记录一下使用springSecurity搭建用户认证和授权的代码、、、

技术栈使用springSecurity + redis + JWT + mybatisPlus

部分代码来自：https://blog.csdn.net/I_am_Hutengfei/article/details/100561564

零. 共用工具类和sql

1.工具类

@Data
public class JsonResult<T> implements Serializable {
    private Boolean success;
    private Integer errorCode;
    private String errorMsg;
    private T data;
​
    public JsonResult() {
    }
​
    public JsonResult(Boolean success, Integer errorCode, String errorMsg, T data) {
        this.success = success;
        this.errorCode = errorCode;
        this.errorMsg = errorMsg;
        this.data = data;
    }
​
    // 成功或者失败都能走这个
    public JsonResult(boolean success) {
        this.success = success;
        this.errorMsg = success ? ResultCode.SUCCESS.getMessage() : ResultCode.COMMON_FAIL.getMessage();
        this.errorCode = success ? ResultCode.SUCCESS.getCode() : ResultCode.COMMON_FAIL.getCode();
    }
​
    // 成功或者失败都能走这个，并且可以传一个枚举来改变默认枚举的值
    public JsonResult(boolean success, ResultCode resultEnum) {
        this.success = success;
        // 传来的枚举为null就用默认的，不为null就用传来的枚举
        this.errorCode = success ? (resultEnum==null?ResultCode.SUCCESS.getCode():resultEnum.getCode()) : (resultEnum == null ? ResultCode.COMMON_FAIL.getCode() : resultEnum.getCode());
        this.errorMsg = success ? (resultEnum==null?ResultCode.SUCCESS.getMessage():resultEnum.getMessage()): (resultEnum == null ? ResultCode.COMMON_FAIL.getMessage() : resultEnum.getMessage());
    }
​
    // 成功或者失败都能用
    // 用户可以传一个任意对象过来，用默认的成功或者失败的枚举
    public JsonResult(boolean success, T data) {
        this.success = success;
        this.errorCode = success ? ResultCode.SUCCESS.getCode() : ResultCode.COMMON_FAIL.getCode();
        this.errorMsg = success ? ResultCode.SUCCESS.getMessage() : ResultCode.COMMON_FAIL.getMessage();
        this.data = data;
    }
​
    // 成功或者失败都能用
    // 用户可以传一个任意对象和自定义枚举过来
    public JsonResult(boolean success, ResultCode resultEnum, T data) {
        this.success = success;
        this.errorCode = success ? (resultEnum==null ? ResultCode.SUCCESS.getCode() : resultEnum.getCode()): (resultEnum == null ? ResultCode.COMMON_FAIL.getCode() : resultEnum.getCode());
        this.errorMsg = success ? (resultEnum==null ? ResultCode.SUCCESS.getMessage() : resultEnum.getMessage()) : (resultEnum == null ? ResultCode.COMMON_FAIL.getMessage() : resultEnum.getMessage());
        this.data = data;
    }
​
    public static JsonResult success() {
        return new JsonResult(true);
    }
​
    public static JsonResult success(ResultCode resultEnum) {
        return new JsonResult(true,resultEnum);
    }
​
    public static <T> JsonResult<T> success(T data) {
        return new JsonResult(true, data);
    }
​
    public static <T> JsonResult<T> success(ResultCode resultEnum,T data){
        return new JsonResult<>(true,resultEnum,data);
    }
​
    public static JsonResult fail() {
        return new JsonResult(false);
    }
​
    public static <T> JsonResult fail(T data) {
        return new JsonResult(false, data);
    }
​
    public static JsonResult fail(ResultCode resultEnum) {
        return new JsonResult(false, resultEnum);
    }
​
    public static <T> JsonResult<T> fail(ResultCode resultEnum, T data) {
        return new JsonResult(false, resultEnum, data);
    }
}
​

public enum ResultCode {
    /* 成功 */
    SUCCESS(200, \"请求成功\"),
    SUCCESS_login(200, \"用户登录成功\"),
    SUCCESS_logout(200, \"用户退出成功\"),
​
    /* 默认失败 */
    COMMON_FAIL(999, \"失败\"),
​
    /* 参数错误：1000～1999 */
    PARAM_NOT_VALID(1001, \"参数无效\"),
    PARAM_IS_BLANK(1002, \"参数为空\"),
    PARAM_TYPE_ERROR(1003, \"参数类型错误\"),
    PARAM_NOT_COMPLETE(1004, \"参数缺失\"),
​
    /* 用户错误 */
    USER_FAIL_LOGIN(2000, \"登陆失败\"),
    USER_NOT_LOGIN(2001, \"用户未登录\"),
    USER_ACCOUNT_EXPIRED(2002, \"账号已过期\"),
    USER_CREDENTIALS_ERROR(2003, \"密码错误\"),
    USER_CREDENTIALS_EXPIRED(2004, \"密码过期\"),
    USER_ACCOUNT_DISABLE(2005, \"账号不可用\"),
    USER_ACCOUNT_LOCKED(2006, \"账号被锁定\"),
    USER_ACCOUNT_NOT_EXIST(2007, \"账号不存在\"),
    USER_ACCOUNT_ALREADY_EXIST(2008, \"账号已存在\"),
    USER_ACCOUNT_USE_BY_OTHERS(2009, \"账号下线\"),
​
    /* 业务错误 */
    NO_PERMISSION(3001, \"当前账号没有此权限\");
    private Integer code;
    private String message;
​
    ResultCode(Integer code, String message) {
        this.code = code;
        this.message = message;
    }
​
    public Integer getCode() {
        return code;
    }
​
    public void setCode(Integer code) {
        this.code = code;
    }
​
    public String getMessage() {
        return message;
    }
​
    public void setMessage(String message) {
        this.message = message;
    }
​
    /**
     * 根据code获取message
     *
     * @param code
     * @return
     */
    public static String getMessageByCode(Integer code) {
        for (ResultCode ele : values()) {
            if (ele.getCode().equals(code)) {
                return ele.getMessage();
            }
        }
        return null;
    }
}

2.mybatisplus和sql

//mybatisPlus自动生成代码使用
public class CreateCode {
    public static void main(String[] args) {
        FastAutoGenerator.create(\"jdbc:mysql://localhost:3306/security\", \"root\", \"123456\")
                .globalConfig(builder -> {
                    builder.author(\"bao\") // 设置作者
                            .enableSwagger() // 开启 swagger 模式
                            .fileOverride() // 覆盖已生成文件
                            .outputDir(\"D://user\"); // 指定输出目录
                })
                .packageConfig(builder -> {
                    builder.parent(\"com.example.alipay.user\") // 设置父包名
                            .moduleName(\"\") // 设置父包模块名
                            .pathInfo(Collections.singletonMap(OutputFile.xml, \"D://user\")); // 设置mapperXml生成路径
                })
                .packageConfig(builder -> {
                    builder.parent(\"com.example.alipay.user\") // 设置父包名
                            .moduleName(\"\") // 设置父包模块名
                            .pathInfo(Collections.singletonMap(OutputFile.controller, \"D://user\")); // 设置mapperXml生成路径
                })
                .packageConfig(builder -> {
                    builder.parent(\"com.example.alipay.user\") // 设置父包名
                            .moduleName(\"\") // 设置父包模块名
                            .pathInfo(Collections.singletonMap(OutputFile.entity, \"D://user\")); // 设置mapperXml生成路径
                })
                .packageConfig(builder -> {
                    builder.parent(\"com.example.alipay.user\") // 设置父包名
                            .moduleName(\"\") // 设置父包模块名
                            .pathInfo(Collections.singletonMap(OutputFile.mapper, \"D://user\")); // 设置mapperXml生成路径
                })
                .packageConfig(builder -> {
                    builder.parent(\"com.example.alipay.user\") // 设置父包名
                            .moduleName(\"\") // 设置父包模块名
                            .pathInfo(Collections.singletonMap(OutputFile.service, \"D://\")); // 设置mapperXml生成路径
                })
                .packageConfig(builder -> {
                    builder.parent(\"com.example.alipay.user\") // 设置父包名
                            .moduleName(\"\") // 设置父包模块名
                            .pathInfo(Collections.singletonMap(OutputFile.serviceImpl, \"D://\")); // 设置mapperXml生成路径
                })
                .strategyConfig(builder -> {
                    builder.addInclude(\"sys_user\") // 设置需要生成的表名
                            .addTablePrefix(\"t_\", \"c_\"); // 设置过滤表前缀
                })
                .strategyConfig(builder -> {
                    builder.addInclude(\"sys_role\") // 设置需要生成的表名
                            .addTablePrefix(\"t_\", \"c_\"); // 设置过滤表前缀
                })
                .strategyConfig(builder -> {
                    builder.addInclude(\"sys_permission\") // 设置需要生成的表名
                            .addTablePrefix(\"t_\", \"c_\"); // 设置过滤表前缀
                })
                .strategyConfig(builder -> {
                    builder.addInclude(\"sys_request_path\") // 设置需要生成的表名
                            .addTablePrefix(\"t_\", \"c_\"); // 设置过滤表前缀
                })
                .strategyConfig(builder -> {
                    builder.addInclude(\"sys_request_path_permission_relation\") // 设置需要生成的表名
                            .addTablePrefix(\"t_\", \"c_\"); // 设置过滤表前缀
                })
                .strategyConfig(builder -> {
                    builder.addInclude(\"sys_role_permission_relation\") // 设置需要生成的表名
                            .addTablePrefix(\"t_\", \"c_\"); // 设置过滤表前缀
                })
                .strategyConfig(builder -> {
                    builder.addInclude(\"sys_user_role_relation\") // 设置需要生成的表名
                            .addTablePrefix(\"t_\", \"c_\"); // 设置过滤表前缀
                })
                .templateEngine(new FreemarkerTemplateEngine()) // 使用Freemarker引擎模板，默认的是Velocity引擎模板
                .execute();
​
    }
}

sql

/*
 Navicat Premium Data Transfer
​
 Source Server         : localhost_3306
 Source Server Type    : MySQL
 Source Server Version : 50719
 Source Host           : localhost:3306
 Source Schema         : security
​
 Target Server Type    : MySQL
 Target Server Version : 50719
 File Encoding         : 65001
​
 Date: 27/05/2022 15:05:34
*/
​
SET NAMES utf8mb4;
SET FOREIGN_KEY_CHECKS = 0;
​
-- ----------------------------
-- Table structure for sys_permission
-- ----------------------------
DROP TABLE IF EXISTS `sys_permission`;
CREATE TABLE `sys_permission`  (
  `id` int(11) NOT NULL AUTO_INCREMENT COMMENT \'主键id\',
  `permission_code` varchar(32) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT \'权限code\',
  `permission_name` varchar(32) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT \'权限名\',
  PRIMARY KEY (`id`) USING BTREE
) ENGINE = InnoDB AUTO_INCREMENT = 5 CHARACTER SET = utf8 COLLATE = utf8_general_ci COMMENT = \'权限表\' ROW_FORMAT = COMPACT;
​
-- ----------------------------
-- Records of sys_permission
-- ----------------------------
INSERT INTO `sys_permission` VALUES (1, \'sys:user:list\', \'用户查询\');
INSERT INTO `sys_permission` VALUES (2, \'sys:user:delete\', \'用户删除\');
INSERT INTO `sys_permission` VALUES (3, \'sys:user:online\', \'在线用户查询\');
​
-- ----------------------------
-- Table structure for sys_role
-- ----------------------------
DROP TABLE IF EXISTS `sys_role`;
CREATE TABLE `sys_role`  (
  `id` int(11) NOT NULL AUTO_INCREMENT COMMENT \'主键id\',
  `role_code` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT \'角色值\',
  `role_name` varchar(32) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT \'角色名\',
  `role_description` varchar(64) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT \'角色说明\',
  PRIMARY KEY (`id`) USING BTREE
) ENGINE = InnoDB AUTO_INCREMENT = 3 CHARACTER SET = utf8 COLLATE = utf8_general_ci COMMENT = \'用户角色表\' ROW_FORMAT = COMPACT;
​
-- ----------------------------
-- Records of sys_role
-- ----------------------------
INSERT INTO `sys_role` VALUES (1, \'admin\', \'管理员\', \'管理员，拥有所有权限\');
INSERT INTO `sys_role` VALUES (2, \'user\', \'普通用户\', \'普通用户，拥有部分权限\');
​
-- ----------------------------
-- Table structure for sys_role_permission_relation
-- ----------------------------
DROP TABLE IF EXISTS `sys_role_permission_relation`;
CREATE TABLE `sys_role_permission_relation`  (
  `id` int(11) NOT NULL AUTO_INCREMENT COMMENT \'主键id\',
  `role_id` int(11) NULL DEFAULT NULL COMMENT \'角色id\',
  `permission_id` int(11) NULL DEFAULT NULL COMMENT \'权限id\',
  PRIMARY KEY (`id`) USING BTREE
) ENGINE = InnoDB AUTO_INCREMENT = 10 CHARACTER SET = utf8 COLLATE = utf8_general_ci COMMENT = \'角色-权限关联关系表\' ROW_FORMAT = COMPACT;
​
-- ----------------------------
-- Records of sys_role_permission_relation
-- ----------------------------
INSERT INTO `sys_role_permission_relation` VALUES (1, 1, 1);
INSERT INTO `sys_role_permission_relation` VALUES (7, 1, 2);
INSERT INTO `sys_role_permission_relation` VALUES (8, 1, 3);
INSERT INTO `sys_role_permission_relation` VALUES (9, 2, 1);
​
-- ----------------------------
-- Table structure for sys_user
-- ----------------------------
DROP TABLE IF EXISTS `sys_user`;
CREATE TABLE `sys_user`  (
  `id` varchar(100) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL,
  `user_name` varchar(32) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL COMMENT \'账号\',
  `nick_name` varchar(32) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL COMMENT \'用户名\',
  `password` varchar(64) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT \'用户密码\',
  `last_login_time` datetime NULL DEFAULT NULL COMMENT \'最后一次登录时间\',
  `enabled` tinyint(1) NULL DEFAULT 1 COMMENT \'账号是否可用。默认为1（可用）\',
  `not_expired` tinyint(1) NULL DEFAULT 1 COMMENT \'是否过期。默认为1（没有过期）\',
  `account_not_locked` tinyint(1) NULL DEFAULT 1 COMMENT \'账号是否锁定。默认为1（没有锁定）\',
  `credentials_not_expired` tinyint(1) NULL DEFAULT 1 COMMENT \'证书（密码）是否过期。默认为1（没有过期）\',
  `create_time` datetime NULL DEFAULT NULL COMMENT \'创建时间\',
  `update_time` datetime NULL DEFAULT NULL COMMENT \'修改时间\',
  `create_user` varchar(100) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT \'创建人\',
  `update_user` varchar(100) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT \'修改人\',
  PRIMARY KEY (`id`) USING BTREE
) ENGINE = InnoDB CHARACTER SET = utf8 COLLATE = utf8_general_ci COMMENT = \'用户表\' ROW_FORMAT = COMPACT;
​
-- ----------------------------
-- Records of sys_user
-- ----------------------------
INSERT INTO `sys_user` VALUES (\'4044aaa1-dca1-11ec-81da-00ff8ecb7c92\', \'admin\', \'admin\', \'$2a$10$fdaPecPEB3jJQCR4/E2lz.Gg6cnXLlsR1Qa2C4r7yO.hPjTOMr/he\', \'2022-05-27 14:18:28\', 1, 1, 1, 1, \'2019-08-29 06:29:24\', \'2022-05-26 14:13:09\', \'\', \'\');
INSERT INTO `sys_user` VALUES (\'63561932-dca1-11ec-81da-00ff8ecb7c92\', \'user001\', \'user001\', \'$2a$10$fdaPecPEB3jJQCR4/E2lz.Gg6cnXLlsR1Qa2C4r7yO.hPjTOMr/he\', \'2022-05-27 10:45:30\', 1, 1, 1, 1, NULL, \'2022-05-25 13:16:30\', \'admin\', \'admin\');
​
-- ----------------------------
-- Table structure for sys_user_role_relation
-- ----------------------------
DROP TABLE IF EXISTS `sys_user_role_relation`;
CREATE TABLE `sys_user_role_relation`  (
  `id` int(11) NOT NULL AUTO_INCREMENT COMMENT \'主键id\',
  `user_id` varchar(100) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT \'用户id\',
  `role_id` int(11) NULL DEFAULT NULL COMMENT \'角色id\',
  PRIMARY KEY (`id`) USING BTREE
) ENGINE = InnoDB AUTO_INCREMENT = 3 CHARACTER SET = utf8 COLLATE = utf8_general_ci COMMENT = \'用户角色关联关系表\' ROW_FORMAT = COMPACT;
​
-- ----------------------------
-- Records of sys_user_role_relation
-- ----------------------------
INSERT INTO `sys_user_role_relation` VALUES (1, \'4044aaa1-dca1-11ec-81da-00ff8ecb7c92\', 1);
INSERT INTO `sys_user_role_relation` VALUES (2, \'63561932-dca1-11ec-81da-00ff8ecb7c92\', 2);
​
SET FOREIGN_KEY_CHECKS = 1;
​

一.redis配置

使用redis来保存登陆用户的信息，一来防止验证重复查询数据库，二来后期可以在此基础上做在线用户查询，强退用户等操作。

1. redis工具类（来自若依框架）

/**
 * spring redis 工具类
 *
 * @author ruoyi
 **/
@SuppressWarnings(value = { \"unchecked\", \"rawtypes\" })
@Component
public class RedisCache
{
    @Autowired
    public RedisTemplate redisTemplate;
​
    /**
     * 缓存基本的对象，Integer、String、实体类等
     *
     * @param key 缓存的键值
     * @param value 缓存的值
     */
    public <T> void setCacheObject(final String key, final T value)
    {
        redisTemplate.opsForValue().set(key, value);
    }
​
    /**
     * 缓存基本的对象，Integer、String、实体类等
     *
     * @param key 缓存的键值
     * @param value 缓存的值
     * @param timeout 时间
     * @param timeUnit 时间颗粒度
     */
    public <T> void setCacheObject(final String key, final T value, final Integer timeout, final TimeUnit timeUnit)
    {
        redisTemplate.opsForValue().set(key, value, timeout, timeUnit);
    }
​
    /**
     * 设置有效时间
     *
     * @param key Redis键
     * @param timeout 超时时间
     * @return true=设置成功；false=设置失败
     */
    public boolean expire(final String key, final long timeout)
    {
        return expire(key, timeout, TimeUnit.SECONDS);
    }
​
    /**
     * 设置有效时间
     *
     * @param key Redis键
     * @param timeout 超时时间
     * @param unit 时间单位
     * @return true=设置成功；false=设置失败
     */
    public boolean expire(final String key, final long timeout, final TimeUnit unit)
    {
        return redisTemplate.expire(key, timeout, unit);
    }
​
    /**
     * 获得缓存的基本对象。
     *
     * @param key 缓存键值
     * @return 缓存键值对应的数据
     */
    public <T> T getCacheObject(final String key)
    {
        ValueOperations<String, T> operation = redisTemplate.opsForValue();
        return operation.get(key);
    }
​
    /**
     * 删除单个对象
     *
     * @param key
     */
    public boolean deleteObject(final String key)
    {
        return redisTemplate.delete(key);
    }
​
    /**
     * 删除集合对象
     *
     * @param collection 多个对象
     * @return
     */
    public long deleteObject(final Collection collection)
    {
        return redisTemplate.delete(collection);
    }
​
    /**
     * 缓存List数据
     *
     * @param key 缓存的键值
     * @param dataList 待缓存的List数据
     * @return 缓存的对象
     */
    public <T> long setCacheList(final String key, final List<T> dataList)
    {
        Long count = redisTemplate.opsForList().rightPushAll(key, dataList);
        return count == null ? 0 : count;
    }
​
    /**
     * 获得缓存的list对象
     *
     * @param key 缓存的键值
     * @return 缓存键值对应的数据
     */
    public <T> List<T> getCacheList(final String key)
    {
        return redisTemplate.opsForList().range(key, 0, -1);
    }
​
    /**
     * 缓存Set
     *
     * @param key 缓存键值
     * @param dataSet 缓存的数据
     * @return 缓存数据的对象
     */
    public <T> BoundSetOperations<String, T> setCacheSet(final String key, final Set<T> dataSet)
    {
        BoundSetOperations<String, T> setOperation = redisTemplate.boundSetOps(key);
        Iterator<T> it = dataSet.iterator();
        while (it.hasNext())
        {
            setOperation.add(it.next());
        }
        return setOperation;
    }
​
    /**
     * 获得缓存的set
     *
     * @param key
     * @return
     */
    public <T> Set<T> getCacheSet(final String key)
    {
        return redisTemplate.opsForSet().members(key);
    }
​
    /**
     * 缓存Map
     *
     * @param key
     * @param dataMap
     */
    public <T> void setCacheMap(final String key, final Map<String, T> dataMap)
    {
        if (dataMap != null) {
            redisTemplate.opsForHash().putAll(key, dataMap);
        }
    }
​
    /**
     * 获得缓存的Map
     *
     * @param key
     * @return
     */
    public <T> Map<String, T> getCacheMap(final String key)
    {
        return redisTemplate.opsForHash().entries(key);
    }
​
    /**
     * 往Hash中存入数据
     *
     * @param key Redis键
     * @param hKey Hash键
     * @param value 值
     */
    public <T> void setCacheMapValue(final String key, final String hKey, final T value)
    {
        redisTemplate.opsForHash().put(key, hKey, value);
    }
​
    /**
     * 获取Hash中的数据
     *
     * @param key Redis键
     * @param hKey Hash键
     * @return Hash中的对象
     */
    public <T> T getCacheMapValue(final String key, final String hKey)
    {
        HashOperations<String, String, T> opsForHash = redisTemplate.opsForHash();
        return opsForHash.get(key, hKey);
    }
​
    /**
     * 删除Hash中的数据
     *
     * @param key
     * @param mapkey
     */
    public void delCacheMapValue(final String key, final String hkey)
    {
        HashOperations hashOperations = redisTemplate.opsForHash();
        hashOperations.delete(key, hkey);
    }
​
    /**
     * 获取多个Hash中的数据
     *
     * @param key Redis键
     * @param hKeys Hash键集合
     * @return Hash对象集合
     */
    public <T> List<T> getMultiCacheMapValue(final String key, final Collection<Object> hKeys)
    {
        return redisTemplate.opsForHash().multiGet(key, hKeys);
    }
​
    /**
     * 获得缓存的基本对象列表
     *
     * @param pattern 字符串前缀
     * @return 对象列表
     */
    public Collection<String> keys(final String pattern)
    {
        return redisTemplate.keys(pattern);
    }
}
​

2. redis序列化与反序列化配置

这里不做序列化，保存的redis信息在可视化工具中将是一堆乱码，后期在通过redisTemplate.keys(pattern)获取key值时会获取不到。

/**
 * @descriptions:  fastjson自定义序列化配置
 * @author: bao
 * @date: 2022/5/27 11:18
 * @version: 1.0
 */
public class FastJson2JsonRedisSerializer<T> implements RedisSerializer<T> {
    private ObjectMapper objectMapper = new ObjectMapper();
    public static final Charset DEFAULT_CHARSET = Charset.forName(\"UTF-8\");
​
    private Class<T> clazz;
​
    static {
        ParserConfig.getGlobalInstance().setAutoTypeSupport(true);
        //如果遇到反序列化autoType is not support错误，请添加并修改一下包名到bean文件路径
//         ParserConfig.getGlobalInstance().addAccept(\"org.springframework.security.core.authority\");
    }
    public FastJson2JsonRedisSerializer(Class<T> clazz) {
        super();
        this.clazz = clazz;
    }
​
    public byte[] serialize(T t) throws SerializationException {
        if (t == null) {
            return new byte[0];
        }
        return JSON.toJSONString(t, SerializerFeature.WriteClassName).getBytes(DEFAULT_CHARSET);
    }
​
    public T deserialize(byte[] bytes) throws SerializationException {
        if (bytes == null || bytes.length <= 0) {
            return null;
        }
        String str = new String(bytes, DEFAULT_CHARSET);
​
        return JSON.parseObject(str, clazz);
    }
    public void setObjectMapper(ObjectMapper objectMapper) {
        Assert.notNull(objectMapper, \"\'objectMapper\' must not be null\");
        this.objectMapper = objectMapper;
    }
​
    protected JavaType getJavaType(Class<?> clazz) {
        return TypeFactory.defaultInstance().constructType(clazz);
    }
​
}
​

/**
 * @descriptions: redis序列化，redisTemplate配置
 * @author: bao
 * @date: 2022/5/26 13:26
 * @version: 1.0
 */
@Configuration
public class RedisConfig {
    @Bean
    public RedisTemplate<Object,Object> redisTemplate(RedisConnectionFactory redisConnectionFactory){
        RedisTemplate<Object, Object> template = new RedisTemplate<>();
        template.setConnectionFactory(redisConnectionFactory);
        //使用Fastjson2JsonRedisSerializer来序列化和反序列化redis的value值 by zhengkai
        FastJson2JsonRedisSerializer serializer = new FastJson2JsonRedisSerializer(Object.class);
​
        ObjectMapper mapper = new ObjectMapper();
        mapper.setVisibility(PropertyAccessor.ALL, JsonAutoDetect.Visibility.ANY);
        mapper.activateDefaultTyping(new DefaultBaseTypeLimitingValidator(), ObjectMapper.DefaultTyping.NON_FINAL);
        serializer.setObjectMapper(mapper);
​
        template.setValueSerializer(serializer);
        //使用StringRedisSerializer来序列化和反序列化redis的key值
        template.setKeySerializer(new StringRedisSerializer());
        template.afterPropertiesSet();
        return template;
    }
}
​

3.redis缓存常量

由于没写别的功能，目前只有一个常量

public class CacheConst {
    public static String LOGIN_USER_KEY = \"loginUser:\";
}

二 . JWT配置

1.工具类

public class JwtUtils {
    //token过期时间设置24小时
    public static final long EXPIRE = 1000 * 60 * 60 * 24;
    //密钥
    public static final String APP_SECRET = \"sdfkdjAYANMENGod33ksfdkds\";
​
​
    /**
     * @descriptions 保存用户所有信息
     * @author bao
     * @date 2022/5/25 15:49
     * @return java.lang.String
     */
    public static String getJwtToken(String loginId){
​
        String JwtToken = Jwts.builder()
                .setHeaderParam(\"typ\", \"JWT\")
                .setHeaderParam(\"alg\", \"HS256\")
                .setSubject(\"jacob-user\")
                .setIssuedAt(new Date())
                .setExpiration(new Date(System.currentTimeMillis() + EXPIRE))
                .claim(\"loginId\", loginId)
                .signWith(SignatureAlgorithm.HS256, APP_SECRET)
                .compact();
​
        return JwtToken;
    }
​
​
​
    /**
     * 根据token，判断token是否存在与有效
     * @param jwtToken
     * @return
     */
    public static boolean checkToken(String jwtToken) {
        if(StringUtils.isEmpty(jwtToken)) return false;
        try {
            Jwts.parser().setSigningKey(APP_SECRET).parseClaimsJws(jwtToken);
        } catch (Exception e) {
            e.printStackTrace();
            return false;
        }
        return true;
    }
​
    /**
     * 根据request判断token是否存在与有效（也就是把token取出来罢了）
     * @param request
     * @return
     */
    public static boolean checkToken(HttpServletRequest request) {
        try {
            String jwtToken = request.getHeader(\"UserToken\");
            if(StringUtils.isEmpty(jwtToken)) return false;
            Jwts.parser().setSigningKey(APP_SECRET).parseClaimsJws(jwtToken);
        } catch (Exception e) {
            e.printStackTrace();
            return false;
        }
        return true;
    }
​
    /**
     * 根据token获取用户的id
     * @param request
     * @return
     */
    public static String getUseridByJwtToken(HttpServletRequest request) {
        String jwtToken = request.getHeader(\"UserToken\");
        if(StringUtils.isEmpty(jwtToken)) return null;
        try{
            Jws<Claims> claimsJws = Jwts.parser().setSigningKey(APP_SECRET).parseClaimsJws(jwtToken);
            Claims claims = claimsJws.getBody();
            return (String) claims.get(\"loginId\");
        }catch (Exception e){
            e.printStackTrace();
            return null;
        }
    }
}

2. jwt过滤器

* 继承了OncePerRequestFilter抽象类，该抽象类在每次请求时只执行一次过滤，即它的作用就是保证一次请求只通过一次filter,
* 重写其doFilterInternal方法来自定义处理逻辑

@Component
public class JwtAuthenticationTokenFilter extends OncePerRequestFilter {
    /**
     * 直接将我们前面写好的service注入进来，通过service获取到当前用户的权限
     * */
    @Autowired
    private RedisCache redisCache;
​
    @Override
    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        // 验证当前token是否有效
        if (JwtUtils.checkToken(httpServletRequest)) {
            // 获取到当前用户的account
            String id = JwtUtils.getUseridByJwtToken(httpServletRequest);
            //根据id从redis中获取登录用户信息
            ParserConfig.getGlobalInstance().addAccept(\"org.springframework.security.core.authority.SimpleGrantedAuthority.\");
            LoginUser userDetails = redisCache.getCacheObject(CacheConst.LOGIN_USER_KEY + id);
​
            // token中username不为空，并且Context中的认证为空，进行token验证
            if (!Objects.isNull(userDetails) && Objects.isNull(SecurityContextHolder.getContext().getAuthentication())) {
                System.out.println(\"自定义JWT过滤器获得用户名为-\" + userDetails.getUsername());
                UsernamePasswordAuthenticationToken authentication =
                        new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
                authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(httpServletRequest));
                //将authentication放入SecurityContextHolder中
                SecurityContextHolder.getContext().setAuthentication(authentication);
            }
        }
        // 放行给下个过滤器
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }
}
​

三. springSecurity配置

1.自定义UserDetails实现类

这个类里面的 Collection<? extends GrantedAuthority> authorities，在反序列化时会失败，上面的fastjson自定义序列化方式，主要是为了解决这个问题。

public class LoginUser implements Serializable, UserDetails{
​
    private static final long serialVersionUID = 1L;
    private SysUser sysUser;
    private Collection<? extends GrantedAuthority> authorities;
    public LoginUser() {
    }
​
    public LoginUser(SysUser sysUser, Collection<? extends GrantedAuthority> authorities) {
        Assert.isTrue(sysUser.getUserName() != null && !\"\".equals(sysUser.getUserName()) && sysUser.getPassword() != null,
                \"Cannot pass null or empty values to constructor\");
        this.sysUser = sysUser;
        this.authorities = Collections.unmodifiableSet((Set<? extends GrantedAuthority>) authorities);
    }
​
    @Override
    public Collection<? extends GrantedAuthority> getAuthorities() {
        return this.authorities;
    }
​
    @Override
    public String getPassword() {
        return this.sysUser.getPassword();
    }
​
    @Override
    public String getUsername() {
        return this.sysUser.getUserName();
    }
​
    @Override
    public boolean isAccountNonExpired() {
        return this.sysUser.getCredentialsNotExpired();
    }
​
    @Override
    public boolean isAccountNonLocked() {
        return this.sysUser.getAccountNotLocked();
    }
​
    @Override
    public boolean isCredentialsNonExpired() {
        return this.sysUser.getCredentialsNotExpired();
    }
​
    @Override
    public boolean isEnabled() {
        return this.sysUser.getEnabled();
    }
​
    public SysUser getSysUser() {
        return sysUser;
    }
​
    public void setSysUser(SysUser sysUser) {
        this.sysUser = sysUser;
    }
​
    public void setAuthorities(Collection<? extends GrantedAuthority> authorities) {
        this.authorities = authorities;
    }
}
​

2.自定义UserDetailsService实现类

在调用登录接口（这里用的security默认登录接口/login）,会自动执行UserDetailsService的loadUserByUsername，返回一个userdetails，也就是上面的自定义实现类。

在这个方法中要配置用户信息，和用户权限。

@Service
public class SecurityUserService implements UserDetailsService {
​
    @Autowired
    private SysUserMapper sysUserMapper;
    @Autowired
    private SysPermissionMapper sysPermissionMapper;
​
    /**
     * 根据用户名查找数据库，判断是否存在这个用户
     *
     * @return*/
    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
​
        // 用户名必须是唯一的，不允许重复
        SysUser sysUser = sysUserMapper.selectOne(new QueryWrapper<SysUser>().eq(\"user_name\",username));
        //获取用户权限
        List<SysPermission> sysPermissions = sysPermissionMapper.getUserRolesByUserId(sysUser.getId());
        //将用户权限存入Userdetails的authorities中，以便security做权限判断
        Set<GrantedAuthority> grantedAuthorities = new LinkedHashSet<>();
        sysPermissions.stream().forEach(sysPermission -> {
            GrantedAuthority grantedAuthority = new SimpleGrantedAuthority(sysPermission.getPermissionCode());
            grantedAuthorities.add(grantedAuthority);
        });
​
        LoginUser loginUser = new LoginUser(sysUser, grantedAuthorities);
        return loginUser;
    }
}

这里要用到的一个sql

sysPermissionMapper.getUserRolesByUserId(sysUser.getId());

​
    <select id=\"getUserRolesByUserId\" resultType=\"com.bao.xinghe.user.entity.SysPermission\">
        SELECT
            p.*
        FROM
            sys_user AS u
                LEFT JOIN sys_user_role_relation AS ur
                          ON u.id = ur.user_id
                LEFT JOIN sys_role AS r
                          ON r.id = ur.role_id
                LEFT JOIN sys_role_permission_relation AS rp
                          ON r.id = rp.role_id
                LEFT JOIN sys_permission AS p
                          ON p.id = rp.permission_id
        WHERE u.id = #{userId}
    </select>

3.一些要用到的异常过滤器

登陆成功过滤器

在这个过滤器中实现一些登陆成功后的业务处理逻辑，我这里包括修改登录用户信息，保存登录缓存。

@Component
public class CustomizeAuthenticationSuccessHandler implements AuthenticationSuccessHandler {
    @Autowired
    SysUserMapper mapper;
    @Autowired
    RedisCache redisCache;
​
    @Override
    public void onAuthenticationSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException {
        //更新用户表上次登录时间、更新人、更新时间等字段
        LoginUser userDetails = (LoginUser) authentication.getPrincipal();
        SysUser sysUser = userDetails.getSysUser();
        sysUser.setLastLoginTime(new Date());
        mapper.update(sysUser,new QueryWrapper<SysUser>().eq(\"id\",sysUser.getId()));
​
        //登陆成功用户信息保存redis、登陆有效时长1小时
        String id = sysUser.getId();
        redisCache.setCacheObject(CacheConst.LOGIN_USER_KEY + id, userDetails, 60, TimeUnit.MINUTES);
        // 根据用户的id生成token并返回
        String jwtToken = JwtUtils.getJwtToken(id);
        Map<String,String> results = new HashMap<>();
        results.put(\"token\",jwtToken);
​
        //返回json数据
        JsonResult result = JsonResult.success(ResultCode.SUCCESS_login,results);
        //处理编码方式，防止中文乱码的情况
        httpServletResponse.setContentType(\"text/json;charset=utf-8\");
        // 把Json数据放入HttpServletResponse中返回给前台
        httpServletResponse.getWriter().write(JSON.toJSONString(result));
    }
}

登陆失败过滤器

​
@Component
public class CustomizeAuthenticationFailureHandler implements AuthenticationFailureHandler {
​
    @Override
    public void onAuthenticationFailure(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException e) throws IOException, ServletException {
        //返回json数据
        JsonResult result = null;
        if (e instanceof AccountExpiredException) {
            //账号过期
            result = JsonResult.fail(ResultCode.USER_ACCOUNT_EXPIRED);
        } else if (e instanceof BadCredentialsException) {
            //密码错误
            result = JsonResult.fail(ResultCode.USER_CREDENTIALS_ERROR);
        } else if (e instanceof CredentialsExpiredException) {
            //密码过期
            result = JsonResult.fail(ResultCode.USER_CREDENTIALS_EXPIRED);
        } else if (e instanceof DisabledException) {
            //账号不可用
            result = JsonResult.fail(ResultCode.USER_ACCOUNT_DISABLE);
        } else if (e instanceof LockedException) {
            //账号锁定
            result = JsonResult.fail(ResultCode.USER_ACCOUNT_LOCKED);
        } else if (e instanceof InternalAuthenticationServiceException) {
            //用户不存在
            result = JsonResult.fail(ResultCode.USER_ACCOUNT_NOT_EXIST);
        }else{
            //其他错误
            result = JsonResult.fail(ResultCode.COMMON_FAIL);
        }
        //处理编码方式，防止中文乱码的情况
        httpServletResponse.setContentType(\"text/json;charset=utf-8\");
        // 把Json数据放入到HttpServletResponse中返回给前台
        httpServletResponse.getWriter().write(JSON.toJSONString(result));
    }
}
​

未登录处理

@Component
public class CustomizeAuthenticationEntryPoint implements AuthenticationEntryPoint {
​
    // 返回的是Json数据
    @Override
    public void commence(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException e) throws IOException, ServletException {
        JsonResult result = JsonResult.fail(ResultCode.USER_NOT_LOGIN);
        httpServletResponse.setContentType(\"text/json;charset=utf-8\");
        httpServletResponse.getWriter().write(JSON.toJSONString(result));
    }
}

无权限处理

@Component
public class CustomizeAccessDeniedHandler implements AccessDeniedHandler {
    @Override
    public void handle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AccessDeniedException e) throws IOException, ServletException {
        JsonResult noPermission = JsonResult.fail(ResultCode.NO_PERMISSION);
        //处理编码方式，防止中文乱码的情况
        httpServletResponse.setContentType(\"text/json;charset=utf-8\");
        // 把Json数据放到HttpServletResponse中返回给前台
        httpServletResponse.getWriter().write(JSON.toJSONString(noPermission));
    }
}
​

登出处理

登出时做删除redis缓存操作

@Component
public class CustomizeLogoutSuccessHandler implements LogoutSuccessHandler {
    @Autowired
    RedisCache redisCache;
    @Override
    public void onLogoutSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException {
        //退出成功删除redis缓存
        LoginUser userDetails = (LoginUser) authentication.getPrincipal();
        redisCache.deleteObject(CacheConst.LOGIN_USER_KEY + userDetails.getSysUser().getId());
        JsonResult result = JsonResult.success(ResultCode.SUCCESS_logout);
        httpServletResponse.setContentType(\"text/json;charset=utf-8\");
        httpServletResponse.getWriter().write(JSON.toJSONString(result));
    }
}

4.核心配置类

自定义SecurityConfig继承WebSecurityConfigurerAdapter

重写configure方法对security进行核心配置

之前写的所有过滤器都要在这里配置进去。

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)  //此注解用于开启controller接口注解权限认证
public class SecurityConfig extends WebSecurityConfigurerAdapter {
​
    @Autowired
    private SecurityUserService securityUserService;
​
    @Autowired
    private AuthenticationEntryPoint authenticationEntryPoint;
​
    @Autowired
    private AuthenticationFailureHandler authenticationFailureHandler;
​
    @Autowired
    private LogoutSuccessHandler logoutSuccessHandler;
​
    @Autowired
    private AuthenticationSuccessHandler authenticationSuccessHandler;
​
    @Autowired
    private CustomizeAccessDeniedHandler customizeAccessDeniedHandler;
​
    @Autowired
    private JwtAuthenticationTokenFilter jwtAuthenticationTokenFilter;
​
    /**
     * 对请求进行鉴权的配置
     *
     * @param http
     * @throws Exception
     */
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        //关闭cors
        http.cors()
                .and().csrf().disable();
​
        /**
         * anyRequest          |   匹配所有请求路径
         * access              |   SpringEl表达式结果为true时可以访问
         * anonymous           |   匿名可以访问
         * denyAll             |   用户不能访问
         * fullyAuthenticated  |   用户完全认证可以访问（非remember-me下自动登录）
         * hasAnyAuthority     |   如果有参数，参数表示权限，则其中任何一个权限可以访问
         * hasAnyRole          |   如果有参数，参数表示角色，则其中任何一个角色可以访问
         * hasAuthority        |   如果有参数，参数表示权限，则其权限可以访问
         * hasIpAddress        |   如果有参数，参数表示IP地址，如果用户IP和参数匹配，则可以访问
         * hasRole             |   如果有参数，参数表示角色，则其角色可以访问
         * permitAll           |   用户可以任意访问
         * rememberMe          |   允许通过remember-me登录的用户访问
         * authenticated       |   用户登录后可访问
         */
        http.authorizeRequests()    
                .antMatchers(\"/sysUser/signUp\").permitAll()  //这是测试代码。。注册用户
                .anyRequest().authenticated()
            .and()
                .exceptionHandling()
                .authenticationEntryPoint(authenticationEntryPoint)
                .accessDeniedHandler(customizeAccessDeniedHandler)
            .and()
                .formLogin()  // 登录
                .permitAll()  //允许所有用户
                .successHandler(authenticationSuccessHandler)  //登录成功处理逻辑
                .failureHandler(authenticationFailureHandler)  //登录失败处理逻辑
            .and()
                .logout()      // 退出
                .permitAll()   //允许所有用户
                .logoutSuccessHandler(logoutSuccessHandler)  //退出成功处理逻辑
                .deleteCookies(\"JSESSIONID\")   //登出之后删除cookie
            .and()
                // 不通过session保存securityContext
                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
​
        http.addFilterBefore(jwtAuthenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);
        http.addFilterBefore(jwtAuthenticationTokenFilter, LogoutFilter.class);
        http.headers().cacheControl();
    }
​
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(securityUserService);
    }
​
    /**
     * 默认开启密码加密，前端传入的密码Security会在加密后和数据库中的密文进行比对，一致的话就登录成功
     * 所以必须提供一个加密对象，供security加密前端明文密码使用
     * @return
     */
    @Bean
    PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }
​
    @Bean
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }
}
​

四.测试接口

@RestController
@RequestMapping(\"/sysUser\")
public class SysUserController {
​
    @Autowired
    SysUserServiceImpl sysUserService;
​
    @Autowired
    PasswordEncoder passwordEncoder;
​
    @RequestMapping(\"getUser\")
    @PreAuthorize(\"hasAuthority(\'sys:user:list\')\")
    public JsonResult list(){
        List<SysUser> list = sysUserService.list();
        return new JsonResult(true, list);
    }
​
​
    @RequestMapping(\"deleteUser\")
    @PreAuthorize(\"hasAuthority(\'sys:user:delete\')\")
    public JsonResult deleteUser(){
        List<SysUser> list = sysUserService.list();
        return new JsonResult(true, list);
    }
​
​
    @RequestMapping(\"signUp\")
    public JsonResult signUp(SysUser sysUser){
        String password = passwordEncoder.encode(sysUser.getPassword());
        sysUser.setPassword(password);
        sysUserService.save(sysUser);
        return new JsonResult(true, sysUser);
    }
​
    @GetMapping(\"onlineUser\")
    @PreAuthorize(\"hasAuthority(\'sys:user:online\')\")
    public JsonResult onlineUser(){
        List<SysUser> userList = sysUserService.onlineUser();
        if (userList == null){
            JsonResult.success(\"当前无登录用户\");
        }
        return JsonResult.success(userList);
    }
​
}
​

    @Override
    public List<SysUser> onlineUser() {
        //获取redis所有在线用户key值、
        Set<String> keys = (Set<String>) redisCache.keys(\"*\" + CacheConst.LOGIN_USER_KEY + \"*\");
        if (keys == null){
            return null;
        }
        List<SysUser> userList = new ArrayList<>();
        keys.stream().forEach( key -> {
            LoginUser loginUser = redisCache.getCacheObject(key);
            userList.add(loginUser.getSysUser());
        });
        return userList;
    }

来源：https://www.cnblogs.com/oeds/p/16317785.html
本站部分图文来源于网络，如有侵权请联系删除。