前后端分离 SpringBoot + SpringSecurity + JWT + RBAC 实现用户无状态请求验证_springboot springsecurity jwt rabc-CSDN博客

本文链接：https://blog.csdn.net/larger5/article/details/81063438

一、前言

修改自前文，十分贴近公司开发的生产环境
前后端分离 SpringBoot + SpringSecurity 权限解决方案
RBAC（Role-Based Access Control，基于角色的访问控制）

二、代码

代码已经放在 github 上了：https://github.com/larger5/SpringBoot_SpringSecurity_JWT_RBAC.git
这里写图片描述

1.pom

        <!--安全框架-->
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency>

        <!--JSON封装-->
        <dependency>
            <groupId>com.alibaba</groupId>
            <artifactId>fastjson</artifactId>
            <version>1.2.36</version>
        </dependency>

        <!--JWT-->
        <dependency>
            <groupId>io.jsonwebtoken</groupId>
            <artifactId>jjwt</artifactId>
            <version>0.9.0</version>
        </dependency>

2.AjaxResponseBody

package com.cun.security3.bean;

import java.io.Serializable;

public class AjaxResponseBody implements Serializable{
   

    private String status;
    private String msg;
    private Object result;
    private String jwtToken;

    public String getStatus() {
   
        return status;
    }

    public void setStatus(String status) {
   
        this.status = status;
    }

    public String getMsg() {
   
        return msg;
    }

    public void setMsg(String msg) {
   
        this.msg = msg;
    }

    public Object getResult() {
   
        return result;
    }

    public void setResult(Object result) {
   
        this.result = result;
    }

    public String getJwtToken() {
   
        return jwtToken;
    }

    public void setJwtToken(String jwtToken) {
   
        this.jwtToken = jwtToken;
    }
}

3.AjaxAccessDeniedHandler

package com.cun.security3.config;

import com.alibaba.fastjson.JSON;
import com.cun.security3.bean.AjaxResponseBody;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.stereotype.Component;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

@Component
public class AjaxAccessDeniedHandler implements AccessDeniedHandler {
   

    @Override
    public void handle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AccessDeniedException e) throws IOException, ServletException {
   
        AjaxResponseBody responseBody = new AjaxResponseBody();

        responseBody.setStatus("300");
        responseBody.setMsg("Need Authorities!");

        httpServletResponse.getWriter().write(JSON.toJSONString(responseBody));
    }
}

4.AjaxAuthenticationEntryPoint

package com.cun.security3.config;

import com.alibaba.fastjson.JSON;
import com.cun.security3.bean.AjaxResponseBody;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.stereotype.Component;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

@Component
public class AjaxAuthenticationEntryPoint implements AuthenticationEntryPoint {
   

    @Override
    public void commence(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException e) throws IOException, ServletException {
   
        AjaxResponseBody responseBody = new AjaxResponseBody();

        responseBody.setStatus("000");
        responseBody.setMsg("Need Authorities!");

        httpServletResponse.