feat(jwt): implement JWT-based authentication system

weblog-module-jwt/src/main/java/com/hanserwei/jwt/config/JwtAuthenticationSecurityConfig.java

@@ -0,0 +1,39 @@
+package com.hanserwei.jwt.config;
+
+import com.hanserwei.jwt.filter.JwtAuthenticationFilter;
+import com.hanserwei.jwt.handler.RestAuthenticationFailureHandler;
+import com.hanserwei.jwt.handler.RestAuthenticationSuccessHandler;
+import jakarta.annotation.Resource;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.config.annotation.SecurityConfigurerAdapter;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.web.DefaultSecurityFilterChain;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+
+@Configuration
+public class JwtAuthenticationSecurityConfig extends SecurityConfigurerAdapter<DefaultSecurityFilterChain, HttpSecurity> {
+
+    @Resource
+    private RestAuthenticationSuccessHandler restAuthenticationSuccessHandler;
+
+    @Resource
+    private RestAuthenticationFailureHandler restAuthenticationFailureHandler;
+
+    @Override
+    public void configure(HttpSecurity httpSecurity) {
+        // 1. 实例化自定义过滤器
+        JwtAuthenticationFilter filter = new JwtAuthenticationFilter();
+
+        // 2. 这里的 AuthenticationManager 是从外部传入的 (httpSecurity sharedObject)
+        filter.setAuthenticationManager(httpSecurity.getSharedObject(AuthenticationManager.class));
+
+        // 3. 设置成功/失败处理器
+        filter.setAuthenticationSuccessHandler(restAuthenticationSuccessHandler);
+        filter.setAuthenticationFailureHandler(restAuthenticationFailureHandler);
+
+        // 4. 将过滤器添加到 UsernamePasswordAuthenticationFilter 之前
+        // (JWT 校验通常在用户名密码校验之前，或者用来替换它，addFilterBefore 是最稳妥的)
+        httpSecurity.addFilterBefore(filter, UsernamePasswordAuthenticationFilter.class);
+    }
+}

weblog-module-jwt/src/main/java/com/hanserwei/jwt/config/PasswordEncoderConfig.java

@@ -0,0 +1,20 @@
+package com.hanserwei.jwt.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+
+@Configuration
+public class PasswordEncoderConfig {
+    public static void main(String[] args) {
+        BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
+        System.out.println(encoder.encode("hanserwei"));
+    }
+
+    @Bean
+    public PasswordEncoder passwordEncoder() {
+        // BCrypt 是一种安全且适合密码存储的哈希算法，它在进行哈希时会自动加入“盐”，增加密码的安全性。
+        return new BCryptPasswordEncoder();
+    }
+}

weblog-module-jwt/src/main/java/com/hanserwei/jwt/exception/UsernameOrPasswordNullException.java

@@ -0,0 +1,14 @@
+package com.hanserwei.jwt.exception;
+
+
+import org.springframework.security.core.AuthenticationException;
+
+public class UsernameOrPasswordNullException extends AuthenticationException {
+    public UsernameOrPasswordNullException(String msg, Throwable cause) {
+        super(msg, cause);
+    }
+
+    public UsernameOrPasswordNullException(String msg) {
+        super(msg);
+    }
+}

weblog-module-jwt/src/main/java/com/hanserwei/jwt/filter/JwtAuthenticationFilter.java

@@ -0,0 +1,47 @@
+package com.hanserwei.jwt.filter;
+
+import com.fasterxml.jackson.databind.JsonNode;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.hanserwei.jwt.exception.UsernameOrPasswordNullException;
+import io.micrometer.common.util.StringUtils;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import org.springframework.http.HttpMethod;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
+import org.springframework.security.web.util.matcher.RegexRequestMatcher;
+
+import java.io.IOException;
+import java.util.Objects;
+
+public class JwtAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
+
+    public JwtAuthenticationFilter() {
+        super(new RegexRequestMatcher("/login", HttpMethod.POST.name()));
+    }
+
+    @Override
+    public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException, IOException {
+        ObjectMapper mapper = new ObjectMapper();
+        // 解析提交的JSON数据
+        JsonNode jsonNode = mapper.readTree(request.getInputStream());
+        JsonNode usernameNode = jsonNode.get("username");
+        JsonNode passwordNode =  jsonNode.get("password");
+        // 判断用户名、密码是否为空
+        if (Objects.isNull(usernameNode) || Objects.isNull(passwordNode)
+                || StringUtils.isBlank(usernameNode.textValue()) || StringUtils.isBlank(passwordNode.textValue())) {
+            throw new UsernameOrPasswordNullException("用户名或密码不能为空");
+        }
+
+        String username = usernameNode.textValue();
+        String password = passwordNode.textValue();
+
+        // 将用户名、密码封装到 Token 中
+        UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken
+                = new UsernamePasswordAuthenticationToken(username, password);
+        return getAuthenticationManager().authenticate(usernamePasswordAuthenticationToken);
+    }
+}

weblog-module-jwt/src/main/java/com/hanserwei/jwt/handler/RestAuthenticationFailureHandler.java

@@ -0,0 +1,37 @@
+package com.hanserwei.jwt.handler;
+
+import com.hanserwei.common.enums.ResponseCodeEnum;
+import com.hanserwei.common.utils.Response;
+import com.hanserwei.jwt.exception.UsernameOrPasswordNullException;
+import com.hanserwei.jwt.utils.ResultUtil;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.security.authentication.BadCredentialsException;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.authentication.AuthenticationFailureHandler;
+import org.springframework.stereotype.Component;
+
+import java.io.IOException;
+
+@Slf4j
+@Component
+public class RestAuthenticationFailureHandler implements AuthenticationFailureHandler {
+    @Override
+    public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException {
+        log.warn("AuthenticationException: ", exception);
+        if (exception instanceof UsernameOrPasswordNullException) {
+            // 用户名或密码为空
+            ResultUtil.fail(response, Response.fail(exception.getMessage()));
+            return;
+        } else if (exception instanceof BadCredentialsException) {
+            // 用户名或密码错误
+            ResultUtil.fail(response, Response.fail(ResponseCodeEnum.USERNAME_OR_PWD_ERROR));
+            return;
+        }
+
+        // 登录失败
+        ResultUtil.fail(response, Response.fail(ResponseCodeEnum.LOGIN_FAIL));
+    }
+}

weblog-module-jwt/src/main/java/com/hanserwei/jwt/handler/RestAuthenticationSuccessHandler.java

@@ -0,0 +1,40 @@
+package com.hanserwei.jwt.handler;
+
+import com.hanserwei.common.utils.Response;
+import com.hanserwei.jwt.model.LoginRspVO;
+import com.hanserwei.jwt.utils.JwtTokenHelper;
+import com.hanserwei.jwt.utils.ResultUtil;
+import jakarta.annotation.Resource;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
+import org.springframework.stereotype.Component;
+
+import java.io.IOException;
+
+@Slf4j
+@Component
+public class RestAuthenticationSuccessHandler implements AuthenticationSuccessHandler {
+
+    @Resource
+    private JwtTokenHelper jwtTokenHelper;
+
+    @Override
+    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException {
+        // 从 authentication 对象中获取用户的 UserDetails 实例，这里是获取用户的用户名
+        UserDetails userDetails = (UserDetails) authentication.getPrincipal();
+
+        // 通过用户名生成 Token
+        String username = userDetails.getUsername();
+        String token = jwtTokenHelper.generateToken(username);
+
+        // 返回 Token
+        LoginRspVO loginRspVO = LoginRspVO.builder().token(token).build();
+
+        ResultUtil.ok(response, Response.success(loginRspVO));
+    }
+}

weblog-module-jwt/src/main/java/com/hanserwei/jwt/model/LoginRspVO.java

@@ -0,0 +1,19 @@
+package com.hanserwei.jwt.model;
+
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+@Data
+@AllArgsConstructor
+@NoArgsConstructor
+@Builder
+public class LoginRspVO {
+
+    /**
+     * Token 值
+     */
+    private String token;
+
+}

weblog-module-jwt/src/main/java/com/hanserwei/jwt/service/UserDetailServiceImpl.java

@@ -0,0 +1,36 @@
+package com.hanserwei.jwt.service;
+
+import com.hanserwei.common.domain.dataobject.User;
+import com.hanserwei.common.domain.repository.UserRepository;
+import jakarta.annotation.Resource;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.stereotype.Service;
+
+import java.util.Objects;
+
+@Service
+@Slf4j
+public class UserDetailServiceImpl implements UserDetailsService {
+
+    @Resource
+    private UserRepository userRepository;
+
+    @Override
+    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
+        // 从数据库查询用户信息
+        User user = userRepository.getUsersByUsername(username);
+        // 判断用户是否存在
+        if (Objects.isNull(user)) {
+            throw new UsernameNotFoundException("用户不存在");
+        }
+
+        // authorities 用于指定角色，这里写死为 ADMIN 管理员
+        return org.springframework.security.core.userdetails.User.withUsername(user.getUsername())
+                .password(user.getPassword())
+                .authorities("ADMIN")
+                .build();
+    }
+}

weblog-module-jwt/src/main/java/com/hanserwei/jwt/utils/JwtTokenHelper.java

@@ -0,0 +1,110 @@
+package com.hanserwei.jwt.utils;
+
+import io.jsonwebtoken.*;
+import io.jsonwebtoken.io.Decoders;
+import io.jsonwebtoken.io.Encoders;
+import io.jsonwebtoken.security.Keys;
+import org.springframework.beans.factory.InitializingBean;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.security.authentication.BadCredentialsException;
+import org.springframework.security.authentication.CredentialsExpiredException;
+import org.springframework.stereotype.Component;
+
+import javax.crypto.SecretKey;
+import java.time.Instant;
+import java.time.temporal.ChronoUnit;
+import java.util.Date;
+
+@Component
+public class JwtTokenHelper implements InitializingBean {
+
+    /**
+     * 签发人
+     */
+    @Value("${jwt.issuer}")
+    private String issuer;
+
+    /**
+     * 秘钥 (JJWT 0.12+ 强制要求使用 SecretKey 接口，且长度必须符合算法安全标准)
+     */
+    private SecretKey key;
+
+    /**
+     * JWT 解析器 (线程安全，建议复用)
+     */
+    private JwtParser jwtParser;
+
+    /**
+     * 工具方法：生成一个符合 HS512 标准的安全 Base64 秘钥
+     * 用于生成后填入 application.yml
+     */
+    public static String generateBase64Key() {
+        SecretKey secretKey = Jwts.SIG.HS512.key().build();
+        return Encoders.BASE64.encode(secretKey.getEncoded()); // Fixed line
+    }
+
+    public static void main(String[] args) {
+        String key = generateBase64Key();
+        System.out.println("请将此 Key 复制到配置文件中 (HS512需要长Key): " + key);
+    }
+
+    /**
+     * 设置 Base64 秘钥
+     * 官方建议：HS512 算法至少需要 512 bit (64字节) 的秘钥长度，否则会抛出 WeakKeyException
+     */
+    @Value("${jwt.secret}")
+    public void setBase64Key(String base64Key) {
+        // 使用 JJWT 提供的 Decoders 工具，或者使用 java.util.Base64 均可
+        byte[] keyBytes = Decoders.BASE64.decode(base64Key);
+        this.key = Keys.hmacShaKeyFor(keyBytes);
+    }
+
+    /**
+     * 初始化 JwtParser
+     */
+    @Override
+    public void afterPropertiesSet() {
+        // 0.13.0 标准写法：
+        // 1. 使用 parser() 而不是 parserBuilder()
+        // 2. 使用 verifyWith() 设置验签秘钥
+        jwtParser = Jwts.parser()
+                .requireIssuer(issuer)
+                .verifyWith(key)
+                // 允许的时钟偏差 (防止服务器时间不一致导致验证失败)，默认单位秒
+                .clockSkewSeconds(10)
+                .build();
+    }
+
+    /**
+     * 生成 Token
+     */
+    public String generateToken(String username) {
+        Instant now = Instant.now();
+        Instant expireTime = now.plus(1, ChronoUnit.HOURS);
+
+        return Jwts.builder()
+                .header().add("type", "JWT").and() // 推荐添加 header
+                .subject(username)
+                .issuer(issuer)
+                .issuedAt(Date.from(now))
+                .expiration(Date.from(expireTime))
+                // 0.13.0 标准：使用 Jwts.SIG 中的常量指定算法
+                .signWith(key, Jwts.SIG.HS512)
+                .compact();
+    }
+
+    /**
+     * 解析 Token
+     */
+    public Jws<Claims> parseToken(String token) {
+        try {
+            // 0.13.0 标准：解析已签名的 JWS 使用 parseSignedClaims
+            return jwtParser.parseSignedClaims(token);
+        } catch (MalformedJwtException | UnsupportedJwtException | IllegalArgumentException e) {
+            // 注意：SignatureException 现在属于 io.jsonwebtoken.security 包
+            throw new BadCredentialsException("Token 不可用或签名无效", e);
+        } catch (ExpiredJwtException e) {
+            throw new CredentialsExpiredException("Token 已失效", e);
+        }
+    }
+}

weblog-module-jwt/src/main/java/com/hanserwei/jwt/utils/ResultUtil.java

@@ -0,0 +1,67 @@
+package com.hanserwei.jwt.utils;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.hanserwei.common.utils.Response;
+import jakarta.servlet.http.HttpServletResponse;
+import org.springframework.http.HttpStatus;
+
+import java.io.IOException;
+import java.io.PrintWriter;
+
+public class ResultUtil {
+
+    private static final ObjectMapper objectMapper = new ObjectMapper();
+
+    /**
+     * 成功响应
+     *
+     * @param response HttpServletResponse对象
+     * @param result   响应数据
+     * @throws IOException IO异常
+     */
+    public static void ok(HttpServletResponse response, Response<?> result) throws IOException {
+        writeResponse(response, HttpStatus.OK.value(), result);
+    }
+
+    /**
+     * 失败响应
+     *
+     * @param response HttpServletResponse对象
+     * @param result   响应数据
+     * @throws IOException IO异常
+     */
+    public static void fail(HttpServletResponse response, Response<?> result) throws IOException {
+        writeResponse(response, HttpStatus.OK.value(), result);
+    }
+
+    /**
+     * 失败响应
+     *
+     * @param response HttpServletResponse对象
+     * @param status   HTTP状态码
+     * @param result   响应数据
+     * @throws IOException IO异常
+     */
+    public static void fail(HttpServletResponse response, int status, Response<?> result) throws IOException {
+        writeResponse(response, status, result);
+    }
+
+    /**
+     * 写入响应数据
+     *
+     * @param response HttpServletResponse对象
+     * @param status   HTTP状态码
+     * @param result   响应数据
+     * @throws IOException IO异常
+     */
+    private static void writeResponse(HttpServletResponse response, int status, Response<?> result) throws IOException {
+        response.setCharacterEncoding("UTF-8");
+        response.setStatus(status);
+        response.setContentType("application/json");
+
+        try (PrintWriter writer = response.getWriter()) {
+            writer.write(objectMapper.writeValueAsString(result));
+            writer.flush();
+        }
+    }
+}