SpringSecurity 实现token 认证

发布于:2025-03-01 ⋅ 阅读:(143) ⋅ 点赞:(0)

  • 配置类

    @Configuration
    @EnableWebSecurity
    @EnableGlobalMethodSecurity(prePostEnabled=true)
    public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {

    @Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
    return super.authenticationManagerBean();
}

// 由于过滤器 比 servelt 先加载 在这里注入一下 负责  TokenAuthenticationTokenFilter 中redisuntity 
@Bean
public TokenAuthenticationTokenFilter getTokenFiter(){
    return new TokenAuthenticationTokenFilter();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
    //http.addFilterBefore(new VerCodeFi    lter("/Login/Login"), UsernamePasswordAuthenticationFilter.class);


    http.addFilterBefore(getTokenFiter(), UsernamePasswordAuthenticationFilter.class);


    http
            .authorizeRequests()
            .antMatchers("/Login/**").permitAll() // 放行Login
            .anyRequest().authenticated() // 所有请求都需要验证
            .and()
            .formLogin() // 使用默认的登录页面
            .and()
            .sessionManagement()
            .sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
            .csrf().disable();// post请求要关闭csrf验证,不然访问报错;实际开发中开启,需要前端配合传递其他参数
}

    }

  • 定义token 验证过滤器

    public class TokenAuthenticationTokenFilter extends OncePerRequestFilter {

    @Autowired
private RedisUtils redisUtils;

public TokenAuthenticationTokenFilter(){
}

@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
    //1、获取请求头携带的token

    String token = request.getHeader("token");

    if(!StringUtils.hasText(token)){
        //不需要token的路由可以直接放行
        filterChain.doFilter(request,response);
        return;
    }

    Object o =redisUtils.get(token);

    if (o==null){

        response.setStatus(200);

        response.setCharacterEncoding("utf-8");
        response.getWriter().write(JSON.toJSONString(Result.failed(401,"token 非法","")));
        return;
    }

    Map<String,String> maps=new HashMap<>();

    Map Values = JSON.parseObject(o.toString(), maps.getClass());


    Collection<GrantedAuthority> authorities = new ArrayList<>();

    authorities.add(new SimpleGrantedAuthority(Values.get("role").toString()));


    UsernamePasswordAuthenticationToken authenticationToken=new UsernamePasswordAuthenticationToken(new Userdto(), null, authorities);

    SecurityContextHolder.getContext().setAuthentication(authenticationToken);



    filterChain.doFilter(request,response); //放行
}

    }

网站公告

今日签到

点亮在社区的每一天
去签到

热门文章

最新发布