jwt initial config

This commit is contained in:
myh 2023-12-07 22:40:33 +08:00
parent b100acd9e3
commit f82ed5c415
5 changed files with 107 additions and 4 deletions

View File

@ -1,5 +1,7 @@
package com.example.springdemo.security; package com.example.springdemo.security;
import com.example.springdemo.security.jwt.JwtAuthenticationFilter;
import jakarta.annotation.Resource;
import org.jetbrains.annotations.NotNull; import org.jetbrains.annotations.NotNull;
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
@ -9,14 +11,19 @@ import org.springframework.security.config.annotation.method.configuration.Enabl
import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.config.annotation.web.configurers.LogoutConfigurer; import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.AnonymousAuthenticationFilter;
import org.springframework.security.web.authentication.AuthenticationFilter;
@Configuration @Configuration
@EnableWebSecurity // Enable Spring Security @EnableWebSecurity // Enable Spring Security
@EnableGlobalAuthentication // Enable Spring Security's global authentication configuration @EnableGlobalAuthentication // Enable Spring Security's global authentication configuration
@EnableMethodSecurity(prePostEnabled = true) // Enable Spring Security's method security @EnableMethodSecurity(prePostEnabled = true) // Enable Spring Security's method security
public class SecurityConfig { public class SecurityFilterChainConfig {
@Resource
AuthenticationFilter authenticationFilter;
@Bean @Bean
public SecurityFilterChain SecurityFilterChain(@NotNull HttpSecurity http) throws Exception { public SecurityFilterChain SecurityFilterChain(@NotNull HttpSecurity http) throws Exception {
var ignoreUrls = new String[]{"/login", "/logout", "/error"}; var ignoreUrls = new String[]{"/login", "/logout", "/error"};
@ -27,10 +34,12 @@ public class SecurityConfig {
.requestMatchers(authedUrls).authenticated() // authenticate all requests to authedUrls .requestMatchers(authedUrls).authenticated() // authenticate all requests to authedUrls
.requestMatchers(ignoreUrls).permitAll() // permit all requests to ignoreUrls .requestMatchers(ignoreUrls).permitAll() // permit all requests to ignoreUrls
) )
.formLogin(Customizer.withDefaults())
.httpBasic(Customizer.withDefaults()) .httpBasic(Customizer.withDefaults())
.csrf(AbstractHttpConfigurer::disable) .csrf(AbstractHttpConfigurer::disable)
.logout(LogoutConfigurer::permitAll); .sessionManagement(a -> a.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
.formLogin(AbstractHttpConfigurer::disable)
.logout(AbstractHttpConfigurer::disable)
.addFilterBefore(authenticationFilter, AnonymousAuthenticationFilter.class); // jwt filter;
return http.build(); return http.build();
} }
} }

View File

@ -0,0 +1,22 @@
package com.example.springdemo.security.events;
import com.example.springdemo.entities.Users;
import org.jetbrains.annotations.NotNull;
import org.springframework.context.PayloadApplicationEvent;
import org.springframework.core.ResolvableType;
public class LoginSuccess extends PayloadApplicationEvent<Users> {
public LoginSuccess(Object source, Users payload) {
super(source, payload);
}
@Override
public ResolvableType getResolvableType() {
return ResolvableType.forRawClass(LoginSuccess.class);
}
@Override
public @NotNull Users getPayload() {
return super.getPayload();
}
}

View File

@ -0,0 +1,23 @@
package com.example.springdemo.security.jwt;
import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import lombok.extern.slf4j.Slf4j;
import org.jetbrains.annotations.NotNull;
import org.springframework.web.filter.OncePerRequestFilter;
import java.io.IOException;
@Slf4j
public class JwtAuthenticationFilter extends OncePerRequestFilter {
@Override
protected void doFilterInternal(@NotNull HttpServletRequest request,
@NotNull HttpServletResponse response,
@NotNull FilterChain filterChain)
throws ServletException, IOException {
}
}

View File

@ -0,0 +1,30 @@
package com.example.springdemo.security.jwt.token;
import lombok.EqualsAndHashCode;
import lombok.Getter;
import lombok.Setter;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
@Getter
@Setter
@EqualsAndHashCode(callSuper = false)
public class RequestAuthToken extends UsernamePasswordAuthenticationToken {
private String userId;
private String secret;
private TokenType tokenType;
public RequestAuthToken(Object principal, Object credentials, TokenType tokenType) {
this(principal, credentials, null, null, tokenType);
}
public RequestAuthToken(Object principal, Object credentials, final String userId, String secret) {
this(principal, credentials, userId, secret, null);
}
public RequestAuthToken(Object principal, Object credentials, final String userId, String secret, TokenType tokenType) {
super(principal, credentials);
}
}

View File

@ -0,0 +1,19 @@
package com.example.springdemo.security.jwt.token;
import lombok.Getter;
@Getter
public enum TokenType {
STRING(1, "String"),//string
INFO(3, "INFO");//json
private final Integer id;
private final String name;
TokenType(Integer id, String name) {
this.id = id;
this.name = name;
}
}