{"id":265,"date":"2022-04-02T07:19:47","date_gmt":"2022-04-01T23:19:47","guid":{"rendered":"https:\/\/blog.lijiajia.top\/?p=265"},"modified":"2026-06-19T21:31:03","modified_gmt":"2026-06-19T13:31:03","slug":"springsecurity%e6%a1%86%e6%9e%b6%e5%ad%a6%e4%b9%a0%ef%bc%9a%e5%be%ae%e6%9c%8d%e5%8a%a1%e5%85%b3%e9%94%ae%e4%bb%a3%e7%a0%81%e5%8d%81%e5%9b%9b","status":"publish","type":"post","link":"https:\/\/blog.ttwow.top\/?p=265","title":{"rendered":"SpringSecurity\u6846\u67b6\u5b66\u4e60\uff1a\u5fae\u670d\u52a1\u5173\u952e\u4ee3\u7801(\u5341\u56db)"},"content":{"rendered":"<p>\u9879\u76ee\u5730\u5740\uff1a<a href=\"https:\/\/github.com\/fangyishui\/SpringSecurityCode\">https:\/\/github.com\/fangyishui\/SpringSecurityCode<\/a><\/p>\n<h3>TokenWebSecurityConfig<\/h3>\n<pre><code class=\"language-java\">package com.security.config;\n\nimport com.security.filter.TokenAuthFilter;\nimport com.security.filter.TokenLoginFilter;\nimport com.security.security.DefaultPasswordEncoder;\nimport com.security.security.TokenLogoutHandler;\nimport com.security.security.TokenManager;\nimport com.security.security.UnauthEntryPoint;\nimport org.springframework.beans.factory.annotation.Autowired;\nimport org.springframework.context.annotation.Configuration;\nimport org.springframework.data.redis.core.RedisTemplate;\nimport org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;\nimport org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;\nimport org.springframework.security.config.annotation.web.builders.HttpSecurity;\nimport org.springframework.security.config.annotation.web.builders.WebSecurity;\nimport org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;\nimport org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;\nimport org.springframework.security.core.userdetails.UserDetailsService;\n\n@Configuration\n@EnableWebSecurity\n@EnableGlobalMethodSecurity(prePostEnabled = true)\npublic class TokenWebSecurityConfig extends WebSecurityConfigurerAdapter {\n\n    private TokenManager tokenManager;\n    private RedisTemplate redisTemplate;\n    private DefaultPasswordEncoder defaultPasswordEncoder;\n    private UserDetailsService userDetailsService;\n\n    @Autowired\n    public TokenWebSecurityConfig(UserDetailsService userDetailsService, DefaultPasswordEncoder defaultPasswordEncoder,\n                                  TokenManager tokenManager, RedisTemplate redisTemplate) {\n        this.userDetailsService = userDetailsService;\n        this.defaultPasswordEncoder = defaultPasswordEncoder;\n        this.tokenManager = tokenManager;\n        this.redisTemplate = redisTemplate;\n    }\n\n    \/**\n     * \u914d\u7f6e\u8bbe\u7f6e\n     * @param http\n     * @throws Exception\n     *\/\n    \/\/\u8bbe\u7f6e\u9000\u51fa\u7684\u5730\u5740\u548ctoken\uff0credis\u64cd\u4f5c\u5730\u5740\n    @Override\n    protected void configure(HttpSecurity http) throws Exception {\n        http.exceptionHandling()\n                .authenticationEntryPoint(new UnauthEntryPoint())\/\/\u6ca1\u6709\u6743\u9650\u8bbf\u95ee\n                .and().csrf().disable()\n                .authorizeRequests()\n                .anyRequest().authenticated()\n                .and().logout().logoutUrl(&quot;\/admin\/acl\/index\/logout&quot;)\/\/\u9000\u51fa\u8def\u5f84\n                .addLogoutHandler(new TokenLogoutHandler(tokenManager,redisTemplate)).and()\n                .addFilter(new TokenLoginFilter(authenticationManager(), tokenManager, redisTemplate))\n                .addFilter(new TokenAuthFilter(authenticationManager(), tokenManager, redisTemplate)).httpBasic();\n    }\n\n    \/\/\u8c03\u7528userDetailsService\u548c\u5bc6\u7801\u5904\u7406\n    @Override\n    public void configure(AuthenticationManagerBuilder auth) throws Exception {\n        auth.userDetailsService(userDetailsService).passwordEncoder(defaultPasswordEncoder);\n    }\n    \/\/\u4e0d\u8fdb\u884c\u8ba4\u8bc1\u7684\u8def\u5f84\uff0c\u53ef\u4ee5\u76f4\u63a5\u8bbf\u95ee\n    @Override\n    public void configure(WebSecurity web) throws Exception {\n        web.ignoring().antMatchers(&quot;\/api\/**&quot;);\n    }\n}\n<\/code><\/pre>\n<h3>TokenAuthFilter<\/h3>\n<pre><code class=\"language-java\">package com.security.filter;\n\nimport com.security.security.TokenManager;\nimport org.springframework.data.redis.core.RedisTemplate;\nimport org.springframework.security.authentication.AuthenticationManager;\nimport org.springframework.security.authentication.UsernamePasswordAuthenticationToken;\nimport org.springframework.security.core.GrantedAuthority;\nimport org.springframework.security.core.authority.SimpleGrantedAuthority;\nimport org.springframework.security.core.context.SecurityContextHolder;\nimport org.springframework.security.web.authentication.www.BasicAuthenticationFilter;\n\nimport javax.servlet.FilterChain;\nimport javax.servlet.ServletException;\nimport javax.servlet.http.HttpServletRequest;\nimport javax.servlet.http.HttpServletResponse;\nimport java.io.IOException;\nimport java.util.ArrayList;\nimport java.util.Collection;\nimport java.util.List;\n\npublic class TokenAuthFilter extends BasicAuthenticationFilter {\n\n    private TokenManager tokenManager;\n    private RedisTemplate redisTemplate;\n    public TokenAuthFilter(AuthenticationManager authenticationManager,TokenManager tokenManager,RedisTemplate redisTemplate) {\n        super(authenticationManager);\n        this.tokenManager = tokenManager;\n        this.redisTemplate = redisTemplate;\n    }\n\n    @Override\n    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {\n        \/\/\u83b7\u53d6\u5f53\u524d\u8ba4\u8bc1\u6210\u529f\u7528\u6237\u6743\u9650\u4fe1\u606f\n        UsernamePasswordAuthenticationToken authRequest = getAuthentication(request);\n        \/\/\u5224\u65ad\u5982\u679c\u6709\u6743\u9650\u4fe1\u606f\uff0c\u653e\u5230\u6743\u9650\u4e0a\u4e0b\u6587\u4e2d\n        if(authRequest != null) {\n            SecurityContextHolder.getContext().setAuthentication(authRequest);\n        }\n        chain.doFilter(request,response);\n    }\n\n    private UsernamePasswordAuthenticationToken getAuthentication(HttpServletRequest request) {\n        \/\/\u4eceheader\u83b7\u53d6token\n        String token = request.getHeader(&quot;token&quot;);\n        if(token != null) {\n            \/\/\u4ecetoken\u83b7\u53d6\u7528\u6237\u540d\n            String username = tokenManager.getUserInfoFromToken(token);\n            \/\/\u4eceredis\u83b7\u53d6\u5bf9\u5e94\u6743\u9650\u5217\u8868\n            List&lt;String&gt; permissionValueList = (List&lt;String&gt;)redisTemplate.opsForValue().get(username);\n            Collection&lt;GrantedAuthority&gt; authority = new ArrayList&lt;&gt;();\n            for(String permissionValue : permissionValueList) {\n                SimpleGrantedAuthority auth = new SimpleGrantedAuthority(permissionValue);\n                authority.add(auth);\n            }\n            return new UsernamePasswordAuthenticationToken(username,token,authority);\n        }\n        return null;\n    }\n\n}\n<\/code><\/pre>\n<h3>TokenLoginFilter<\/h3>\n<pre><code class=\"language-java\">package com.security.filter;\n\nimport com.fasterxml.jackson.databind.ObjectMapper;\nimport com.security.entity.SecurityUser;\nimport com.security.entity.User;\nimport com.security.security.TokenManager;\nimport com.springsecurity.utils.utils.R;\nimport com.springsecurity.utils.utils.ResponseUtil;\nimport org.springframework.data.redis.core.RedisTemplate;\nimport org.springframework.security.authentication.AuthenticationManager;\nimport org.springframework.security.authentication.UsernamePasswordAuthenticationToken;\nimport org.springframework.security.core.Authentication;\nimport org.springframework.security.core.AuthenticationException;\nimport org.springframework.security.core.context.SecurityContextHolder;\nimport org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;\nimport org.springframework.security.web.util.matcher.AntPathRequestMatcher;\n\nimport javax.servlet.FilterChain;\nimport javax.servlet.ServletException;\nimport javax.servlet.http.HttpServletRequest;\nimport javax.servlet.http.HttpServletResponse;\nimport java.io.IOException;\nimport java.util.ArrayList;\n\npublic class TokenLoginFilter extends UsernamePasswordAuthenticationFilter {\n\n    private TokenManager tokenManager;\n    private RedisTemplate redisTemplate;\n    private AuthenticationManager authenticationManager;\n\n    public TokenLoginFilter(AuthenticationManager authenticationManager, TokenManager tokenManager, RedisTemplate redisTemplate) {\n        this.authenticationManager = authenticationManager;\n        this.tokenManager = tokenManager;\n        this.redisTemplate = redisTemplate;\n        this.setPostOnly(false);\n        this.setRequiresAuthenticationRequestMatcher(new AntPathRequestMatcher(&quot;\/admin\/acl\/login&quot;,&quot;POST&quot;));\n    }\n\n    \/\/1 \u83b7\u53d6\u8868\u5355\u63d0\u4ea4\u7528\u6237\u540d\u548c\u5bc6\u7801\n    @Override\n    public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)\n            throws AuthenticationException {\n        \/\/\u83b7\u53d6\u8868\u5355\u63d0\u4ea4\u6570\u636e\n        try {\n            User user = new ObjectMapper().readValue(request.getInputStream(), User.class);\n            return authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(user.getUsername(),user.getPassword(),\n                    new ArrayList&lt;&gt;()));\n        } catch (IOException e) {\n            e.printStackTrace();\n            throw new RuntimeException();\n        }\n    }\n\n    \/\/2 \u8ba4\u8bc1\u6210\u529f\u8c03\u7528\u7684\u65b9\u6cd5\n    @Override\n    protected void successfulAuthentication(HttpServletRequest request,\n                                            HttpServletResponse response, FilterChain chain, Authentication authResult)\n            throws IOException, ServletException {\n        \/\/\u8ba4\u8bc1\u6210\u529f\uff0c\u5f97\u5230\u8ba4\u8bc1\u6210\u529f\u4e4b\u540e\u7528\u6237\u4fe1\u606f\n        SecurityUser user = (SecurityUser)authResult.getPrincipal();\n        \/\/\u6839\u636e\u7528\u6237\u540d\u751f\u6210token\n        String token = tokenManager.createToken(user.getCurrentUserInfo().getUsername());\n        \/\/\u628a\u7528\u6237\u540d\u79f0\u548c\u7528\u6237\u6743\u9650\u5217\u8868\u653e\u5230redis\n        redisTemplate.opsForValue().set(user.getCurrentUserInfo().getUsername(),user.getPermissionValueList());\n        \/\/\u8fd4\u56detoken\n        ResponseUtil.out(response, R.ok().data(&quot;token&quot;,token));\n    }\n\n    \/\/3 \u8ba4\u8bc1\u5931\u8d25\u8c03\u7528\u7684\u65b9\u6cd5\n    protected void unsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response, AuthenticationException failed)\n            throws IOException, ServletException {\n        ResponseUtil.out(response, R.error());\n    }\n}\n<\/code><\/pre>\n<h3>TokenLogoutHandler<\/h3>\n<pre><code class=\"language-java\">package com.security.security;\n\nimport com.springsecurity.utils.utils.R;\nimport com.springsecurity.utils.utils.ResponseUtil;\nimport org.springframework.data.redis.core.RedisTemplate;\nimport org.springframework.security.core.Authentication;\nimport org.springframework.security.web.authentication.logout.LogoutHandler;\n\nimport javax.servlet.http.HttpServletRequest;\nimport javax.servlet.http.HttpServletResponse;\n\/\/\u9000\u51fa\u5904\u7406\u5668\npublic class TokenLogoutHandler implements LogoutHandler {\n    private TokenManager tokenManager;\n    private RedisTemplate redisTemplate;\n\n    public TokenLogoutHandler(TokenManager tokenManager,RedisTemplate redisTemplate) {\n        this.tokenManager = tokenManager;\n        this.redisTemplate = redisTemplate;\n    }\n    @Override\n    public void logout(HttpServletRequest request, HttpServletResponse response, Authentication authentication) {\n        \/\/1 \u4eceheader\u91cc\u9762\u83b7\u53d6token\n        \/\/2 token\u4e0d\u4e3a\u7a7a\uff0c\u79fb\u9664token\uff0c\u4eceredis\u5220\u9664token\n        String token = request.getHeader(&quot;token&quot;);\n        if(token != null) {\n            \/\/\u79fb\u9664\n            tokenManager.removeToken(token);\n            \/\/\u4ecetoken\u83b7\u53d6\u7528\u6237\u540d\n            String username = tokenManager.getUserInfoFromToken(token);\n            redisTemplate.delete(username);\n        }\n        ResponseUtil.out(response, R.ok());\n    }\n}\n<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"<p>\u9879\u76ee\u5730\u5740\uff1ahttps:\/\/github.com\/fangyishui\/SpringSecurityCode T [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[126],"tags":[72],"class_list":["post-265","post","type-post","status-publish","format-standard","hentry","category-java-microservices","tag-springsecurity"],"_links":{"self":[{"href":"https:\/\/blog.ttwow.top\/index.php?rest_route=\/wp\/v2\/posts\/265","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.ttwow.top\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.ttwow.top\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.ttwow.top\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.ttwow.top\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=265"}],"version-history":[{"count":1,"href":"https:\/\/blog.ttwow.top\/index.php?rest_route=\/wp\/v2\/posts\/265\/revisions"}],"predecessor-version":[{"id":2105,"href":"https:\/\/blog.ttwow.top\/index.php?rest_route=\/wp\/v2\/posts\/265\/revisions\/2105"}],"wp:attachment":[{"href":"https:\/\/blog.ttwow.top\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=265"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.ttwow.top\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=265"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.ttwow.top\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=265"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}