经过一周的时间,确实经历了不少,日息万变,生活亦是如此,一下是我的近段的新的与下一阶段的规划
心得在近阶段,得带上自己组的小朋友,得查岗、看签到、看学习进度,确实和自己想象的不一样,觉得应该是非常轻松的,emmm实则不然,自己得往赶,还得催着他们往前赶。怎么说呢,可能是因为刚来学校,整体看起来比较懒散,学习的进度较慢,可能是因为最近活动比较多吧,反正我都捉急,害心态可能不一样。此外呢,在搞这个动态规划,动态规划自己写的时候自己是真的不明白,但是看完题解,觉得就这。。。还是得多联系
规划- 对算法进一步的联系,开始练习其他类型
- 对Java基础进行复习
- 深入了解Java8底层
- 多督促督促小朋友们学习
因为SpringBoot的安全框架没有学,选了了轻量级的shiro,主要是学起来比较简单,但是在整合JWT的时候问题就出现了,如何用shiro自带的拦截器实现对token进行拦截呢?
引入jwt的依赖
com.auth0 java-jwt 3.18.1
写一个方法实现AuthenticationToken接口
public class JwtToken implements AuthenticationToken {
private String token;
public JwtToken(String token){
this.token =token;
}
@Override
public Object getPrincipal() {
return token;
}
@Override
public Object getCredentials() {
return token;
}
}
写出自己的拦截器
public class JwtInterceptor extends BasicHttpAuthenticationFilter {
@Override
protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) throws UnauthorizedException {
System.out.println("first");
//判断请求的请求头是否带上 "Token"
if (isLoginAttempt(request, response)) {
//如果存在,则进入 executeLogin 方法执行登入,检查 token 是否正确
try {
executeLogin(request, response);
//return true;
} catch (Exception e) {
//token 错误
System.out.println(e);
}
}else {
HttpServletResponse resp= (HttpServletResponse) response;
HttpServletRequest req= (HttpServletRequest) request;
try {
resp.sendRedirect(req.getContextPath()+"/user/badlog");
} catch (IOException e) {
System.out.println("未知异常");
}
System.out.println("没有token,请先登录");
return false;
}
System.out.println("我是游客");
//如果请求头不存在 Token,则可能是执行登陆操作或者是游客状态访问,无需检查 token,直接返回 true
return true;
}
@Override
protected boolean isLoginAttempt(ServletRequest request, ServletResponse response) {
System.out.println("isLoginAttempt");
HttpServletRequest req = (HttpServletRequest) request;
String token = req.getHeader("token");
return token != null;
}
@Override
protected boolean executeLogin(ServletRequest request, ServletResponse response) throws Exception {
System.out.println("executeLogin");
HttpServletRequest httpServletRequest = (HttpServletRequest) request;
String token = httpServletRequest.getHeader("token");
JwtToken jwtToken = new JwtToken(token);
// 提交给realm进行登入,如果错误他会抛出异常并被捕获
getSubject(request, response).login(jwtToken);
// 如果没有抛出异常则代表登入成功,返回true
return true;
}
@Override
protected boolean preHandle(ServletRequest request, ServletResponse response) throws Exception {
HttpServletRequest httpServletRequest = (HttpServletRequest) request;
HttpServletResponse httpServletResponse = (HttpServletResponse) response;
httpServletResponse.setHeader("Access-control-Allow-Origin", httpServletRequest.getHeader("Origin"));
httpServletResponse.setHeader("Access-Control-Allow-Methods", "GET,POST,OPTIONS,PUT,DELETE");
httpServletResponse.setHeader("Access-Control-Allow-Headers", httpServletRequest.getHeader("Access-Control-Request-Headers"));
// 跨域时会首先发送一个option请求,这里我们给option请求直接返回正常状态
if (httpServletRequest.getMethod().equals(RequestMethod.OPTIONS.name())) {
httpServletResponse.setStatus(HttpStatus.OK.value());
return false;
}
return super.preHandle(request, response);
}
}
将拦截器加入到自己的拦截方法中,并且补齐各种方法
@Configuration
public class shiroConfig {
@Bean(name = "userRealm")
public UserRealm userRealm() {
System.out.println("666666666666666");
UserRealm realm=new UserRealm();
return realm;
}
@Bean("defaultWebSecurityManager")
public DefaultWebSecurityManager defaultWebSecurityManager(@Qualifier("userRealm") UserRealm userRealm) {
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
//关联realm
securityManager.setRealm(userRealm);
//关闭shiro中的session
DefaultSubjectDAO subjectDAO = new DefaultSubjectDAO();
DefaultSessionStorageevaluator defaultSessionStorageevaluator = new DefaultSessionStorageevaluator();
defaultSessionStorageevaluator.setSessionStorageEnabled(false);
subjectDAO.setSessionStorageevaluator(defaultSessionStorageevaluator);
securityManager.setSubjectDAO(subjectDAO);
return securityManager;
}
@Bean
public ShiroFilterFactoryBean shiroFilterFactoryBean(@Qualifier("defaultWebSecurityManager") DefaultWebSecurityManager defaultWebSecurityManager) {
ShiroFilterFactoryBean factoryBean = new ShiroFilterFactoryBean();
factoryBean.setSecurityManager(defaultWebSecurityManager);
Map filterMap=new linkedHashMap<>();
filterMap.put("JWT",new JwtInterceptor());
factoryBean.setFilters(filterMap);
System.out.println("进入了 shiroFilterFactoryBean");
Map map=new linkedHashMap<>();
map.put(" /user/a","JWT");
factoryBean.setFilterChainDefinitionMap(map);
factoryBean.setLoginUrl("/login.html");
return factoryBean;
}
@Bean
public DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator(){
DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator=new DefaultAdvisorAutoProxyCreator();
// 强制使用cglib,防止重复代理和可能引起代理出错的问题
defaultAdvisorAutoProxyCreator.setProxyTargetClass(true);
return defaultAdvisorAutoProxyCreator;
}
@Bean
public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(@Qualifier("defaultWebSecurityManager") DefaultWebSecurityManager securityManager){
AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor=new AuthorizationAttributeSourceAdvisor();
authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
return authorizationAttributeSourceAdvisor;
}
@Bean
public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
return new LifecycleBeanPostProcessor();
}
}
再认证的时候一定要记住,最后的return 中不要填写密码而是填写token
