├── README.md ├── src ├── main │ ├── resources │ │ ├── jwt.jks │ │ └── application.yml │ └── java │ │ └── com │ │ └── cun │ │ └── security3 │ │ ├── Security3Application.java │ │ ├── controller │ │ └── testController.java │ │ ├── bean │ │ └── AjaxResponseBody.java │ │ ├── config │ │ ├── AjaxAccessDeniedHandler.java │ │ ├── AjaxAuthenticationEntryPoint.java │ │ ├── AjaxAuthenticationFailureHandler.java │ │ ├── AjaxLogoutSuccessHandler.java │ │ ├── SelfUserDetailsService.java │ │ ├── AjaxAuthenticationSuccessHandler.java │ │ ├── RbacAuthorityService.java │ │ ├── SelfUserDetails.java │ │ ├── JwtAuthenticationTokenFilter.java │ │ └── SpringSecurityConf.java │ │ └── utils │ │ └── JwtTokenUtil.java └── test │ └── java │ └── com │ └── cun │ └── security3 │ └── Security3ApplicationTests.java ├── .mvn └── wrapper │ ├── maven-wrapper.jar │ └── maven-wrapper.properties ├── .gitignore ├── pom.xml ├── mvnw.cmd └── mvnw /README.md: -------------------------------------------------------------------------------- 1 | # SpringBoot_SpringSecurity_JWT_RBAC -------------------------------------------------------------------------------- /src/main/resources/jwt.jks: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/larger5/SpringBoot_SpringSecurity_JWT_RBAC/HEAD/src/main/resources/jwt.jks -------------------------------------------------------------------------------- /.mvn/wrapper/maven-wrapper.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/larger5/SpringBoot_SpringSecurity_JWT_RBAC/HEAD/.mvn/wrapper/maven-wrapper.jar -------------------------------------------------------------------------------- /src/main/resources/application.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/larger5/SpringBoot_SpringSecurity_JWT_RBAC/HEAD/src/main/resources/application.yml -------------------------------------------------------------------------------- /.mvn/wrapper/maven-wrapper.properties: -------------------------------------------------------------------------------- 1 | distributionUrl=https://repo1.maven.org/maven2/org/apache/maven/apache-maven/3.5.3/apache-maven-3.5.3-bin.zip 2 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | /target/ 2 | !.mvn/wrapper/maven-wrapper.jar 3 | 4 | ### STS ### 5 | .apt_generated 6 | .classpath 7 | .factorypath 8 | .project 9 | .settings 10 | .springBeans 11 | .sts4-cache 12 | 13 | ### IntelliJ IDEA ### 14 | .idea 15 | *.iws 16 | *.iml 17 | *.ipr 18 | 19 | ### NetBeans ### 20 | /nbproject/private/ 21 | /build/ 22 | /nbbuild/ 23 | /dist/ 24 | /nbdist/ 25 | /.nb-gradle/ -------------------------------------------------------------------------------- /src/main/java/com/cun/security3/Security3Application.java: -------------------------------------------------------------------------------- 1 | package com.cun.security3; 2 | 3 | import org.springframework.boot.SpringApplication; 4 | import org.springframework.boot.autoconfigure.SpringBootApplication; 5 | 6 | @SpringBootApplication 7 | public class Security3Application { 8 | 9 | public static void main(String[] args) { 10 | SpringApplication.run(Security3Application.class, args); 11 | } 12 | } 13 | 14 | -------------------------------------------------------------------------------- /src/test/java/com/cun/security3/Security3ApplicationTests.java: -------------------------------------------------------------------------------- 1 | package com.cun.security3; 2 | 3 | import org.junit.Test; 4 | import org.junit.runner.RunWith; 5 | import org.springframework.boot.test.context.SpringBootTest; 6 | import org.springframework.test.context.junit4.SpringRunner; 7 | 8 | @RunWith(SpringRunner.class) 9 | @SpringBootTest 10 | public class Security3ApplicationTests { 11 | 12 | @Test 13 | public void contextLoads() { 14 | } 15 | 16 | } 17 | -------------------------------------------------------------------------------- /src/main/java/com/cun/security3/controller/testController.java: -------------------------------------------------------------------------------- 1 | package com.cun.security3.controller; 2 | 3 | import org.springframework.web.bind.annotation.GetMapping; 4 | import org.springframework.web.bind.annotation.RequestMapping; 5 | import org.springframework.web.bind.annotation.RestController; 6 | 7 | @RestController 8 | @RequestMapping("/common") 9 | public class testController { 10 | 11 | @GetMapping("/index") 12 | public String index(){ 13 | return "index"; 14 | } 15 | 16 | @GetMapping("/inner") 17 | public String inner(){ 18 | return "inner"; 19 | } 20 | } 21 | -------------------------------------------------------------------------------- /src/main/java/com/cun/security3/bean/AjaxResponseBody.java: -------------------------------------------------------------------------------- 1 | package com.cun.security3.bean; 2 | 3 | import java.io.Serializable; 4 | 5 | public class AjaxResponseBody implements Serializable{ 6 | 7 | private String status; 8 | private String msg; 9 | private Object result; 10 | private String jwtToken; 11 | 12 | public String getStatus() { 13 | return status; 14 | } 15 | 16 | public void setStatus(String status) { 17 | this.status = status; 18 | } 19 | 20 | public String getMsg() { 21 | return msg; 22 | } 23 | 24 | public void setMsg(String msg) { 25 | this.msg = msg; 26 | } 27 | 28 | public Object getResult() { 29 | return result; 30 | } 31 | 32 | public void setResult(Object result) { 33 | this.result = result; 34 | } 35 | 36 | public String getJwtToken() { 37 | return jwtToken; 38 | } 39 | 40 | public void setJwtToken(String jwtToken) { 41 | this.jwtToken = jwtToken; 42 | } 43 | } 44 | -------------------------------------------------------------------------------- /src/main/java/com/cun/security3/config/AjaxAccessDeniedHandler.java: -------------------------------------------------------------------------------- 1 | package com.cun.security3.config; 2 | 3 | import com.alibaba.fastjson.JSON; 4 | import com.cun.security3.bean.AjaxResponseBody; 5 | import org.springframework.security.access.AccessDeniedException; 6 | import org.springframework.security.web.access.AccessDeniedHandler; 7 | import org.springframework.stereotype.Component; 8 | 9 | import javax.servlet.ServletException; 10 | import javax.servlet.http.HttpServletRequest; 11 | import javax.servlet.http.HttpServletResponse; 12 | import java.io.IOException; 13 | 14 | @Component 15 | public class AjaxAccessDeniedHandler implements AccessDeniedHandler { 16 | 17 | @Override 18 | public void handle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AccessDeniedException e) throws IOException, ServletException { 19 | AjaxResponseBody responseBody = new AjaxResponseBody(); 20 | 21 | responseBody.setStatus("300"); 22 | responseBody.setMsg("Need Authorities!"); 23 | 24 | httpServletResponse.getWriter().write(JSON.toJSONString(responseBody)); 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /src/main/java/com/cun/security3/config/AjaxAuthenticationEntryPoint.java: -------------------------------------------------------------------------------- 1 | package com.cun.security3.config; 2 | 3 | import com.alibaba.fastjson.JSON; 4 | import com.cun.security3.bean.AjaxResponseBody; 5 | import org.springframework.security.core.AuthenticationException; 6 | import org.springframework.security.web.AuthenticationEntryPoint; 7 | import org.springframework.stereotype.Component; 8 | 9 | import javax.servlet.ServletException; 10 | import javax.servlet.http.HttpServletRequest; 11 | import javax.servlet.http.HttpServletResponse; 12 | import java.io.IOException; 13 | 14 | @Component 15 | public class AjaxAuthenticationEntryPoint implements AuthenticationEntryPoint { 16 | 17 | @Override 18 | public void commence(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException e) throws IOException, ServletException { 19 | AjaxResponseBody responseBody = new AjaxResponseBody(); 20 | 21 | responseBody.setStatus("000"); 22 | responseBody.setMsg("Need Authorities!"); 23 | 24 | httpServletResponse.getWriter().write(JSON.toJSONString(responseBody)); 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /src/main/java/com/cun/security3/config/AjaxAuthenticationFailureHandler.java: -------------------------------------------------------------------------------- 1 | package com.cun.security3.config; 2 | 3 | import com.alibaba.fastjson.JSON; 4 | import com.cun.security3.bean.AjaxResponseBody; 5 | import org.springframework.security.core.AuthenticationException; 6 | import org.springframework.security.web.authentication.AuthenticationFailureHandler; 7 | import org.springframework.stereotype.Component; 8 | 9 | import javax.servlet.ServletException; 10 | import javax.servlet.http.HttpServletRequest; 11 | import javax.servlet.http.HttpServletResponse; 12 | import java.io.IOException; 13 | 14 | @Component 15 | public class AjaxAuthenticationFailureHandler implements AuthenticationFailureHandler { 16 | 17 | @Override 18 | public void onAuthenticationFailure(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException e) throws IOException, ServletException { 19 | AjaxResponseBody responseBody = new AjaxResponseBody(); 20 | 21 | responseBody.setStatus("400"); 22 | responseBody.setMsg("Login Failure!"); 23 | 24 | httpServletResponse.getWriter().write(JSON.toJSONString(responseBody)); 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /src/main/java/com/cun/security3/config/AjaxLogoutSuccessHandler.java: -------------------------------------------------------------------------------- 1 | package com.cun.security3.config; 2 | 3 | import com.alibaba.fastjson.JSON; 4 | import com.cun.security3.bean.AjaxResponseBody; 5 | import org.springframework.security.core.Authentication; 6 | import org.springframework.security.web.authentication.logout.LogoutSuccessHandler; 7 | import org.springframework.stereotype.Component; 8 | 9 | import javax.servlet.ServletException; 10 | import javax.servlet.http.HttpServletRequest; 11 | import javax.servlet.http.HttpServletResponse; 12 | import java.io.IOException; 13 | 14 | @Component 15 | public class AjaxLogoutSuccessHandler implements LogoutSuccessHandler { 16 | 17 | @Override 18 | public void onLogoutSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException { 19 | AjaxResponseBody responseBody = new AjaxResponseBody(); 20 | 21 | responseBody.setStatus("100"); 22 | responseBody.setMsg("Logout Success!"); 23 | 24 | httpServletResponse.getWriter().write(JSON.toJSONString(responseBody)); 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /src/main/java/com/cun/security3/config/SelfUserDetailsService.java: -------------------------------------------------------------------------------- 1 | package com.cun.security3.config; 2 | 3 | import org.springframework.beans.factory.annotation.Autowired; 4 | import org.springframework.security.core.GrantedAuthority; 5 | import org.springframework.security.core.authority.SimpleGrantedAuthority; 6 | import org.springframework.security.core.userdetails.UserDetails; 7 | import org.springframework.security.core.userdetails.UserDetailsService; 8 | import org.springframework.security.core.userdetails.UsernameNotFoundException; 9 | import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; 10 | import org.springframework.stereotype.Component; 11 | 12 | import java.util.HashSet; 13 | import java.util.Set; 14 | 15 | @Component 16 | public class SelfUserDetailsService implements UserDetailsService { 17 | @Override 18 | public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { 19 | //构建用户信息的逻辑(取数据库/LDAP等用户信息) 20 | 21 | SelfUserDetails userInfo = new SelfUserDetails(); 22 | userInfo.setUsername(username); 23 | userInfo.setPassword(new BCryptPasswordEncoder().encode("123")); 24 | 25 | Set authoritiesSet = new HashSet(); 26 | GrantedAuthority authority = new SimpleGrantedAuthority("ROLE_ADMIN"); 27 | authoritiesSet.add(authority); 28 | userInfo.setAuthorities(authoritiesSet); 29 | 30 | return userInfo; 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /src/main/java/com/cun/security3/config/AjaxAuthenticationSuccessHandler.java: -------------------------------------------------------------------------------- 1 | package com.cun.security3.config; 2 | 3 | import com.alibaba.fastjson.JSON; 4 | import com.cun.security3.bean.AjaxResponseBody; 5 | import com.cun.security3.utils.JwtTokenUtil; 6 | import org.springframework.security.core.Authentication; 7 | import org.springframework.security.web.authentication.AuthenticationSuccessHandler; 8 | import org.springframework.stereotype.Component; 9 | 10 | import javax.servlet.ServletException; 11 | import javax.servlet.http.HttpServletRequest; 12 | import javax.servlet.http.HttpServletResponse; 13 | import java.io.IOException; 14 | 15 | @Component 16 | public class AjaxAuthenticationSuccessHandler implements AuthenticationSuccessHandler { 17 | 18 | @Override 19 | public void onAuthenticationSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException { 20 | AjaxResponseBody responseBody = new AjaxResponseBody(); 21 | 22 | responseBody.setStatus("200"); 23 | responseBody.setMsg("Login Success!"); 24 | 25 | SelfUserDetails userDetails = (SelfUserDetails) authentication.getPrincipal(); 26 | 27 | String jwtToken = JwtTokenUtil.generateToken(userDetails.getUsername(), 300, "_secret"); 28 | responseBody.setJwtToken(jwtToken); 29 | 30 | httpServletResponse.getWriter().write(JSON.toJSONString(responseBody)); 31 | } 32 | } 33 | 34 | -------------------------------------------------------------------------------- /src/main/java/com/cun/security3/config/RbacAuthorityService.java: -------------------------------------------------------------------------------- 1 | package com.cun.security3.config; 2 | 3 | import org.springframework.security.core.Authentication; 4 | import org.springframework.security.core.userdetails.UserDetails; 5 | import org.springframework.stereotype.Component; 6 | import org.springframework.util.AntPathMatcher; 7 | 8 | import javax.servlet.http.HttpServletRequest; 9 | import java.util.HashSet; 10 | import java.util.Set; 11 | 12 | @Component("rbacauthorityservice") 13 | public class RbacAuthorityService { 14 | public boolean hasPermission(HttpServletRequest request, Authentication authentication) { 15 | 16 | Object userInfo = authentication.getPrincipal(); 17 | 18 | boolean hasPermission = false; 19 | 20 | if (userInfo instanceof UserDetails) { 21 | 22 | String username = ((UserDetails) userInfo).getUsername(); 23 | 24 | //获取资源 25 | Set urls = new HashSet(); 26 | urls.add("/common/**"); // 这些 url 都是要登录后才能访问,且其他的 url 都不能访问! 27 | Set set2 = new HashSet(); 28 | Set set3 = new HashSet(); 29 | 30 | AntPathMatcher antPathMatcher = new AntPathMatcher(); 31 | 32 | for (String url : urls) { 33 | if (antPathMatcher.match(url, request.getRequestURI())) { 34 | hasPermission = true; 35 | break; 36 | } 37 | } 38 | 39 | return hasPermission; 40 | } else { 41 | return false; 42 | } 43 | } 44 | } 45 | -------------------------------------------------------------------------------- /src/main/java/com/cun/security3/config/SelfUserDetails.java: -------------------------------------------------------------------------------- 1 | package com.cun.security3.config; 2 | 3 | import org.springframework.security.core.GrantedAuthority; 4 | import org.springframework.security.core.userdetails.UserDetails; 5 | 6 | import java.io.Serializable; 7 | import java.util.Collection; 8 | import java.util.Set; 9 | 10 | /** 11 | * ① 定义 user 对象 12 | */ 13 | public class SelfUserDetails implements UserDetails, Serializable { 14 | private String username; 15 | private String password; 16 | private Set authorities; 17 | 18 | @Override 19 | public Collection getAuthorities() { 20 | return this.authorities; 21 | } 22 | 23 | public void setAuthorities(Set authorities) { 24 | this.authorities = authorities; 25 | } 26 | 27 | @Override 28 | public String getPassword() { // 最重点Ⅰ 29 | return this.password; 30 | } 31 | 32 | @Override 33 | public String getUsername() { // 最重点Ⅱ 34 | return this.username; 35 | } 36 | 37 | public void setUsername(String username) { 38 | this.username = username; 39 | } 40 | 41 | public void setPassword(String password) { 42 | this.password = password; 43 | } 44 | 45 | @Override 46 | public boolean isAccountNonExpired() { 47 | return true; 48 | } 49 | 50 | @Override 51 | public boolean isAccountNonLocked() { 52 | return true; 53 | } 54 | 55 | @Override 56 | public boolean isCredentialsNonExpired() { 57 | return true; 58 | } 59 | 60 | @Override 61 | public boolean isEnabled() { 62 | return true; 63 | } 64 | } 65 | -------------------------------------------------------------------------------- /src/main/java/com/cun/security3/utils/JwtTokenUtil.java: -------------------------------------------------------------------------------- 1 | package com.cun.security3.utils; 2 | 3 | import io.jsonwebtoken.Claims; 4 | import io.jsonwebtoken.Jwts; 5 | import io.jsonwebtoken.SignatureAlgorithm; 6 | 7 | import java.io.InputStream; 8 | import java.security.KeyStore; 9 | import java.security.PrivateKey; 10 | import java.security.PublicKey; 11 | import java.util.Date; 12 | 13 | public class JwtTokenUtil { 14 | 15 | private static InputStream inputStream = Thread.currentThread().getContextClassLoader().getResourceAsStream("jwt.jks"); // 寻找证书文件 16 | private static PrivateKey privateKey = null; 17 | private static PublicKey publicKey = null; 18 | 19 | static { // 将证书文件里边的私钥公钥拿出来 20 | try { 21 | KeyStore keyStore = KeyStore.getInstance("JKS"); // java key store 固定常量 22 | keyStore.load(inputStream, "123456".toCharArray()); 23 | privateKey = (PrivateKey) keyStore.getKey("jwt", "123456".toCharArray()); // jwt 为 命令生成整数文件时的别名 24 | publicKey = keyStore.getCertificate("jwt").getPublicKey(); 25 | } catch (Exception e) { 26 | e.printStackTrace(); 27 | } 28 | } 29 | 30 | public static String generateToken(String subject, int expirationSeconds, String salt) { 31 | return Jwts.builder() 32 | .setClaims(null) 33 | .setSubject(subject) 34 | .setExpiration(new Date(System.currentTimeMillis() + expirationSeconds * 1000)) 35 | // .signWith(SignatureAlgorithm.HS512, salt) // 不使用公钥私钥 36 | .signWith(SignatureAlgorithm.RS256, privateKey) 37 | .compact(); 38 | } 39 | 40 | public static String parseToken(String token, String salt) { 41 | String subject = null; 42 | try { 43 | Claims claims = Jwts.parser() 44 | // .setSigningKey(salt) // 不使用公钥私钥 45 | .setSigningKey(publicKey) 46 | .parseClaimsJws(token).getBody(); 47 | subject = claims.getSubject(); 48 | } catch (Exception e) { 49 | } 50 | return subject; 51 | } 52 | 53 | } 54 | -------------------------------------------------------------------------------- /src/main/java/com/cun/security3/config/JwtAuthenticationTokenFilter.java: -------------------------------------------------------------------------------- 1 | package com.cun.security3.config; 2 | 3 | import com.cun.security3.utils.JwtTokenUtil; 4 | import org.springframework.beans.factory.annotation.Autowired; 5 | import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; 6 | import org.springframework.security.core.context.SecurityContextHolder; 7 | import org.springframework.security.core.userdetails.UserDetails; 8 | import org.springframework.security.web.authentication.WebAuthenticationDetailsSource; 9 | import org.springframework.stereotype.Component; 10 | import org.springframework.web.filter.OncePerRequestFilter; 11 | 12 | import javax.servlet.FilterChain; 13 | import javax.servlet.ServletException; 14 | import javax.servlet.http.HttpServletRequest; 15 | import javax.servlet.http.HttpServletResponse; 16 | import java.io.IOException; 17 | 18 | 19 | @Component 20 | public class JwtAuthenticationTokenFilter extends OncePerRequestFilter { 21 | 22 | @Autowired 23 | SelfUserDetailsService userDetailsService; 24 | 25 | @Override 26 | protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws ServletException, IOException { 27 | String authHeader = request.getHeader("Authorization"); 28 | 29 | if (authHeader != null && authHeader.startsWith("Bearer ")) { 30 | final String authToken = authHeader.substring("Bearer ".length()); 31 | 32 | String username = JwtTokenUtil.parseToken(authToken, "_secret"); 33 | 34 | if (username != null && SecurityContextHolder.getContext().getAuthentication() == null) { 35 | UserDetails userDetails = userDetailsService.loadUserByUsername(username); 36 | 37 | if (userDetails != null) { 38 | UsernamePasswordAuthenticationToken authentication = 39 | new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities()); 40 | authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(request)); 41 | 42 | SecurityContextHolder.getContext().setAuthentication(authentication); 43 | } 44 | } 45 | } 46 | 47 | chain.doFilter(request, response); 48 | } 49 | } 50 | -------------------------------------------------------------------------------- /pom.xml: -------------------------------------------------------------------------------- 1 | 2 | 4 | 4.0.0 5 | 6 | com.cun 7 | security3 8 | 0.0.1-SNAPSHOT 9 | jar 10 | 11 | security3 12 | Demo project for Spring Boot 13 | 14 | 15 | org.springframework.boot 16 | spring-boot-starter-parent 17 | 1.5.14.RELEASE 18 | 19 | 20 | 21 | 22 | UTF-8 23 | UTF-8 24 | 1.8 25 | 26 | 27 | 28 | 29 | org.springframework.boot 30 | spring-boot-starter-data-jpa 31 | 32 | 33 | org.springframework.boot 34 | spring-boot-starter-web 35 | 36 | 37 | 38 | mysql 39 | mysql-connector-java 40 | runtime 41 | 42 | 43 | org.springframework.boot 44 | spring-boot-starter-test 45 | test 46 | 47 | 48 | 49 | 50 | org.springframework.boot 51 | spring-boot-starter-security 52 | 53 | 54 | 55 | 56 | com.alibaba 57 | fastjson 58 | 1.2.36 59 | 60 | 61 | 62 | 63 | io.jsonwebtoken 64 | jjwt 65 | 0.9.0 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | org.springframework.boot 74 | spring-boot-maven-plugin 75 | 76 | 77 | 78 | 79 | 80 | 81 | -------------------------------------------------------------------------------- /src/main/java/com/cun/security3/config/SpringSecurityConf.java: -------------------------------------------------------------------------------- 1 | package com.cun.security3.config; 2 | 3 | import org.springframework.beans.factory.annotation.Autowired; 4 | import org.springframework.context.annotation.Configuration; 5 | import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; 6 | import org.springframework.security.config.annotation.web.builders.HttpSecurity; 7 | import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; 8 | import org.springframework.security.config.http.SessionCreationPolicy; 9 | import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; 10 | import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; 11 | 12 | @Configuration 13 | public class SpringSecurityConf extends WebSecurityConfigurerAdapter { 14 | 15 | @Autowired 16 | AjaxAuthenticationEntryPoint authenticationEntryPoint; // 未登陆时返回 JSON 格式的数据给前端(否则为 html) 17 | 18 | @Autowired 19 | AjaxAuthenticationSuccessHandler authenticationSuccessHandler; // 登录成功返回的 JSON 格式数据给前端(否则为 html) 20 | 21 | @Autowired 22 | AjaxAuthenticationFailureHandler authenticationFailureHandler; // 登录失败返回的 JSON 格式数据给前端(否则为 html) 23 | 24 | @Autowired 25 | AjaxLogoutSuccessHandler logoutSuccessHandler; // 注销成功返回的 JSON 格式数据给前端(否则为 登录时的 html) 26 | 27 | @Autowired 28 | AjaxAccessDeniedHandler accessDeniedHandler; // 无权访问返回的 JSON 格式数据给前端(否则为 403 html 页面) 29 | 30 | @Autowired 31 | SelfUserDetailsService userDetailsService; // 自定义user 32 | 33 | @Autowired 34 | JwtAuthenticationTokenFilter jwtAuthenticationTokenFilter; // JWT 拦截器 35 | 36 | @Override 37 | protected void configure(AuthenticationManagerBuilder auth) throws Exception { 38 | 39 | // 加入自定义的安全认证 40 | auth.userDetailsService(userDetailsService).passwordEncoder(new BCryptPasswordEncoder()); 41 | } 42 | 43 | @Override 44 | protected void configure(HttpSecurity http) throws Exception { 45 | 46 | // 去掉 CSRF 47 | http.csrf().disable() 48 | .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS) // 使用 JWT,关闭token 49 | .and() 50 | 51 | .httpBasic().authenticationEntryPoint(authenticationEntryPoint) 52 | 53 | .and() 54 | .authorizeRequests() 55 | 56 | .anyRequest() 57 | .access("@rbacauthorityservice.hasPermission(request,authentication)") // RBAC 动态 url 认证 58 | 59 | .and() 60 | .formLogin() //开启登录 61 | .successHandler(authenticationSuccessHandler) // 登录成功 62 | .failureHandler(authenticationFailureHandler) // 登录失败 63 | .permitAll() 64 | 65 | .and() 66 | .logout() 67 | .logoutSuccessHandler(logoutSuccessHandler) 68 | .permitAll(); 69 | 70 | // 记住我 71 | http.rememberMe().rememberMeParameter("remember-me") 72 | .userDetailsService(userDetailsService).tokenValiditySeconds(300); 73 | 74 | http.exceptionHandling().accessDeniedHandler(accessDeniedHandler); // 无权访问 JSON 格式的数据 75 | http.addFilterBefore(jwtAuthenticationTokenFilter, UsernamePasswordAuthenticationFilter.class); // JWT Filter 76 | 77 | } 78 | } 79 | -------------------------------------------------------------------------------- /mvnw.cmd: -------------------------------------------------------------------------------- 1 | @REM ---------------------------------------------------------------------------- 2 | @REM Licensed to the Apache Software Foundation (ASF) under one 3 | @REM or more contributor license agreements. See the NOTICE file 4 | @REM distributed with this work for additional information 5 | @REM regarding copyright ownership. The ASF licenses this file 6 | @REM to you under the Apache License, Version 2.0 (the 7 | @REM "License"); you may not use this file except in compliance 8 | @REM with the License. You may obtain a copy of the License at 9 | @REM 10 | @REM http://www.apache.org/licenses/LICENSE-2.0 11 | @REM 12 | @REM Unless required by applicable law or agreed to in writing, 13 | @REM software distributed under the License is distributed on an 14 | @REM "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | @REM KIND, either express or implied. See the License for the 16 | @REM specific language governing permissions and limitations 17 | @REM under the License. 18 | @REM ---------------------------------------------------------------------------- 19 | 20 | @REM ---------------------------------------------------------------------------- 21 | @REM Maven2 Start Up Batch script 22 | @REM 23 | @REM Required ENV vars: 24 | @REM JAVA_HOME - location of a JDK home dir 25 | @REM 26 | @REM Optional ENV vars 27 | @REM M2_HOME - location of maven2's installed home dir 28 | @REM MAVEN_BATCH_ECHO - set to 'on' to enable the echoing of the batch commands 29 | @REM MAVEN_BATCH_PAUSE - set to 'on' to wait for a key stroke before ending 30 | @REM MAVEN_OPTS - parameters passed to the Java VM when running Maven 31 | @REM e.g. to debug Maven itself, use 32 | @REM set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000 33 | @REM MAVEN_SKIP_RC - flag to disable loading of mavenrc files 34 | @REM ---------------------------------------------------------------------------- 35 | 36 | @REM Begin all REM lines with '@' in case MAVEN_BATCH_ECHO is 'on' 37 | @echo off 38 | @REM enable echoing my setting MAVEN_BATCH_ECHO to 'on' 39 | @if "%MAVEN_BATCH_ECHO%" == "on" echo %MAVEN_BATCH_ECHO% 40 | 41 | @REM set %HOME% to equivalent of $HOME 42 | if "%HOME%" == "" (set "HOME=%HOMEDRIVE%%HOMEPATH%") 43 | 44 | @REM Execute a user defined script before this one 45 | if not "%MAVEN_SKIP_RC%" == "" goto skipRcPre 46 | @REM check for pre script, once with legacy .bat ending and once with .cmd ending 47 | if exist "%HOME%\mavenrc_pre.bat" call "%HOME%\mavenrc_pre.bat" 48 | if exist "%HOME%\mavenrc_pre.cmd" call "%HOME%\mavenrc_pre.cmd" 49 | :skipRcPre 50 | 51 | @setlocal 52 | 53 | set ERROR_CODE=0 54 | 55 | @REM To isolate internal variables from possible post scripts, we use another setlocal 56 | @setlocal 57 | 58 | @REM ==== START VALIDATION ==== 59 | if not "%JAVA_HOME%" == "" goto OkJHome 60 | 61 | echo. 62 | echo Error: JAVA_HOME not found in your environment. >&2 63 | echo Please set the JAVA_HOME variable in your environment to match the >&2 64 | echo location of your Java installation. >&2 65 | echo. 66 | goto error 67 | 68 | :OkJHome 69 | if exist "%JAVA_HOME%\bin\java.exe" goto init 70 | 71 | echo. 72 | echo Error: JAVA_HOME is set to an invalid directory. >&2 73 | echo JAVA_HOME = "%JAVA_HOME%" >&2 74 | echo Please set the JAVA_HOME variable in your environment to match the >&2 75 | echo location of your Java installation. >&2 76 | echo. 77 | goto error 78 | 79 | @REM ==== END VALIDATION ==== 80 | 81 | :init 82 | 83 | @REM Find the project base dir, i.e. the directory that contains the folder ".mvn". 84 | @REM Fallback to current working directory if not found. 85 | 86 | set MAVEN_PROJECTBASEDIR=%MAVEN_BASEDIR% 87 | IF NOT "%MAVEN_PROJECTBASEDIR%"=="" goto endDetectBaseDir 88 | 89 | set EXEC_DIR=%CD% 90 | set WDIR=%EXEC_DIR% 91 | :findBaseDir 92 | IF EXIST "%WDIR%"\.mvn goto baseDirFound 93 | cd .. 94 | IF "%WDIR%"=="%CD%" goto baseDirNotFound 95 | set WDIR=%CD% 96 | goto findBaseDir 97 | 98 | :baseDirFound 99 | set MAVEN_PROJECTBASEDIR=%WDIR% 100 | cd "%EXEC_DIR%" 101 | goto endDetectBaseDir 102 | 103 | :baseDirNotFound 104 | set MAVEN_PROJECTBASEDIR=%EXEC_DIR% 105 | cd "%EXEC_DIR%" 106 | 107 | :endDetectBaseDir 108 | 109 | IF NOT EXIST "%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config" goto endReadAdditionalConfig 110 | 111 | @setlocal EnableExtensions EnableDelayedExpansion 112 | for /F "usebackq delims=" %%a in ("%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config") do set JVM_CONFIG_MAVEN_PROPS=!JVM_CONFIG_MAVEN_PROPS! %%a 113 | @endlocal & set JVM_CONFIG_MAVEN_PROPS=%JVM_CONFIG_MAVEN_PROPS% 114 | 115 | :endReadAdditionalConfig 116 | 117 | SET MAVEN_JAVA_EXE="%JAVA_HOME%\bin\java.exe" 118 | 119 | set WRAPPER_JAR="%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.jar" 120 | set WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain 121 | 122 | %MAVEN_JAVA_EXE% %JVM_CONFIG_MAVEN_PROPS% %MAVEN_OPTS% %MAVEN_DEBUG_OPTS% -classpath %WRAPPER_JAR% "-Dmaven.multiModuleProjectDirectory=%MAVEN_PROJECTBASEDIR%" %WRAPPER_LAUNCHER% %MAVEN_CONFIG% %* 123 | if ERRORLEVEL 1 goto error 124 | goto end 125 | 126 | :error 127 | set ERROR_CODE=1 128 | 129 | :end 130 | @endlocal & set ERROR_CODE=%ERROR_CODE% 131 | 132 | if not "%MAVEN_SKIP_RC%" == "" goto skipRcPost 133 | @REM check for post script, once with legacy .bat ending and once with .cmd ending 134 | if exist "%HOME%\mavenrc_post.bat" call "%HOME%\mavenrc_post.bat" 135 | if exist "%HOME%\mavenrc_post.cmd" call "%HOME%\mavenrc_post.cmd" 136 | :skipRcPost 137 | 138 | @REM pause the script if MAVEN_BATCH_PAUSE is set to 'on' 139 | if "%MAVEN_BATCH_PAUSE%" == "on" pause 140 | 141 | if "%MAVEN_TERMINATE_CMD%" == "on" exit %ERROR_CODE% 142 | 143 | exit /B %ERROR_CODE% 144 | -------------------------------------------------------------------------------- /mvnw: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # ---------------------------------------------------------------------------- 3 | # Licensed to the Apache Software Foundation (ASF) under one 4 | # or more contributor license agreements. See the NOTICE file 5 | # distributed with this work for additional information 6 | # regarding copyright ownership. The ASF licenses this file 7 | # to you under the Apache License, Version 2.0 (the 8 | # "License"); you may not use this file except in compliance 9 | # with the License. You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, 14 | # software distributed under the License is distributed on an 15 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 16 | # KIND, either express or implied. See the License for the 17 | # specific language governing permissions and limitations 18 | # under the License. 19 | # ---------------------------------------------------------------------------- 20 | 21 | # ---------------------------------------------------------------------------- 22 | # Maven2 Start Up Batch script 23 | # 24 | # Required ENV vars: 25 | # ------------------ 26 | # JAVA_HOME - location of a JDK home dir 27 | # 28 | # Optional ENV vars 29 | # ----------------- 30 | # M2_HOME - location of maven2's installed home dir 31 | # MAVEN_OPTS - parameters passed to the Java VM when running Maven 32 | # e.g. to debug Maven itself, use 33 | # set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000 34 | # MAVEN_SKIP_RC - flag to disable loading of mavenrc files 35 | # ---------------------------------------------------------------------------- 36 | 37 | if [ -z "$MAVEN_SKIP_RC" ] ; then 38 | 39 | if [ -f /etc/mavenrc ] ; then 40 | . /etc/mavenrc 41 | fi 42 | 43 | if [ -f "$HOME/.mavenrc" ] ; then 44 | . "$HOME/.mavenrc" 45 | fi 46 | 47 | fi 48 | 49 | # OS specific support. $var _must_ be set to either true or false. 50 | cygwin=false; 51 | darwin=false; 52 | mingw=false 53 | case "`uname`" in 54 | CYGWIN*) cygwin=true ;; 55 | MINGW*) mingw=true;; 56 | Darwin*) darwin=true 57 | # Use /usr/libexec/java_home if available, otherwise fall back to /Library/Java/Home 58 | # See https://developer.apple.com/library/mac/qa/qa1170/_index.html 59 | if [ -z "$JAVA_HOME" ]; then 60 | if [ -x "/usr/libexec/java_home" ]; then 61 | export JAVA_HOME="`/usr/libexec/java_home`" 62 | else 63 | export JAVA_HOME="/Library/Java/Home" 64 | fi 65 | fi 66 | ;; 67 | esac 68 | 69 | if [ -z "$JAVA_HOME" ] ; then 70 | if [ -r /etc/gentoo-release ] ; then 71 | JAVA_HOME=`java-config --jre-home` 72 | fi 73 | fi 74 | 75 | if [ -z "$M2_HOME" ] ; then 76 | ## resolve links - $0 may be a link to maven's home 77 | PRG="$0" 78 | 79 | # need this for relative symlinks 80 | while [ -h "$PRG" ] ; do 81 | ls=`ls -ld "$PRG"` 82 | link=`expr "$ls" : '.*-> \(.*\)$'` 83 | if expr "$link" : '/.*' > /dev/null; then 84 | PRG="$link" 85 | else 86 | PRG="`dirname "$PRG"`/$link" 87 | fi 88 | done 89 | 90 | saveddir=`pwd` 91 | 92 | M2_HOME=`dirname "$PRG"`/.. 93 | 94 | # make it fully qualified 95 | M2_HOME=`cd "$M2_HOME" && pwd` 96 | 97 | cd "$saveddir" 98 | # echo Using m2 at $M2_HOME 99 | fi 100 | 101 | # For Cygwin, ensure paths are in UNIX format before anything is touched 102 | if $cygwin ; then 103 | [ -n "$M2_HOME" ] && 104 | M2_HOME=`cygpath --unix "$M2_HOME"` 105 | [ -n "$JAVA_HOME" ] && 106 | JAVA_HOME=`cygpath --unix "$JAVA_HOME"` 107 | [ -n "$CLASSPATH" ] && 108 | CLASSPATH=`cygpath --path --unix "$CLASSPATH"` 109 | fi 110 | 111 | # For Migwn, ensure paths are in UNIX format before anything is touched 112 | if $mingw ; then 113 | [ -n "$M2_HOME" ] && 114 | M2_HOME="`(cd "$M2_HOME"; pwd)`" 115 | [ -n "$JAVA_HOME" ] && 116 | JAVA_HOME="`(cd "$JAVA_HOME"; pwd)`" 117 | # TODO classpath? 118 | fi 119 | 120 | if [ -z "$JAVA_HOME" ]; then 121 | javaExecutable="`which javac`" 122 | if [ -n "$javaExecutable" ] && ! [ "`expr \"$javaExecutable\" : '\([^ ]*\)'`" = "no" ]; then 123 | # readlink(1) is not available as standard on Solaris 10. 124 | readLink=`which readlink` 125 | if [ ! `expr "$readLink" : '\([^ ]*\)'` = "no" ]; then 126 | if $darwin ; then 127 | javaHome="`dirname \"$javaExecutable\"`" 128 | javaExecutable="`cd \"$javaHome\" && pwd -P`/javac" 129 | else 130 | javaExecutable="`readlink -f \"$javaExecutable\"`" 131 | fi 132 | javaHome="`dirname \"$javaExecutable\"`" 133 | javaHome=`expr "$javaHome" : '\(.*\)/bin'` 134 | JAVA_HOME="$javaHome" 135 | export JAVA_HOME 136 | fi 137 | fi 138 | fi 139 | 140 | if [ -z "$JAVACMD" ] ; then 141 | if [ -n "$JAVA_HOME" ] ; then 142 | if [ -x "$JAVA_HOME/jre/sh/java" ] ; then 143 | # IBM's JDK on AIX uses strange locations for the executables 144 | JAVACMD="$JAVA_HOME/jre/sh/java" 145 | else 146 | JAVACMD="$JAVA_HOME/bin/java" 147 | fi 148 | else 149 | JAVACMD="`which java`" 150 | fi 151 | fi 152 | 153 | if [ ! -x "$JAVACMD" ] ; then 154 | echo "Error: JAVA_HOME is not defined correctly." >&2 155 | echo " We cannot execute $JAVACMD" >&2 156 | exit 1 157 | fi 158 | 159 | if [ -z "$JAVA_HOME" ] ; then 160 | echo "Warning: JAVA_HOME environment variable is not set." 161 | fi 162 | 163 | CLASSWORLDS_LAUNCHER=org.codehaus.plexus.classworlds.launcher.Launcher 164 | 165 | # traverses directory structure from process work directory to filesystem root 166 | # first directory with .mvn subdirectory is considered project base directory 167 | find_maven_basedir() { 168 | 169 | if [ -z "$1" ] 170 | then 171 | echo "Path not specified to find_maven_basedir" 172 | return 1 173 | fi 174 | 175 | basedir="$1" 176 | wdir="$1" 177 | while [ "$wdir" != '/' ] ; do 178 | if [ -d "$wdir"/.mvn ] ; then 179 | basedir=$wdir 180 | break 181 | fi 182 | # workaround for JBEAP-8937 (on Solaris 10/Sparc) 183 | if [ -d "${wdir}" ]; then 184 | wdir=`cd "$wdir/.."; pwd` 185 | fi 186 | # end of workaround 187 | done 188 | echo "${basedir}" 189 | } 190 | 191 | # concatenates all lines of a file 192 | concat_lines() { 193 | if [ -f "$1" ]; then 194 | echo "$(tr -s '\n' ' ' < "$1")" 195 | fi 196 | } 197 | 198 | BASE_DIR=`find_maven_basedir "$(pwd)"` 199 | if [ -z "$BASE_DIR" ]; then 200 | exit 1; 201 | fi 202 | 203 | export MAVEN_PROJECTBASEDIR=${MAVEN_BASEDIR:-"$BASE_DIR"} 204 | echo $MAVEN_PROJECTBASEDIR 205 | MAVEN_OPTS="$(concat_lines "$MAVEN_PROJECTBASEDIR/.mvn/jvm.config") $MAVEN_OPTS" 206 | 207 | # For Cygwin, switch paths to Windows format before running java 208 | if $cygwin; then 209 | [ -n "$M2_HOME" ] && 210 | M2_HOME=`cygpath --path --windows "$M2_HOME"` 211 | [ -n "$JAVA_HOME" ] && 212 | JAVA_HOME=`cygpath --path --windows "$JAVA_HOME"` 213 | [ -n "$CLASSPATH" ] && 214 | CLASSPATH=`cygpath --path --windows "$CLASSPATH"` 215 | [ -n "$MAVEN_PROJECTBASEDIR" ] && 216 | MAVEN_PROJECTBASEDIR=`cygpath --path --windows "$MAVEN_PROJECTBASEDIR"` 217 | fi 218 | 219 | WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain 220 | 221 | exec "$JAVACMD" \ 222 | $MAVEN_OPTS \ 223 | -classpath "$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.jar" \ 224 | "-Dmaven.home=${M2_HOME}" "-Dmaven.multiModuleProjectDirectory=${MAVEN_PROJECTBASEDIR}" \ 225 | ${WRAPPER_LAUNCHER} $MAVEN_CONFIG "$@" 226 | --------------------------------------------------------------------------------