# springboot_springsecurity_jwt_redis **Repository Path**: klzshow/springboot_springsecurity_jwt_redis ## Basic Information - **Project Name**: springboot_springsecurity_jwt_redis - **Description**: springboot整合springsecurity+jwt+rediss - **Primary Language**: Unknown - **License**: Not specified - **Default Branch**: master - **Homepage**: None - **GVP Project**: No ## Statistics - **Stars**: 6 - **Forks**: 6 - **Created**: 2020-05-03 - **Last Updated**: 2024-11-22 ## Categories & Tags **Categories**: Uncategorized **Tags**: None ## README @[toc](目录) >博客:[https://editor.csdn.net/md/?articleId=105877612](https://editor.csdn.net/md/?articleId=105877612) # springsecurity 简介 *Spring Security是一个功能强大且高度可定制的**身份验证和访问控制框架**。它是用于保护基于Spring的应用程序的实际标准。* 提到springsecurity我们想到了另外一款框架,他就是shiro ## springsecurity 和 shiro ***他们的基本基本功能*** - 认证功能 - 授权功能 - 加密功能 - 会话管理 - 缓存支持 - rememberMe功能 **区别:** *优点:* - Spring Security基于Spring开发,项目中如果使用Spring作为基础,配合Spring Security做权限更加方便,而Shiro需要和Spring进行整合开发 - Spring Security功能比Shiro更加丰富些,例如安全防护 - Spring Security社区资源比Shiro丰富 *缺点:* - Shiro的配置和使用比较简单,Spring Security上手复杂 - Shiro依赖性低,不需要任何框架和容器,可以独立运行,而Spring Security依赖于Spring容器 --------------- # 官方文档 *网上的springboot整合springsecurity教程是从哪来的,我认为是比较厉害点的程序员根据springsecurity官方文档,写了一版代码之后,网上的各种博客都是在疯传,就是给了版源码,流程也不怎么清晰。当然对应我们这种菜鸟是够用了,能跑起来。* *顾名思义,springsecurity是身份验证和访问控制框架,主要做的就是身份认证(认证)和访问控制(授权),而其他的加密、会话、crsf防攻击等等内容,是由这两块衍生出来的* ![在这里插入图片描述](https://images.gitee.com/uploads/images/2020/0503/144947_175f454a_4969255.png) ![在这里插入图片描述](https://images.gitee.com/uploads/images/2020/0503/144947_cf45a5bb_4969255.png) **分析一下:** *登陆之后会生成token,每次请求带上token,过滤器过滤请求,获取认证对象的信息 SecurityContextHolder,,一般我们会把jwt+redis的token过时写在过滤器里面* ![在这里插入图片描述](https://images.gitee.com/uploads/images/2020/0503/144947_b4ff452b_4969255.png) ![在这里插入图片描述](https://images.gitee.com/uploads/images/2020/0503/144947_af526eb0_4969255.png) *WebSecurityConfigurerAdapter,一般我们会集成该类,重写它的写方法, configure(HttpSecurity http)写的登陆认证、configure(WebSecurity web)忽略一些请求、configure(AuthenticationManagerBuilder auth)自定义认证(例如加密认证),我们还会写一些对认证异常的出来如成功、无权限、密码错误等等的处理* ![在这里插入图片描述](https://images.gitee.com/uploads/images/2020/0503/144947_88e44f0b_4969255.png) > 官网方文档地址:[https://spring.io/projects/spring-security#learn](https://spring.io/projects/spring-security#learn)(打开doc) > springboot+springsecurity+mybatis+JWT+Redis 实现前后端离:[https://blog.csdn.net/zzxzzxhao/article/details/83381876#3.%E5%86%99%E4%B8%80%E4%B8%AA%E5%B0%8Fdemo](https://blog.csdn.net/zzxzzxhao/article/details/83381876#3.%E5%86%99%E4%B8%80%E4%B8%AA%E5%B0%8Fdemo) >Spring Security 基于(url /method)表达式权限控制:[https://blog.csdn.net/qq_38765404/article/details/102564756](https://blog.csdn.net/qq_38765404/article/details/102564756) > springboot+security+jwt+redis 实现微信小程序登录及token权限鉴定:[https://ccccyc.cn/post/35](https://ccccyc.cn/post/35) > springSecurity基于表达式鉴权:[https://blog.csdn.net/qq_38403662/article/details/95513491](https://blog.csdn.net/qq_38403662/article/details/95513491) 当然了,详细的内容的还是要看官方文档,它还包括了新版本的一些改动 --------------------------------------- # 默认的用户名和密码 ```java org.springframework.boot spring-boot-starter-security ``` ***添加springsecurity的依赖之后,那么用户名和密码是什么? 用户名默认是user,密码是springsecurity自动生成的随机密码*** ![在这里插入图片描述](https://images.gitee.com/uploads/images/2020/0503/144947_527bae03_4969255.png) ![在这里插入图片描述](https://images.gitee.com/uploads/images/2020/0503/144947_69f0c264_4969255.png) ![在这里插入图片描述](https://images.gitee.com/uploads/images/2020/0503/144947_15c71472_4969255.png) **当然我们也可以指定用户名和密码,在application.yml配置就可以了** ![在这里插入图片描述](https://images.gitee.com/uploads/images/2020/0503/144947_1631256f_4969255.png) --------------- # druid 配置类 可视化界面,可以查看对数据源的监控 ```java /** * Druid数据的配置类 * http://localhost:8080/druid/login.html */ import com.alibaba.druid.pool.DruidDataSource; import com.alibaba.druid.support.http.StatViewServlet; import com.alibaba.druid.support.http.WebStatFilter; import org.springframework.boot.context.properties.ConfigurationProperties; import org.springframework.boot.web.servlet.FilterRegistrationBean; import org.springframework.boot.web.servlet.ServletRegistrationBean; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.PropertySource; @Configuration @PropertySource(value = "classpath:application.yml") public class DruidConfig { //DruidDataSource与application.yml的数据源配置绑定起来 @ConfigurationProperties(prefix = "spring.datasource") @Bean public DruidDataSource druidDataSource(){ return new DruidDataSource(); } //后台监控 @Bean public ServletRegistrationBean statViewServlet() { ServletRegistrationBean servletRegistrationBean = new ServletRegistrationBean(new StatViewServlet(), "/druid/*"); // 添加IP白名单(后台要有人登陆,账号和密码配置) servletRegistrationBean.addInitParameter("allow", "127.0.0.1"); // 添加IP黑名单,当白名单和黑名单重复时,黑名单优先级更高 // servletRegistrationBean.addInitParameter("deny", "127.0.0.1"); // 添加控制台管理用户 servletRegistrationBean.addInitParameter("loginUsername", "root"); servletRegistrationBean.addInitParameter("loginPassword", "klz"); // 是否能够重置数据 servletRegistrationBean.addInitParameter("resetEnable", "false"); return servletRegistrationBean; } //filter public FilterRegistrationBean statFilter() { FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean(new WebStatFilter()); // 添加过滤规则 filterRegistrationBean.addUrlPatterns("/*"); // 忽略过滤格式 filterRegistrationBean.addInitParameter("exclusions","*.js,*.gif,*.jpg,*.png,*.css,*.ico,/druid/*"); return filterRegistrationBean; } } ``` ![在这里插入图片描述](https://images.gitee.com/uploads/images/2020/0503/144947_4024bf0b_4969255.png) ---------- # swagger ```java package com.example.springboot_springsecurity_jwt_redis.config; /** * http://localhost:8080/swagger-ui.html * http://localhost:8080/doc.html */ import com.github.xiaoymin.swaggerbootstrapui.annotations.EnableSwaggerBootstrapUI; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.core.env.Environment; import springfox.documentation.builders.RequestHandlerSelectors; import springfox.documentation.service.ApiInfo; import springfox.documentation.service.Contact; import springfox.documentation.spi.DocumentationType; import springfox.documentation.spring.web.plugins.Docket; import springfox.documentation.swagger2.annotations.EnableSwagger2; import java.util.ArrayList; @Configuration @EnableSwagger2 //开启swagger2 @EnableSwaggerBootstrapUI //开启增强功能 public class SwaggerConfig { //创建一个Swagger配置的实例 @Bean public Docket blog(Environment environment) { //设置要显示swagger的环境 // Profiles profiles = Profiles.of("test","dev"); //判断不同环境中profiles的布尔值,并将enable传到enable(enable)方法中 // Boolean enable = environment.acceptsProfiles(profiles); // System.out.println(enable); return new Docket(DocumentationType.SWAGGER_2) .apiInfo(apiInfo()) .groupName("test") //组名 // .enable(enable) //是否启用swagger .select() //any() 都扫描、 none() 都不扫描、... .apis(RequestHandlerSelectors.basePackage("com.klz.iblog.controller")) //扫描自定义的包 // .paths(PathSelectors.ant("com.example.swagger.xxx")) //过滤路径 .build(); } //new ApiInfo的信息传给上面的Docket public ApiInfo apiInfo() { //CONTACT指的是作者的信息,name,url,qq邮箱 Contact contact = new Contact("api文档","https://blog.csdn.net/","18225223116@qq.com"); return new ApiInfo( "swagger文档", "前后端交互的api", "v1.0", "https://blog.csdn.net/", //组织地址 contact, "Apache 2.0", "http://www.apache.org/licenses/LICENSE-2.0", new ArrayList()); } } ``` ## 设置swagger认证 ```java swagger: production: false basic: enable: true username: klz password: klz ``` 整合的话加一个过滤 ![**加粗样式**](https://images.gitee.com/uploads/images/2020/0503/144948_51c60812_4969255.png) --------------------------- # 项目 > 项目:[https://gitee.com/klzshow/springboot_springsecurity_jwt_redis](https://gitee.com/klzshow/springboot_springsecurity_jwt_redis) ---------------------- # 码云特技 1. 使用 Readme\_XXX.md 来支持不同的语言,例如 Readme\_en.md, Readme\_zh.md 2. 码云官方博客 [blog.gitee.com](https://blog.gitee.com) 3. 你可以 [https://gitee.com/explore](https://gitee.com/explore) 这个地址来了解码云上的优秀开源项目 4. [GVP](https://gitee.com/gvp) 全称是码云最有价值开源项目,是码云综合评定出的优秀开源项目 5. 码云官方提供的使用手册 [https://gitee.com/help](https://gitee.com/help) 6. 码云封面人物是一档用来展示码云会员风采的栏目 [https://gitee.com/gitee-stars/](https://gitee.com/gitee-stars/)