[记录心得]SpringBoot集成SpringSecurity从0到1搭建权限管理详细过程

原文：SpringBoot集成SpringSecurity从0到1搭建权限管理详细过程（认证+授权）_springboot设置一套权限系统-CSDN博客

 问题一：WebSecurityConfigurerAdapter类在 Spring Security 5.0 之后，它被标记为过时，并在 Spring Security 5.0 中的部分版本中逐步移除，本人用的boot3.3.5 security6.3.4，无法使用该类
解决：

import org.aliang.security.filter.JwtAuthenticationTokenFilter;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true,securedEnabled = true,jsr250Enabled = true)
public class SecurityConfig {private final JwtAuthenticationTokenFilter jwtAuthenticationTokenFilter;public SecurityConfig(JwtAuthenticationTokenFilter jwtAuthenticationTokenFilter) {this.jwtAuthenticationTokenFilter = jwtAuthenticationTokenFilter;}@Beanpublic PasswordEncoder passwordEncoder(){return new BCryptPasswordEncoder();}@Beanprotected SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {http// 禁用 CSRF 防护.csrf().disable()// 设置无会话模式（stateless）.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS)  // 禁用会话管理.invalidSessionUrl("/login/page"))// 对于登录接口 允许匿名访问.authorizeHttpRequests((authorize) -> authorize.requestMatchers(HttpMethod.POST, "/user/login").permitAll()// 除上面外的所有请求全部需要鉴权认证.anyRequest().authenticated());//将 jwtAuthenticationTokenFilter过滤器添加到 UsernamePasswordAuthenticationFilter之前执行http.addFilterBefore(jwtAuthenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);return http.build();}@Beanpublic AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration) throws Exception {return authenticationConfiguration.getAuthenticationManager();}
}

问题二：令牌生成报错ClassNotFoundException

java.lang.ClassNotFoundException: javax.xml.bind.DatatypeConverter

解决：

报错原因在java SE 9.0 中不再包含这个 Jar 包
解决方法：添加依赖<!--解决令牌构建问题--><dependency><groupId>javax.xml.bind</groupId><artifactId>jaxb-api</artifactId><version>2.3.1</version></dependency><dependency><groupId>org.glassfish.jaxb</groupId><artifactId>jaxb-runtime</artifactId><version>2.3.3</version></dependency>

问题三：JwtAuthenticationTokenFilter过滤器拦截抛出异常后无法传递给前端，全局异常处理器无法拦截过滤器异常

解决：通过HttpServletResponse返回给前端

public class CustomFilterException extends RuntimeException {public CustomFilterException(String message) {super(message);}public CustomFilterException(String message, Throwable cause) {super(message, cause);}public static void errorRequest(HttpServletRequest request, HttpServletResponse response, String msg) {response.setStatus(HttpServletResponse.SC_PROXY_AUTHENTICATION_REQUIRED); // 设置 HTTP 状态码为 401 未授权response.setContentType("application/json"); // 设置返回类型为 JSONresponse.setCharacterEncoding("UTF-8");// 创建错误响应体ResponseResult<Object> responseResult = new ResponseResult<>(401, msg);// 将错误响应写入到 response 输出流try {response.getWriter().write(JSON.toJSONString(responseResult));response.getWriter().flush();} catch (IOException e) {throw new RuntimeException(e);}}
}

问题四：MybatisPlus 3.5.5版本依赖mybatis-spring 2.1.2和项目所用spring-boot 3.3.5冲突问题

org.springframework.beans.factory.BeanDefinitionStoreException: Invalid bean definition with name 'menuMapper' defined in file [D:\IDEA2023\security\target\classes\org\aliang\security\mapper\MenuMapper.class]: Invalid value type for attribute 'factoryBeanObjectType': java.lang.String

解决：导入新版本mybatis-spring

		<dependency><groupId>org.mybatis</groupId><artifactId>mybatis-spring</artifactId><version>3.0.3</version></dependency>

 问题五：项目配置文件

spring:application:name: securitydatasource:url: jdbc:mysql://192.168.1.198:3306/spring_security?characterEncoding=utf-8&serverTimezone=UTCusername: rootpassword: 1234driver-class-name: com.mysql.cj.jdbc.Driverdata:redis:host: 192.168.1.198port: 6379database: 0
server:port: 8080
#mybatisplus配置
mybatis-plus:
#  global-config:
#    db-config:
#      #配置id自增长
#      id-type: auto
#  configuration:
#    #配置mybatisplus日志
#    log-impl: org.apache.ibatis.logging.stdout.StdOutImplmapper-locations: classpath:/xml/*.xml