点我下载完整源码

1pom.xml

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>
    <parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
        <version>3.0.2</version>
        <relativePath /> <!-- lookup parent from repository -->
    </parent>
    <groupId>com.gzz</groupId>
    <artifactId>spring-security-01</artifactId>
    <version>1.0</version>
    <properties>
        <java.version>17</java.version>
    </properties>
    <dependencies>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency>
        <dependency>
            <groupId>com.auth0</groupId>
            <artifactId>java-jwt</artifactId>
            <version>4.3.0</version>
        </dependency>
        <dependency>
            <groupId>org.projectlombok</groupId>
            <artifactId>lombok</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-devtools</artifactId>
        </dependency>
    </dependencies>
    <build>
        <plugins>
            <plugin>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-maven-plugin</artifactId>
            </plugin>
        </plugins>
    </build>
</project>

2 jwtTools.java

package com.gzz.common;

import java.util.Calendar;
import java.util.HashMap;
import java.util.Map;

import com.auth0.jwt.JWT;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.interfaces.DecodedJWT;
import com.auth0.jwt.interfaces.JWTVerifier;

/**
 * @summary【JWT创建】工具
 * @author 高振中
 * @date 2023-03-01 20:20:20
 **/
public class JwtTools {

    public static void main(String[] args) {
        System.out.println(prase(create(555L)));
        Calendar expires = Calendar.getInstance();
        expires.add(Calendar.DAY_OF_MONTH, 1);
        System.out.println(expires.getTime());
    }

    public static final String SECRET = "jwt_test";
    public static final Algorithm algorithm = Algorithm.HMAC256(SECRET);

    public static String create(Long id) {
        Map<String, Object> headers = new HashMap<>();
        Calendar expires = Calendar.getInstance();
        expires.add(Calendar.DAY_OF_MONTH, 1);// 一天
        return JWT.create()
                .withHeader(headers) // 第一部分Header
                .withClaim("userId", id)// 第二部分Payload
                .withExpiresAt(expires.getTime()) // 第三部分Signature
                .sign(algorithm);
    }

    public static Long prase(String token) {
        JWTVerifier jwtVerifier = JWT.require(algorithm).build();
        DecodedJWT verify = jwtVerifier.verify(token);
        return verify.getClaim("userId").asLong();
    }

}

3 登录表单提交改成body(JSON)提交

package com.gzz.filter;

import java.io.IOException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import com.fasterxml.jackson.databind.ObjectMapper;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import lombok.extern.slf4j.Slf4j;

/**
 * 表单提交改成body(JSON)提交
 */
@Slf4j
public class BodyAuthenticationFilter extends UsernamePasswordAuthenticationFilter {
    @Override
    public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {
        User user = null;
        try {
            user = new ObjectMapper().readValue(request.getInputStream().readAllBytes(), User.class);
            log.info("user={}", user);
        } catch (IOException e) {
            log.error("user={},exception={}", user, e.getMessage(), e);
        }
        UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(user.getUsername(), user.getPassword());
        setDetails(request, authRequest);
        return getAuthenticationManager().authenticate(authRequest);
    }
}

4 spring-security主配置类

package com.gzz.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

import com.gzz.filter.BodyAuthenticationFilter;
import com.gzz.sys.UserService;

/**
 * @summary spring-security主配置类
 * @author 高振中
 * @date 2023-02-18 22:20:20
 **/
@Configuration
public class SecurityConfig {
    @Autowired
    private LoginSuccess loginSuccess;
    @Autowired
    private AuthenticationConfiguration authenticationConfiguration;
    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity security) throws Exception {
        
        BodyAuthenticationFilter authFilter = new BodyAuthenticationFilter();
        authFilter.setAuthenticationSuccessHandler(loginSuccess); //重点
        authFilter.setAuthenticationManager(authenticationConfiguration.getAuthenticationManager());
        
        security//
                .authorizeHttpRequests(auth -> auth //
                        .requestMatchers("/index.html", "/fonts/**","/login").permitAll() // 这些请求(url)无需授权
                        .anyRequest())
                .formLogin((auth) -> auth//
                        .loginPage("/index.html") //
                        .loginProcessingUrl("/login") //
                        .permitAll())
                .addFilterBefore(authFilter, UsernamePasswordAuthenticationFilter.class)//重点
                .csrf(csrf -> csrf.disable());
        return security.build();
    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

    @Autowired
    private UserService service;

    public void configureGlobal(@Autowired AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(service).passwordEncoder(passwordEncoder());
    }

}

5 前端 vue3 element-ui axios

<!DOCTYPE html>
<html>
<head>
<meta charset='UTF-8'>
<title>body方式登录</title>
</head>
<head>
<link rel='stylesheet' type='text/css' href='fonts/element.css'>
<script type='text/javascript' src='fonts/vue.min.js'></script>
<script type='text/javascript' src='fonts/element-plus.js'></script>
<script type='text/javascript' src='fonts/axios.min.js'></script>
</head>
<body style='margin: 10px 0 10px 0'>
<h2>body方式登录,同时返回token</h2>
    <div id='app'>
      <el-row>
        <el-form-item label="用户名" prop="name">
          <el-input placeholder="请输入用户名" v-model="form.username" @keyup.enter.native="doLogin" />
        </el-form-item>
        <el-form-item label="密码" prop="password">
          <el-input placeholder="请输入密码" v-model="form.password" @keyup.enter.native="doLogin" />
        </el-form-item>
        <el-button @click="doLogin()" type="primary">登录</el-button>
      </el-row> 
    </div>
</body>
<script>
axios.defaults.headers.post['Content-Type'] = 'application/json;charset=UTF-8';
axios.interceptors.response.use(res => res.data);
const app =Vue.createApp({
    data() {
        return { form: { username: "gzz", password: "1234" } }
    },
    methods: {
        doLogin(){
            axios.post("/login",this.form).then((res) => {
                console.log(res);
                if (res.code == 200) {
                    this.$message.success("登录成功!");
                } else
                    this.$message.error(res.msg);
                });
        }
    }
});app.use(ElementPlus);app.mount("#app");
</script>
</html>

6 登录成功处理器

package com.gzz.config;

import java.io.IOException;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.stereotype.Component;

import com.gzz.common.JwtTools;
import com.gzz.common.ResponseTools;
import com.gzz.common.Result;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;

/**
 * @summary 登录成功处理器
 * @author 高振中
 * @date 2023-02-18 22:20:20
 **/
@Component
public class LoginSuccess implements AuthenticationSuccessHandler {
    @Override
    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
        SysUser user = (SysUser) authentication.getPrincipal();
        String token = JwtTools.create(user.getId());
        user.setToken(token);
        ResponseTools.write(response, Result.success(user, "登录成功,返回token"));
    }
}

7 往客户端写JSON格式的文本工具

package com.gzz.common;

import java.io.IOException;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import jakarta.servlet.http.HttpServletResponse;

/**
 * @summary 往客户端写JSON格式的文本工具
 * @author 高振中
 * @date 2023-02-18 22:20:20
 **/
public final class ResponseTools {
    private static final ObjectMapper mapper = new ObjectMapper();

    public static final void write(HttpServletResponse response, Result<?> result) throws JsonProcessingException, IOException {
        response.setCharacterEncoding("utf-8");
        response.setContentType("application/json;charset=UTF-8");
        response.getWriter().write(mapper.writeValueAsString(result));
    }
}

点我下载完整源码