shiro（session+redis），基于springboot，基于前后端分离，从登录认证到鉴权

不念不忘少年蓝@ 2023-09-30 11:24 69阅读 0赞

这个demo是基于springboot项目的。

名词介绍：  
**Shiro**  
主要分为 安全认证 和 接口授权 两个部分，其中的核心组件为 Subject、 SecurityManager、 Realms，公共部分 Shiro 都已经为我们封装好了，我们只需要按照一定的规则去编写响应的代码即可…  
**Subject**  
表示主体，将用户的概念理解为当前操作的主体，因为它即可以是一个通过浏览器请求的用户，也可能是一个运行的程序，外部应用与 Subject 进行交互，记录当前操作用户。Subject 代表了当前用户的安全操作  
**SecurityManager**  
则管理所有用户的安全操作。  
**SecurityManager**  
即安全管理器，对所有的 Subject 进行安全管理，并通过它来提供安全管理的各种服务（认证、授权等）  
**Realm**  
充当了应用与数据安全间的 桥梁 或 连接器。当对用户执行认证（登录）和授权（访问控制）验证时，Shiro 会从应用配置的 Realm 中查找用户及其权限信息。

项目结构  
![在这里插入图片描述][watermark_type_ZHJvaWRzYW5zZmFsbGJhY2s_shadow_50_text_Q1NETiBAYmVuamFtaW4yNTg2_size_12_color_FFFFFF_t_70_g_se_x_16]

# 1.导入shiro依赖 #

<dependency>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-starter-test</artifactId>
                <scope>test</scope>
            </dependency>
    
            <dependency>
                <groupId>junit</groupId>
                <artifactId>junit</artifactId>
                <version>4.12</version>
                <scope>test</scope>
            </dependency>
    
            <dependency>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-starter-web</artifactId>
            </dependency>
    
            <dependency>
                <groupId>org.projectlombok</groupId>
                <artifactId>lombok</artifactId>
                <optional>true</optional>
            </dependency>
    
            <dependency>
                <groupId>mysql</groupId>
                <artifactId>mysql-connector-java</artifactId>
                <scope>runtime</scope>
            </dependency>
    
            <dependency>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-starter-jdbc</artifactId>
            </dependency>
    
            <dependency>
                <groupId>com.baomidou</groupId>
                <artifactId>mybatis-plus-boot-starter</artifactId>
                <version>3.4.2</version>
            </dependency>
            <dependency>
                <groupId>org.freemarker</groupId>
                <artifactId>freemarker</artifactId>
                <version>2.3.30</version>
            </dependency>
            <dependency>
                <groupId>com.baomidou</groupId>
                <artifactId>mybatis-plus-generator</artifactId>
                <version>3.4.1</version>
            </dependency>
    
            <dependency>
                <groupId>org.apache.shiro</groupId>
                <artifactId>shiro-spring</artifactId>
                <version>1.7.1</version>
            </dependency>
            <dependency>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-starter-aop</artifactId>
            </dependency>
            <dependency>
                <groupId>org.crazycake</groupId>
                <artifactId>shiro-redis</artifactId>
                <version>2.8.24</version>
            </dependency>
    
            <dependency>
                <groupId>org.apache.commons</groupId>
                <artifactId>commons-lang3</artifactId>
                <version>3.9</version>
            </dependency>
    
            <dependency>
                <groupId>io.springfox</groupId>
                <artifactId>springfox-swagger2</artifactId>
                <version>2.9.2</version>
            </dependency>
            <dependency>
                <groupId>io.springfox</groupId>
                <artifactId>springfox-swagger-ui</artifactId>
                <version>2.9.2</version>
            </dependency>

将用户信息交给redis管理  
使用swagger2

# 2.shiro配置类 #

import com.example.shirospringboot.realm.UserRealm;
    import com.example.shirospringboot.shiro.MySessionManager;
    import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
    import org.apache.shiro.mgt.SecurityManager;
    import org.apache.shiro.session.mgt.SessionManager;
    import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
    import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
    import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
    import org.crazycake.shiro.RedisCacheManager;
    import org.crazycake.shiro.RedisManager;
    import org.crazycake.shiro.RedisSessionDAO;
    import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
    import org.springframework.beans.factory.annotation.Autowired;
    import org.springframework.context.annotation.Bean;
    import org.springframework.context.annotation.Configuration;
    
    import java.util.LinkedHashMap;
    import java.util.Map;
    
    /**
     * shiro中文学习
     * https://www.w3cschool.cn/shiro/xgj31if4.html
     */
    
    /**
     * 测试role，permission的时候，手动删除旧的redis键值对
     */
    @Configuration
    public class ShiroConfig {
    
        @Autowired
        private RedisManager redisManager;
        @Autowired
        private RedisSessionDAO redisSessionDAO;
        @Autowired
        private RedisCacheManager redisCacheManager;
    
        @Bean()
        public ShiroFilterFactoryBean getShiroFilterFactoryBean(DefaultWebSecurityManager defaultWebSecurityManager){
            ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
            shiroFilterFactoryBean.setSecurityManager(defaultWebSecurityManager);
            /**
             * 拦截器
             * anon: 无需认证就可以访问
             * authc: 必须认证才能访问
             * user: 必须拥有记住我功能才能用
             * perms: 拥有对某个资源的权限才能访问
             * role: 拥有某个角色权限才能访问
             */
            Map<String, String> filterChainDefinitionMap =new LinkedHashMap<>();
            filterChainDefinitionMap.put("/login","anon");
            filterChainDefinitionMap.put("/logout","anon");
            /**
             * 使用权限注解的不需要在这里加，如/test
             * filterChainDefinitionMap .put("/test","authc");
             */
            //放行Swagger2页面，需要放行这些
            filterChainDefinitionMap.put("/swagger-ui.html","anon");
            filterChainDefinitionMap.put("/swagger/**","anon");
            filterChainDefinitionMap.put("/webjars/**", "anon");
            filterChainDefinitionMap.put("/swagger-resources/**","anon");
            filterChainDefinitionMap.put("/v2/**","anon");
            filterChainDefinitionMap.put("/static/**", "anon");
    
            filterChainDefinitionMap .put("/**","authc");
            shiroFilterFactoryBean.setLoginUrl("/login");
            shiroFilterFactoryBean.setUnauthorizedUrl("/login");
            shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
            return shiroFilterFactoryBean;
        }
        @Bean
        public HashedCredentialsMatcher hashedCredentialsMatcher() {
            HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher();
            hashedCredentialsMatcher.setHashAlgorithmName("MD5");//散列算法:这里使用MD5算法;
            hashedCredentialsMatcher.setHashIterations(1024);//散列的次数
            hashedCredentialsMatcher.setStoredCredentialsHexEncoded(true);
            return hashedCredentialsMatcher;
        }
        @Bean()
        public UserRealm userRealm() {
            UserRealm userRealm = new UserRealm();
            userRealm.setCredentialsMatcher(hashedCredentialsMatcher());
            return userRealm;
        }
        @Bean
        public DefaultWebSecurityManager getDefaultWebSecurityManager(){
            DefaultWebSecurityManager defaultWebSecurityManager = new DefaultWebSecurityManager();
            defaultWebSecurityManager.setRealm(userRealm());
            // 自定义session管理 使用redis
            defaultWebSecurityManager.setSessionManager(sessionManager());
            // 自定义缓存实现 使用redis
            defaultWebSecurityManager.setCacheManager(redisCacheManager);
            return defaultWebSecurityManager;
        }
        @Bean
        public SessionManager sessionManager() {
            MySessionManager mySessionManager = new MySessionManager();
            mySessionManager.setSessionDAO(redisSessionDAO);
            return mySessionManager;
        }
    
        /**
         * 开启shiro权限注解
         */
        @Bean
        public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) {
            AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
            authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
            return authorizationAttributeSourceAdvisor;
        }
        @Bean
        public DefaultAdvisorAutoProxyCreator getDefaultAdvisorAutoProxyCreator() {
            DefaultAdvisorAutoProxyCreator autoProxyCreator = new DefaultAdvisorAutoProxyCreator();
            autoProxyCreator.setProxyTargetClass(true);
            return autoProxyCreator;
        }
    }

# 3.ShiroRedis配置类 #

application.properties

spring.redis.shiro.host=127.0.0.1
    spring.redis.shiro.port=6379
    spring.redis.shiro.timeout=5000
    #没有密码写了会报错
    #spring.redis.shiro.password=123456
    
    
    import org.crazycake.shiro.RedisCacheManager;
    import org.crazycake.shiro.RedisManager;
    import org.crazycake.shiro.RedisSessionDAO;
    import org.springframework.beans.factory.annotation.Value;
    import org.springframework.context.annotation.Bean;
    import org.springframework.context.annotation.Configuration;
    
    
    @Configuration
    public class ShiroRedisConfig {
        @Value("${spring.redis.shiro.host}")
        private String host;
        @Value("${spring.redis.shiro.port}")
        private int port;
        @Value("${spring.redis.shiro.timeout}")
        private int timeout;
    //    @Value("${spring.redis.shiro.password}")
    //    private String password;
    
        @Bean
        public RedisManager redisManager() {
            RedisManager redisManager = new RedisManager();
            redisManager.setHost(host);
            redisManager.setPort(port);
            redisManager.setExpire(1800);// 配置缓存过期时间
            redisManager.setTimeout(timeout);
    //        redisManager.setPassword(password);
            return redisManager;
        }
        @Bean
        public RedisCacheManager redisCacheManager() {
            RedisCacheManager redisCacheManager = new RedisCacheManager();
            redisCacheManager.setRedisManager(redisManager());
            return redisCacheManager;
        }
        @Bean
        public RedisSessionDAO redisSessionDAO() {
            RedisSessionDAO redisSessionDAO = new RedisSessionDAO();
            redisSessionDAO.setRedisManager(redisManager());
            return redisSessionDAO;
        }
    }

# 4.Swagger配置类 #

import org.springframework.context.annotation.Bean;
    import org.springframework.context.annotation.Configuration;
    import springfox.documentation.builders.ApiInfoBuilder;
    import springfox.documentation.builders.PathSelectors;
    import springfox.documentation.builders.RequestHandlerSelectors;
    import springfox.documentation.service.ApiInfo;
    import springfox.documentation.spi.DocumentationType;
    import springfox.documentation.spring.web.plugins.Docket;
    import springfox.documentation.swagger2.annotations.EnableSwagger2;
    
    @EnableSwagger2
    @Configuration
    public class SwaggerConfig {
    
        @Bean
        public Docket createRestApi() {
            return new Docket(DocumentationType.SWAGGER_2)
                    .apiInfo(apiInfo())
                    .select()
                    /**
                     * Swagger会扫描该包下所有Controller定义的API，并产生文档内容（除了被@ApiIgnore注解的API）
                     */
                    .apis(RequestHandlerSelectors.basePackage("com.example.shirospringboot.controller"))
                    /**
                     * 可以根据url路径设置哪些请求加入文档，忽略哪些请求
                     */
                    .paths(PathSelectors.any())
                    .build();
        }
    
        private ApiInfo apiInfo() {
            return new ApiInfoBuilder()
                    .title("Shiro-Springboot Swagger2 APIs")
                    .description("shiro-springboot项目controller接口文档")
                    .version("1.0")
                    .build();
        }
    }

# 5.安全认证和权限验证的核心，自定义Realm #

import com.example.shirospringboot.entity.User;
    import com.example.shirospringboot.service.impl.UserServiceImpl;
    import org.apache.shiro.SecurityUtils;
    import org.apache.shiro.authc.AuthenticationException;
    import org.apache.shiro.authc.AuthenticationInfo;
    import org.apache.shiro.authc.AuthenticationToken;
    import org.apache.shiro.authc.SimpleAuthenticationInfo;
    import org.apache.shiro.authz.AuthorizationInfo;
    import org.apache.shiro.authz.SimpleAuthorizationInfo;
    import org.apache.shiro.realm.AuthorizingRealm;
    import org.apache.shiro.session.Session;
    import org.apache.shiro.subject.PrincipalCollection;
    import org.apache.shiro.util.ByteSource;
    import org.springframework.beans.factory.annotation.Autowired;
    
    import java.util.HashSet;
    import java.util.Set;
    
    public class UserRealm extends AuthorizingRealm {
        @Autowired
        private UserServiceImpl userService;
    
        /**
         * 认证
         */
        @Override
        protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
            /**
             * 获取当前登录的主题
              */
            String username = (String) token.getPrincipal();
            User user = userService.getUserByUserName(username);
            if(user==null){
                throw new AuthenticationException();
            }
            String credentials = user.getPassword();
            ByteSource credentialsSalt = ByteSource.Util.bytes(user.getSalt());
            SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo(
                    user.getUsername(), //用户名
                    credentials, //密码
                    credentialsSalt,
                    getName()  //当前realm对象的name，调用父类的getName()方法即可
            );
            Session session = SecurityUtils.getSubject().getSession();
            session.setAttribute("USER_SESSION", user);
            return authenticationInfo;
    
            /**
             *         String name="zhujie",password="123",salt= SaltUtil.getSalt();
             *         System.out.println("salt:"+salt);
             *         ByteSource saltByteSource = ByteSource.Util.bytes(salt);
             *         String newPs = new SimpleHash("MD5", password, salt, 1024).toHex();
             *         System.out.println("saltByteSource:"+saltByteSource);
             *         System.out.println("密码:"+newPs);
             */
        }
        /**
         * 授权
         */
        @Override
        protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
            SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
            Session session = SecurityUtils.getSubject().getSession();
            System.out.println("授权方法获取用户:"+session.getAttribute("USER_SESSION"));
            User user = (User) session.getAttribute("USER_SESSION");
            Set<String> roleSet = new HashSet<>();
            Set<String> permissionSet = new HashSet<>();
            userService.getUserRoles(user.getUsername()).forEach(role -> roleSet.add(role.getName()));
            userService.getUserPermissions(user.getUsername()).forEach(permission -> permissionSet.add(permission.getName()));
            info.setRoles(roleSet);
            info.setStringPermissions(permissionSet);
            return info;
        }
    }

# 6.全局异常处理器 #

import com.example.shirospringboot.Result.Result;
    import com.example.shirospringboot.Result.ResultUtil;
    import org.apache.shiro.authc.AuthenticationException;
    import org.apache.shiro.authc.ExpiredCredentialsException;
    import org.apache.shiro.authc.IncorrectCredentialsException;
    import org.apache.shiro.authc.LockedAccountException;
    import org.apache.shiro.authz.UnauthenticatedException;
    import org.apache.shiro.authz.UnauthorizedException;
    import org.springframework.web.bind.annotation.ExceptionHandler;
    import org.springframework.web.bind.annotation.RestControllerAdvice;
    
    @RestControllerAdvice
    public class GlobalExceptionHandler {
        /**
         * 如果身份验证失败请捕获 AuthenticationException 或其子类，常见的如：
         * DisabledAccountException（禁用的帐号）、
         * LockedAccountException（锁定的帐号）、
         * UnknownAccountException（错误的帐号）、
         * ExcessiveAttemptsException（登录失败次数过多）、
         * IncorrectCredentialsException （错误的凭证）、
         * ExpiredCredentialsException（过期的凭证）等
         * 具体请查看其继承关系；
         * 对于页面的错误消息展示，最好使用如 “用户名 / 密码错误” 而不是 “用户名错误”/“密码错误”，防止一些恶意用户非法扫描帐号库；
         */
    
        //无权限
        @ExceptionHandler(value = UnauthorizedException.class)
        public Result handler(UnauthorizedException e) {
            return ResultUtil.NO_PERMISSION();
        }
        //身份过期
        @ExceptionHandler(value = ExpiredCredentialsException.class)
        public Result handler(ExpiredCredentialsException e) {
            return ResultUtil.IDENTITY_EXPIRED();
        }
        //没有登陆
        @ExceptionHandler(value = UnauthenticatedException.class)
        public Result handler(UnauthenticatedException e) {
            return ResultUtil.NOT_LOGGED_IN();
        }
        //密码错误
        @ExceptionHandler(value = IncorrectCredentialsException.class)
        public Result handler(IncorrectCredentialsException e) {
            return ResultUtil.INCORRECT_PASSWORD();
        }
        //用户不存在
        @ExceptionHandler(value = AuthenticationException.class)
        public Result handler(AuthenticationException e) {
            return ResultUtil.USER_NOT_FOUND();
        }
        //账号冻结
        @ExceptionHandler(value = LockedAccountException.class)
        public Result handler(LockedAccountException e) {
            return ResultUtil.ACCOUNT_FREEZING();
        }
    
    }

# 7.因为现在的项目大多都是前后端分离的，所以我们需要实现自己的session管理 #

import org.apache.commons.lang3.StringUtils;
    import org.apache.shiro.web.servlet.ShiroHttpServletRequest;
    import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
    import org.apache.shiro.web.util.WebUtils;
    
    import javax.servlet.ServletRequest;
    import javax.servlet.ServletResponse;
    import java.io.Serializable;
    
    
    public class MySessionManager extends DefaultWebSessionManager {
    
        private static final String TOKEN = "token";
        private static final String REFERENCED_SESSION_ID_SOURCE = "Stateless request";
    
        public MySessionManager() {
            super();
        }
    
        @Override
        protected Serializable getSessionId(ServletRequest request, ServletResponse response) {
            String id = WebUtils.toHttp(request).getHeader(TOKEN);
            //如果请求头中有 token 则其值为sessionId
            if (!StringUtils.isEmpty(id)) {
                request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_SOURCE, REFERENCED_SESSION_ID_SOURCE);
                request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID, id);
                request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_IS_VALID, Boolean.TRUE);
                return id;
            } else {
                //否则按默认规则从cookie取sessionId
                return super.getSessionId(request, response);
            }
        }
    }

# 8.控制器 #

import com.example.shirospringboot.Result.Result;
    import com.example.shirospringboot.Result.ResultUtil;
    import com.example.shirospringboot.entity.User;
    import io.swagger.annotations.Api;
    import io.swagger.annotations.ApiOperation;
    import io.swagger.annotations.ApiParam;
    import org.apache.shiro.SecurityUtils;
    import org.apache.shiro.authc.AuthenticationException;
    import org.apache.shiro.authc.IncorrectCredentialsException;
    import org.apache.shiro.authc.LockedAccountException;
    import org.apache.shiro.authc.UsernamePasswordToken;
    import org.apache.shiro.authz.annotation.RequiresPermissions;
    import org.apache.shiro.authz.annotation.RequiresRoles;
    import org.apache.shiro.subject.Subject;
    import org.springframework.web.bind.annotation.*;
    
    import java.util.HashMap;
    
    @Api(value="LoginController|登录控制器")
    @RestController
    @RequestMapping("/")
    public class LoginController {
        @ApiOperation(value = "用户登录接口", notes = "提供用户名和密码")
        @PostMapping("/login")
        public Result login(@ApiParam(name = "user",value = "登录用户",required = true) @RequestBody User user){
            UsernamePasswordToken token = new UsernamePasswordToken(user.getUsername(), user.getPassword());
            Subject subject = SecurityUtils.getSubject();
            HashMap<String, Object> map = new HashMap<>();
            try {
                subject.login(token);
                map.put("token", subject.getSession().getId());
            } catch (IncorrectCredentialsException e) {
                //密码错误
                throw e;
            } catch (LockedAccountException e) {
                //冻结
                throw e;
            } catch (AuthenticationException e) {
                //用户不存在
                throw e;
            } catch (Exception e) {
                return ResultUtil.EXCEPTION_UNKNOWN();
            }
            System.out.println(user.getUsername()+"已登录");
            return ResultUtil.SUCCESS("登陆成功",null);
        }
    
        @ApiOperation("用户登出接口")
        @GetMapping("/logout")
        public Result logout(){
            SecurityUtils.getSubject().logout();
            return ResultUtil.SUCCESS("已退出登录",null);
        }
    
        @ApiOperation("用户权限测试接口")
        @GetMapping("/test")
        @RequiresRoles(value = {"admin"})
        @RequiresPermissions(value = {"order:query:zhujie"})
        public Result test(){
            return ResultUtil.SUCCESS("test",null);
        }
    
    }

常用注解  
@RequiresGuest 代表无需认证即可访问，同理的就是 /path=anon  
@RequiresAuthentication 需要认证，只要登录成功后就允许你操作  
@RequiresPermissions 需要特定的权限，没有则抛出 AuthorizationException  
@RequiresRoles 需要特定的橘色，没有则抛出 AuthorizationException

# 9.以上就是shiro登陆和鉴权的主要配置和类，下面补充一下其他信息。 #

因为数据是模拟的，所以在登陆认证的时候，并没有通过数据库查用户信息，可以通过以下方式模拟加密后的密码：

String name="zhujie",password="123",salt= SaltUtil.getSalt();
             System.out.println("salt:"+salt);  //数据库salt字段
             ByteSource saltByteSource = ByteSource.Util.bytes(salt);
             String newPs = new SimpleHash("MD5", password, salt, 1024).toHex();
             System.out.println("saltByteSource:"+saltByteSource);
             System.out.println("密码:"+newPs);  // 数据库password字段
        }

UserService添加两个方法，便于调用。

public interface IUserService extends IService<User> {
        User getUserByUserName(String username);
        List<Role> getUserRoles(String username);
        List<Permission> getUserPermissions(String username);
    }
        }

随机生成盐

import java.util.Random;
    
    public class SaltUtil {
        static char[] chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890!@#$%^&*()_+".toCharArray();
        static int length=32;
    
        public static String getSalt(int saltLength){
            StringBuilder sb = new StringBuilder();
            for(int i = 0; i < saltLength; i++){
                /**
                 * Random().nextInt()返回值为[0,n)
                 */
                char aChar = chars[new Random().nextInt(chars.length)];
                sb.append(aChar);
            }
            return sb.toString();
        }
        public static String getSalt(){
            return getSalt(length);
        }
    }

统一结果封装

import io.swagger.annotations.ApiModel;
    import lombok.Data;
    
    @Data
    @ApiModel("统一封装返回对象")
    public class Result<T> {
        /** 错误码. */
        private Integer code;
        /** 提示信息. */
        private String msg;
        /** 具体的内容. */
        private T data;
    }
    
    
    public enum ResultEnum {
        SUCCESS(200, "操作成功"),
        EXCEPTION_NOT_LOGGED_IN(401, "未登录，请登录"),
        EXCEPTION_USER_NOT_FOUND(401,"用户不存在"),
        EXCEPTION_INCORRECT_PASSWORD(401,"密码错误"),
        EXCEPTION_IDENTITY_EXPIRED(401, "身份已过期，请重新登录"),
        EXCEPTION_ACCOUNT_FREEZING(401, "账号已被冻结"),
        EXCEPTION_NO_PERMISSION(402, "无权限操作"),
        EXCEPTION_UNKNOWN(400, "未知异常");
    
        private Integer code;
        private String msg;
    
        ResultEnum(Integer code, String msg) {
            this.code = code;
            this.msg = msg;
        }
        public Integer getCode() {
            return code;
        }
        public String getMsg() {
            return msg;
        }
    }
    
    
    
    import org.apache.commons.lang3.StringUtils;
    
    public class ResultUtil {
        /**
         * 成功
         */
        public static Result SUCCESS(String message,Object object) {
            Result result = new Result();
            result.setCode(ResultEnum.SUCCESS.getCode());
            if(StringUtils.isBlank(message)){
                result.setMsg(ResultEnum.SUCCESS.getMsg());
            }else{
                result.setMsg(message);
            }
            result.setData(object);
            return result;
        }
        public static Result SUCCESS() {
            return SUCCESS(null,null);
        }
        /**
         * 未登录
         */
        public static Result NOT_LOGGED_IN() {
            Result result = new Result();
            result.setCode(ResultEnum.EXCEPTION_NOT_LOGGED_IN.getCode());
            result.setMsg(ResultEnum.EXCEPTION_NOT_LOGGED_IN.getMsg());
            return result;
        }
        /**
         * 用户不存在
         */
        public static Result USER_NOT_FOUND() {
            Result result = new Result();
            result.setCode(ResultEnum.EXCEPTION_USER_NOT_FOUND.getCode());
            result.setMsg(ResultEnum.EXCEPTION_USER_NOT_FOUND.getMsg());
            return result;
        }
        /**
         * 密码错误
         */
        public static Result INCORRECT_PASSWORD() {
            Result result = new Result();
            result.setCode(ResultEnum.EXCEPTION_INCORRECT_PASSWORD.getCode());
            result.setMsg(ResultEnum.EXCEPTION_INCORRECT_PASSWORD.getMsg());
            return result;
        }
        /**
         * 身份失效
         */
        public static Result IDENTITY_EXPIRED() {
            Result result = new Result();
            result.setCode(ResultEnum.EXCEPTION_IDENTITY_EXPIRED.getCode());
            result.setMsg(ResultEnum.EXCEPTION_IDENTITY_EXPIRED.getMsg());
            return result;
        }
        /**
         * 无权限
         */
        public static Result NO_PERMISSION() {
            Result result = new Result();
            result.setCode(ResultEnum.EXCEPTION_NO_PERMISSION.getCode());
            result.setMsg(ResultEnum.EXCEPTION_NO_PERMISSION.getMsg());
            return result;
        }
        /**
         * 无权限
         */
        public static Result ACCOUNT_FREEZING() {
            Result result = new Result();
            result.setCode(ResultEnum.EXCEPTION_ACCOUNT_FREEZING.getCode());
            result.setMsg(ResultEnum.EXCEPTION_ACCOUNT_FREEZING.getMsg());
            return result;
        }
        /**
         * 未知异常
         */
        public static Result EXCEPTION_UNKNOWN() {
            Result result = new Result();
            result.setCode(ResultEnum.EXCEPTION_UNKNOWN.getCode());
            result.setMsg(ResultEnum.EXCEPTION_UNKNOWN.getMsg());
            return result;
        }
    }

# 10.出现的问题 #

### 问题1 ###

添加以上依赖后，从缓存中读取用户信息会出现cast异常，所以不添加该热部署依赖即可

User user = (User) session.getAttribute("USER_SESSION");

### 问题2 ###

放行Swagger2页面

filterChainDefinitionMap.put("/swagger-ui.html","anon");
            filterChainDefinitionMap.put("/swagger/**","anon");
            filterChainDefinitionMap.put("/webjars/**", "anon");
            filterChainDefinitionMap.put("/swagger-resources/**","anon");
            filterChainDefinitionMap.put("/v2/**","anon");
            filterChainDefinitionMap.put("/static/**", "anon");

[watermark_type_ZHJvaWRzYW5zZmFsbGJhY2s_shadow_50_text_Q1NETiBAYmVuamFtaW4yNTg2_size_12_color_FFFFFF_t_70_g_se_x_16]: https://img-blog.csdnimg.cn/6e9f5481e3c5405699d49780b62e0523.png?x-oss-process=image/watermark,type_ZHJvaWRzYW5zZmFsbGJhY2s,shadow_50,text_Q1NETiBAYmVuamFtaW4yNTg2,size_12,color_FFFFFF,t_70,g_se,x_16