springboot整合springSercurity登入逻辑退出逻辑代码以及认证授权代码代码
时间: 2023-06-18 13:08:12 浏览: 47
1. 登录逻辑代码:
```
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private CustomUserDetailsService userDetailsService;
@Autowired
private JwtAuthenticationEntryPoint unauthorizedHandler;
@Bean
public JwtAuthenticationFilter authenticationTokenFilterBean() throws Exception {
return new JwtAuthenticationFilter();
}
@Override
public void configure(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
authenticationManagerBuilder
.userDetailsService(userDetailsService)
.passwordEncoder(passwordEncoder());
}
@Bean(BeanIds.AUTHENTICATION_MANAGER)
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.cors()
.and()
.csrf()
.disable()
.exceptionHandling()
.authenticationEntryPoint(unauthorizedHandler)
.and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests()
.antMatchers("/api/auth/**")
.permitAll()
.anyRequest()
.authenticated();
// 添加JWT filter
http.addFilterBefore(authenticationTokenFilterBean(), UsernamePasswordAuthenticationFilter.class);
}
}
```
2. 认证授权代码:
```
@Service
public class CustomUserDetailsService implements UserDetailsService {
@Autowired
private UserRepository userRepository;
@Override
@Transactional
public UserDetails loadUserByUsername(String usernameOrEmail)
throws UsernameNotFoundException {
// 查找用户
User user = userRepository.findByUsernameOrEmail(usernameOrEmail, usernameOrEmail)
.orElseThrow(() ->
new UsernameNotFoundException("User not found with username or email : " + usernameOrEmail)
);
// 返回用户详情
return UserPrincipal.create(user);
}
@Transactional
public UserDetails loadUserById(Long id) {
// 查找用户
User user = userRepository.findById(id).orElseThrow(
() -> new ResourceNotFoundException("User", "id", id)
);
// 返回用户详情
return UserPrincipal.create(user);
}
}
```
3. 退出逻辑代码:
```
@RestController
@RequestMapping("/api/auth")
public class AuthController {
@Autowired
private JwtTokenProvider tokenProvider;
@Autowired
private HttpServletRequest request;
@PostMapping("/logout")
public ResponseEntity<?> logout() {
// 清除本地的认证信息
SecurityContextHolder.getContext().setAuthentication(null);
// 获取JWT token
String jwt = getJwtFromRequest(request);
// 验证并删除JWT token
if (StringUtils.hasText(jwt) && tokenProvider.validateToken(jwt)) {
tokenProvider.deleteToken(jwt);
}
// 返回成功信息
return ResponseEntity.ok(new ApiResponse(true, "You have been successfully logged out."));
}
private String getJwtFromRequest(HttpServletRequest request) {
String bearerToken = request.getHeader("Authorization");
if (StringUtils.hasText(bearerToken) && bearerToken.startsWith("Bearer ")) {
return bearerToken.substring(7, bearerToken.length());
}
return null;
}
}
```