diff --git a/sa-token-doc/fun/auth-framework-function-test.md b/sa-token-doc/fun/auth-framework-function-test.md index c319abd3..daa644df 100644 --- a/sa-token-doc/fun/auth-framework-function-test.md +++ b/sa-token-doc/fun/auth-framework-function-test.md @@ -52,6 +52,17 @@ ``` SpringBoot 项目下一般不用特别指定 SpringSecurity 版本号 + +``` xml + + + cn.hutool + hutool-all + 5.8.29 + +``` + + @@ -338,6 +349,52 @@ public class LoginController { ``` + + +测试 Controller +``` java +@RestController +@RequestMapping("/acc/") +public class LoginController { + + @Autowired + SysUserDao sysUserDao; + + // 测试登录 + @RequestMapping("doLogin") + public AjaxJson doLogin(String username, String password) { + // 校验 + SysUser user = sysUserDao.findByUsername(username); + if(user == null) { + return AjaxJson.getError("用户不存在"); + } + if(!user.getPassword().equals(password)) { + return AjaxJson.getError("密码错误"); + } + // 登录 + String token = JwtUtil.createToken(user.getId(), user, 60 * 60 * 2); + return AjaxJson.getSuccess("登录成功").set("token", token); + } + + // 查询登录状态 + @RequestMapping("isLogin") + public AjaxJson isLogin(HttpServletRequest request) { + try{ + String token = request.getHeader("token"); + JWT jwt = JwtUtil.parseToken(token); + return AjaxJson.getSuccess("已登录") + .set("id", jwt.getPayload("userId")) + .set("user", jwt.getPayload("user")); + } catch (Exception e) { + e.printStackTrace(); + return AjaxJson.getError("未登录"); + } + } + +} +``` + + @@ -388,6 +445,9 @@ public SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity) throws } ``` + +JWT 无法注销已经颁发的 token 。 + @@ -492,6 +552,26 @@ public AjaxJson doLogin(String username, String password, HttpServletRequest req ``` + +测试 Controller +``` java +@RequestMapping("doLogin") +public AjaxJson doLogin(String username, String password) { + // 校验 + SysUser user = sysUserDao.findByUsername(username); + if(user == null) { + return AjaxJson.getError("用户不存在"); + } + String salt = "abc"; + if(!user.getPassword().equals(SecureUtil.md5(salt + password))) { + return AjaxJson.getError("密码错误"); + } + // 登录 + String token = JwtUtil.createToken(user.getId(), user, 60 * 60 * 2); + return AjaxJson.getSuccess("登录成功").set("token", token); +} +``` + @@ -539,6 +619,22 @@ public AjaxJson getCurrUser() { } ``` + +``` java +// 从上下文获取当前登录 User 信息 +@RequestMapping("getCurrUser") +public AjaxJson getCurrUser(HttpServletRequest request) { + try{ + String token = request.getHeader("token"); + JWT jwt = JwtUtil.parseToken(token); + SysUser sysUser = jwt.getPayloads().get("user", SysUser.class); + return AjaxJson.getSuccessData(sysUser); + } catch (Exception e) { + e.printStackTrace(); + return AjaxJson.getError("未登录"); + } +} +``` @@ -593,6 +689,8 @@ public AjaxJson testSession(HttpServletRequest request) { } ``` + +无 @@ -781,6 +879,10 @@ public class JurController { } ``` + + +无 + @@ -914,6 +1016,9 @@ public class AtCheckController { } ``` + +无 + @@ -980,6 +1085,9 @@ public SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity) throws } ``` + +无 + @@ -1106,6 +1214,25 @@ public SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity) throws } ``` + +使用 `try-catch` 捕获,或定义全局异常处理 +``` java +@RestControllerAdvice +public class GlobalException { + // 全局异常拦截(拦截项目中的所有异常) + @ExceptionHandler + public AjaxJson handlerException(Exception e, HttpServletRequest request, HttpServletResponse response) { + + // 打印堆栈,以供调试 + System.out.println("全局异常---------------"); + e.printStackTrace(); + + // 返回给前端 + return AjaxJson.getError(e.getMessage()); + } +} +``` + @@ -1343,6 +1470,8 @@ public class HomeController { ``` + +无 @@ -1477,6 +1606,10 @@ if(localStorage.token) { 见下方 “集成 Redis” 部分,同时做到:集成 Redis + 前后端分离。 + +`JWT` 不依赖 `Cookie` 保存/传输 token,因此无需特殊定制即可原生支持前后端分离模式。 + + @@ -1805,6 +1938,8 @@ public class HttpSessionConfigure { ``` + +无