SpringSecurity实现token认证

配置类

@Configuration @EnableWebSecurity @EnableGlobalMethodSecurity(prePostEnabled=true) public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {

@Bean @Override public AuthenticationManager authenticationManagerBean() throws Exception { return super.authenticationManagerBean(); } // 由于过滤器 比 servelt 先加载 在这里注入一下 负责 TokenAuthenticationTokenFilter 中redisuntity @Bean public TokenAuthenticationTokenFilter getTokenFiter(){ return new TokenAuthenticationTokenFilter(); } @Override protected void configure(HttpSecurity http) throws Exception { //http.addFilterBefore(new VerCodeFi lter("/Login/Login"), UsernamePasswordAuthenticationFilter.class); http.addFilterBefore(getTokenFiter(), UsernamePasswordAuthenticationFilter.class); http .authorizeRequests() .antMatchers("/Login/**").permitAll() // 放行Login .anyRequest().authenticated() // 所有请求都需要验证 .and() .formLogin() // 使用默认的登录页面 .and() .sessionManagement() .sessionCreationPolicy(SessionCreationPolicy.STATELESS).and() .csrf().disable();// post请求要关闭csrf验证,不然访问报错；实际开发中开启，需要前端配合传递其他参数 }

}

定义token 验证过滤器

public class TokenAuthenticationTokenFilter extends OncePerRequestFilter {

@Autowired private RedisUtils redisUtils; public TokenAuthenticationTokenFilter(){ } @Override protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { //1、获取请求头携带的token String token = request.getHeader("token"); if(!StringUtils.hasText(token)){ //不需要token的路由可以直接放行 filterChain.doFilter(request,response); return; } Object o =redisUtils.get(token); if (o==null){ response.setStatus(200); response.setCharacterEncoding("utf-8"); response.getWriter().write(JSON.toJSONString(Result.failed(401,"token 非法",""))); return; } Map<String,String> maps=new HashMap<>(); Map Values = JSON.parseObject(o.toString(), maps.getClass()); Collection<GrantedAuthority> authorities = new ArrayList<>(); authorities.add(new SimpleGrantedAuthority(Values.get("role").toString())); UsernamePasswordAuthenticationToken authenticationToken=new UsernamePasswordAuthenticationToken(new Userdto(), null, authorities); SecurityContextHolder.getContext().setAuthentication(authenticationToken); filterChain.doFilter(request,response); //放行 }

}