refactor: 优化 JWT 解析和验证代码和修复用户名密码错误的异常提示
This commit is contained in:
Ray.Hao
@@ -1,7 +1,9 @@
|
||||
package com.youlai.system.config;
|
||||
|
||||
import cn.hutool.captcha.generator.CodeGenerator;
|
||||
import com.youlai.system.security.constant.SecurityConstants;
|
||||
import cn.hutool.core.collection.CollectionUtil;
|
||||
import com.youlai.system.common.constant.SecurityConstants;
|
||||
import com.youlai.system.config.property.SecurityProperties;
|
||||
import com.youlai.system.security.exception.MyAccessDeniedHandler;
|
||||
import com.youlai.system.security.exception.MyAuthenticationEntryPoint;
|
||||
import com.youlai.system.filter.JwtValidationFilter;
|
||||
@@ -17,6 +19,7 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
|
||||
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
|
||||
import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer;
|
||||
import org.springframework.security.config.http.SessionCreationPolicy;
|
||||
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
|
||||
import org.springframework.security.crypto.password.PasswordEncoder;
|
||||
@@ -26,7 +29,7 @@ import org.springframework.security.web.authentication.UsernamePasswordAuthentic
|
||||
/**
|
||||
* Spring Security 权限配置
|
||||
*
|
||||
* @author haoxr
|
||||
* @author Ray Hao
|
||||
* @since 2023/2/17
|
||||
*/
|
||||
@Configuration
|
||||
@@ -39,29 +42,33 @@ public class SecurityConfig {
|
||||
private final MyAccessDeniedHandler accessDeniedHandler;
|
||||
private final RedisTemplate<String, Object> redisTemplate;
|
||||
private final CodeGenerator codeGenerator;
|
||||
private final SecurityProperties securityProperties;
|
||||
|
||||
|
||||
|
||||
@Bean
|
||||
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
|
||||
http
|
||||
|
||||
.authorizeHttpRequests(requestMatcherRegistry ->
|
||||
requestMatcherRegistry.requestMatchers(SecurityConstants.LOGIN_PATH).permitAll()
|
||||
.anyRequest().authenticated()
|
||||
)
|
||||
.sessionManagement(configurer -> configurer.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
|
||||
.exceptionHandling(httpSecurityExceptionHandlingConfigurer ->
|
||||
httpSecurityExceptionHandlingConfigurer
|
||||
.authenticationEntryPoint(authenticationEntryPoint)
|
||||
.accessDeniedHandler(accessDeniedHandler)
|
||||
)
|
||||
.sessionManagement(configurer -> configurer.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
|
||||
.csrf(AbstractHttpConfigurer::disable)
|
||||
.headers(headers -> headers.frameOptions(HeadersConfigurer.FrameOptionsConfig::disable))
|
||||
|
||||
;
|
||||
|
||||
// 验证码校验过滤器
|
||||
http.addFilterBefore(new CaptchaValidationFilter(redisTemplate,codeGenerator), UsernamePasswordAuthenticationFilter.class);
|
||||
http.addFilterBefore(new CaptchaValidationFilter(redisTemplate, codeGenerator), UsernamePasswordAuthenticationFilter.class);
|
||||
// JWT 校验过滤器
|
||||
http.addFilterBefore(new JwtValidationFilter(redisTemplate), UsernamePasswordAuthenticationFilter.class);
|
||||
http.addFilterBefore(new JwtValidationFilter(redisTemplate,securityProperties.getJwt().getKey()), UsernamePasswordAuthenticationFilter.class);
|
||||
|
||||
return http.build();
|
||||
}
|
||||
@@ -71,18 +78,11 @@ public class SecurityConfig {
|
||||
*/
|
||||
@Bean
|
||||
public WebSecurityCustomizer webSecurityCustomizer() {
|
||||
return (web) -> web.ignoring()
|
||||
.requestMatchers(
|
||||
"/api/v1/auth/captcha",
|
||||
"/webjars/**",
|
||||
"/doc.html",
|
||||
"/swagger-resources/**",
|
||||
"/v3/api-docs/**",
|
||||
"/swagger-ui/**",
|
||||
"/swagger-ui.html",
|
||||
"/ws/**",
|
||||
"/ws-app/**"
|
||||
);
|
||||
return (web) -> {
|
||||
if (CollectionUtil.isNotEmpty(securityProperties.getIgnoreUrls())) {
|
||||
web.ignoring().requestMatchers(securityProperties.getIgnoreUrls().toArray(new String[0]));
|
||||
}
|
||||
};
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -2,7 +2,7 @@ package com.youlai.system.config;
|
||||
|
||||
import cn.hutool.core.util.StrUtil;
|
||||
import cn.hutool.jwt.JWTPayload;
|
||||
import com.youlai.system.security.util.JwtUtils;
|
||||
import cn.hutool.jwt.JWTUtil;
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.http.HttpHeaders;
|
||||
@@ -83,7 +83,7 @@ public class WebSocketConfig implements WebSocketMessageBrokerConfigurer {
|
||||
|
||||
// 这里不应该用"name"
|
||||
// String username = JwtUtils.parseToken(bearerToken).get("name").toString();
|
||||
String username = JwtUtils.parseToken(bearerToken).get(JWTPayload.SUBJECT).toString();
|
||||
String username = JWTUtil.parseToken(bearerToken).getPayloads().getStr(JWTPayload.SUBJECT);
|
||||
|
||||
if (StrUtil.isNotBlank(username)) {
|
||||
accessor.setUser(() -> username);
|
||||
|
||||
@@ -0,0 +1,44 @@
|
||||
package com.youlai.system.config.property;
|
||||
|
||||
import lombok.Data;
|
||||
import org.springframework.boot.context.properties.ConfigurationProperties;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
/**
|
||||
* @author haoxr
|
||||
* @since 2024/4/18
|
||||
*/
|
||||
@Data
|
||||
@ConfigurationProperties(prefix = "security")
|
||||
public class SecurityProperties {
|
||||
|
||||
/**
|
||||
* 白名单 URL 集合
|
||||
*/
|
||||
private List<String> ignoreUrls;
|
||||
|
||||
/**
|
||||
* JWT 配置
|
||||
*/
|
||||
private JwtProperty jwt;
|
||||
|
||||
|
||||
/**
|
||||
* JWT 配置
|
||||
*/
|
||||
@Data
|
||||
public static class JwtProperty {
|
||||
|
||||
/**
|
||||
* JWT 秘钥
|
||||
*/
|
||||
private String key;
|
||||
|
||||
/**
|
||||
* JWT 过期时间
|
||||
*/
|
||||
private Long ttl;
|
||||
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user