Spring boot uses tools auth for permission verification

Keywords: Java

Simple and quick permission verification in the project

1, Import dependency


2, Permission comment

This annotation is used on the API to authenticate when a user requests a method


Permission authentication. The requested user needs to have the permission set in the annotation. Otherwise, PermissionAuthorizationException will be thrown

parameter describe
value Required permissions


Role authentication. The requested user needs to have the role set in the annotation. Otherwise, RoleAuthorizationException will be thrown

parameter describe
value Roles required

3, token generator

It is mainly used to generate Token and parse Token. When used, dependency injection can be performed through @ Resource annotation

public class TestController {
    private TokenAssistant tokenAssistant;
    public void getToken() {
        Map<String, Object> map = new HashMap<>(16);
        map.put("user", "Zhang San");
        String token = this.tokenAssistant.createToken(map);
        System.out.println("Generated token: " + map);
        System.out.println("analysis token: " + this.tokenAssistant.parseToken(token));

4, Add comments to startup class

Add @ EnableAuthorization annotation in the project startup class to enable project permission verification

5, Set authority authentication listener

Through the listener, the user's authority can be provided and their own authentication can be verified

 * @author Gjing
public class MyListener implements AuthorizationListener {
     * Increase the user's access right is used to authenticate the method with added permission annotation. If null is returned, NoAccountException will be thrown
     * Here, the authority data is simulated to add the admin role and add authority to the currently requested user. In actual use
     * User rights you can save anywhere
     * @param token User Token
     * @return AuthorizationMetaData
    public AuthorizationMetaData supplyAccess(String token) {
        SimpleAuthorizationMetaData metaData = new SimpleAuthorizationMetaData();
        return metaData;

     * This method will be triggered after the permission annotation is verified. You can do your own permission authentication logic in some projects here
     * @param token User Token
    public void authentication(String token) {


     * After the verification is passed and the method is completed
     * @param request HttpServletRequest
     * @param method  Requested method
    public void authenticationSuccess(HttpServletRequest request, Method method) {

6, Additional configuration

Through these configurations, you can control the interception path and filtering path, as well as the name of the request header where the token exists... All configurations are as follows:

    # Blocked path
    path: /**
    # Excluded paths
    # Encryption method for token generation
    type: hs256
    # The name of the request header where the token is stored
    header: Authorization
    # Encrypted salt

Posted by assessino on Tue, 12 May 2020 07:52:22 -0700