项目讲解以及部分代码完善

69a5ac94 · Kou Shuang · c0797c08 · 69a5ac94 · 69a5ac94 · 69a5ac94
7 changed file
--- a/README.md
+++ b/README.md
@@ -7,7 +7,7 @@
 ## 相关文档

 - [JWT 优缺点分析以及常见问题解决方案](https://github.com/Snailclimb/JavaGuide/blob/master/docs/system-design/authority-certification/JWT-advantages-and-disadvantages.md)
- [项目讲解](./docs/比较重要的类的讲解.md)
+- [项目讲解](./docs/项目讲解.md)

 ## 介绍


--- a/docs/比较重要的类的讲解.md
+++ b/docs/比较重要的类的讲解.md
--- a/src/main/java/github/javaguide/springsecurityjwtguide/security/entity/LoginUser.java
+++ b/src/main/java/github/javaguide/springsecurityjwtguide/security/entity/LoginUser.java
@@ -12,4 +12,5 @@ public class LoginUser {
    private String username;
    private String password;
    private Boolean rememberMe;
+
 }
--- a/src/main/java/github/javaguide/springsecurityjwtguide/security/exception/JWTAuthenticationEntryPoint.java
+++ b/src/main/java/github/javaguide/springsecurityjwtguide/security/exception/JWTAuthenticationEntryPoint.java
@@ -13,7 +13,7 @@ import java.io.IOException;
 */
 public class JWTAuthenticationEntryPoint implements AuthenticationEntryPoint {
    /**
-     * 当用户尝试访问需要权限才能的REST资源而不提供Token或者Token过期时，
+     * 当用户尝试访问需要权限才能的REST资源而不提供Token或者Token错误或者过期时，
     * 将调用此方法发送401响应以及错误信息
     */
    @Override

--- a/src/main/java/github/javaguide/springsecurityjwtguide/security/filter/JWTAuthenticationFilter.java
+++ b/src/main/java/github/javaguide/springsecurityjwtguide/security/filter/JWTAuthenticationFilter.java
@@ -16,7 +16,6 @@ import javax.servlet.FilterChain;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
-import java.util.ArrayList;
 import java.util.List;
 import java.util.stream.Collectors;

@@ -75,7 +74,6 @@ public class JWTAuthenticationFilter extends UsernamePasswordAuthenticationFilte
        response.setHeader(SecurityConstants.TOKEN_HEADER, token);
    }

-
    @Override
    protected void unsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response, AuthenticationException authenticationException) throws IOException {
        response.sendError(HttpServletResponse.SC_UNAUTHORIZED, authenticationException.getMessage());

--- a/src/main/java/github/javaguide/springsecurityjwtguide/system/controller/UserController.java
+++ b/src/main/java/github/javaguide/springsecurityjwtguide/system/controller/UserController.java
@@ -29,7 +29,7 @@ public class UserController {
    }

    @GetMapping("/users")
-    @PreAuthorize("hasAnyRole('ROLE_DEV','ROLE_PM')")
+    @PreAuthorize("hasAnyRole('ROLE_DEV','ROLE_PM','ROLE_ADMIN')")
    public ResponseEntity<Page<User>> getAllUser(@RequestParam(value = "pageNum", defaultValue = "0") int pageNum, @RequestParam(value = "pageSize", defaultValue = "10") int pageSize) {
        System.out.println("当前访问该接口的用户为：" + currentUser.getCurrentUser().toString());
        Page<User> allUser = userService.getAllUser(pageNum, pageSize);

--- a/学习资源.md
+++ b/学习资源.md
@@ -4,4 +4,5 @@
 - Github Demo：https://github.com/spring-projects/spring-security/tree/5.1.6.RELEASE/samples/boot/oauth2login#github-login
 - [**深入理解OAuth2.0&基于OAuth2.0第三方登录之GitHub实践**](https://blog.csdn.net/jeffrey20170812/article/details/83588421)
 - [实现GitHub OAuth第三方登录](https://zhuanlan.zhihu.com/p/35392186)
+- [Using Spring Boot for OAuth2 and JWT REST Protection](https://www.toptal.com/spring/spring-boot-oauth2-jwt-rest-protection)