3 Star 5 Fork 1

DSLCoding / springboot-security-oauth2-jwt

加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
克隆/下载
贡献代码
同步代码
取消
提示: 由于 Git 不支持空文件夾,创建文件夹后会生成空的 .keep 文件
Loading...
README
MIT

springboot-security-oauth2-jwt

有任何问题欢迎邮件我或者发issues

-参考:-

https://mp.weixin.qq.com/s?__biz=MzAxODcyNjEzNQ==&mid=2247484574&idx=1&sn=0984db0da3dc0efda956fa0aaeabe479&chksm=9bd0a906aca7201028da742819b4f5b78c8c4768bd88237ffd54c5c818afec0f7af47b1d45eb#rd
http://www.spring4all.com/article/428
https://www.cnblogs.com/x113773/p/7160203.html
http://www.mkyong.com/spring-security/spring-security-remember-me-example/
https://www.cnblogs.com/softidea/p/5991897.html

项目结构

security

  • 参照spring security reference写的一个简单demo,没有参考价值,可以略过

security-ajax

  • 抛弃默认登录方式,使用ajax方式登录,因此自定义增加了AuthenticationSuccessHandler和AuthenticationFailureHandler用来返回自定义json
/**
 * @author dongsilin
 * @version 2018/4/8.
 *          登陆成功后的处理
 */
@Slf4j
@Component
public final class CustomAuthenticationSuccessHandler extends SimpleUrlAuthenticationSuccessHandler {

    @Override
    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws ServletException, IOException {
        log.info("*******************AuthenticationSuccessHandler");
        WebUtil.output(response, RestResponse.buildSuccess(), WebUtil.ResponseOutputType.JSON);
    }

}
/**
 * @author dongsilin
 * @version 2018/4/8.
 *          登陆失败后的处理
 */
@Slf4j
@Component
public final class CustomAuthenticationFailureHandler extends SimpleUrlAuthenticationFailureHandler {

    @Override
    public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException e) throws IOException, ServletException {
        log.info("*******************AuthenticationFailureHandler");
        if (e instanceof CaptchaAuthenticationException) {
            WebUtil.output(response, RestResponse.buildFail(e.getMessage()), WebUtil.ResponseOutputType.JSON);
        } else if (e instanceof UsernameNotFoundException) {
            WebUtil.output(response, RestResponse.buildFail("用户名不存在"), WebUtil.ResponseOutputType.JSON);
        } else if (e instanceof BadCredentialsException) {
            WebUtil.output(response, RestResponse.buildFail("密码错误"), WebUtil.ResponseOutputType.JSON);
        } else {
            WebUtil.output(response, RestResponse.buildFail("操作失败"), WebUtil.ResponseOutputType.JSON);
        }
    }

}
  • 默认情况下DaoAuthenticationProvider会丢弃UsernameNotFoundException(用户名错误),原因在于其参数hideUserNotFoundExceptions=true,把UsernameNotFoundException给hide掉了,请看如下源码。因此自定义AuthenticationProvider继承自DaoAuthenticationProvider,把hideUserNotFoundExceptions改为false
//org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider  第62行
try {
    user = this.retrieveUser(username, (UsernamePasswordAuthenticationToken)authentication);
} catch (UsernameNotFoundException var6) {
    this.logger.debug("User \'" + username + "\' not found");
    if(this.hideUserNotFoundExceptions) {
        throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
    }
    throw var6;
}
@Slf4j
@Component
public final class CustomAuthenticationProvider extends DaoAuthenticationProvider {

    @Autowired
    private UserDetailsService userDetailsService;

    @PostConstruct
    public void init() {
        setUserDetailsService(userDetailsService);
        setPasswordEncoder(new BCryptPasswordEncoder(8));
        setHideUserNotFoundExceptions(false);
    }
}
  • 增加登录验证码校验Filter: CustomCaptchaVerifyFilter,见项目代码

security-ajax-rememberme

  • 在security-ajax中增加rememberme功能
  • 提供RememberMeAuthenticationFilter bean和RememberMeAuthenticationProvider bean
  • 在CustomCaptchaVerifyFilter中设置rememberMeServices:setRememberMeServices(rememberMeServices)
  • 详细代码请clone再查看

oauth2

  • 待完善

oauth2-sso-server

  • 待完善
The MIT License (MIT) Copyright (c) 2018 DSLZC Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

简介

暂无描述 展开 收起
Java
MIT
取消

发行版

暂无发行版

贡献者

全部

近期动态

加载更多
不能加载更多了
Java
1
https://gitee.com/DSLZC/springboot-security-oauth2-jwt.git
git@gitee.com:DSLZC/springboot-security-oauth2-jwt.git
DSLZC
springboot-security-oauth2-jwt
springboot-security-oauth2-jwt
master

搜索帮助

14c37bed 8189591 565d56ea 8189591