更新時(shí)間:2023-03-30 來(lái)源:黑馬程序員 瀏覽量:
在認(rèn)證階段DaoAuthenticationProvider會(huì)調(diào)用UserDetailService查詢用戶的信息,這里是可以獲取到齊全的用戶信息的。由于JWT令牌中用戶身份信息來(lái)源于UserDetails,UserDetails中僅定義了username為用戶的身份信息,這里有兩個(gè)思路:第一是可以擴(kuò)展UserDetails,使之包括更多的自定義屬性,第二也可以擴(kuò)展username的內(nèi)容 ,比如存入json數(shù)據(jù)內(nèi)容作為username的內(nèi)容。相比較而言,方案二比較簡(jiǎn)單還不用破壞UserDetails的結(jié)構(gòu),我們采用方案二。
修改UserServiceImpl如下:
package com.xuecheng.ucenter.service.impl;
import com.alibaba.fastjson.JSON;
import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
import com.xuecheng.ucenter.mapper.XcUserMapper;
import com.xuecheng.ucenter.model.po.XcUser;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;
/**
* @author Mr.M
* @version 1.0
* @description TODO
* @date 2022/9/28 18:09
*/
@Service
public class UserServiceImpl implements UserDetailsService {
@Autowired
XcUserMapper xcUserMapper;
/**
* @description 根據(jù)賬號(hào)查詢用戶信息
* @param s 賬號(hào)
* @return org.springframework.security.core.userdetails.UserDetails
* @author Mr.M
* @date 2022/9/28 18:30
*/
@Override
public UserDetails loadUserByUsername(String s) throws UsernameNotFoundException {
XcUser user = xcUserMapper.selectOne(new LambdaQueryWrapper<XcUser>().eq(XcUser::getUsername, s));
if(user==null){
//返回空表示用戶不存在
return null;
}
//取出數(shù)據(jù)庫(kù)存儲(chǔ)的正確密碼
String password =user.getPassword();
//用戶權(quán)限,如果不加報(bào)Cannot pass a null GrantedAuthority collection
String[] authorities = {"p1"};
//為了安全在令牌中不放密碼
user.setPassword(null);
//將user對(duì)象轉(zhuǎn)json
String userString = JSON.toJSONString(user);
//創(chuàng)建UserDetails對(duì)象
UserDetails userDetails = User.withUsername(userString).password(password).authorities(authorities).build();
return userDetails;
}
}
重啟認(rèn)證服務(wù),重新生成令牌,生成成功。我們可以使用check_token查詢jwt的內(nèi)容。
###校驗(yàn)jwt令牌
POST {{auth_host}}/oauth/check_token?token=
響應(yīng)示例如下,
{
"aud": [
"res1"
],
"user_name": "{\"birthday\":\"2022-09-28T19:28:46\",\"createTime\":\"2022-09-28T08:32:03\",\"id\":\"50\",\"name\":\"學(xué)生1\",\"nickname\":\"大水牛\",\"password\":\"$2a$10$0pt7WlfTbnPDTcWtp/.2Mu5CTXvohnNQhR628qq4RoKSc0dGAdEgm\",\"sex\":\"1\",\"status\":\"1\",\"username\":\"stu1\",\"userpic\":\"http://file.51xuecheng.cn/dddf\",\"utype\":\"101001\"}",
"scope": [
"all"
],
"active": true,
"exp": 1664372184,
"authorities": [
"p1"
],
"jti": "73da9f7b-bd8c-45ac-9add-46b711d11fb8",
"client_id": "c1"
}
user_name存儲(chǔ)了用戶信息的json格式,在資源服務(wù)中就可以取出該json格式的內(nèi)容轉(zhuǎn)為用戶對(duì)象去使用。