mall整合SpringSecurity和JWT實現認證和受權(二)
摘要
接上一篇,controller和service層的代碼實現及登陸受權流程演示。html
登陸註冊功能實現
添加UmsAdminController類
實現了後臺用戶登陸、註冊及獲取權限的接口java
package com.macro.mall.tiny.controller;
import com.macro.mall.tiny.common.api.CommonResult;
import com.macro.mall.tiny.dto.UmsAdminLoginParam;
import com.macro.mall.tiny.mbg.model.UmsAdmin;
import com.macro.mall.tiny.mbg.model.UmsPermission;
import com.macro.mall.tiny.service.UmsAdminService;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Controller;
import org.springframework.validation.BindingResult;
import org.springframework.web.bind.annotation.*;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
/** * 後臺用戶管理 * Created by macro on 2018/4/26. */
@Controller
@Api(tags = "UmsAdminController", description = "後臺用戶管理")
@RequestMapping("/admin")
public class UmsAdminController {
@Autowired
private UmsAdminService adminService;
@Value("${jwt.tokenHeader}")
private String tokenHeader;
@Value("${jwt.tokenHead}")
private String tokenHead;
@ApiOperation(value = "用戶註冊")
@RequestMapping(value = "/register", method = RequestMethod.POST)
@ResponseBody
public CommonResult<UmsAdmin> register(@RequestBody UmsAdmin umsAdminParam, BindingResult result) {
UmsAdmin umsAdmin = adminService.register(umsAdminParam);
if (umsAdmin == null) {
CommonResult.failed();
}
return CommonResult.success(umsAdmin);
}
@ApiOperation(value = "登陸之後返回token")
@RequestMapping(value = "/login", method = RequestMethod.POST)
@ResponseBody
public CommonResult login(@RequestBody UmsAdminLoginParam umsAdminLoginParam, BindingResult result) {
String token = adminService.login(umsAdminLoginParam.getUsername(), umsAdminLoginParam.getPassword());
if (token == null) {
return CommonResult.validateFailed("用戶名或密碼錯誤");
}
Map<String, String> tokenMap = new HashMap<>();
tokenMap.put("token", token);
tokenMap.put("tokenHead", tokenHead);
return CommonResult.success(tokenMap);
}
@ApiOperation("獲取用戶全部權限(包括+-權限)")
@RequestMapping(value = "/permission/{adminId}", method = RequestMethod.GET)
@ResponseBody
public CommonResult<List<UmsPermission>> getPermissionList(@PathVariable Long adminId) {
List<UmsPermission> permissionList = adminService.getPermissionList(adminId);
return CommonResult.success(permissionList);
}
}
複製代碼
添加UmsAdminService接口
package com.macro.mall.tiny.service;
import com.macro.mall.tiny.mbg.model.UmsAdmin;
import com.macro.mall.tiny.mbg.model.UmsPermission;
import java.util.List;
/** * 後臺管理員Service * Created by macro on 2018/4/26. */
public interface UmsAdminService {
/** * 根據用戶名獲取後臺管理員 */
UmsAdmin getAdminByUsername(String username);
/** * 註冊功能 */
UmsAdmin register(UmsAdmin umsAdminParam);
/** * 登陸功能 * @param username 用戶名 * @param password 密碼 * @return 生成的JWT的token */
String login(String username, String password);
/** * 獲取用戶全部權限(包括角色權限和+-權限) */
List<UmsPermission> getPermissionList(Long adminId);
}
複製代碼
添加UmsAdminServiceImpl類
package com.macro.mall.tiny.service.impl;
import com.macro.mall.tiny.common.utils.JwtTokenUtil;
import com.macro.mall.tiny.dao.UmsAdminRoleRelationDao;
import com.macro.mall.tiny.dto.UmsAdminLoginParam;
import com.macro.mall.tiny.mbg.mapper.UmsAdminMapper;
import com.macro.mall.tiny.mbg.model.UmsAdmin;
import com.macro.mall.tiny.mbg.model.UmsAdminExample;
import com.macro.mall.tiny.mbg.model.UmsPermission;
import com.macro.mall.tiny.service.UmsAdminService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.BeanUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Service;
import java.util.Date;
import java.util.List;
/** * UmsAdminService實現類 * Created by macro on 2018/4/26. */
@Service
public class UmsAdminServiceImpl implements UmsAdminService {
private static final Logger LOGGER = LoggerFactory.getLogger(UmsAdminServiceImpl.class);
@Autowired
private UserDetailsService userDetailsService;
@Autowired
private JwtTokenUtil jwtTokenUtil;
@Autowired
private PasswordEncoder passwordEncoder;
@Value("${jwt.tokenHead}")
private String tokenHead;
@Autowired
private UmsAdminMapper adminMapper;
@Autowired
private UmsAdminRoleRelationDao adminRoleRelationDao;
@Override
public UmsAdmin getAdminByUsername(String username) {
UmsAdminExample example = new UmsAdminExample();
example.createCriteria().andUsernameEqualTo(username);
List<UmsAdmin> adminList = adminMapper.selectByExample(example);
if (adminList != null && adminList.size() > 0) {
return adminList.get(0);
}
return null;
}
@Override
public UmsAdmin register(UmsAdmin umsAdminParam) {
UmsAdmin umsAdmin = new UmsAdmin();
BeanUtils.copyProperties(umsAdminParam, umsAdmin);
umsAdmin.setCreateTime(new Date());
umsAdmin.setStatus(1);
//查詢是否有相同用戶名的用戶
UmsAdminExample example = new UmsAdminExample();
example.createCriteria().andUsernameEqualTo(umsAdmin.getUsername());
List<UmsAdmin> umsAdminList = adminMapper.selectByExample(example);
if (umsAdminList.size() > 0) {
return null;
}
//將密碼進行加密操做
String encodePassword = passwordEncoder.encode(umsAdmin.getPassword());
umsAdmin.setPassword(encodePassword);
adminMapper.insert(umsAdmin);
return umsAdmin;
}
@Override
public String login(String username, String password) {
String token = null;
try {
UserDetails userDetails = userDetailsService.loadUserByUsername(username);
if (!passwordEncoder.matches(password, userDetails.getPassword())) {
throw new BadCredentialsException("密碼不正確");
}
UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
SecurityContextHolder.getContext().setAuthentication(authentication);
token = jwtTokenUtil.generateToken(userDetails);
} catch (AuthenticationException e) {
LOGGER.warn("登陸異常:{}", e.getMessage());
}
return token;
}
@Override
public List<UmsPermission> getPermissionList(Long adminId) {
return adminRoleRelationDao.getPermissionList(adminId);
}
}
複製代碼
修改Swagger的配置
經過修改配置實現調用接口自帶Authorization頭,這樣就能夠訪問須要登陸的接口了。git
package com.macro.mall.tiny.config;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import springfox.documentation.builders.ApiInfoBuilder;
import springfox.documentation.builders.PathSelectors;
import springfox.documentation.builders.RequestHandlerSelectors;
import springfox.documentation.service.ApiInfo;
import springfox.documentation.service.ApiKey;
import springfox.documentation.service.AuthorizationScope;
import springfox.documentation.service.SecurityReference;
import springfox.documentation.spi.DocumentationType;
import springfox.documentation.spi.service.contexts.SecurityContext;
import springfox.documentation.spring.web.plugins.Docket;
import springfox.documentation.swagger2.annotations.EnableSwagger2;
import java.util.ArrayList;
import java.util.List;
/** * Swagger2API文檔的配置 */
@Configuration
@EnableSwagger2
public class Swagger2Config {
@Bean
public Docket createRestApi(){
return new Docket(DocumentationType.SWAGGER_2)
.apiInfo(apiInfo())
.select()
//爲當前包下controller生成API文檔
.apis(RequestHandlerSelectors.basePackage("com.macro.mall.tiny.controller"))
.paths(PathSelectors.any())
.build()
//添加登陸認證
.securitySchemes(securitySchemes())
.securityContexts(securityContexts());
}
private ApiInfo apiInfo() {
return new ApiInfoBuilder()
.title("SwaggerUI演示")
.description("mall-tiny")
.contact("macro")
.version("1.0")
.build();
}
private List<ApiKey> securitySchemes() {
//設置請求頭信息
List<ApiKey> result = new ArrayList<>();
ApiKey apiKey = new ApiKey("Authorization", "Authorization", "header");
result.add(apiKey);
return result;
}
private List<SecurityContext> securityContexts() {
//設置須要登陸認證的路徑
List<SecurityContext> result = new ArrayList<>();
result.add(getContextByPath("/brand/.*"));
return result;
}
private SecurityContext getContextByPath(String pathRegex){
return SecurityContext.builder()
.securityReferences(defaultAuth())
.forPaths(PathSelectors.regex(pathRegex))
.build();
}
private List<SecurityReference> defaultAuth() {
List<SecurityReference> result = new ArrayList<>();
AuthorizationScope authorizationScope = new AuthorizationScope("global", "accessEverything");
AuthorizationScope[] authorizationScopes = new AuthorizationScope[1];
authorizationScopes[0] = authorizationScope;
result.add(new SecurityReference("Authorization", authorizationScopes));
return result;
}
}
複製代碼
給PmsBrandController接口中的方法添加訪問權限
- 給查詢接口添加pms:brand:read權限
- 給修改接口添加pms:brand:update權限
- 給刪除接口添加pms:brand:delete權限
- 給添加接口添加pms:brand:create權限
例子:github
@PreAuthorize("hasAuthority('pms:brand:read')")
public CommonResult<List<PmsBrand>> getBrandList() {
return CommonResult.success(brandService.listAllBrand());
}
複製代碼
認證與受權流程演示
運行項目,訪問API
Swagger api地址:http://localhost:8080/swagger-ui.htmlweb
未登陸前訪問接口
登陸後訪問接口
- 進行登陸操做:登陸賬號test 123456
- 點擊Authorize按鈕,在彈框中輸入登陸接口中獲取到的token信息
- 登陸後訪問獲取權限列表接口,發現已經能夠正常訪問
訪問須要權限的接口
因爲test賬號並無設置任何權限,因此他沒法訪問具備pms:brand:read權限的獲取品牌列表接口。spring
改用其餘有權限的賬號登陸
改用admin 123456登陸後訪問,點擊Authorize按鈕打開彈框,點擊logout登出後再從新輸入新token。api
項目源碼地址
公衆號
mall項目全套學習教程連載中,關注公衆號第一時間獲取。ide
相關文章
- 1. mall整合SpringSecurity和JWT實現認證和受權(二)
- 2. mall整合SpringSecurity和JWT實現認證和受權(一)
- 3. SpringSecurity和JWT實現認證和受權
- 4. GitHub開源項目學習 電商系統Mall (四) mall整合SpringSecurity和JWT實現認證和受權(一)
- 5. 利用SpringSecurity和JWT實現mymes認證和受權(二)
- 6. SpringBoot+SpringSecurity和JWT實現認證和受權
- 7. SpringBoot整合SpringSecurity實現JWT認證
- 8. SpringBoot2.0整合SpringSecurity實現WEB JWT認證
- 9. JWT實現受權認證
- 10. SpringSecurity 整合SpringBoot結合jwt與rsa實現分佈式認證受權
- 更多相關文章...
- • Hibernate整合EHCache實現二級緩存 - Hibernate教程
- • MyBatis與Spring的整合實例 - MyBatis教程
- • TiDB 在摩拜單車在線數據業務的應用和實踐
- • ☆基於Java Instrument的Agent實現
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
歡迎關注本站公眾號,獲取更多信息
相關文章
- 1. mall整合SpringSecurity和JWT實現認證和受權(二)
- 2. mall整合SpringSecurity和JWT實現認證和受權(一)
- 3. SpringSecurity和JWT實現認證和受權
- 4. GitHub開源項目學習 電商系統Mall (四) mall整合SpringSecurity和JWT實現認證和受權(一)
- 5. 利用SpringSecurity和JWT實現mymes認證和受權(二)
- 6. SpringBoot+SpringSecurity和JWT實現認證和受權
- 7. SpringBoot整合SpringSecurity實現JWT認證
- 8. SpringBoot2.0整合SpringSecurity實現WEB JWT認證
- 9. JWT實現受權認證
- 10. SpringSecurity 整合SpringBoot結合jwt與rsa實現分佈式認證受權