first version of aida_back

2023-01-06 15:17:37 +08:00
parent 7bafabb046
commit 4c531e3961
477 changed files with 15030 additions and 0 deletions
--- a/src/main/java/com/ai/da/common/security/UserAuthAccessDeniedHandler.java
+++ b/src/main/java/com/ai/da/common/security/UserAuthAccessDeniedHandler.java
@@ -0,0 +1,27 @@
+package com.ai.da.common.security;
+
+import com.ai.da.common.response.Response;
+import com.ai.da.common.response.ResultEnum;
+import com.ai.da.common.utils.JSONResponseUtils;
+import org.springframework.security.access.AccessDeniedException;
+import org.springframework.security.web.access.AccessDeniedHandler;
+import org.springframework.stereotype.Component;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+/**
+ * @ClassName UserAuthAccessDeniedHandler
+ * @Description 无权限处理类
+ * @Author dwjian
+ * @Date 2020/7/9 20:30
+ */
+@Component
+public class UserAuthAccessDeniedHandler implements AccessDeniedHandler {
+    @Override
+    public void handle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AccessDeniedException exception) throws IOException {
+        Response<String> response = Response.error(ResultEnum.NO_PERMISSION.getCode(), ResultEnum.NO_PERMISSION.getMsg());
+        JSONResponseUtils.build(httpServletResponse, response);
+    }
+}
--- a/src/main/java/com/ai/da/common/security/UserAuthenticationEntryPointHandler.java
+++ b/src/main/java/com/ai/da/common/security/UserAuthenticationEntryPointHandler.java
@@ -0,0 +1,29 @@
+package com.ai.da.common.security;
+
+import com.ai.da.common.response.Response;
+import com.ai.da.common.response.ResultEnum;
+import com.ai.da.common.utils.JSONResponseUtils;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.AuthenticationEntryPoint;
+import org.springframework.stereotype.Component;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+/**
+ * @ClassName UserAuthenticationEntryPointHandler
+ * @Description 未登录处理类
+ * @Author dwjian
+ * @Date 2020/7/9 20:13
+ */
+@Component
+public class UserAuthenticationEntryPointHandler implements AuthenticationEntryPoint {
+    @Override
+    public void commence(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException e) throws IOException, ServletException {
+        Response<String> response = Response.error(ResultEnum.NO_LOGIN.getCode(), ResultEnum.NO_LOGIN.getMsg());
+        httpServletResponse.setStatus(401);
+        JSONResponseUtils.build(httpServletResponse, response);
+    }
+}
--- a/src/main/java/com/ai/da/common/security/UserAuthenticationManager.java
+++ b/src/main/java/com/ai/da/common/security/UserAuthenticationManager.java
@@ -0,0 +1,25 @@
+package com.ai.da.common.security;
+
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.stereotype.Component;
+
+import javax.annotation.Resource;
+
+/**
+ * @author: dangweijian
+ * @description: 认证管理器
+ * @create: 2020-07-10 15:58
+ **/
+@Component
+public class UserAuthenticationManager implements AuthenticationManager {
+
+    @Resource
+    private UserAuthenticationProvider userAuthenticationProvider;
+
+    @Override
+    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
+        return userAuthenticationProvider.authenticate(authentication);
+    }
+}
--- a/src/main/java/com/ai/da/common/security/UserAuthenticationProvider.java
+++ b/src/main/java/com/ai/da/common/security/UserAuthenticationProvider.java
@@ -0,0 +1,59 @@
+package com.ai.da.common.security;
+
+import com.ai.da.common.config.RsaProperties;
+import com.ai.da.common.utils.RsaDecryptUtils;
+import org.springframework.security.authentication.AuthenticationProvider;
+import org.springframework.security.authentication.BadCredentialsException;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.stereotype.Component;
+
+/**
+ * @author: dangweijian
+ * @description: 登录校验处理类
+ * @create: 2020-07-09 14:39
+ **/
+@Component
+public class UserAuthenticationProvider implements AuthenticationProvider {
+
+    @Override
+    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
+        String userName = (String) authentication.getPrincipal();
+        String password = (String) authentication.getCredentials();
+        try {
+            password = RsaDecryptUtils.decrypt(password, RsaProperties.privateKey);
+        } catch (Exception e) {
+            throw new BadCredentialsException("用户名或密码错误");
+        }
+//        User user = userService.getByUsername(userName);
+//        if (user == null) {
+//            throw new UsernameNotFoundException("用户名或密码错误");
+//        }
+//        //账号已冻结
+//        if(user.getStatus() == 1){
+//            throw new LockedException("账号已冻结");
+//        }
+//        if(!passwordEncoder.matches(password, user.getPassword())){
+//            throw new BadCredentialsException("用户名或密码错误");
+//        }
+//        //超级管理员
+//        Set<SimpleGrantedAuthority> authorities = new HashSet<>();
+//        if(user.getIsAdmin()) {
+//            authorities.add(new SimpleGrantedAuthority("admin"));
+//            return new UsernamePasswordAuthenticationToken(user, password, authorities);
+//        }else {
+//            List<RoleMenuDto> userMenus = menuService.getRoleMenusByUserId(user.getId(), null);
+//            if(CollUtil.isNotEmpty(userMenus)){
+//                authorities.addAll(userMenus.stream().map(RoleMenuDto::getPermission).filter(StringUtils::isNotEmpty).map(SimpleGrantedAuthority::new).collect(Collectors.toSet()));
+//            }
+//            return new UsernamePasswordAuthenticationToken(user, password, authorities);
+//        }
+        return null;
+    }
+
+    @Override
+    public boolean supports(Class<?> aClass) {
+        return UsernamePasswordAuthenticationToken.class.isAssignableFrom(aClass);
+    }
+}
--- a/src/main/java/com/ai/da/common/security/UserLoginFailureHandler.java
+++ b/src/main/java/com/ai/da/common/security/UserLoginFailureHandler.java
@@ -0,0 +1,48 @@
+package com.ai.da.common.security;
+
+import com.ai.da.common.response.Response;
+import com.ai.da.common.response.ResultEnum;
+import com.ai.da.common.utils.JSONResponseUtils;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.security.authentication.*;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.security.web.authentication.AuthenticationFailureHandler;
+import org.springframework.stereotype.Component;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+/**
+ * @ClassName UserLoginFailureHandler
+ * @Description 登录失败处理类
+ * @Author dwjian
+ * @Date 2020/7/9 20:17
+ */
+@Slf4j
+@Component
+public class UserLoginFailureHandler implements AuthenticationFailureHandler {
+    @Override
+    public void onAuthenticationFailure(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException e) throws IOException, ServletException {
+        Response<String> response;
+        if (e instanceof UsernameNotFoundException || e instanceof BadCredentialsException) {
+            response = Response.fail(e.getMessage());
+        } else if (e instanceof LockedException) {
+            response = Response.fail(ResultEnum.ACCOUNT_LOCK);
+        } else if (e instanceof CredentialsExpiredException) {
+            response = Response.fail("证书过期，请联系管理员!");
+        } else if (e instanceof AccountExpiredException) {
+            response = Response.fail("账户过期，请联系管理员!");
+        } else if (e instanceof DisabledException) {
+            response = Response.fail("账户被禁用，请联系管理员!");
+        } else if (e instanceof AuthenticationServiceException) {
+            response = Response.fail(e.getMessage());
+        } else {
+            log.error("登录失败：", e);
+            response = Response.fail("登录失败!");
+        }
+        JSONResponseUtils.build(httpServletResponse,response);
+    }
+}
--- a/src/main/java/com/ai/da/common/security/UserLoginSuccessHandler.java
+++ b/src/main/java/com/ai/da/common/security/UserLoginSuccessHandler.java
@@ -0,0 +1,51 @@
+package com.ai.da.common.security;
+
+import com.ai.da.common.response.ResultEnum;
+import com.ai.da.common.utils.JSONResponseUtils;
+import com.ai.da.common.response.Response;
+import com.ai.da.common.security.jwt.JWTTokenHelper;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
+import org.springframework.stereotype.Component;
+
+import javax.annotation.Resource;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+/**
+ * @author: dangweijian
+ * @description: 登录成功处理类
+ * @create: 2020-07-09 14:58
+ **/
+@Component
+public class UserLoginSuccessHandler implements AuthenticationSuccessHandler {
+
+    @Resource
+    private JWTTokenHelper jwtTokenHelper;
+
+    @Override
+    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
+//        User user = (User) authentication.getPrincipal();
+//        AuthPrincipalVo principal = new AuthPrincipalVo();
+//        BeanUtils.copyProperties(user, principal);
+//        // 获取用户角色
+//        List<UserRoleDto> userRoles = roleService.getUserRoles(user.getId(), 0);
+//        principal.setRoles(userRoles);
+//        // 获取角色部门
+//        if(CollUtil.isNotEmpty(userRoles)){
+//            principal.setDepts(deptService.getDeptByRoleIds(userRoles.stream().map(UserRoleDto::getRoleId).collect(Collectors.toList())));
+//        }
+//        // 用户角色权限
+//        List<String> authorities = new ArrayList<>(authentication.getAuthorities()).stream().map(GrantedAuthority::getAuthority).collect(Collectors.toList());
+//        principal.setAuthorities(authorities);
+//        AuthVo authVo = new AuthVo();
+//        authVo.setAuthorities(authorities);
+//        authVo.setToken(jwtTokenHelper.createToken(principal));
+//        authVo.setPrincipal(principal);
+//        user.setLastLoginTime(new Date());
+//        userService.updateById(user);
+        JSONResponseUtils.build(response, Response.success(ResultEnum.SUCCESS.getCode(), ResultEnum.SUCCESS.getMsg(), null));
+    }
+}
--- a/src/main/java/com/ai/da/common/security/UserPermissionEvaluator.java
+++ b/src/main/java/com/ai/da/common/security/UserPermissionEvaluator.java
@@ -0,0 +1,34 @@
+package com.ai.da.common.security;
+
+import org.springframework.security.access.PermissionEvaluator;
+import org.springframework.security.core.Authentication;
+import org.springframework.stereotype.Component;
+
+import java.io.Serializable;
+
+/**
+ * @ClassName UserPermissionEvaluator
+ * @Description 权限校验处理器
+ * @Author dwjian
+ * @Date 2020/7/12 10:16
+ */
+@Component
+public class UserPermissionEvaluator implements PermissionEvaluator {
+
+    @Override
+    public boolean hasPermission(Authentication authentication, Object targetUrl, Object permission) {
+        System.out.println(authentication);
+        System.out.println(targetUrl);
+        System.out.println(permission);
+        return false;
+    }
+
+    @Override
+    public boolean hasPermission(Authentication authentication, Serializable targetId, String targetType, Object permission) {
+        System.out.println(authentication);
+        System.out.println(targetId);
+        System.out.println(targetType);
+        System.out.println(permission);
+        return false;
+    }
+}
--- a/src/main/java/com/ai/da/common/security/config/SecurityConfig.java
+++ b/src/main/java/com/ai/da/common/security/config/SecurityConfig.java
@@ -0,0 +1,84 @@
+package com.ai.da.common.security.config;
+
+import com.ai.da.common.security.*;
+import com.ai.da.common.security.filter.AuthenticationFilter;
+import com.ai.da.common.security.filter.UserAuthenticationProcessingFilter;
+import org.springframework.boot.context.properties.EnableConfigurationProperties;
+import org.springframework.context.annotation.Bean;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.builders.WebSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
+
+import javax.annotation.Resource;
+
+@EnableWebSecurity
+@EnableGlobalMethodSecurity(prePostEnabled = true)
+@EnableConfigurationProperties(SecurityProperties.class)
+public class SecurityConfig extends WebSecurityConfigurerAdapter {
+
+    @Resource
+    private SecurityProperties securityProperties;
+    @Resource
+    private UserLoginSuccessHandler userLoginSuccessHandler;
+    @Resource
+    private UserLoginFailureHandler userLoginFailureHandler;
+    @Resource
+    private UserAuthAccessDeniedHandler userAuthAccessDeniedHandler;
+    @Resource
+    private UserAuthenticationEntryPointHandler userAuthenticationEntryPointHandler;
+    @Resource
+    private UserAuthenticationManager userAuthenticationManager;
+    @Resource
+    private UserAuthenticationProcessingFilter userAuthenticationProcessingFilter;
+
+    /**
+     * 不通过注入spring管理 让Security来管理 这样自定义的Filter就不会走,.permitAll()才能起作用
+     */
+    @Resource
+    private AuthenticationFilter authenticationFilter;
+    @Resource
+    private UserPermissionEvaluator userPermissionEvaluator;
+
+
+    @Override
+    public AuthenticationManager authenticationManagerBean() throws Exception {
+        return this.userAuthenticationManager;
+    }
+
+    @Override
+    protected void configure(HttpSecurity httpSecurity/*, WebSecurity web*/) throws Exception {
+//        web.ignoring().antMatchers("/test/**");//禁止所有过滤器
+        httpSecurity.cors().disable()//禁用 CSRF
+                .authorizeRequests()//认证请求
+                .antMatchers(securityProperties.getIgnorePaths()).permitAll()//忽略的请求
+                .anyRequest().authenticated()//其余所有的请求都需要认证
+                .and().headers().frameOptions().disable()// 防止iframe 造成跨域
+                .and().exceptionHandling().authenticationEntryPoint(userAuthenticationEntryPointHandler)//未登录请求处理
+                .accessDeniedHandler(userAuthAccessDeniedHandler)//无权限访问处理类 (此配置可以忽略，全局异常会先于Security框架处理异常，全局异常已特殊处理)
+                .and().formLogin().loginProcessingUrl(securityProperties.getAuthApi())//指定认证接口
+                .successHandler(userLoginSuccessHandler)//登录成功处理器
+                .failureHandler(userLoginFailureHandler)//登录失败处理器
+                .and().cors().and().csrf().disable();//允许跨域
+        //自定义过滤器在登录时认证用户名、密码
+        httpSecurity.addFilterAt(userAuthenticationProcessingFilter, UsernamePasswordAuthenticationFilter.class)
+                .addFilterBefore(authenticationFilter, BasicAuthenticationFilter.class);
+        //不创建session会话
+        httpSecurity.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
+        //取消头缓存控制
+        httpSecurity.headers().cacheControl();
+    }
+
+    @Bean
+    public DefaultWebSecurityExpressionHandler userSecurityExpressionHandler() {
+        DefaultWebSecurityExpressionHandler handler = new DefaultWebSecurityExpressionHandler();
+        handler.setPermissionEvaluator(userPermissionEvaluator);
+        return handler;
+    }
+}
--- a/src/main/java/com/ai/da/common/security/config/SecurityProperties.java
+++ b/src/main/java/com/ai/da/common/security/config/SecurityProperties.java
@@ -0,0 +1,26 @@
+package com.ai.da.common.security.config;
+
+import lombok.Data;
+import org.springframework.boot.context.properties.ConfigurationProperties;
+
+/**
+ * @author: dangweijian
+ * @description: JWT配置类
+ * @create: 2020-07-09 09:38
+ **/
+@Data
+@ConfigurationProperties(prefix = "spring.security")
+public class SecurityProperties {
+
+    private String jwtSecret;
+
+    private String jwtTokenHeader;
+
+    private String jwtTokenPrefix;
+
+    private long jwtExpiration;
+
+    private String[] ignorePaths;
+
+    private String authApi;
+}
--- a/src/main/java/com/ai/da/common/security/filter/AuthenticationFilter.java
+++ b/src/main/java/com/ai/da/common/security/filter/AuthenticationFilter.java
@@ -0,0 +1,122 @@
+package com.ai.da.common.security.filter;
+
+import cn.hutool.core.util.StrUtil;
+import com.ai.da.common.context.UserContext;
+import com.ai.da.common.security.config.SecurityProperties;
+import com.ai.da.common.security.jwt.JWTTokenHelper;
+import com.ai.da.common.utils.LocalCacheUtils;
+import com.ai.da.common.utils.MultiReadHttpServletRequest;
+import com.ai.da.common.utils.MultiReadHttpServletResponse;
+import com.ai.da.model.vo.AuthPrincipalVo;
+import lombok.AllArgsConstructor;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Required;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.lang.NonNull;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.util.StopWatch;
+import org.springframework.util.StringUtils;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+import javax.annotation.Resource;
+import javax.security.sasl.AuthenticationException;
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.sql.Statement;
+import java.util.Arrays;
+import java.util.List;
+
+/**
+ * @author: dangweijian
+ * @description: 认证拦截器
+ * @create: 2020-07-10 16:50
+ **/
+@Slf4j
+@Configuration
+public class AuthenticationFilter extends OncePerRequestFilter {
+
+    @Resource
+    private JWTTokenHelper jwtTokenHelper;
+    @Resource
+    private SecurityProperties properties;
+
+    private static final List<String> FILTER_URL =
+            Arrays.asList("/favicon.ico","/doc.html","api/account/login","api/account/preLogin","api/account/sendEmail",
+                    "/webjars/","/swagger-resources","/v2/api-docs","api/account/resetPwd",
+                    "/api/python/saveGeneratePicture", "/api/python/getLibraryByUserId",
+                    "/api/third/party/addUser","/api/third/party/editUser","/api/element/initDefaultSysFile");
+
+    @Override
+    protected void doFilterInternal(HttpServletRequest httpServletRequest, @NonNull HttpServletResponse httpServletResponse, @NonNull FilterChain filterChain) throws ServletException, IOException {
+        String requestURI = httpServletRequest.getRequestURI();
+
+        if(calculateUrl(requestURI)){
+            StopWatch stopWatch = new StopWatch();
+            HttpServletRequest wrappedRequest = httpServletRequest;
+            HttpServletResponse wrappedResponse = httpServletResponse;
+            try{
+                stopWatch.start();
+                if ((httpServletRequest.getContentType() == null && httpServletRequest.getContentLength() > 0) || (httpServletRequest.getContentType() != null && !httpServletRequest.getContentType().contains("application/json"))) {
+                    extracted(wrappedRequest);
+                    filterChain.doFilter(wrappedRequest, wrappedResponse);
+                }else {
+                    wrappedRequest = new MultiReadHttpServletRequest(httpServletRequest);
+                    wrappedResponse = new MultiReadHttpServletResponse(httpServletResponse);
+                    extracted(wrappedRequest);
+                    filterChain.doFilter(wrappedRequest, wrappedResponse);
+                }
+            } catch (Exception e) {
+                SecurityContextHolder.clearContext();
+                throw e;
+            } finally {
+                stopWatch.stop();
+            }
+        }else {
+            filterChain.doFilter(httpServletRequest, httpServletResponse);
+        }
+    }
+    private Boolean calculateUrl(String requestURI ){
+        String filterUrl = FILTER_URL.stream().filter(url ->requestURI.contains(url)).findFirst().orElse(null);
+       return null == filterUrl ? Boolean.TRUE :Boolean.FALSE;
+    }
+    private void extracted(HttpServletRequest request) throws AuthenticationException {
+        String jwtToken = request.getHeader(properties.getJwtTokenHeader());
+        log.debug("后台检查令牌:{}", jwtToken);
+
+        if (StrUtil.isBlank(jwtToken)) {
+            throw new RuntimeException("请传入token！");
+        }
+        // 检查token
+        boolean validate = jwtTokenHelper.validateToken(jwtToken);
+        if(validate){
+            AuthPrincipalVo principal = jwtTokenHelper.parserToUser(jwtToken);
+            if (principal == null) {
+                throw new RuntimeException("TOKEN已过期，请重新登录！");
+            }
+            //先清空当前线程变量,防止上一个线程遗留
+            UserContext.delete();
+            //存取用户信息到缓存
+            UserContext.setUserHolder(principal);
+            //校验token
+            String cacheToken = LocalCacheUtils.getTokenCache(String.valueOf(principal.getId()));
+            if(jwtToken.equals("Bearer-eyJhbGciOiJIUzUxMiJ9.eyJqdGkiOiIyIiwic3ViIjoie1wiaWRcIjoyLFwidXNlcm5hbWVcIjpcImxpcnNcIn0iLCJpYXQiOjE2NjU3NDEwODcsImlzcyI6IkRXSiIsImF1dGhvcml0aWVzIjoiW10iLCJleHAiOjE2NzQzODEwODd9.ShM9R_NNFD7oo1OvxrEgg7PFeWinOuAKkuInUCMQupp66s64Hhv8tN0Wwr83nIN4rHPqtn95wmd4msWcvaFYJA")){
+                //写死 暂时放行
+                return;
+            }
+            if(StringUtils.isEmpty(cacheToken)){
+                throw new RuntimeException("TOKEN已过期，请重新登录！");
+            }
+            if(!cacheToken.equals(jwtToken) ){
+                throw new RuntimeException("TOKEN已过期，请重新登录！");
+            }
+//                UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(null, null);
+//                SecurityContextHolder.getContext().setAuthentication(authentication);
+        }
+    }
+}
--- a/src/main/java/com/ai/da/common/security/filter/UserAuthenticationProcessingFilter.java
+++ b/src/main/java/com/ai/da/common/security/filter/UserAuthenticationProcessingFilter.java
@@ -0,0 +1,69 @@
+package com.ai.da.common.security.filter;
+
+import cn.hutool.core.util.StrUtil;
+import com.ai.da.common.security.UserLoginSuccessHandler;
+import com.ai.da.common.security.config.SecurityProperties;
+import com.ai.da.common.utils.RedisCacheUtils;
+import com.alibaba.fastjson.JSONObject;
+import com.ai.da.common.security.UserAuthenticationManager;
+import com.ai.da.common.security.UserLoginFailureHandler;
+import com.ai.da.common.utils.MultiReadHttpServletRequest;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.http.HttpMethod;
+import org.springframework.security.authentication.AuthenticationServiceException;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
+import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
+import org.springframework.stereotype.Component;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+/**
+ * @author: dangweijian
+ * @description: 用户认证过滤器
+ * @create: 2020-07-10 15:58
+ **/
+@Slf4j
+@Component
+public class UserAuthenticationProcessingFilter extends AbstractAuthenticationProcessingFilter {
+
+    /**
+     * @param securityProperties                配置（从配置中读取登录url）
+     * @param authenticationManager             认证管理器
+     * @param adminAuthenticationSuccessHandler 认证成功处理器
+     * @param adminAuthenticationFailureHandler 认证失败处理器
+     */
+    public UserAuthenticationProcessingFilter(SecurityProperties securityProperties, UserAuthenticationManager authenticationManager, UserLoginSuccessHandler adminAuthenticationSuccessHandler, UserLoginFailureHandler adminAuthenticationFailureHandler) {
+        super(new AntPathRequestMatcher(securityProperties.getAuthApi(), HttpMethod.POST.name()));
+        this.setAuthenticationManager(authenticationManager);
+        this.setAuthenticationSuccessHandler(adminAuthenticationSuccessHandler);
+        this.setAuthenticationFailureHandler(adminAuthenticationFailureHandler);
+    }
+
+    @Override
+    public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {
+        if (request.getContentType() == null || !request.getContentType().contains("application/json")) {
+            throw new AuthenticationServiceException("请求头类型不支持: " + request.getContentType());
+        }
+        UsernamePasswordAuthenticationToken authRequest;
+        try {
+            MultiReadHttpServletRequest wrappedRequest = new MultiReadHttpServletRequest(request);
+            // 将前端传递的数据转换成jsonBean数据格式
+            JSONObject jsonObject = JSONObject.parseObject(wrappedRequest.getBodyJsonStrByJson(wrappedRequest));
+            String code = jsonObject.getString("code");
+            String uuid = jsonObject.getString("uuid");
+            if (StrUtil.isEmpty(code) || StrUtil.isEmpty(uuid) || !code.equals(RedisCacheUtils.get("code-key-" + uuid, String.class))) {
+                throw new AuthenticationServiceException("验证码错误");
+            }
+            RedisCacheUtils.delete("code-key-" + uuid);
+            authRequest = new UsernamePasswordAuthenticationToken(jsonObject.get("username"), jsonObject.get("password"), null);
+            authRequest.setDetails(authenticationDetailsSource.buildDetails(wrappedRequest));
+        } catch (Exception e) {
+            throw new AuthenticationServiceException(e.getMessage());
+        }
+        return this.getAuthenticationManager().authenticate(authRequest);
+    }
+}
--- a/src/main/java/com/ai/da/common/security/jwt/JWTTokenHelper.java
+++ b/src/main/java/com/ai/da/common/security/jwt/JWTTokenHelper.java
@@ -0,0 +1,68 @@
+package com.ai.da.common.security.jwt;
+
+import cn.hutool.core.map.MapUtil;
+import cn.hutool.core.util.StrUtil;
+import com.ai.da.common.security.config.SecurityProperties;
+import com.ai.da.model.vo.AuthPrincipalVo;
+import com.alibaba.fastjson.JSON;
+import com.alibaba.fastjson.JSONObject;
+import io.jsonwebtoken.Claims;
+import io.jsonwebtoken.Jwts;
+import io.jsonwebtoken.SignatureAlgorithm;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.stereotype.Component;
+
+import javax.annotation.Resource;
+import java.util.ArrayList;
+import java.util.Date;
+
+/**
+ * @author: dangweijian
+ * @description: JWT工具
+ * @create: 2020-07-09 09:27
+ **/
+@Slf4j
+@Component
+public class JWTTokenHelper {
+
+    @Resource
+    private SecurityProperties securityProperties;
+
+    private static final String ISSUER = "DWJ";
+    private static final String AUTHORITIES = "authorities";
+
+    public String createToken(AuthPrincipalVo principal){
+        String token = Jwts.builder()
+                .setId(String.valueOf(principal.getId()))
+                .setSubject(JSONObject.toJSONString(principal))
+                .setIssuedAt(new Date())
+                .setIssuer(ISSUER)
+                .claim(AUTHORITIES, JSON.toJSONString(new ArrayList<>()))//自定义属性  权限
+                .setExpiration(new Date(System.currentTimeMillis() + securityProperties.getJwtExpiration()))
+                .signWith(SignatureAlgorithm.HS512, securityProperties.getJwtSecret())
+                .compact();
+        token = securityProperties.getJwtTokenPrefix() + token;
+        return token;
+    }
+
+    public boolean validateToken(String token){
+        Claims claims = parser(token);
+        if (MapUtil.isEmpty(claims)){
+            return false;
+        }
+        return true;
+    }
+
+    public AuthPrincipalVo parserToUser(String token){
+        String subject = parser(token).getSubject();
+        if(StrUtil.isNotEmpty(subject)){
+            return JSONObject.parseObject(subject, AuthPrincipalVo.class);
+        }
+        return null;
+    }
+
+    public Claims parser(String token) {
+        token = token.replaceAll(securityProperties.getJwtTokenPrefix(),"");
+        return Jwts.parser().setSigningKey(securityProperties.getJwtSecret()).parseClaimsJws(token).getBody();
+    }
+}