user = new User();
+                user.setUsername(username);
+                LoginUser loginUser = new LoginUser(user, LocalDateTime.now());
+                return loginUser;
             }
         }
         return null;
diff --git a/src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java b/src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java
index cce0d11..c700b8c 100644
--- a/src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java
+++ b/src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java
@@ -15,7 +15,9 @@
 import org.springframework.security.config.annotation.web.builders.WebSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 
 import java.util.List;
 
@@ -56,22 +58,14 @@
      */
     @Autowired
     private AnonymousAuthenticationEntryPoint anonymousAuthenticationEntryPoint;
-//    /**
-//     * 瓒呮椂澶勭悊
-//     */
-//    @Autowired
-//    private InvalidSessionHandler invalidSessionHandler;
+    @Autowired
+    private JwtAuthenticationFilter jwtAuthenticationFilter;
 
-//    /**
-//     * 椤跺彿澶勭悊
-//     */
-//    @Autowired
-//    private SessionInformationExpiredHandler sessionInformationExpiredHandler;
-//    /**
-//     * 鐧诲綍鐢ㄦ埛娌℃湁鏉冮檺璁块棶璧勬簮
-//     */
-//    @Autowired
-//    private LoginUserAccessDeniedHandler accessDeniedHandler;
+//    @Bean
+//    JwtAuthenticationFilter jwtAuthenticationFilter() throws Exception {
+//        JwtAuthenticationFilter jwtAuthenticationFilter = new JwtAuthenticationFilter(authenticationManager());
+//        return jwtAuthenticationFilter;
+//    }
 
 
     /**
@@ -126,35 +120,56 @@
 
     @Override
     protected void configure(HttpSecurity http) throws Exception {
-        http.cors().and().csrf().disable();
-        // 璁剧疆鍏佽娣诲姞闈欐�佹枃浠�
-        http.headers().contentTypeOptions().disable();
-        http.authorizeRequests()
-                // 鏀捐鎺ュ彛
+        http.headers().contentTypeOptions().disable()
+                .and().cors()
+                .and().csrf().disable()
+                .sessionManagement()
+                .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
+
+                // 閰嶇疆鎷︽埅瑙勫垯
+                .and()
+                .authorizeRequests()
                 .antMatchers("/api/user/login","/index/hook/**").permitAll()
-                // 闄や笂闈㈠鐨勬墍鏈夎姹傚叏閮ㄩ渶瑕侀壌鏉冭璇�
                 .anyRequest().authenticated()
-                // 寮傚父澶勭悊(鏉冮檺鎷掔粷銆佺櫥褰曞け鏁堢瓑)
-                .and().exceptionHandling()
-                //鍖垮悕鐢ㄦ埛璁块棶鏃犳潈闄愯祫婧愭椂鐨勫紓甯稿鐞�
+                // 寮傚父澶勭悊鍣�
+                .and()
+                .exceptionHandling()
                 .authenticationEntryPoint(anonymousAuthenticationEntryPoint)
-//                .accessDeniedHandler(accessDeniedHandler)//鐧诲綍鐢ㄦ埛娌℃湁鏉冮檺璁块棶璧勬簮
-                // 鐧诲叆 鍏佽鎵�鏈夌敤鎴�
-                .and().formLogin().permitAll()
-                //鐧诲綍鎴愬姛澶勭悊閫昏緫
-                .successHandler(loginSuccessHandler)
-                //鐧诲綍澶辫触澶勭悊閫昏緫
-                .failureHandler(loginFailureHandler)
-                // 鐧诲嚭
-                .and().logout().logoutUrl("/api/user/logout").permitAll()
-                //鐧诲嚭鎴愬姛澶勭悊閫昏緫
-                .logoutSuccessHandler(logoutHandler)
-                .deleteCookies("JSESSIONID")
-                // 浼氳瘽绠$悊
-//                .and().sessionManagement().invalidSessionStrategy(invalidSessionHandler) // 瓒呮椂澶勭悊
-//                .maximumSessions(1)//鍚屼竴璐﹀彿鍚屾椂鐧诲綍鏈�澶х敤鎴锋暟
-//                .expiredSessionStrategy(sessionInformationExpiredHandler) // 椤跺彿澶勭悊
+//                .accessDeniedHandler(jwtAccessDeniedHandler)
+                // 閰嶇疆鑷畾涔夌殑杩囨护鍣�
+//                .and()
+//                .addFilter(jwtAuthenticationFilter)
+                // 楠岃瘉鐮佽繃婊ゅ櫒鏀惧湪UsernamePassword杩囨护鍣ㄤ箣鍓�
+//                .addFilterBefore(captchaFilter, UsernamePasswordAuthenticationFilter.class)
         ;
+        http.addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
+//        // 璁剧疆鍏佽娣诲姞闈欐�佹枃浠�
+//        http.headers().contentTypeOptions().disable();
+//        http.authorizeRequests()
+//                // 鏀捐鎺ュ彛
+//                .antMatchers("/api/user/login","/index/hook/**").permitAll()
+//                // 闄や笂闈㈠鐨勬墍鏈夎姹傚叏閮ㄩ渶瑕侀壌鏉冭璇�
+//                .anyRequest().authenticated()
+//                // 绂佺敤session
+//                .and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
+//                // 寮傚父澶勭悊(鏉冮檺鎷掔粷銆佺櫥褰曞け鏁堢瓑)
+//                .and().exceptionHandling()
+//                // 鍖垮悕鐢ㄦ埛璁块棶鏃犳潈闄愯祫婧愭椂鐨勫紓甯稿鐞�
+//                .authenticationEntryPoint(anonymousAuthenticationEntryPoint)
+//                // 鐧诲綍 鍏佽鎵�鏈夌敤鎴�
+//                .and().formLogin()
+//                // 鐧诲綍鎴愬姛澶勭悊閫昏緫 鍦ㄨ繖閲岀粰鍑篔WT
+//                .successHandler(loginSuccessHandler)
+//                // 鐧诲綍澶辫触澶勭悊閫昏緫
+//                .failureHandler(loginFailureHandler)
+//                // 鐧诲嚭
+//                .and().logout().logoutUrl("/api/user/logout").permitAll()
+//                // 鐧诲嚭鎴愬姛澶勭悊閫昏緫
+//                .logoutSuccessHandler(logoutHandler)
+//                // 閰嶇疆鑷畾涔夌殑杩囨护鍣�
+//                .and()
+//                .addFilter(jwtAuthenticationFilter())
+//        ;
 
     }
 
diff --git a/src/main/java/com/genersoft/iot/vmp/conf/security/dto/JwtUser.java b/src/main/java/com/genersoft/iot/vmp/conf/security/dto/JwtUser.java
new file mode 100644
index 0000000..1639d1f
--- /dev/null
+++ b/src/main/java/com/genersoft/iot/vmp/conf/security/dto/JwtUser.java
@@ -0,0 +1,53 @@
+package com.genersoft.iot.vmp.conf.security.dto;
+
+public class JwtUser {
+
+    public enum TokenStatus{
+        /**
+         * 姝e父鐨勪娇鐢ㄧ姸鎬�
+         */
+        NORMAL,
+        /**
+         * 杩囨湡鑰屽け鏁�
+         */
+        EXPIRED,
+        /**
+         * 鍗冲皢杩囨湡
+         */
+        EXPIRING_SOON,
+        /**
+         * 寮傚父
+         */
+        EXCEPTION
+    }
+
+    private String userName;
+
+    private String password;
+
+    private TokenStatus status;
+
+    public String getUserName() {
+        return userName;
+    }
+
+    public void setUserName(String userName) {
+        this.userName = userName;
+    }
+
+    public TokenStatus getStatus() {
+        return status;
+    }
+
+    public void setStatus(TokenStatus status) {
+        this.status = status;
+    }
+
+    public String getPassword() {
+        return password;
+    }
+
+    public void setPassword(String password) {
+        this.password = password;
+    }
+}
diff --git a/src/main/java/com/genersoft/iot/vmp/vmanager/user/UserController.java b/src/main/java/com/genersoft/iot/vmp/vmanager/user/UserController.java
index 127e83b..826dd51 100644
--- a/src/main/java/com/genersoft/iot/vmp/vmanager/user/UserController.java
+++ b/src/main/java/com/genersoft/iot/vmp/vmanager/user/UserController.java
@@ -1,6 +1,7 @@
 package com.genersoft.iot.vmp.vmanager.user;
 
 import com.genersoft.iot.vmp.conf.exception.ControllerException;
+import com.genersoft.iot.vmp.conf.security.JwtUtils;
 import com.genersoft.iot.vmp.conf.security.SecurityUtils;
 import com.genersoft.iot.vmp.conf.security.dto.LoginUser;
 import com.genersoft.iot.vmp.service.IRoleService;
@@ -21,6 +22,8 @@
 import org.springframework.web.bind.annotation.*;
 
 import javax.security.sasl.AuthenticationException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
 import java.util.List;
 
 @Tag(name  = "鐢ㄦ埛绠$悊")
@@ -43,7 +46,7 @@
     @Operation(summary = "鐧诲綍")
     @Parameter(name = "username", description = "鐢ㄦ埛鍚�", required = true)
     @Parameter(name = "password", description = "瀵嗙爜锛�32浣峬d5鍔犲瘑锛�", required = true)
-    public LoginUser login(@RequestParam String username, @RequestParam String password){
+    public LoginUser login(HttpServletRequest request, HttpServletResponse response, @RequestParam String username, @RequestParam String password){
         LoginUser user = null;
         try {
             user = SecurityUtils.login(username, password, authenticationManager);
@@ -52,6 +55,9 @@
         }
         if (user == null) {
             throw new ControllerException(ErrorCode.ERROR100.getCode(), "鐢ㄦ埛鍚嶆垨瀵嗙爜閿欒");
+        }else {
+            String jwt = JwtUtils.createToken(username, password);
+            response.setHeader(JwtUtils.getHeader(), jwt);
         }
         return user;
     }

--
Gitblit v1.8.0