安全认证插件
LCGYL Framework 提供了完整的安全认证解决方案。
插件列表
| 插件 | 说明 | 适用场景 |
|---|---|---|
| lcgyl-security-core | 安全核心架构 | 基础安全 |
| lcgyl-security-jwt | JWT 认证 | 无状态认证 |
| lcgyl-security-oauth2 | OAuth2 登录 | 第三方登录 |
| lcgyl-security-rbac | RBAC 权限 | 角色权限控制 |
快速开始
添加依赖
gradle
dependencies {
implementation 'com.lcgyl:lcgyl-security-jwt:2.2.0'
}配置
yaml
lcgyl:
security:
jwt:
secret: your-secret-key-at-least-256-bits
expiration: 86400 # 24小时
refresh-expiration: 604800 # 7天用户认证
java
@Controller
@RequestMapping("/auth")
public class AuthController {
@Inject
private AuthService authService;
@PostMapping("/login")
public TokenResponse login(@RequestBody LoginRequest request) {
return authService.login(request.getUsername(), request.getPassword());
}
@PostMapping("/refresh")
public TokenResponse refresh(@RequestBody RefreshRequest request) {
return authService.refresh(request.getRefreshToken());
}
@PostMapping("/logout")
public void logout(@RequestHeader("Authorization") String token) {
authService.logout(token);
}
}保护接口
java
@Controller
@RequestMapping("/api/users")
@Authenticated // 需要登录
public class UserController {
@GetMapping
@RequireRole("ADMIN") // 需要 ADMIN 角色
public List<User> list() {
return userService.findAll();
}
@GetMapping("/me")
public User me(@CurrentUser User user) {
return user;
}
}JWT 认证
Token 结构
Header.Payload.Signature
{
"alg": "HS256",
"typ": "JWT"
}
.
{
"sub": "1",
"username": "admin",
"roles": ["ADMIN", "USER"],
"exp": 1234567890
}
.
signature生成 Token
java
@Service
public class JwtService {
public String generateToken(User user) {
return Jwts.builder()
.setSubject(String.valueOf(user.getId()))
.claim("username", user.getUsername())
.claim("roles", user.getRoles())
.setIssuedAt(new Date())
.setExpiration(new Date(System.currentTimeMillis() + expiration))
.signWith(key, SignatureAlgorithm.HS256)
.compact();
}
}OAuth2 登录
支持的提供商
- GitHub
- Gitee
- 微信
- 自定义
配置
yaml
lcgyl:
security:
oauth2:
providers:
github:
client-id: your-client-id
client-secret: your-client-secret
redirect-uri: http://localhost:8080/oauth2/callback/github
gitee:
client-id: your-client-id
client-secret: your-client-secret回调处理
java
@Controller
@RequestMapping("/oauth2")
public class OAuth2Controller {
@GetMapping("/callback/{provider}")
public TokenResponse callback(
@PathVariable String provider,
@RequestParam String code) {
return oauth2Service.handleCallback(provider, code);
}
}RBAC 权限
权限模型
用户 (User) ──多对多── 角色 (Role) ──多对多── 权限 (Permission)权限检查
java
// 检查角色
@RequireRole("ADMIN")
public void adminOnly() {}
// 检查权限
@RequirePermission("user:create")
public void createUser() {}
// 编程式检查
if (securityContext.hasRole("ADMIN")) {
// ...
}