3 Star 5 Fork 1

DSLZC / springboot-security-oauth2-jwt

加入 Gitee
与超过 800 万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
克隆/下载
取消
提示: 由于 Git 不支持空文件夾,创建文件夹后会生成空的 .keep 文件
Loading...
README.md

springboot-security-oauth2-jwt

有任何问题欢迎邮件我或者发issues

-参考:-

https://mp.weixin.qq.com/s?__biz=MzAxODcyNjEzNQ==&mid=2247484574&idx=1&sn=0984db0da3dc0efda956fa0aaeabe479&chksm=9bd0a906aca7201028da742819b4f5b78c8c4768bd88237ffd54c5c818afec0f7af47b1d45eb#rd
http://www.spring4all.com/article/428
https://www.cnblogs.com/x113773/p/7160203.html
http://www.mkyong.com/spring-security/spring-security-remember-me-example/
https://www.cnblogs.com/softidea/p/5991897.html

项目结构

security

  • 参照spring security reference写的一个简单demo,没有参考价值,可以略过

security-ajax

  • 抛弃默认登录方式,使用ajax方式登录,因此自定义增加了AuthenticationSuccessHandler和AuthenticationFailureHandler用来返回自定义json
/**
 * @author dongsilin
 * @version 2018/4/8.
 *          登陆成功后的处理
 */
@Slf4j
@Component
public final class CustomAuthenticationSuccessHandler extends SimpleUrlAuthenticationSuccessHandler {

    @Override
    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws ServletException, IOException {
        log.info("*******************AuthenticationSuccessHandler");
        WebUtil.output(response, RestResponse.buildSuccess(), WebUtil.ResponseOutputType.JSON);
    }

}
/**
 * @author dongsilin
 * @version 2018/4/8.
 *          登陆失败后的处理
 */
@Slf4j
@Component
public final class CustomAuthenticationFailureHandler extends SimpleUrlAuthenticationFailureHandler {

    @Override
    public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException e) throws IOException, ServletException {
        log.info("*******************AuthenticationFailureHandler");
        if (e instanceof CaptchaAuthenticationException) {
            WebUtil.output(response, RestResponse.buildFail(e.getMessage()), WebUtil.ResponseOutputType.JSON);
        } else if (e instanceof UsernameNotFoundException) {
            WebUtil.output(response, RestResponse.buildFail("用户名不存在"), WebUtil.ResponseOutputType.JSON);
        } else if (e instanceof BadCredentialsException) {
            WebUtil.output(response, RestResponse.buildFail("密码错误"), WebUtil.ResponseOutputType.JSON);
        } else {
            WebUtil.output(response, RestResponse.buildFail("操作失败"), WebUtil.ResponseOutputType.JSON);
        }
    }

}
  • 默认情况下DaoAuthenticationProvider会丢弃UsernameNotFoundException(用户名错误),原因在于其参数hideUserNotFoundExceptions=true,把UsernameNotFoundException给hide掉了,请看如下源码。因此自定义AuthenticationProvider继承自DaoAuthenticationProvider,把hideUserNotFoundExceptions改为false
//org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider  第62行
try {
    user = this.retrieveUser(username, (UsernamePasswordAuthenticationToken)authentication);
} catch (UsernameNotFoundException var6) {
    this.logger.debug("User \'" + username + "\' not found");
    if(this.hideUserNotFoundExceptions) {
        throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
    }
    throw var6;
}
@Slf4j
@Component
public final class CustomAuthenticationProvider extends DaoAuthenticationProvider {

    @Autowired
    private UserDetailsService userDetailsService;

    @PostConstruct
    public void init() {
        setUserDetailsService(userDetailsService);
        setPasswordEncoder(new BCryptPasswordEncoder(8));
        setHideUserNotFoundExceptions(false);
    }
}
  • 增加登录验证码校验Filter: CustomCaptchaVerifyFilter,见项目代码

security-ajax-rememberme

  • 在security-ajax中增加rememberme功能
  • 提供RememberMeAuthenticationFilter bean和RememberMeAuthenticationProvider bean
  • 在CustomCaptchaVerifyFilter中设置rememberMeServices:setRememberMeServices(rememberMeServices)
  • 详细代码请clone再查看

oauth2

  • 待完善

oauth2-sso-server

  • 待完善

仓库评论 ( 0 )

你可以在登录后,发表评论

简介

暂无描述 展开 收起
Java
MIT
取消

发行版

暂无发行版

springboot-security-oauth2-jwt

贡献者

全部

近期动态

加载更多
不能加载更多了
Java
1
https://gitee.com/DSLZC/springboot-security-oauth2-jwt.git
git@gitee.com:DSLZC/springboot-security-oauth2-jwt.git
DSLZC
springboot-security-oauth2-jwt
springboot-security-oauth2-jwt
master

搜索帮助