Initial commit

2023-06-10 23:57:03 +08:00
parent d6b795311f
commit 57e9cababa
31 changed files with 915 additions and 37 deletions
--- a/common/common-util/pom.xml
+++ b/common/common-util/pom.xml
@@ -13,7 +13,7 @@
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
-            <scope>provided </scope>
+<!--            <scope>provided</scope>-->
        </dependency>
        <dependency>
            <groupId>io.jsonwebtoken</groupId>
@@ -27,5 +27,11 @@
            <groupId>com.alibaba</groupId>
            <artifactId>fastjson</artifactId>
        </dependency>
+        <!--JWT-->
+        <dependency>
+            <groupId>io.jsonwebtoken</groupId>
+            <artifactId>jjwt</artifactId>
+        </dependency>
+
    </dependencies>
 </project>
--- a/common/common-util/src/main/java/com/atguigu/common/jwt/JwtHelper.java
+++ b/common/common-util/src/main/java/com/atguigu/common/jwt/JwtHelper.java
@@ -0,0 +1,102 @@
+package com.atguigu.common.jwt;
+
+import io.jsonwebtoken.*;
+import org.springframework.util.StringUtils;
+
+import java.util.Date;
+
+/**
+ * ClassName: JitHelper
+ * Package: com.atguigu.common.jwt
+ * JWT工具类
+ *
+ * @author yovinchen
+ * @Create 2023/6/10 16:12
+ */
+public class JwtHelper {
+
+    private static final long tokenExpiration = 365L * 24 * 60 * 60 * 1000;
+    private static final String tokenSignKey = "123456";
+
+    /**
+     * 根据用户 id 和用户名称， 生成token的字符串
+     *
+     * @param userId
+     * @param username
+     * @return
+     */
+    public static String createToken(Long userId, String username) {
+        String token = Jwts.builder()
+                //分类
+                .setSubject("AUTH-USER")
+
+                //设置Token有效时长
+                .setExpiration(new Date(System.currentTimeMillis() + tokenExpiration))
+
+                //设置主体部分
+                .claim("userId", userId)
+                .claim("username", username)
+
+                //签名部分
+                .signWith(SignatureAlgorithm.HS512, tokenSignKey)
+                .compressWith(CompressionCodecs.GZIP)
+                .compact();
+        return token;
+    }
+
+    /**
+     * 从生成的Token中获取id
+     *
+     * @param token
+     * @return
+     */
+    public static Long getUserId(String token) {
+        try {
+            if (StringUtils.isEmpty(token)) return null;
+
+            Jws<Claims> claimsJws = Jwts.parser().setSigningKey(tokenSignKey).parseClaimsJws(token);
+            Claims claims = claimsJws.getBody();
+            Integer userId = (Integer) claims.get("userId");
+            return userId.longValue();
+        } catch (Exception e) {
+            e.printStackTrace();
+            return null;
+        }
+    }
+
+    /**
+     * 从Token中获取用户名称
+     *
+     * @param token
+     * @return
+     */
+    public static String getUsername(String token) {
+        try {
+            if (StringUtils.isEmpty(token)) return "";
+
+            Jws<Claims> claimsJws = Jwts.parser().setSigningKey(tokenSignKey).parseClaimsJws(token);
+            Claims claims = claimsJws.getBody();
+            return (String) claims.get("username");
+        } catch (Exception e) {
+            e.printStackTrace();
+            return null;
+        }
+    }
+
+    /**
+     * 测试
+     *
+     * @param args
+     */
+    public static void main(String[] args) {
+        String token = JwtHelper.createToken(1L, "admin");
+        System.out.println(token);
+        String username = JwtHelper.getUsername(token);
+        Long userId = JwtHelper.getUserId(token);
+
+        System.out.println("username = " + username);
+        System.out.println("userId = " + userId);
+    }
+
+}
+
--- a/common/common-util/src/main/java/com/atguigu/common/result/ResultCodeEnum.java
+++ b/common/common-util/src/main/java/com/atguigu/common/result/ResultCodeEnum.java
@@ -18,7 +18,7 @@ public enum ResultCodeEnum {
    FAIL(201, "失败"),
    SERVICE_ERROR(2012, "服务异常"),
    DATA_ERROR(204, "数据异常"),
-
+    LOGIN_ERROR(205, "认证失败"),
    LOGIN_AUTH(208, "未登陆"),
    PERMISSION(209, "没有权限");

--- a/common/common-util/src/main/java/com/atguigu/common/utils/MD5.java
+++ b/common/common-util/src/main/java/com/atguigu/common/utils/MD5.java
@@ -0,0 +1,33 @@
+package com.atguigu.common.utils;
+
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+
+public final class MD5 {
+
+    public static String encrypt(String strSrc) {
+        try {
+            char[] hexChars = {'0', '1', '2', '3', '4', '5', '6', '7', '8',
+                    '9', 'a', 'b', 'c', 'd', 'e', 'f'};
+            byte[] bytes = strSrc.getBytes();
+            MessageDigest md = MessageDigest.getInstance("MD5");
+            md.update(bytes);
+            bytes = md.digest();
+            int j = bytes.length;
+            char[] chars = new char[j * 2];
+            int k = 0;
+            for (byte b : bytes) {
+                chars[k++] = hexChars[b >>> 4 & 0xf];
+                chars[k++] = hexChars[b & 0xf];
+            }
+            return new String(chars);
+        } catch (NoSuchAlgorithmException e) {
+            e.printStackTrace();
+            throw new RuntimeException("MD5加密出错！！+" + e);
+        }
+    }
+
+    public static void main(String[] args) {
+        System.out.println(MD5.encrypt("111111"));
+    }
+}
--- a/common/common-util/src/main/java/com/atguigu/common/utils/ResponseUtil.java
+++ b/common/common-util/src/main/java/com/atguigu/common/utils/ResponseUtil.java
@@ -0,0 +1,30 @@
+package com.atguigu.common.utils;
+
+import com.atguigu.common.result.Result;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.MediaType;
+
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+/**
+ * ClassName: ResponseUtil
+ * Package: com.atguigu.common.utils
+ *
+ * @author yovinchen
+ * @Create 2023/6/10 23:42
+ */
+public class ResponseUtil {
+
+    public static void out(HttpServletResponse response, Result r) {
+        ObjectMapper mapper = new ObjectMapper();
+        response.setStatus(HttpStatus.OK.value());
+        response.setContentType(MediaType.APPLICATION_JSON_UTF8_VALUE);
+        try {
+            mapper.writeValue(response.getWriter(), r);
+        } catch (IOException e) {
+            e.printStackTrace();
+        }
+    }
+}
--- a/common/spring-security/.gitignore
+++ b/common/spring-security/.gitignore
@@ -0,0 +1,38 @@
+target/
+!.mvn/wrapper/maven-wrapper.jar
+!**/src/main/**/target/
+!**/src/test/**/target/
+
+### IntelliJ IDEA ###
+.idea/modules.xml
+.idea/jarRepositories.xml
+.idea/compiler.xml
+.idea/libraries/
+*.iws
+*.iml
+*.ipr
+
+### Eclipse ###
+.apt_generated
+.classpath
+.factorypath
+.project
+.settings
+.springBeans
+.sts4-cache
+
+### NetBeans ###
+/nbproject/private/
+/nbbuild/
+/dist/
+/nbdist/
+/.nb-gradle/
+build/
+!**/src/main/**/build/
+!**/src/test/**/build/
+
+### VS Code ###
+.vscode/
+
+### Mac OS ###
+.DS_Store
--- a/common/spring-security/pom.xml
+++ b/common/spring-security/pom.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <parent>
+        <groupId>com.atguigu</groupId>
+        <artifactId>guigu-oa-parent</artifactId>
+        <version>1.0-SNAPSHOT</version>
+        <relativePath>../../pom.xml</relativePath>
+    </parent>
+
+    <artifactId>spring-security</artifactId>
+
+    <properties>
+        <maven.compiler.source>8</maven.compiler.source>
+        <maven.compiler.target>8</maven.compiler.target>
+        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+    </properties>
+    <dependencies>
+        <dependency>
+            <groupId>com.atguigu</groupId>
+            <artifactId>common-util</artifactId>
+            <version>1.0-SNAPSHOT</version>
+        </dependency>
+        <dependency>
+            <groupId>com.atguigu</groupId>
+            <artifactId>model</artifactId>
+            <version>1.0-SNAPSHOT</version>
+        </dependency>
+        <!-- Spring Security依赖 -->
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-security</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-web</artifactId>
+            <scope>provided</scope>
+        </dependency>
+    </dependencies>
+</project>
--- a/common/spring-security/src/main/java/com/atguigu/security/config/WebSecurityConfig.java
+++ b/common/spring-security/src/main/java/com/atguigu/security/config/WebSecurityConfig.java
@@ -0,0 +1,19 @@
+package com.atguigu.security.config;
+
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+
+/**
+ * ClassName: WebSecurityConfig
+ * Package: com.atguigu.security.config
+ *
+ * @author yovinchen
+ * @Create 2023/6/10 22:47
+ */
+@Configuration
+//@EnableWebSecurity是开启SpringSecurity的默认行为
+@EnableWebSecurity
+public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
+
+}
--- a/common/spring-security/src/main/java/com/atguigu/security/custom/CustomMd5PasswordEncoder.java
+++ b/common/spring-security/src/main/java/com/atguigu/security/custom/CustomMd5PasswordEncoder.java
@@ -0,0 +1,25 @@
+package com.atguigu.security.custom;
+
+import com.atguigu.common.utils.MD5;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.stereotype.Component;
+
+/**
+ * ClassName: CustomMd5PasswordEncoder
+ * Package: com.atguigu.security.custom
+ * 密码处理
+ *
+ * @author yovinchen
+ * @Create 2023/6/10 23:23
+ */
+@Component
+public class CustomMd5PasswordEncoder implements PasswordEncoder {
+
+    public String encode(CharSequence rawPassword) {
+        return MD5.encrypt(rawPassword.toString());
+    }
+
+    public boolean matches(CharSequence rawPassword, String encodedPassword) {
+        return encodedPassword.equals(MD5.encrypt(rawPassword.toString()));
+    }
+}
--- a/common/spring-security/src/main/java/com/atguigu/security/custom/CustomUser.java
+++ b/common/spring-security/src/main/java/com/atguigu/security/custom/CustomUser.java
@@ -0,0 +1,36 @@
+package com.atguigu.security.custom;
+
+import com.atguigu.model.system.SysUser;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.userdetails.User;
+
+import java.util.Collection;
+
+/**
+ * ClassName: CustomUser
+ * Package: com.atguigu.security.custom
+ *
+ * @author yovinchen
+ * @Create 2023/6/10 23:24
+ */
+public class CustomUser extends User {
+
+    /**
+     * 我们自己的用户实体对象，要调取用户信息时直接获取这个实体对象。（这里我就不写get/set方法了）
+     */
+    private SysUser sysUser;
+
+    public CustomUser(SysUser sysUser, Collection<? extends GrantedAuthority> authorities) {
+        super(sysUser.getUsername(), sysUser.getPassword(), authorities);
+        this.sysUser = sysUser;
+    }
+
+    public SysUser getSysUser() {
+        return sysUser;
+    }
+
+    public void setSysUser(SysUser sysUser) {
+        this.sysUser = sysUser;
+    }
+
+}
--- a/common/spring-security/src/main/java/com/atguigu/security/custom/UserDetailsService.java
+++ b/common/spring-security/src/main/java/com/atguigu/security/custom/UserDetailsService.java
@@ -0,0 +1,23 @@
+package com.atguigu.security.custom;
+
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+
+/**
+ * ClassName: UserDetailsService
+ * Package: com.atguigu.security.custom
+ *
+ * @author yovinchen
+ * @Create 2023/6/10 23:28
+ */
+public interface UserDetailsService {
+
+    /**
+     * 根据用户名获取用户对象（获取不到直接抛异常）
+     *
+     * @param username
+     * @return
+     * @throws UsernameNotFoundException
+     */
+    UserDetails loadUserByUsername(String username) throws UsernameNotFoundException;
+}
--- a/common/spring-security/src/main/java/com/atguigu/security/filter/TokenAuthenticationFilter.java
+++ b/common/spring-security/src/main/java/com/atguigu/security/filter/TokenAuthenticationFilter.java
@@ -0,0 +1,64 @@
+package com.atguigu.security.filter;
+
+import com.atguigu.common.jwt.JwtHelper;
+import com.atguigu.common.result.Result;
+import com.atguigu.common.result.ResultCodeEnum;
+import com.atguigu.common.utils.ResponseUtil;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.util.StringUtils;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.util.Collections;
+
+/**
+ * ClassName: TokenAuthenticationFilter
+ * Package: com.atguigu.security.custom.filter
+ * 认证解析token过滤器
+ *
+ * @author yovinchen
+ * @Create 2023/6/10 23:45
+ */
+public class TokenAuthenticationFilter extends OncePerRequestFilter {
+
+    public TokenAuthenticationFilter() {
+
+    }
+
+    @Override
+    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {
+        logger.info("uri:" + request.getRequestURI());
+        //如果是登录接口，直接放行
+        if ("/admin/system/index/login".equals(request.getRequestURI())) {
+            chain.doFilter(request, response);
+            return;
+        }
+
+        UsernamePasswordAuthenticationToken authentication = getAuthentication(request);
+        if (null != authentication) {
+            SecurityContextHolder.getContext().setAuthentication(authentication);
+            chain.doFilter(request, response);
+        } else {
+            ResponseUtil.out(response, Result.build(null, ResultCodeEnum.LOGIN_ERROR));
+        }
+    }
+
+    private UsernamePasswordAuthenticationToken getAuthentication(HttpServletRequest request) {
+        // token置于header里
+        String token = request.getHeader("token");
+        logger.info("token:" + token);
+        if (!StringUtils.isEmpty(token)) {
+            String useruame = JwtHelper.getUsername(token);
+            logger.info("useruame:" + useruame);
+            if (!StringUtils.isEmpty(useruame)) {
+                return new UsernamePasswordAuthenticationToken(useruame, null, Collections.emptyList());
+            }
+        }
+        return null;
+    }
+}
--- a/common/spring-security/src/main/java/com/atguigu/security/filter/TokenLoginFilter.java
+++ b/common/spring-security/src/main/java/com/atguigu/security/filter/TokenLoginFilter.java
@@ -0,0 +1,90 @@
+package com.atguigu.security.filter;
+
+import com.atguigu.common.jwt.JwtHelper;
+import com.atguigu.common.result.Result;
+import com.atguigu.common.result.ResultCodeEnum;
+import com.atguigu.common.utils.ResponseUtil;
+import com.atguigu.security.custom.CustomUser;
+import com.atguigu.vo.system.LoginVo;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
+
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * ClassName: TokenLoginFilter
+ * Package: com.atguigu.security.custom.filter
+ * 登录过滤器，继承UsernamePasswordAuthenticationFilter，对用户名密码进行登录校验
+ *
+ * @author yovinchen
+ * @Create 2023/6/10 23:37
+ */
+public class TokenLoginFilter extends UsernamePasswordAuthenticationFilter {
+
+    // 构造方法
+    public TokenLoginFilter(AuthenticationManager authenticationManager) {
+        this.setAuthenticationManager(authenticationManager);
+        this.setPostOnly(false);
+        //指定登录接口及提交方式，可以指定任意路径
+        this.setRequiresAuthenticationRequestMatcher(new AntPathRequestMatcher("/admin/system/index/login", "POST"));
+    }
+
+    // 登录认证过程
+    // 获取输入的用户名和密码，调用方法认证
+    @Override
+    public Authentication attemptAuthentication(HttpServletRequest req, HttpServletResponse res)
+            throws AuthenticationException {
+        try {
+            // 获取用户信息
+            LoginVo loginVo = new ObjectMapper().readValue(req.getInputStream(), LoginVo.class);
+
+            //封装对象
+            Authentication authenticationToken = new UsernamePasswordAuthenticationToken(loginVo.getUsername(), loginVo.getPassword());
+
+            //调用方法
+            return this.getAuthenticationManager().authenticate(authenticationToken);
+        } catch (IOException e) {
+            throw new RuntimeException(e);
+        }
+    }
+
+    // 认证成功调用的方法
+    @Override
+    protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain chain,
+                                            Authentication auth) throws IOException, ServletException {
+        // 获取当前用户
+        CustomUser customUser = (CustomUser) auth.getPrincipal();
+
+        // 生成token
+        String token = JwtHelper.createToken(customUser.getSysUser().getId(), customUser.getSysUser().getUsername());
+
+        // 返回
+        Map<String, Object> map = new HashMap<>();
+        map.put("token", token);
+        ResponseUtil.out(response, Result.ok(map));
+    }
+
+    // 认证失败调用的方法
+    @Override
+    protected void unsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response,
+                                              AuthenticationException e) throws IOException, ServletException {
+
+        if (e.getCause() instanceof RuntimeException) {
+            ResponseUtil.out(response, Result.build(null, ResultCodeEnum.DATA_ERROR));
+        } else {
+            ResponseUtil.out(response, Result.build(null, ResultCodeEnum.LOGIN_AUTH));
+        }
+    }
+
+}