SpringSecurity 简单使用,实现登录认证,通过过滤器实现自定义异常处理

1.基本配置
java 复制代码
@Configuration
@EnableWebSecurity
@Slf4j
public class SecurityConfig {
    //自定义过滤器
    @Autowired
    private JwtAuthenticationTokenFilter jwtAuthenticationTokenFilter;
    //登录认证服务
    @Autowired
    private UserDetailsService userDetailsService;
    //自定义权限失败处理
    @Autowired
    private AccessDeniedExceptionHandler accessDeniedExceptionHandler;
    //自定义认证失败处理
    @Autowired
    private AuthenticationExceptionHandler authenticationExceptionHandler;

    //密码加密器
    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }
    @Bean
    public AuthenticationManager authenticationManager(AuthenticationConfiguration authConfig) throws Exception {
        log.info("执行authenticationManager");
        return authConfig.getAuthenticationManager();
    }

    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        log.info("filterChain 执行");
         // 基于token,不需要csrf
        http.sessionManagement((session) -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) // 基于token,不需要session
                .authorizeHttpRequests((authz) -> authz
                        .requestMatchers("/auth/user/login",  "/auth/user/regist").permitAll()
                        .requestMatchers(HttpMethod.OPTIONS).permitAll()
                        .anyRequest().authenticated()
                )
                .addFilterBefore(jwtAuthenticationTokenFilter, UsernamePasswordAuthenticationFilter.class)
                .exceptionHandling(exception ->{
                    exception.authenticationEntryPoint(authenticationExceptionHandler)
                    .accessDeniedHandler(accessDeniedExceptionHandler);
                });
        http.csrf(csrf -> csrf.disable());
        return http.build();
    }

    @Bean
    public DaoAuthenticationProvider daoAuthenticationProvider() {
        DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
        provider.setUserDetailsService(userDetailsService);
        provider.setPasswordEncoder(passwordEncoder());
        return provider;
    }
}
2.AuthenticationExceptionHandler
java 复制代码
@Component
public class AuthenticationExceptionHandler implements AuthenticationEntryPoint {
    @Override
    public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException, ServletException {
        CustomAuthenticationException su = (CustomAuthenticationException) authException;
        // 设置响应的字符编码和内容类型
        response.setContentType("application/json;charset=UTF-8");
        response.setCharacterEncoding("UTF-8");
        PrintWriter writer = response.getWriter();
        writer.write(new ObjectMapper().writeValueAsString(BaseVo.fail(su.getMessage())));
        writer.flush();
    }
}
3.AccessDeniedExceptionHandler
java 复制代码
@Component
public class AccessDeniedExceptionHandler implements AccessDeniedHandler {
    @Override
    public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException) throws IOException, ServletException {
        //todo  和 AuthenticationExceptionHandler  类似
    }
}
4. UserDetailsImpl
java 复制代码
@Data
@NoArgsConstructor
@AllArgsConstructor
public class UserDetailsImpl implements UserDetails {

    private User user;

    @Override
    public Collection<? extends GrantedAuthority> getAuthorities() {
        return List.of();
    }

    @Override
    public String getPassword() {
        return user.getPassWord();
    }

    @Override
    public String getUsername() {
        return user.getUserName();
    }

}
  1. UserService
java 复制代码
public interface UserService extends IService<User>, UserDetailsService {
    Page<User> getPage(Page<User> page, User user);
}
5. UserServiceImpl
java 复制代码
@Service
@Slf4j
public class UserServiceImpl extends ServiceImpl<UserMapper, User> implements UserService {

    @Override
    public Page<User> getPage(Page<User> page, User user) {
        LambdaQueryWrapper<User> query = new LambdaQueryWrapper<>();
        query.like(ObjectUtil.isNotEmpty(user.getUserName()), User::getUserName, user.getUserName());
        query.like(ObjectUtil.isNotEmpty(user.getEmail()), User::getEmail, user.getEmail());
        query.like(ObjectUtil.isNotEmpty(user.getPhoneNumber()), User::getPhoneNumber, user.getPhoneNumber());
        query.like(ObjectUtil.isNotEmpty(user.getDeptNo()), User::getDeptNo, user.getDeptNo());
        query.eq(ObjectUtil.isNotEmpty(user.getIsActive()), User::getIsActive, user.getIsActive());
        query.orderByDesc(User::getCreateTime);
        return this.page(page, query);
    }

    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
        log.info("执行loadUserByUsername方法");
        LambdaQueryWrapper<User> query = new LambdaQueryWrapper<>();
        query.eq(User::getUserName, username)
                .or()
                .eq(User::getEmail, username)
                .or()
                .eq(User::getPhoneNumber, username);
        User user = this.getOne(query);
        if(ObjectUtil.isEmpty(user)){
            log.info("不存在该用户");
        }
        return new UserDetailsImpl(user);
    }
}
6. UserController
java 复制代码
@RestController
@RequestMapping("/auth/user")
public class UserController {

    @Autowired
    private AuthenticationManager authenticationManager;

    @Autowired
    private PasswordEncoder passwordEncoder;

    @Autowired
    private JwtUtil jwtUtil;

    @Autowired
    private RedisUtil redisUtil;

    @Value("${jwt.expires}")
    private Integer expiresIn;

    @Autowired
    private UserService userService;
    @PostMapping("/regist")
    public Boolean register(@RequestBody UserDto userDto){
        User user = UserConvert.INSTANCE.targetToSource(userDto);
        if(ObjectUtil.isNotEmpty(user)){
            user.setPassWord(passwordEncoder.encode(user.getPassWord()));
        }
        return userService.save(user);
    }
    @PostMapping("/login")
    public UserVo login(@RequestBody UserDto userDto){
        String loginName = userDto.getLoginName();
        Authentication authenticate = authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(loginName, userDto.getPassWord()));
//        SecurityContext context = SecurityContextHolder.getContext();
//        Authentication authentication = context.getAuthentication();
        UserDetailsImpl userDetail = (UserDetailsImpl) authenticate.getPrincipal();
        UserVo userVo = UserConvert.INSTANCE.sourceToVo(userDetail.getUser());
        Map<String, String> userInfo = new HashMap<>();
        userInfo.put("userName",userVo.getUserName());
        userInfo.put("userId",String.valueOf(userVo.getId()));
        String token = jwtUtil.getToken(userInfo, expiresIn);
        userVo.setToken(token);
        return userVo;
    }

    @PostMapping("/update")
    public Boolean updateUser(@RequestBody UserDto userDto){
        User user = UserConvert.INSTANCE.targetToSource(userDto);
        return userService.saveOrUpdate(user);
    }
    @PostMapping("/detail")
    public UserVo getUser(@RequestParam("id") Long id){
        User user = userService.getById(id);
        return UserConvert.INSTANCE.sourceToVo(user);
    }
    @PostMapping("/page")
    public IPage<UserVo> getUserPage(@RequestBody UserDto userDto){
        User user = UserConvert.INSTANCE.targetToSource(userDto);
        Page<User> page = new Page<>(userDto.getPageNo(), userDto.getPageSize());
        page = userService.getPage(page,user);
        return UserConvert.INSTANCE.sourceToVo(page);
    }
    @PostMapping("/delete")
    public Boolean deleteUser(Long id){
        return userService.removeById(id);
    }
}
相关推荐
卓怡学长3 小时前
w269基于spring boot + vue 候鸟监测数据管理系统
java·数据库·spring boot·spring·intellij-idea
Listen·Rain9 小时前
向量化详解
java·人工智能·spring·机器学习·ai
添砖java_85710 小时前
网页聊天室测试报告
java·spring boot·spring·maven
xixingzhe211 小时前
Spring 依赖注入
java·后端·spring
闲猫20 小时前
Spring AI 对接Deepseek ChatModel 聊天对话
java·前端·spring
醇氧1 天前
Spring 容器 Map 注入机制详解
java·后端·spring
ylscode1 天前
Cloudflare Workers Cache 深度解析:边缘缓存如何重塑无服务器性能边界
java·spring·mybatis
沉静的小伙1 天前
Spring事务
java·数据库·spring
Wang's Blog1 天前
Java框架快速入门: Spring Bean核心配置与实例化详解
java·开发语言·spring
AI人工智能+电脑小能手1 天前
【大白话说Java面试题 第160题】【06_Spring篇】第20题:Spring 事务什么时候会失效?
java·spring·事务失效·事务传播·异常回滚