security-微信登录认证
controller:
@ApiOperation("通过openid进行微信登录")@GetMapping("wxLogin/{openid}")public Result wxLogin(@PathVariable(value = "openid",required = true) String openid){String token = wxUserService.wxLogin(openid);if(StringUtils.isEmpty(token)){return Result.fail().message("openid有误");}return Result.success().data("token",token);}
service(这里的认证管理器authenticationManager需要进行懒加载@Lazy):
package com.guigusuqi.app.service.impl;import com.guigusuqi.app.config.WxCodeAuthenticationToken;
import com.guigusuqi.app.entity.LoginWxUser;
import com.guigusuqi.app.entity.WxUser;
import com.guigusuqi.app.mapper.WxUserMapper;
import com.guigusuqi.app.service.WxUserService;
import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
import com.guigusuqi.commonutils.utils.JWTUtils;
import com.guigusuqi.commonutils.utils.RedisCache;
import com.guigusuqi.commonutils.vo.Result;
import net.bytebuddy.asm.Advice;
import org.springframework.context.annotation.Lazy;
import org.springframework.context.annotation.Primary;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.stereotype.Service;import javax.annotation.Resource;/*** <p>* 服务实现类* </p>** @author suqi* @since 2022-04-06*/
@Service
public class WxUserServiceImpl extends ServiceImpl<WxUserMapper, WxUser> implements WxUserService
{@Resourceprivate WxUserMapper wxUserMapper;@Lazy@Resourceprivate AuthenticationManager authenticationManager;@Resourceprivate RedisCache redisCache;@Overridepublic WxUser getUserInfoByOpenId(String openid){return wxUserMapper.getUserInfoByOpenId(openid);}@Overridepublic String wxLogin(String openid){// 用户验证Authentication authentication = null;//通过openid进行一个授权,这里需要修改userDetailService为微信小程序认证的方式try {/*** 1.通过WxCodeAuthenticationToken类将openid封装成WxCodeAuthenticationToken,principal=openid* 2.WxCodeAuthenticationSecurityConfig设置WxUserDetailsServiceImpl和wxCodeAuthenticationProvider** 4.WxCodeAuthenticationProvider.supports,如果传过来的authentication是WxCodeAuthenticationToken就启用该provider* 5.WxUserDetailsServiceImpl通过openid从数据库中查询wxuser,返回封装的loginUser(=userDetail)* 6.WxCodeAuthenticationProvider进行authenticate授权,直接将userDetailsService返回的userdetail返回* 7.通过返回的loginWxUser获取openid,保存在jwt中*/authentication = authenticationManager.authenticate(new WxCodeAuthenticationToken(openid));} catch (Exception e) {throw new RuntimeException(e.getMessage());}//如果authenticationManager认证通过,拿到这个当前登录用户信息LoginWxUser loginWxUser = (LoginWxUser) authentication.getPrincipal();//通过loginWxUser获取openid,创建tokenString token = JWTUtils.createToken(loginWxUser.getUser().getOpenid());//保存在redis中redisCache.setCacheObject("TOKEN_"+token,loginWxUser.getUser());return token;}
}
1.通过WxCodeAuthenticationToken类将openid封装成WxCodeAuthenticationToken
package com.guigusuqi.app.config;import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.core.GrantedAuthority;import java.util.Collection;/*** 将openid封装成authentication*/public class WxCodeAuthenticationToken extends AbstractAuthenticationToken
{/*** 在 UsernamePasswordAuthenticationToken 中该字段代表登录的用户名,* 在这里就代表登录的微信openid*/private final Object principal;/*** 构建一个没有鉴权的 CodeAuthenticationToken*/public WxCodeAuthenticationToken(Object principal){super(null);this.principal = principal;setAuthenticated(false);}/*** 构建拥有鉴权的 SmsCodeAuthenticationToken,小程序中不需要*/public WxCodeAuthenticationToken(Object principal, Collection<? extends GrantedAuthority> authorities) {super(authorities);this.principal = principal;// must use super, as we overridesuper.setAuthenticated(true);}@Overridepublic Object getCredentials() {return null;}@Overridepublic Object getPrincipal() {return this.principal;}@Overridepublic void setAuthenticated(boolean isAuthenticated) throws IllegalArgumentException{if (isAuthenticated){throw new IllegalArgumentException("Cannot set this token to trusted - use constructor which takes a GrantedAuthority list instead");}super.setAuthenticated(false);}@Overridepublic void eraseCredentials() {super.eraseCredentials();}
}
2.WxCodeAuthenticationSecurityConfig设置wxCodeAuthenticationProvider,wxCodeAuthenticationProvider设置WxUserDetailsServiceImpl
package com.guigusuqi.app.config;import com.guigusuqi.app.service.impl.WxUserDetailsServiceImpl;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.SecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.web.DefaultSecurityFilterChain;
import org.springframework.stereotype.Component;import javax.annotation.Resource;@Configuration
public class WxCodeAuthenticationSecurityConfig extends SecurityConfigurerAdapter<DefaultSecurityFilterChain, HttpSecurity>
{@Resourceprivate WxUserDetailsServiceImpl userDetailsService;@Resourceprivate WxCodeAuthenticationProvider wxCodeAuthenticationProvider;@Overridepublic void configure(HttpSecurity http) throws Exception{wxCodeAuthenticationProvider.setUserDetailsService(userDetailsService);http.authenticationProvider(wxCodeAuthenticationProvider);}
}
3.SecurityConfig自动注入WxCodeAuthenticationSecurityConfig并应用wxCodeAuthenticationSecurityConfig
package com.guigusuqi.admin.config;import com.guigusuqi.app.config.WxCodeAuthenticationProvider;
import com.guigusuqi.app.config.WxCodeAuthenticationSecurityConfig;
import com.guigusuqi.app.service.impl.WxUserDetailsServiceImpl;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;import javax.annotation.Resource;@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)//开启权限注解
public class SecurityConfig extends WebSecurityConfigurerAdapter
{@Resourceprivate JwtAuthenticationTokenFilter jwtAuthenticationTokenFilter;@Resourceprivate WxCodeAuthenticationSecurityConfig wxCodeAuthenticationSecurityConfig;@Resourceprivate WxUserDetailsServiceImpl userDetailsService;@Resourceprivate WxCodeAuthenticationProvider wxCodeAuthenticationProvider;@Bean@Overridepublic AuthenticationManager authenticationManagerBean() throws Exception{return super.authenticationManagerBean();}@Beanpublic PasswordEncoder passwordEncoder(){return new BCryptPasswordEncoder();}/*** anyRequest | 匹配所有请求路径* access | SpringEl表达式结果为true时可以访问* anonymous | 匿名可以访问* denyAll | 用户不能访问* fullyAuthenticated | 用户完全认证可以访问(非remember-me下自动登录)* hasAnyAuthority | 如果有参数,参数表示权限,则其中任何一个权限可以访问* hasAnyRole | 如果有参数,参数表示角色,则其中任何一个角色可以访问* hasAuthority | 如果有参数,参数表示权限,则其权限可以访问* hasIpAddress | 如果有参数,参数表示IP地址,如果用户IP和参数匹配,则可以访问* hasRole | 如果有参数,参数表示角色,则其角色可以访问* permitAll | 用户可以任意访问* rememberMe | 允许通过remember-me登录的用户访问* authenticated | 用户登录后可访问*/@Overrideprotected void configure(HttpSecurity http) throws Exception{http.apply(wxCodeAuthenticationSecurityConfig);http //关闭防止csrf攻击.csrf().disable()//不通过session获取SecurityContext.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);http.authorizeRequests()//登录接口可以不用登录进行访问
// .antMatchers("/login").permitAll()
// .antMatchers("/druid/**").permitAll()
// .antMatchers("/doc.html","/webjars/**","/img.icons/**","/swagger-resources/**","/v2/api-docs").permitAll() //允许所有人访问knife4j
// //authenticated()要求在执行该请求时,必须已经登录了应用。
// //如果用户没有认证的话,Spring Security的Filter将会捕获该请求,并将用户重定向到应用的登录页面。
// .antMatchers("/info").authenticated()
// .antMatchers("/act/**").authenticated()
// .antMatchers("/wxLogin").anonymous()
// .antMatchers("/wxcallback").anonymous()
// .antMatchers("/getUserInfo/**").anonymous()
// .antMatchers("/doc.html","/webjars/**","/img.icons/**","/swagger-resources/**","/v2/api-docs").permitAll() //允许所有人访问knife4j//其他接口需要LoginServiceImpl的login方法的authenticate进行认证.anyRequest().permitAll();// //类似于使用了aop思想的拦截器
// http //把token校验过滤器添加到过滤器链中
// .addFilterBefore(jwtAuthenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);http.cors();}
}
4. WxCodeAuthenticationProvider.supports,如果传过来的authentication是WxCodeAuthenticationToken就启用该provider,
通过自定义provider进行认证
WxCodeAuthenticationProvider进行authenticate授权,直接将userDetailsService返回的userdetail返回
package com.guigusuqi.app.config;import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.stereotype.Component;@Component
public class WxCodeAuthenticationProvider implements AuthenticationProvider
{private UserDetailsService userDetailsService;@Overridepublic Authentication authenticate(Authentication authentication) throws AuthenticationException{//将前端传递的authentication转换为WxCodeAuthenticationTokenWxCodeAuthenticationToken wxCodeAuthenticationToken = (WxCodeAuthenticationToken) authentication;//通过authentication获取openidString openid = (String) wxCodeAuthenticationToken.getPrincipal();//获取数据库的信息,如果openid获得的用户为空,WxUserDetailsServiceImpl直接报错UserDetails userDetails = userDetailsService.loadUserByUsername(openid);// 走到这里鉴权成功,应当重新 new 一个拥有鉴权的 authenticationResult 返回WxCodeAuthenticationToken authenticationResult = new WxCodeAuthenticationToken(userDetails,userDetails.getAuthorities());return authenticationResult;}@Overridepublic boolean supports(Class<?> authentication){// 判断 authentication 是不是 WxCodeAuthenticationToken 的子类或子接口,是的话就使用该providerreturn WxCodeAuthenticationToken.class.isAssignableFrom(authentication);}public UserDetailsService getUserDetailsService() {return userDetailsService;}public void setUserDetailsService(UserDetailsService userDetailsService) {this.userDetailsService = userDetailsService;}
}
5.WxUserDetailsServiceImpl通过openid从数据库中查询wxuser,返回封装的loginUser(=userDetail)
package com.guigusuqi.app.service.impl;import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;import com.guigusuqi.app.entity.LoginWxUser;
import com.guigusuqi.app.entity.WxUser;
import com.guigusuqi.app.service.WxUserService;
import org.springframework.context.annotation.Primary;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;import javax.annotation.Resource;
import java.util.List;
import java.util.Objects;@Service
@Primary
public class WxUserDetailsServiceImpl implements UserDetailsService
{@Resourceprivate WxUserService wxUserService;@Overridepublic UserDetails loadUserByUsername(String openid) throws UsernameNotFoundException{WxUser user = wxUserService.getUserInfoByOpenId(openid);if(Objects.isNull(user)){throw new RuntimeException("该用户不存在");}//通过用户id查询权限集合//List<String> permsList = sysMenuMapper.selectPermsByUserId(user.getUserId());return new LoginWxUser(user);//认证成功之后,把用户信息封装在LoginUser中}
}
7.通过返回的loginWxUser获取openid,保存在jwt中
//通过loginWxUser获取openid,创建token
String token = JWTUtils.createToken(loginWxUser.getUser().getOpenid());//保存在redis中
redisCache.setCacheObject("TOKEN_"+token,loginWxUser.getUser());
8.securityConfig设置拦截器wxAuthenticationTokenFilter
package com.guigusuqi.admin.config;import com.guigusuqi.app.config.WxAuthenticationTokenFilter;
import com.guigusuqi.app.config.WxCodeAuthenticationProvider;
import com.guigusuqi.app.config.WxCodeAuthenticationSecurityConfig;
import com.guigusuqi.app.service.impl.WxUserDetailsServiceImpl;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;import javax.annotation.Resource;@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)//开启权限注解
public class SecurityConfig extends WebSecurityConfigurerAdapter
{
// @Resource
// private JwtAuthenticationTokenFilter jwtAuthenticationTokenFilter;@Resourceprivate WxAuthenticationTokenFilter wxAuthenticationTokenFilter;@Resourceprivate WxCodeAuthenticationSecurityConfig wxCodeAuthenticationSecurityConfig;@Resourceprivate WxUserDetailsServiceImpl userDetailsService;@Resourceprivate WxCodeAuthenticationProvider wxCodeAuthenticationProvider;@Bean@Overridepublic AuthenticationManager authenticationManagerBean() throws Exception{return super.authenticationManagerBean();}@Beanpublic PasswordEncoder passwordEncoder(){return new BCryptPasswordEncoder();}/*** anyRequest | 匹配所有请求路径* access | SpringEl表达式结果为true时可以访问* anonymous | 匿名可以访问* denyAll | 用户不能访问* fullyAuthenticated | 用户完全认证可以访问(非remember-me下自动登录)* hasAnyAuthority | 如果有参数,参数表示权限,则其中任何一个权限可以访问* hasAnyRole | 如果有参数,参数表示角色,则其中任何一个角色可以访问* hasAuthority | 如果有参数,参数表示权限,则其权限可以访问* hasIpAddress | 如果有参数,参数表示IP地址,如果用户IP和参数匹配,则可以访问* hasRole | 如果有参数,参数表示角色,则其角色可以访问* permitAll | 用户可以任意访问* rememberMe | 允许通过remember-me登录的用户访问* authenticated | 用户登录后可访问*/@Overrideprotected void configure(HttpSecurity http) throws Exception{http.apply(wxCodeAuthenticationSecurityConfig);http //关闭防止csrf攻击.csrf().disable()//不通过session获取SecurityContext.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);http.authorizeRequests()//登录接口可以不用登录进行访问
// .antMatchers("/login").permitAll()
// .antMatchers("/druid/**").permitAll()
// .antMatchers("/doc.html","/webjars/**","/img.icons/**","/swagger-resources/**","/v2/api-docs").permitAll() //允许所有人访问knife4j
// //authenticated()要求在执行该请求时,必须已经登录了应用。
// //如果用户没有认证的话,Spring Security的Filter将会捕获该请求,并将用户重定向到应用的登录页面。
// .antMatchers("/info").authenticated()
// .antMatchers("/act/**").authenticated().antMatchers("/wxLogin/**").anonymous()
// .antMatchers("/wxcallback").anonymous()
// .antMatchers("/getUserInfo/**").anonymous().antMatchers("/doc.html","/webjars/**","/img.icons/**","/swagger-resources/**","/v2/api-docs").permitAll() //允许所有人访问knife4j//其他接口需要OncePerRequestFilter子类设置把authenticationToken设置到SecurityContextHolder中才能通过认证//(1.登录,2.拦截器填充authenticationToken到securityContextHolder中)//SecurityContextHolder.getContext().setAuthentication(authenticationToken);.anyRequest().authenticated();// //类似于使用了aop思想的拦截器http //把token校验过滤器添加到过滤器链中.addFilterBefore(wxAuthenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);http.cors();}
}
package com.guigusuqi.app.config;import com.alibaba.fastjson.JSON;import com.guigusuqi.app.entity.LoginWxUser;
import com.guigusuqi.app.service.WxUserService;
import com.guigusuqi.commonutils.code.ErrorCode;
import com.guigusuqi.commonutils.vo.Result;
import org.apache.commons.lang3.StringUtils;
import org.springframework.context.annotation.Lazy;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Component;
import org.springframework.web.filter.OncePerRequestFilter;import javax.annotation.Resource;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.Objects;/*** 自定义一个过滤器,这个过滤器会去获取请求头中的token,对token进行解析取出其中的userId。* 使用userId去redis中获取对应的LoginUser对象。然后封装Authentication对象存入SecurityContextHolder** 作用:只是为了校验token,如果token不存在是通过SecurityConfig.configure进行拦截的*/
@Component
public class WxAuthenticationTokenFilter extends OncePerRequestFilter
{@Resource@Lazyprivate WxUserService wxUserService;@Overrideprotected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException{//获取tokenString token = request.getHeader("Authorization");if(StringUtils.isEmpty(token)){filterChain.doFilter(request,response);return;}LoginWxUser loginWxUser = wxUserService.checkAndParseToken(token);if(Objects.isNull(loginWxUser)){Result result = Result.fail().code(ErrorCode.NO_LOGIN.getCode()).message(ErrorCode.NO_LOGIN.getMsg());response.setContentType("application/json;charset=utf-8");response.getWriter().print(JSON.toJSONString(result));return;}//封装Authentication对象存入SecurityContextHolder//TODO 获取权限信息封装到Authentication中UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(loginWxUser, null, loginWxUser.getAuthorities());SecurityContextHolder.getContext().setAuthentication(authenticationToken);//放行filterChain.doFilter(request,response);}
}
security-微信登录认证相关推荐
- 自定义request_Spring Security 自定义登录认证(二)
一.前言 本篇文章将讲述Spring Security自定义登录认证校验用户名.密码,自定义密码加密方式,以及在前后端分离的情况下认证失败或成功处理返回json格式数据 温馨小提示:Spring Se ...
- spring security+jwt 登录认证
spring security+jwt 登录认证 1.综述 2.版本与环境 3.架构 4.数据库认证逻辑图 5.案例 security+jwt 5.1引入依赖 5.2新建工具类 5.2新建组件类 5. ...
- 混合应用 微信登录授权 微信登录认证失败 ios PGWXAPI错误-1 code:-100 / 安卓 message:invalid appsecret innerCode:40125...
最近项目需要做微信登录,于是利用HTML5+ API Reference的OAuth模块管理客户端的用户登录授权验证功能,允许应用访问第三方平台的资源. (链接:https://www.dcloud. ...
- 清晰搞懂Spring Security的登录认证
文章目录 前言 1.简介 2.登录认证 2.1.过滤器链 2.2.认证流程 2.3.大思路分析 3.撸袖开干 3.1.环境搭建 3.1.1.数据库 3.1.2.项目搭建 3.1.3.工具类.部分配置类 ...
- Spring Security进行登录认证和授权
一.Spring Security内部认证流程 用户首次登录提交用户名和密码后spring security 的UsernamePasswordAuthenticationFilter把用户名密码封装 ...
- SpringBoot+Security+Jwt登录认证与权限控制(一)
一.相关技术 1. Maven 项目管理工具 2. MybatisPlus 3. SpringBoot 2.7.0 4. Security 安全框架 5. Jwt 6. easy-captcha 验证 ...
- H5页面使用微信网页授权实现登录认证
在用H5开发微信公众号页面应用时,往往需要获取微信的用户信息,H5页面在微信属于访问第三方网页,因此通过微信网页授权机制,来获取用户基本信息,此处需要用户确认授权才能获取,用户确认授权后,我们可以认为 ...
- SpringBoot 集成 微信绑定 微信登录
SpringBoot 集成 微信登录 重写一个认证逻辑 实现AuthenticationProvider import com.hzjtcl.commons.security.service.Hzjt ...
- 登录验证应该是进行在客户端还是服务器端_网站登录认证方式
目前大部分软件系统资源访问都是使用HTTP协议,HTTP是无状态的协议,每次请求默认都是相互独立的.但是大部分情况下我们需要记录请求资源的用户信息,也就是保存会话,从而对资源的访问做限制,这是我们认证 ...
- 【React Native 实战】微信登录
1.前言 在今天无论是游戏开发还是app开发,微信作为第三方登录必不可少,今天我们就用react-native-wechat实现微信登录,分享和支付同样的道理就不过多的介绍了. 2.属性 1)regi ...
最新文章
- MySQL通过两表避免回表_mysql利用覆盖索引避免回表优化查询
- Tomcat部署项目的几种常见方式
- centos7 hadoop3.0.1安装
- 添加icon_在zotero中添加百度学术、中国知网的文章检索引擎
- linux编程学习_您需要编程技能才能学习Linux吗?
- 使用SQLQuery 在Hibernate中使用sql语句
- 小马儿随笔(三)——小标签 大学问
- 第二次作业——个人项目实战之随机数独生成
- 第一次部署海康威视DEMO的一些坑,最终运行成功
- abp vnext数据库迁移(新建库)
- 我个人总结的Halcon内存管理心得笔记,关于C#/C++内存释放
- 跑跑飞弹室外跑步AR游戏代码方案设计
- 学籍信息管理系统-------具体设计
- 5w对讲机需要执照吗
- Java8的stream处理List集合的相同部分(交集)、去重
- mmsegmentation自定义新数据集
- ERLANG日期与时间
- java mysql SSM实现的校园门户平台网站系统源码+含开题报告与需求分析+包安装配置
- Module named ‘XXX’ already exists 错误解决
- Pandownload 下线了,我花了 30 分钟自己搭建了一个网盘!