Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

springboot starter security

lorne edited this page Mar 31, 2024 · 2 revisions

springboot-starter-security 功能介绍

支持无状态的JWT和有状态的redis两种不同的token机制

配置文件,默认参数即说明

# JWT开关
codingapi.security.jwt.enable=true
# JWT密钥 需大于32位的字符串
codingapi.security.jwt.secret-key=codingapi.security.jwt.secretkey
# JWT 有效时间(毫秒) 15分钟有效期 1000*60*15=900000
codingapi.security.jwt.valid-time=900000
# JWT 更换令牌时间(毫秒) 10分钟后更换令牌 1000*60*10=600000
codingapi.security.jwt.rest-time=600000
# JWT AES密钥
codingapi.security.ase-key=QUNEWCQlXiYqJCNYQ1phc0FDRFgkJV4mKiQjWENaYXM=
# JWT AES IV
codingapi.security.ase-iv=QUNYRkdIQEVEUyNYQ1phcw==
# Redis开关
#codingapi.security.redis.enable=true
#spring.data.redis.host=localhost
#spring.data.redis.port=6379
# Security 配置 请求权限拦截地址
codingapi.security.authenticated-urls=/api/**
# Security 配置 登录地址
codingapi.security.login-processing-url=/user/login
# Security 配置 登出地址
codingapi.security.logout-url=/user/logout
# Security 配置 不拦截的地址
codingapi.security.ignore-urls=/open/**
# 禁用CSRF
codingapi.security.disable-csrf=true
# 禁用CORS
codingapi.security.disable-cors=true

默认账户密码

security默认的账户密码为admin/admin,可以通过重写UserDetailsService来实现自定义账户密码

 @Bean
 public UserDetailsService userDetailsService(PasswordEncoder passwordEncoder) {
 String password = passwordEncoder.encode("12345678");
 UserDetails admin = User.withUsername("admin")
 .password(password)
 .roles("ADMIN")
 .build();
 UserDetails user = User.withUsername("user")
 .password(password)
 .roles("USER")
 .build();
 return new InMemoryUserDetailsManager(admin, user);
 }

也可以通过数据库账户获取账户数据,请自己实现UserDetailsService接口

登录拦截

可以通过重写SecurityLoginHandler来实现自定义登录拦截,preHandle登录前的拦截处理,postHandle登录后的拦截处理

 @Bean
 public SecurityLoginHandler securityLoginHandler() {
 return new SecurityLoginHandler() {
 @Override
 public void preHandle(HttpServletRequest request, HttpServletResponse response, LoginRequest handler) throws Exception {
 }
 @Override
 public void postHandle(HttpServletRequest request, HttpServletResponse response, LoginRequest handler, Token token) {
 }
 };
}

获取当前用户

通过TokenContext获取当前用户信息

 @GetMapping("/user")
 public String user(){
 return TokenContext.current().getUsername();
 }

可以通过Token的extra字段来存储用户的更多信息,然后通过TokenContext获取

 @GetMapping("/user")
 public String user(){
 return TokenContext.current().getExtra("user");
 }
Clone this wiki locally

AltStyle によって変換されたページ (->オリジナル) /