mall-portal登录改用jwt

287276c2 · macro · cfaadb20 · 287276c2 · 287276c2 · cfaadb20
Commit 287276c2 authored Nov 10, 2019 by macro
--- a/mall-portal/pom.xml
+++ b/mall-portal/pom.xml
@@ -30,8 +30,8 @@
            <artifactId>mall-mbg</artifactId>
        </dependency>
        <dependency>
-            <groupId>org.springframework.boot</groupId>
-            <artifactId>spring-boot-starter-security</artifactId>
+            <groupId>com.macro.mall</groupId>
+            <artifactId>mall-security</artifactId>
        </dependency>
        <!--mongodb依赖配置-->
        <dependency>

--- a/mall-portal/src/main/java/com/macro/mall/portal/config/MallSecurityConfig.java
+++ b/mall-portal/src/main/java/com/macro/mall/portal/config/MallSecurityConfig.java
+package com.macro.mall.portal.config;
+
+import com.macro.mall.portal.service.UmsMemberService;
+import com.macro.mall.security.config.SecurityConfig;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.core.userdetails.UserDetailsService;
+
+/**
+ * mall-security模块相关配置
+ * Created by macro on 2019/11/5.
+ */
+@Configuration
+@EnableWebSecurity
+@EnableGlobalMethodSecurity(prePostEnabled=true)
+public class MallSecurityConfig extends SecurityConfig {
+
+    @Autowired
+    private UmsMemberService memberService;
+
+    @Bean
+    public UserDetailsService userDetailsService() {
+        //获取登录用户信息
+        return username -> memberService.loadUserByUsername(username);
+    }
+}
--- a/mall-portal/src/main/java/com/macro/mall/portal/config/SecurityConfig.java
+++ b/mall-portal/src/main/java/com/macro/mall/portal/config/SecurityConfig.java
-package com.macro.mall.portal.config;
-
-import com.macro.mall.model.UmsMember;
-import com.macro.mall.portal.component.*;
-import com.macro.mall.portal.domain.MemberDetails;
-import com.macro.mall.portal.service.UmsMemberService;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.http.HttpMethod;
-import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
-import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
-import org.springframework.security.core.userdetails.UserDetails;
-import org.springframework.security.core.userdetails.UserDetailsService;
-import org.springframework.security.core.userdetails.UsernameNotFoundException;
-import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
-import org.springframework.security.crypto.password.PasswordEncoder;
-
-/**
- * SpringSecurity的配置
- * Created by macro on 2018/8/3.
- */
-@Configuration
-@EnableWebSecurity
-public class SecurityConfig extends WebSecurityConfigurerAdapter {
-    @Autowired
-    private UmsMemberService memberService;
-    @Override
-    protected void configure(HttpSecurity http) throws Exception {
-        http.authorizeRequests()
-                .antMatchers(HttpMethod.GET, // 允许对于网站静态资源的无授权访问
-                        "/",
-                        "/*.html",
-                        "/favicon.ico",
-                        "/**/*.html",
-                        "/**/*.css",
-                        "/**/*.js",
-                        "/swagger-resources/**",
-                        "/v2/api-docs/**",
-                        "/webjars/springfox-swagger-ui/**"
-                )
-                .permitAll()
-                .antMatchers(HttpMethod.OPTIONS)//跨域请求会先进行一次options请求
-                .permitAll()
-                .antMatchers(
-                        "/sso/*",//登录注册
-                        "/home/**"//首页接口
-                )
-                .permitAll()
-                .antMatchers("/member/**","/returnApply/**")// 测试时开启
-                .permitAll()
-                .anyRequest()// 除上面外的所有请求全部需要鉴权认证
-                .authenticated()
-                .and()
-                .exceptionHandling()
-                .accessDeniedHandler(new GoAccessDeniedHandler())
-                .authenticationEntryPoint(new GoAuthenticationEntryPoint())
-                .and()
-                .formLogin()
-                .loginPage("/sso/login")
-                .successHandler(new GoAuthenticationSuccessHandler())
-                .failureHandler(new GoAuthenticationFailureHandler())
-                .and()
-                .logout()
-                .logoutUrl("/sso/logout")
-                .logoutSuccessHandler(new GoLogoutSuccessHandler())
-                .invalidateHttpSession(true)
-                .deleteCookies("JSESSIONID")
-//                .and()
-//                .requiresChannel()
-//                .antMatchers("/sso/*")
-//                .requiresSecure()
-//                .anyRequest()
-//                .requiresInsecure()
-//                .and()
-//                .rememberMe()
-//                .tokenValiditySeconds(1800)
-//                .key("token_key")
-                .and()
-                .csrf()
-                .disable();//开启basic认证登录后可以调用需要认证的接口
-    }
-
-    @Override
-    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
-        auth.userDetailsService(userDetailsService())
-                .passwordEncoder(passwordEncoder());
-    }
-
-    @Bean
-    public PasswordEncoder passwordEncoder() {
-        return new BCryptPasswordEncoder();
-    }
-
-    @Bean
-    public UserDetailsService userDetailsService() {
-        //获取登录用户信息
-        return new UserDetailsService() {
-            @Override
-            public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
-                UmsMember member = memberService.getByUsername(username);
-                if(member!=null){
-                    return new MemberDetails(member);
-                }
-                throw new UsernameNotFoundException("用户名或密码错误");
-            }
-        };
-    }
-}
--- a/mall-portal/src/main/java/com/macro/mall/portal/service/UmsMemberService.java
+++ b/mall-portal/src/main/java/com/macro/mall/portal/service/UmsMemberService.java
@@ -2,6 +2,7 @@ package com.macro.mall.portal.service;

 import com.macro.mall.common.api.CommonResult;
 import com.macro.mall.model.UmsMember;
+import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.transaction.annotation.Transactional;

 /**
@@ -45,4 +46,15 @@ public interface UmsMemberService {
     * 根据会员id修改会员积分
     */
    void updateIntegration(Long id,Integer integration);
+
+
+    /**
+     * 获取用户信息
+     */
+    UserDetails loadUserByUsername(String username);
+
+    /**
+     * 登录后获取token
+     */
+    String login(String username, String password);
 }
--- a/mall-portal/src/main/java/com/macro/mall/portal/service/impl/UmsMemberServiceImpl.java
+++ b/mall-portal/src/main/java/com/macro/mall/portal/service/impl/UmsMemberServiceImpl.java
@@ -10,11 +10,19 @@ import com.macro.mall.model.UmsMemberLevelExample;
 import com.macro.mall.portal.domain.MemberDetails;
 import com.macro.mall.portal.service.RedisService;
 import com.macro.mall.portal.service.UmsMemberService;
+import com.macro.mall.security.util.JwtTokenUtil;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
+import org.springframework.security.authentication.BadCredentialsException;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.core.context.SecurityContext;
 import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.stereotype.Service;
 import org.springframework.util.CollectionUtils;
@@ -30,13 +38,16 @@ import java.util.Random;
 */
 @Service
 public class UmsMemberServiceImpl implements UmsMemberService {
+    private static final Logger LOGGER = LoggerFactory.getLogger(UmsMemberServiceImpl.class);
+    @Autowired
+    private PasswordEncoder passwordEncoder;
+    @Autowired
+    private JwtTokenUtil jwtTokenUtil;
    @Autowired
    private UmsMemberMapper memberMapper;
    @Autowired
    private UmsMemberLevelMapper memberLevelMapper;
    @Autowired
-    private PasswordEncoder passwordEncoder;
-    @Autowired
    private RedisService redisService;
    @Value("${redis.key.prefix.authCode}")
    private String REDIS_KEY_PREFIX_AUTH_CODE;
@@ -139,6 +150,33 @@ public class UmsMemberServiceImpl implements UmsMemberService {
        memberMapper.updateByPrimaryKeySelective(record);
    }

+    @Override
+    public UserDetails loadUserByUsername(String username) {
+        UmsMember member = getByUsername(username);
+        if(member!=null){
+            return new MemberDetails(member);
+        }
+        throw new UsernameNotFoundException("用户名或密码错误");
+    }
+
+    @Override
+    public String login(String username, String password) {
+        String token = null;
+        //密码需要客户端加密后传递
+        try {
+            UserDetails userDetails = loadUserByUsername(username);
+            if(!passwordEncoder.matches(password,userDetails.getPassword())){
+                throw new BadCredentialsException("密码不正确");
+            }
+            UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
+            SecurityContextHolder.getContext().setAuthentication(authentication);
+            token = jwtTokenUtil.generateToken(userDetails);
+        } catch (AuthenticationException e) {
+            LOGGER.warn("登录异常:{}", e.getMessage());
+        }
+        return token;
+    }
+
    //对输入的验证码进行校验
    private boolean verifyAuthCode(String authCode, String telephone){
        if(StringUtils.isEmpty(authCode)){

--- a/mall-portal/src/main/resources/application.yml
+++ b/mall-portal/src/main/resources/application.yml
@@ -9,6 +9,26 @@ mybatis:

 http:
  port: 8085 # http服务端口
+jwt:
+  tokenHeader: Authorization #JWT存储的请求头
+  secret: mall-portal-secret #JWT加解密使用的密钥
+  expiration: 604800 #JWT的超期限时间(60*60*24)
+  tokenHead: Bearer  #JWT负载中拿到开头
+ignored: #安全路径白名单
+  urls:
+    - /swagger-ui.html
+    - /swagger-resources/**
+    - /swagger/**
+    - /**/v2/api-docs
+    - /**/*.js
+    - /**/*.css
+    - /**/*.png
+    - /**/*.ico
+    - /webjars/springfox-swagger-ui/**
+    - /druid/**
+    - /actuator/**
+    - /sso/**
+    - /home/**

 # 自定义redis key
 redis: