feat:

- 完善Spring Security
2025-06-15 11:44:38 +08:00 · 2025-06-15 11:44:38 +08:00 · 45da0753f6
commit 45da0753f6
parent 23f65a4e5d
6 changed files with 38 additions and 52 deletions
--- a/pom.xml
+++ b/pom.xml
@ -132,6 +132,12 @@
            <artifactId>mockito-core</artifactId>
            <scope>test</scope>
        </dependency>
+        <dependency>
+            <groupId>org.jetbrains</groupId>
+            <artifactId>annotations</artifactId>
+            <version>RELEASE</version>
+            <scope>compile</scope>
+        </dependency>
    </dependencies>

    <build>
--- a/src/main/java/asia/yulinling/workflow/config/SecurityConfig.java
+++ b/src/main/java/asia/yulinling/workflow/config/SecurityConfig.java
@ -31,16 +31,17 @@ public class SecurityConfig {
    public SecurityFilterChain securityFilterChain(HttpSecurity http, JwtUtil jwtUtil, JwtAuthenticationEntryPoint jwtAuthenticationEntryPoint) throws Exception {
        http
                .csrf(AbstractHttpConfigurer::disable)
+                .sessionManagement(AbstractHttpConfigurer::disable)
                .exceptionHandling(ex -> ex
                        .authenticationEntryPoint(jwtAuthenticationEntryPoint)
-                        .accessDeniedHandler((request, response, accessDeniedException) -> response.sendError(HttpServletResponse.SC_FORBIDDEN, "Access Denied"))
+                        .accessDeniedHandler((request, response, accessDeniedException) ->
+                                response.sendError(HttpServletResponse.SC_FORBIDDEN, "Access Denied"))
                )
                .authorizeHttpRequests(auth -> auth
                        .requestMatchers("/login").permitAll()
                        .requestMatchers("/users", "/users/**").authenticated()
                        .anyRequest().authenticated()
                )
-                .sessionManagement(AbstractHttpConfigurer::disable)
                .addFilterBefore(
                        new JwtAuthenticationFilter(jwtUtil, jwtUserDetailsService),
                        UsernamePasswordAuthenticationFilter.class
--- a/src/main/java/asia/yulinling/workflow/security/JwtAuthenticationFilter.java
+++ b/src/main/java/asia/yulinling/workflow/security/JwtAuthenticationFilter.java
@ -7,6 +7,8 @@ import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
+import org.jetbrains.annotations.NotNull;
+import org.jetbrains.annotations.Nullable;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.core.userdetails.UserDetails;
@ -32,32 +34,34 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter {
    private final UserDetailsService userDetailsService;

    @Override
-    protected void doFilterInternal(HttpServletRequest request,
-                                    HttpServletResponse response,
-                                    FilterChain filterChain) throws ServletException, IOException {
+    protected void doFilterInternal(@NotNull HttpServletRequest request,
+                                    @NotNull HttpServletResponse response,
+                                    @NotNull FilterChain filterChain) throws ServletException, IOException {

        String token = getTokenFromRequest(request);
        log.info("token: {}", token);

        if (StringUtils.hasText(token) && jwtUtil.validateToken(token)) {
-            // get username from token
+            // 解析token获取username
            String username = jwtUtil.parseToken(token).getSubject();
+            log.info("username: {}", username);

-            // load the user associated with token
+            // 根据token获取的username,加载当前登录中userDetails
            UserDetails userDetails = userDetailsService.loadUserByUsername(username);
+            log.info("userDetails: {}", userDetails);

            UsernamePasswordAuthenticationToken authenticationToken
                    = new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
+            log.info("authenticationToken: {}", authenticationToken);

            authenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
-
            SecurityContextHolder.getContext().setAuthentication(authenticationToken);
        }

        filterChain.doFilter(request, response);
    }

-    private String getTokenFromRequest(HttpServletRequest request) {
+    private @Nullable String getTokenFromRequest(HttpServletRequest request) {
        String bearerToken = request.getHeader("Authorization");
        if (bearerToken != null && bearerToken.startsWith("Bearer ")) {
            return bearerToken.substring(7);
--- a/src/main/java/asia/yulinling/workflow/utils/JwtUtil.java
+++ b/src/main/java/asia/yulinling/workflow/utils/JwtUtil.java
@ -52,7 +52,7 @@ public class JwtUtil {
    public String generateToken(Authentication authentication, boolean isRememberMe) {
        // 1. 构建签名密钥
        Key key = key();
-
+        log.info("key: {}", key);
        // 2. 当前时间
        Date now = new Date();

@ -81,7 +81,7 @@ public class JwtUtil {
    public Claims parseToken(String token) {
        try {
            Key key = key();
-
+            log.info("key: {}", key);
            return Jwts.parserBuilder()
                       .setSigningKey(key)
                       .build()
@ -106,10 +106,17 @@ public class JwtUtil {
     * @return true-token正确 false-token错误
     */
    public boolean validateToken(String token) {
+        Key key = key();
+        log.info("token: {}; key: {}", token, key);
+
        try {
-            Jwts.parserBuilder().setSigningKey(key()).build().parseClaimsJws(token);
+            Jwts.parserBuilder()
+                .setSigningKey(key)
+                .build()
+                .parseClaimsJws(token);
            return true;
        } catch (JwtException e) {
+            log.error("Token <UNK>: {}", token, e);
            return false;
        }
    }
--- a/src/main/resources/mapper/UserMapper.xml
+++ b/src/main/resources/mapper/UserMapper.xml
@ -1,32 +1,4 @@
 <?xml version="1.0" encoding="UTF-8" ?>
 <!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
 <mapper namespace="asia.yulinling.workflow.mapper.UserMapper">
-    <insert id="saveUser">
-        INSERT INTO `wk_user` (`username`,
-                               `nickname`,
-                               `password`,
-                               `salt`,
-                               `email`,
-                               `phone`,
-                               `status`,
-                               `create_time`,
-                               `last_login_time`,
-                               `update_time`)
-        VALUES (#{user.name},
-                #{user.nickname},
-                #{user.password},
-                #{user.salt},
-                #{user.email},
-                #{user.phone},
-                #{user.status},
-                #{user.createTime},
-                #{user.lastLoginTime},
-                #{user.updateTime})
-    </insert>
-
-    <delete id="deleteById">
-        DELETE
-        FROM `wk_user`
-        WHERE id = #{id}
-    </delete>
 </mapper>
--- a/src/test/java/asia/yulinling/workflow/utils/JwtUtilTest.java
+++ b/src/test/java/asia/yulinling/workflow/utils/JwtUtilTest.java
@ -52,10 +52,6 @@ class JwtUtilTest {
                .build();
        Authentication authentication = new UsernamePasswordAuthenticationToken(user, null, user.getAuthorities());
        String token = jwtUtil.generateToken(authentication, false);
-        BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
-        String rawPassword = "admin";
-        String encodedPassword = encoder.encode(rawPassword);
-        System.out.println(encodedPassword);
        assertTrue(jwtUtil.validateToken(token));
    }