springboot+security+jwt+redis 实现微信小程序登录及token权限鉴定.zip

# security springboot+security+jwt+redis 实现微信小程序登录及token权限鉴定 tips:这是实战篇，默认各位看官具备相应的基础(文中使用了Lombok插件，如果使用源码请先安装插件) @[TOC] # 项目配置 ## 依赖 ```xml <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-data-redis</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> </dependency> <dependency> <groupId>org.mybatis.spring.boot</groupId> <artifactId>mybatis-spring-boot-starter</artifactId> <version>2.0.1</version> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-devtools</artifactId> <scope>runtime</scope> <optional>true</optional> </dependency> <dependency> <groupId>mysql</groupId> <artifactId>mysql-connector-java</artifactId> <scope>runtime</scope> </dependency> <dependency> <groupId>org.projectlombok</groupId> <artifactId>lombok</artifactId> <optional>true</optional> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-test</artifactId> <scope>test</scope> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-test</artifactId> <scope>test</scope> </dependency> <!--JWT--> <dependency> <groupId>io.jsonwebtoken</groupId> <artifactId>jjwt</artifactId> <version>0.9.0</version> </dependency> <!-- fastjson --> <dependency> <groupId>com.alibaba</groupId> <artifactId>fastjson</artifactId> <version>1.2.36</version> </dependency> <!-- druid数据库连接池 --> <dependency> <groupId>com.alibaba</groupId> <artifactId>druid</artifactId> <version>1.1.8</version> </dependency> <!-- https://mvnrepository.com/artifact/log4j/log4j --> <dependency> <groupId>log4j</groupId> <artifactId>log4j</artifactId> <version>1.2.17</version> </dependency> <!-- http请求所需jar包 --> <!-- https://mvnrepository.com/artifact/org.apache.httpcomponents/httpcore --> <dependency> <groupId>org.apache.httpcomponents</groupId> <artifactId>httpcore</artifactId> <version>4.4.11</version> </dependency> <!-- https://mvnrepository.com/artifact/org.apache.httpcomponents/httpclient --> <dependency> <groupId>org.apache.httpcomponents</groupId> <artifactId>httpclient</artifactId> <version>4.5.7</version> </dependency> <!-- Jcode2Session解密所需jar包 --> <!-- https://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk15 --> <dependency> <groupId>org.bouncycastle</groupId> <artifactId>bcprov-jdk15</artifactId> <version>1.46</version> </dependency> <!-- 注意导入xfire-all jar包会与spring冲突 --> <dependency> <groupId>org.codehaus.xfire</groupId> <artifactId>xfire-all</artifactId> <version>1.2.6</version> <exclusions> <exclusion> <groupId>org.springframework</groupId> <artifactId>spring</artifactId> </exclusion> </exclusions> </dependency> ``` ## application.yml ```yml spring: datasource: username: root password: 123456 url: jdbc:mysql://localhost:3306/db_XXX?characterEncoding=utf-8&useSSl=false driver-class-name: com.mysql.jdbc.Driver # 此处使用Druid数据库连接池 type: com.alibaba.druid.pool.DruidDataSource #监控统计拦截的filters filters: stat,wall,log4j #druid配置 #配置初始化大小/最小/最大 initialSize: 5 minIdle: 5 maxActive: 20 #获取连接等待超时时间 maxWait: 60000 #间隔多久进行一次检测，检测需要关闭的空闲连接 timeBetweenEvictionRunsMillis: 60000 #一个连接在池中最小生存的时间 minEvictableIdleTimeMillis: 300000 validationQuery: SELECT 1 FROM DUAL testWhileIdle: true testOnBorrow: false testOnReturn: false #打开PSCache，并指定每个连接上PSCache的大小。oracle设为true，mysql设为false。分库分表较多推荐设置为false poolPreparedStatements: false maxPoolPreparedStatementPerConnectionSize: 20 # 通过connectProperties属性来打开mergeSql功能；慢SQL记录 connectionProperties: druid: stat: mergeSql: true slowSqlMillis: 5000 http: encoding: charset: utf-8 force: true enabled: true redis: host: 127.0.0.1 port: 6379 password: 123456 #mybatis是独立节点，需要单独配置 mybatis: mapper-locations: classpath*:mapper/*.xml type-aliases-package: com.lzw.security.entity configuration: map-underscore-to-camel-case: true server: port: 8080 tomcat: uri-encoding: utf-8 servlet: context-path: / #自定义参数，可以迁移走 token: #redis默认过期时间（2小时）(这是自定义的)(毫秒) expirationMilliSeconds: 7200000 #微信相关参数 weChat: #小程序appid appid: aaaaaaaaaaaaaaaa #小程序密钥 secret: ssssssssssssssss ``` # 程序代码 ## security相关 ### security核心配置类 ```java import com.lzw.security.common.NoPasswordEncoder; import com.lzw.security.filter.JwtAuthenticationTokenFilter; import com.lzw.security.handler.*; import com.lzw.security.service.SelfUserDetailsService; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.http.HttpMethod; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.config.core.GrantedAuthorityDefaults; import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; /** * @author: jamesluozhiwei * @description: security核心配置类 */ @Configuration @EnableGlobalMethodSecurity(prePostEnabled = true)//表示开启全局方法注解，可在指定方法上面添加注解指定权限，需含有指定权限才可调用(基于表达式的权限控制) public class SpringSecurityConf extends WebSecurityConfigurerAdapter { @Autowired AjaxAuthenticationEntryPoint authenticationEntryPoint;//未登陆时返回 JSON 格式的数据给前端（否则为 html） @Autowired AjaxAuthenticationSuccessHandler authenticationSuccessHandler; //登录成功返回的 JSON 格式数据给前端（否则为 html） @Autowired AjaxAuthenticationFailureHandler authenticationFailureHandler; //登录