From f82ed5c415653efdeeea9918ee8e59083f020a16 Mon Sep 17 00:00:00 2001 From: myh <95896306+Anchor-x@users.noreply.github.com> Date: Thu, 7 Dec 2023 22:40:33 +0800 Subject: [PATCH] jwt initial config --- ...ig.java => SecurityFilterChainConfig.java} | 17 ++++++++--- .../security/events/LoginSuccess.java | 22 ++++++++++++++ .../security/jwt/JwtAuthenticationFilter.java | 23 ++++++++++++++ .../security/jwt/token/RequestAuthToken.java | 30 +++++++++++++++++++ .../security/jwt/token/TokenType.java | 19 ++++++++++++ 5 files changed, 107 insertions(+), 4 deletions(-) rename src/main/java/com/example/springdemo/security/{SecurityConfig.java => SecurityFilterChainConfig.java} (69%) create mode 100644 src/main/java/com/example/springdemo/security/events/LoginSuccess.java create mode 100644 src/main/java/com/example/springdemo/security/jwt/JwtAuthenticationFilter.java create mode 100644 src/main/java/com/example/springdemo/security/jwt/token/RequestAuthToken.java create mode 100644 src/main/java/com/example/springdemo/security/jwt/token/TokenType.java diff --git a/src/main/java/com/example/springdemo/security/SecurityConfig.java b/src/main/java/com/example/springdemo/security/SecurityFilterChainConfig.java similarity index 69% rename from src/main/java/com/example/springdemo/security/SecurityConfig.java rename to src/main/java/com/example/springdemo/security/SecurityFilterChainConfig.java index c2228d3..00010e9 100644 --- a/src/main/java/com/example/springdemo/security/SecurityConfig.java +++ b/src/main/java/com/example/springdemo/security/SecurityFilterChainConfig.java @@ -1,5 +1,7 @@ package com.example.springdemo.security; +import com.example.springdemo.security.jwt.JwtAuthenticationFilter; +import jakarta.annotation.Resource; import org.jetbrains.annotations.NotNull; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; @@ -9,14 +11,19 @@ import org.springframework.security.config.annotation.method.configuration.Enabl import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; -import org.springframework.security.config.annotation.web.configurers.LogoutConfigurer; +import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.web.SecurityFilterChain; +import org.springframework.security.web.authentication.AnonymousAuthenticationFilter; +import org.springframework.security.web.authentication.AuthenticationFilter; @Configuration @EnableWebSecurity // Enable Spring Security @EnableGlobalAuthentication // Enable Spring Security's global authentication configuration @EnableMethodSecurity(prePostEnabled = true) // Enable Spring Security's method security -public class SecurityConfig { +public class SecurityFilterChainConfig { + @Resource + AuthenticationFilter authenticationFilter; + @Bean public SecurityFilterChain SecurityFilterChain(@NotNull HttpSecurity http) throws Exception { var ignoreUrls = new String[]{"/login", "/logout", "/error"}; @@ -27,10 +34,12 @@ public class SecurityConfig { .requestMatchers(authedUrls).authenticated() // authenticate all requests to authedUrls .requestMatchers(ignoreUrls).permitAll() // permit all requests to ignoreUrls ) - .formLogin(Customizer.withDefaults()) .httpBasic(Customizer.withDefaults()) .csrf(AbstractHttpConfigurer::disable) - .logout(LogoutConfigurer::permitAll); + .sessionManagement(a -> a.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) + .formLogin(AbstractHttpConfigurer::disable) + .logout(AbstractHttpConfigurer::disable) + .addFilterBefore(authenticationFilter, AnonymousAuthenticationFilter.class); // jwt filter; return http.build(); } } diff --git a/src/main/java/com/example/springdemo/security/events/LoginSuccess.java b/src/main/java/com/example/springdemo/security/events/LoginSuccess.java new file mode 100644 index 0000000..84b7be2 --- /dev/null +++ b/src/main/java/com/example/springdemo/security/events/LoginSuccess.java @@ -0,0 +1,22 @@ +package com.example.springdemo.security.events; + +import com.example.springdemo.entities.Users; +import org.jetbrains.annotations.NotNull; +import org.springframework.context.PayloadApplicationEvent; +import org.springframework.core.ResolvableType; + +public class LoginSuccess extends PayloadApplicationEvent { + public LoginSuccess(Object source, Users payload) { + super(source, payload); + } + + @Override + public ResolvableType getResolvableType() { + return ResolvableType.forRawClass(LoginSuccess.class); + } + + @Override + public @NotNull Users getPayload() { + return super.getPayload(); + } +} diff --git a/src/main/java/com/example/springdemo/security/jwt/JwtAuthenticationFilter.java b/src/main/java/com/example/springdemo/security/jwt/JwtAuthenticationFilter.java new file mode 100644 index 0000000..d35736e --- /dev/null +++ b/src/main/java/com/example/springdemo/security/jwt/JwtAuthenticationFilter.java @@ -0,0 +1,23 @@ +package com.example.springdemo.security.jwt; + +import jakarta.servlet.FilterChain; +import jakarta.servlet.ServletException; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.servlet.http.HttpServletResponse; +import lombok.extern.slf4j.Slf4j; +import org.jetbrains.annotations.NotNull; +import org.springframework.web.filter.OncePerRequestFilter; + +import java.io.IOException; + +@Slf4j +public class JwtAuthenticationFilter extends OncePerRequestFilter { + @Override + protected void doFilterInternal(@NotNull HttpServletRequest request, + @NotNull HttpServletResponse response, + @NotNull FilterChain filterChain) + throws ServletException, IOException { + + + } +} diff --git a/src/main/java/com/example/springdemo/security/jwt/token/RequestAuthToken.java b/src/main/java/com/example/springdemo/security/jwt/token/RequestAuthToken.java new file mode 100644 index 0000000..1b40a8c --- /dev/null +++ b/src/main/java/com/example/springdemo/security/jwt/token/RequestAuthToken.java @@ -0,0 +1,30 @@ +package com.example.springdemo.security.jwt.token; + +import lombok.EqualsAndHashCode; +import lombok.Getter; +import lombok.Setter; +import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; + +@Getter +@Setter +@EqualsAndHashCode(callSuper = false) +public class RequestAuthToken extends UsernamePasswordAuthenticationToken { + + private String userId; + + private String secret; + + private TokenType tokenType; + + public RequestAuthToken(Object principal, Object credentials, TokenType tokenType) { + this(principal, credentials, null, null, tokenType); + } + + public RequestAuthToken(Object principal, Object credentials, final String userId, String secret) { + this(principal, credentials, userId, secret, null); + } + + public RequestAuthToken(Object principal, Object credentials, final String userId, String secret, TokenType tokenType) { + super(principal, credentials); + } +} diff --git a/src/main/java/com/example/springdemo/security/jwt/token/TokenType.java b/src/main/java/com/example/springdemo/security/jwt/token/TokenType.java new file mode 100644 index 0000000..75b72ea --- /dev/null +++ b/src/main/java/com/example/springdemo/security/jwt/token/TokenType.java @@ -0,0 +1,19 @@ +package com.example.springdemo.security.jwt.token; + +import lombok.Getter; + +@Getter +public enum TokenType { + + STRING(1, "String"),//string + INFO(3, "INFO");//json + + private final Integer id; + private final String name; + + TokenType(Integer id, String name) { + this.id = id; + this.name = name; + } + +}