# springboot-security-oauth2-jwt **Repository Path**: DSLZC/springboot-security-oauth2-jwt ## Basic Information - **Project Name**: springboot-security-oauth2-jwt - **Description**: No description available - **Primary Language**: Java - **License**: MIT - **Default Branch**: master - **Homepage**: None - **GVP Project**: No ## Statistics - **Stars**: 5 - **Forks**: 1 - **Created**: 2018-04-08 - **Last Updated**: 2020-12-19 ## Categories & Tags **Categories**: security-dev, spring-boot-ext **Tags**: None ## README # springboot-security-oauth2-jwt _有任何问题欢迎邮件我或者发issues_ -参考:- ``` https://mp.weixin.qq.com/s?__biz=MzAxODcyNjEzNQ==&mid=2247484574&idx=1&sn=0984db0da3dc0efda956fa0aaeabe479&chksm=9bd0a906aca7201028da742819b4f5b78c8c4768bd88237ffd54c5c818afec0f7af47b1d45eb#rd http://www.spring4all.com/article/428 https://www.cnblogs.com/x113773/p/7160203.html http://www.mkyong.com/spring-security/spring-security-remember-me-example/ https://www.cnblogs.com/softidea/p/5991897.html ``` #### 项目结构 **security** > * 参照spring security reference写的一个简单demo,没有参考价值,可以略过 **security-ajax** > * 抛弃默认登录方式,使用ajax方式登录,因此自定义增加了AuthenticationSuccessHandler和AuthenticationFailureHandler用来返回自定义json ```C /** * @author dongsilin * @version 2018/4/8. * 登陆成功后的处理 */ @Slf4j @Component public final class CustomAuthenticationSuccessHandler extends SimpleUrlAuthenticationSuccessHandler { @Override public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws ServletException, IOException { log.info("*******************AuthenticationSuccessHandler"); WebUtil.output(response, RestResponse.buildSuccess(), WebUtil.ResponseOutputType.JSON); } } ``` ```C /** * @author dongsilin * @version 2018/4/8. * 登陆失败后的处理 */ @Slf4j @Component public final class CustomAuthenticationFailureHandler extends SimpleUrlAuthenticationFailureHandler { @Override public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException e) throws IOException, ServletException { log.info("*******************AuthenticationFailureHandler"); if (e instanceof CaptchaAuthenticationException) { WebUtil.output(response, RestResponse.buildFail(e.getMessage()), WebUtil.ResponseOutputType.JSON); } else if (e instanceof UsernameNotFoundException) { WebUtil.output(response, RestResponse.buildFail("用户名不存在"), WebUtil.ResponseOutputType.JSON); } else if (e instanceof BadCredentialsException) { WebUtil.output(response, RestResponse.buildFail("密码错误"), WebUtil.ResponseOutputType.JSON); } else { WebUtil.output(response, RestResponse.buildFail("操作失败"), WebUtil.ResponseOutputType.JSON); } } } ``` > * 默认情况下DaoAuthenticationProvider会丢弃UsernameNotFoundException(用户名错误),原因在于其参数hideUserNotFoundExceptions=true,把UsernameNotFoundException给hide掉了,请看如下源码。因此自定义AuthenticationProvider继承自DaoAuthenticationProvider,把hideUserNotFoundExceptions改为false ```C //org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider 第62行 try { user = this.retrieveUser(username, (UsernamePasswordAuthenticationToken)authentication); } catch (UsernameNotFoundException var6) { this.logger.debug("User \'" + username + "\' not found"); if(this.hideUserNotFoundExceptions) { throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials")); } throw var6; } ``` ```C @Slf4j @Component public final class CustomAuthenticationProvider extends DaoAuthenticationProvider { @Autowired private UserDetailsService userDetailsService; @PostConstruct public void init() { setUserDetailsService(userDetailsService); setPasswordEncoder(new BCryptPasswordEncoder(8)); setHideUserNotFoundExceptions(false); } } ``` > * 增加登录验证码校验Filter: CustomCaptchaVerifyFilter,见项目代码 **security-ajax-rememberme** > * 在security-ajax中增加rememberme功能 > * 提供RememberMeAuthenticationFilter bean和RememberMeAuthenticationProvider bean > * 在CustomCaptchaVerifyFilter中设置rememberMeServices:setRememberMeServices(rememberMeServices) > * 详细代码请clone再查看 **oauth2** > * 待完善 **oauth2-sso-server** > * 待完善