mall整合SpringSecurity和JWT實現認證和受權（二）

接上一篇，controller和service層的代碼實現及登陸受權流程演示。

登陸註冊功能實現

添加UmsAdminController類

實現了後臺用戶登陸、註冊及獲取權限的接口

1. package com.macro.mall.tiny.controller;

2. 
   

3. import com.macro.mall.tiny.common.api.CommonResult;

4. import com.macro.mall.tiny.dto.UmsAdminLoginParam;

5. import com.macro.mall.tiny.mbg.model.UmsAdmin;

6. import com.macro.mall.tiny.mbg.model.UmsPermission;

7. import com.macro.mall.tiny.service.UmsAdminService;

8. import io.swagger.annotations.Api;

9. import io.swagger.annotations.ApiOperation;

10. import org.springframework.beans.factory.annotation.Autowired;

11. import org.springframework.beans.factory.annotation.Value;

12. import org.springframework.stereotype.Controller;

13. import org.springframework.validation.BindingResult;

14. import org.springframework.web.bind.annotation.*;

15. 
    

16. import java.util.HashMap;

17. import java.util.List;

18. import java.util.Map;

19. 
    

20. /**

21. * 後臺用戶管理

22. * Created by macro on 2018/4/26.

23. */

24. @Controller

25. @Api(tags = "UmsAdminController", description = "後臺用戶管理")

26. @RequestMapping("/admin")

27. public class UmsAdminController {

28.    @Autowired

29.    private UmsAdminService adminService;

30.    @Value("${jwt.tokenHeader}")

31.    private String tokenHeader;

32.    @Value("${jwt.tokenHead}")

33.    private String tokenHead;

34. 
    

35.    @ApiOperation(value = "用戶註冊")

36.    @RequestMapping(value = "/register", method = RequestMethod.POST)

37.    @ResponseBody

38.    public CommonResult<UmsAdmin> register(@RequestBody UmsAdmin umsAdminParam, BindingResult result) {

39.        UmsAdmin umsAdmin = adminService.register(umsAdminParam);

40.        if (umsAdmin == null) {

41.            CommonResult.failed();

42.        }

43.        return CommonResult.success(umsAdmin);

44.    }

45. 
    

46.    @ApiOperation(value = "登陸之後返回token")

47.    @RequestMapping(value = "/login", method = RequestMethod.POST)

48.    @ResponseBody

49.    public CommonResult login(@RequestBody UmsAdminLoginParam umsAdminLoginParam, BindingResult result) {

50.        String token = adminService.login(umsAdminLoginParam.getUsername(), umsAdminLoginParam.getPassword());

51.        if (token == null) {

52.            return CommonResult.validateFailed("用戶名或密碼錯誤");

53.        }

54.        Map<String, String> tokenMap = new HashMap<>();

55.        tokenMap.put("token", token);

56.        tokenMap.put("tokenHead", tokenHead);

57.        return CommonResult.success(tokenMap);

58.    }

59. 
    

60.    @ApiOperation("獲取用戶全部權限（包括+-權限）")

61.    @RequestMapping(value = "/permission/{adminId}", method = RequestMethod.GET)

62.    @ResponseBody

63.    public CommonResult<List<UmsPermission>> getPermissionList(@PathVariable Long adminId) {

64.        List<UmsPermission> permissionList = adminService.getPermissionList(adminId);

65.        return CommonResult.success(permissionList);

66.    }

67. }

添加UmsAdminService接口

1. package com.macro.mall.tiny.service;

2. 
   

3. import com.macro.mall.tiny.mbg.model.UmsAdmin;

4. import com.macro.mall.tiny.mbg.model.UmsPermission;

5. 
   

6. import java.util.List;

7. 
   

8. /**

9. * 後臺管理員Service

10. * Created by macro on 2018/4/26.

11. */

12. public interface UmsAdminService {

13.    /**

14.     * 根據用戶名獲取後臺管理員

15.     */

16.    UmsAdmin getAdminByUsername(String username);

17. 
    

18.    /**

19.     * 註冊功能

20.     */

21.    UmsAdmin register(UmsAdmin umsAdminParam);

22. 
    

23.    /**

24.     * 登陸功能

25.     * @param username 用戶名

26.     * @param password 密碼

27.     * @return 生成的JWT的token

28.     */

29.    String login(String username, String password);

30. 
    

31.    /**

32.     * 獲取用戶全部權限（包括角色權限和+-權限）

33.     */

34.    List<UmsPermission> getPermissionList(Long adminId);

35. }

添加UmsAdminServiceImpl類

1. package com.macro.mall.tiny.service.impl;

2. 
   

3. import com.macro.mall.tiny.common.utils.JwtTokenUtil;

4. import com.macro.mall.tiny.dao.UmsAdminRoleRelationDao;

5. import com.macro.mall.tiny.dto.UmsAdminLoginParam;

6. import com.macro.mall.tiny.mbg.mapper.UmsAdminMapper;

7. import com.macro.mall.tiny.mbg.model.UmsAdmin;

8. import com.macro.mall.tiny.mbg.model.UmsAdminExample;

9. import com.macro.mall.tiny.mbg.model.UmsPermission;

10. import com.macro.mall.tiny.service.UmsAdminService;

11. import org.slf4j.Logger;

12. import org.slf4j.LoggerFactory;

13. import org.springframework.beans.BeanUtils;

14. import org.springframework.beans.factory.annotation.Autowired;

15. import org.springframework.beans.factory.annotation.Value;

16. import org.springframework.security.authentication.AuthenticationManager;

17. import org.springframework.security.authentication.BadCredentialsException;

18. import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;

19. import org.springframework.security.core.AuthenticationException;

20. import org.springframework.security.core.context.SecurityContextHolder;

21. import org.springframework.security.core.userdetails.UserDetails;

22. import org.springframework.security.core.userdetails.UserDetailsService;

23. import org.springframework.security.crypto.password.PasswordEncoder;

24. import org.springframework.stereotype.Service;

25. 
    

26. import java.util.Date;

27. import java.util.List;

28. 
    

29. /**

30. * UmsAdminService實現類

31. * Created by macro on 2018/4/26.

32. */

33. @Service

34. public class UmsAdminServiceImpl implements UmsAdminService {

35.    private static final Logger LOGGER = LoggerFactory.getLogger(UmsAdminServiceImpl.class);

36.    @Autowired

37.    private UserDetailsService userDetailsService;

38.    @Autowired

39.    private JwtTokenUtil jwtTokenUtil;

40.    @Autowired

41.    private PasswordEncoder passwordEncoder;

42.    @Value("${jwt.tokenHead}")

43.    private String tokenHead;

44.    @Autowired

45.    private UmsAdminMapper adminMapper;

46.    @Autowired

47.    private UmsAdminRoleRelationDao adminRoleRelationDao;

48. 
    

49.    @Override

50.    public UmsAdmin getAdminByUsername(String username) {

51.        UmsAdminExample example = new UmsAdminExample();

52.        example.createCriteria().andUsernameEqualTo(username);

53.        List<UmsAdmin> adminList = adminMapper.selectByExample(example);

54.        if (adminList != null && adminList.size() > 0) {

55.            return adminList.get(0);

56.        }

57.        return null;

58.    }

59. 
    

60.    @Override

61.    public UmsAdmin register(UmsAdmin umsAdminParam) {

62.        UmsAdmin umsAdmin = new UmsAdmin();

63.        BeanUtils.copyProperties(umsAdminParam, umsAdmin);

64.        umsAdmin.setCreateTime(new Date());

65.        umsAdmin.setStatus(1);

66.        //查詢是否有相同用戶名的用戶

67.        UmsAdminExample example = new UmsAdminExample();

68.        example.createCriteria().andUsernameEqualTo(umsAdmin.getUsername());

69.        List<UmsAdmin> umsAdminList = adminMapper.selectByExample(example);

70.        if (umsAdminList.size() > 0) {

71.            return null;

72.        }

73.        //將密碼進行加密操做

74.        String encodePassword = passwordEncoder.encode(umsAdmin.getPassword());

75.        umsAdmin.setPassword(encodePassword);

76.        adminMapper.insert(umsAdmin);

77.        return umsAdmin;

78.    }

79. 
    

80.    @Override

81.    public String login(String username, String password) {

82.        String token = null;

83.        try {

84.            UserDetails userDetails = userDetailsService.loadUserByUsername(username);

85.            if (!passwordEncoder.matches(password, userDetails.getPassword())) {

86.                throw new BadCredentialsException("密碼不正確");

87.            }

88.            UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());

89.            SecurityContextHolder.getContext().setAuthentication(authentication);

90.            token = jwtTokenUtil.generateToken(userDetails);

91.        } catch (AuthenticationException e) {

92.            LOGGER.warn("登陸異常:{}", e.getMessage());

93.        }

94.        return token;

95.    }

96. 
    

97. 
    

98.    @Override

99.    public List<UmsPermission> getPermissionList(Long adminId) {

100.        return adminRoleRelationDao.getPermissionList(adminId);

101.    }

102. }

修改Swagger的配置

經過修改配置實現調用接口自帶Authorization頭，這樣就能夠訪問須要登陸的接口了。

1. package com.macro.mall.tiny.config;

2. 
   

3. import org.springframework.context.annotation.Bean;

4. import org.springframework.context.annotation.Configuration;

5. import springfox.documentation.builders.ApiInfoBuilder;

6. import springfox.documentation.builders.PathSelectors;

7. import springfox.documentation.builders.RequestHandlerSelectors;

8. import springfox.documentation.service.ApiInfo;

9. import springfox.documentation.service.ApiKey;

10. import springfox.documentation.service.AuthorizationScope;

11. import springfox.documentation.service.SecurityReference;

12. import springfox.documentation.spi.DocumentationType;

13. import springfox.documentation.spi.service.contexts.SecurityContext;

14. import springfox.documentation.spring.web.plugins.Docket;

15. import springfox.documentation.swagger2.annotations.EnableSwagger2;

16. 
    

17. import java.util.ArrayList;

18. import java.util.List;

19. 
    

20. /**

21. * Swagger2API文檔的配置

22. */

23. @Configuration

24. @EnableSwagger2

25. public class Swagger2Config {

26.    @Bean

27.    public Docket createRestApi(){

28.        return new Docket(DocumentationType.SWAGGER_2)

29.                .apiInfo(apiInfo())

30.                .select()

31.                //爲當前包下controller生成API文檔

32.                .apis(RequestHandlerSelectors.basePackage("com.macro.mall.tiny.controller"))

33.                .paths(PathSelectors.any())

34.                .build()

35.                //添加登陸認證

36.                .securitySchemes(securitySchemes())

37.                .securityContexts(securityContexts());

38.    }

39. 
    

40.    private ApiInfo apiInfo() {

41.        return new ApiInfoBuilder()

42.                .title("SwaggerUI演示")

43.                .description("mall-tiny")

44.                .contact("macro")

45.                .version("1.0")

46.                .build();

47.    }

48. 
    

49.    private List<ApiKey> securitySchemes() {

50.        //設置請求頭信息

51.        List<ApiKey> result = new ArrayList<>();

52.        ApiKey apiKey = new ApiKey("Authorization", "Authorization", "header");

53.        result.add(apiKey);

54.        return result;

55.    }

56. 
    

57.    private List<SecurityContext> securityContexts() {

58.        //設置須要登陸認證的路徑

59.        List<SecurityContext> result = new ArrayList<>();

60.        result.add(getContextByPath("/brand/.*"));

61.        return result;

62.    }

63. 
    

64.    private SecurityContext getContextByPath(String pathRegex){

65.        return SecurityContext.builder()

66.                .securityReferences(defaultAuth())

67.                .forPaths(PathSelectors.regex(pathRegex))

68.                .build();

69.    }

70. 
    

71.    private List<SecurityReference> defaultAuth() {

72.        List<SecurityReference> result = new ArrayList<>();

73.        AuthorizationScope authorizationScope = new AuthorizationScope("global", "accessEverything");

74.        AuthorizationScope[] authorizationScopes = new AuthorizationScope[1];

75.        authorizationScopes[0] = authorizationScope;

76.        result.add(new SecurityReference("Authorization", authorizationScopes));

77.        return result;

78.    }

79. }

給PmsBrandController接口中的方法添加訪問權限

• 給查詢接口添加pms:brand:read權限

• 給修改接口添加pms:brand:update權限

• 給刪除接口添加pms:brand:delete權限

• 給添加接口添加pms:brand:create權限

例子：

@PreAuthorize("hasAuthority('pms:brand:read')")public CommonResult<List<PmsBrand>> getBrandList() {    return CommonResult.success(brandService.listAllBrand());}

認證與受權流程演示

運行項目，訪問API

Swagger api地址：http://localhost:8080/swagger-ui.html

未登陸前訪問接口

登陸後訪問接口

• 進行登陸操做：登陸賬號test 123456

• 點擊Authorize按鈕，在彈框中輸入登陸接口中獲取到的token信息

• 登陸後訪問獲取權限列表接口，發現已經能夠正常訪問

訪問須要權限的接口

因爲test賬號並無設置任何權限，因此他沒法訪問具備pms:brand:read權限的獲取品牌列表接口。

改用其餘有權限的賬號登陸

改用admin 123456登陸後訪問，點擊Authorize按鈕打開彈框,點擊logout登出後再從新輸入新token。