shiro jwt

platform-common/pom.xml

@@ -347,6 +347,17 @@
             <version>3.5</version>
             <scope>compile</scope>
         </dependency>
+
+        <dependency>
+            <groupId>io.jsonwebtoken</groupId>
+            <artifactId>jjwt</artifactId>
+            <version>0.9.1</version>
+        </dependency>
+        <dependency>
+            <groupId>com.auth0</groupId>
+            <artifactId>java-jwt</artifactId>
+            <version>3.4.0</version>
+        </dependency>
     </dependencies>
 
   <!--  <build>

platform-common/src/main/java/com/platform/controller/SysLoginController.java

@@ -238,18 +238,18 @@ public class SysLoginController {
         //解析返回结果
         JSONObject res = JSONObject.parseObject(loginResult.getBody());
         Result result = parseResultWithoutAddUser(res, "登录失败");
-        if (null != result && result.getCode().equals(Result.CODE_SUCCESS)) {
-            log.info("四维看看登录完成，将执行本地登录验证");
-            try {
-                Subject subject = ShiroUtils.getSubject();
-                UsernamePasswordToken token = new UsernamePasswordToken(username, password);
-                subject.login(token);
-            } catch (UnknownAccountException | IncorrectCredentialsException | LockedAccountException e) {
-                return Result.failure(e.getMessage());
-            } catch (AuthenticationException e) {
-                return Result.failure("账户验证失败");
-            }
-        }
+//        if (null != result && result.getCode().equals(Result.CODE_SUCCESS)) {
+//            log.info("四维看看登录完成，将执行本地登录验证");
+//            try {
+//                Subject subject = ShiroUtils.getSubject();
+//                UsernamePasswordToken token = new UsernamePasswordToken(username, password);
+//                subject.login(token);
+//            } catch (UnknownAccountException | IncorrectCredentialsException | LockedAccountException e) {
+//                return Result.failure(e.getMessage());
+//            } catch (AuthenticationException e) {
+//                return Result.failure("账户验证失败");
+//            }
+//        }
         return result;
     }
     @Transactional(propagation = Propagation.REQUIRES_NEW, rollbackFor = Exception.class)

platform-common/src/main/java/com/platform/entity/SysMenuEntity.java

@@ -58,6 +58,11 @@ public class SysMenuEntity extends Tree {
      */
     private Integer status;
 
+    /**
+     * 父级菜单id
+     */
+    private String parentMenu;
+
     public void setMenuId(Long menuId) {
         this.menuId = menuId;
     }
@@ -187,4 +192,12 @@ public class SysMenuEntity extends Tree {
     public void setStatus(Integer status) {
         this.status = status;
     }
+
+    public String getParentMenu() {
+        return parentMenu;
+    }
+
+    public void setParentMenu(String parentMenu) {
+        this.parentMenu = parentMenu;
+    }
 }

platform-common/src/main/java/com/platform/service/impl/SysMenuServiceImpl.java

@@ -10,9 +10,7 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Map;
+import java.util.*;
 
 
 @Service("sysMenuService")
@@ -64,7 +62,43 @@ public class SysMenuServiceImpl implements SysMenuService {
 
 	@Override
 	public List<SysMenuEntity> queryList(Map<String, Object> map) {
-		return sysMenuDao.queryList(map);
+		List<SysMenuEntity> sysMenuEntities = sysMenuDao.queryList(map);
+		sysMenuEntities.sort(Comparator.comparing(SysMenuEntity::getType));
+
+		List<SysMenuEntity> newMenu = new ArrayList<>();
+		HashMap<Long,SysMenuEntity> oneMenu = new HashMap<>();
+		HashMap<Long,SysMenuEntity> towMenu = new HashMap<>();
+		for (SysMenuEntity sysMenuEntity : sysMenuEntities) {
+			if(sysMenuEntity.getType() == 0 || sysMenuEntity.getParentId() == 0){
+				oneMenu.put(sysMenuEntity.getMenuId(),sysMenuEntity);
+			}else if(sysMenuEntity.getType() == 1) {
+				sysMenuEntity.setParentMenu(sysMenuEntity.getParentId().toString());
+				towMenu.put(sysMenuEntity.getMenuId(),sysMenuEntity);
+			}else if(sysMenuEntity.getType() == 2){
+				SysMenuEntity sysMenuEntity1 = towMenu.get(sysMenuEntity.getParentId());
+				sysMenuEntity.setParentMenu(sysMenuEntity1.getParentId().toString()+"-"+sysMenuEntity.getParentId().toString());
+				List list = sysMenuEntity1.getChildren();
+				if(list == null){
+					list = new ArrayList();
+				}
+				list.add(sysMenuEntity);
+				sysMenuEntity1.setChildren(list);
+
+			}
+		}
+		for (Long id : towMenu.keySet()) {
+			SysMenuEntity sysMenuEntity = towMenu.get(id);
+			List children = oneMenu.get(sysMenuEntity.getParentId()).getChildren();
+			if(children == null){
+				children = new ArrayList();
+			}
+			children.add(sysMenuEntity);
+			oneMenu.get(sysMenuEntity.getParentId()).setChildren(children);
+		}
+		for (Long id : oneMenu.keySet()) {
+			newMenu.add(oneMenu.get(id));
+		}
+		return newMenu;
 	}
 
 	@Override

platform-common/src/main/java/com/platform/shiro/ShiroLoginController.java

@@ -1,32 +0,0 @@
-package com.platform.shiro;
-
-import com.alibaba.fastjson.JSONObject;
-import com.platform.entity.Result;
-import com.platform.utils.ShiroUtils;
-import org.apache.shiro.subject.Subject;
-import org.springframework.stereotype.Controller;
-import org.springframework.web.bind.annotation.*;
-
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-
-
-@Controller
-public class ShiroLoginController {
-
-
-    @RequestMapping("login.do")
-    public void loginDo(HttpServletRequest request, ServletResponse response) throws Exception {
-        Subject subject = ShiroUtils.getSubject();
-        if (subject.getPrincipal() == null) {
-            response.setCharacterEncoding("UTF-8");
-            response.setContentType("application/json");
-            response.getWriter().write(JSONObject.toJSONString(Result.failure(401, "登录认证失效，请重新登录!")));
-        } else {
-            response.setCharacterEncoding("UTF-8");
-            response.setContentType("application/json");
-            response.getWriter().write(JSONObject.toJSONString(Result.failure(402,"您没有权限执行该操作!")));
-        }
-    }
-
-}

platform-common/src/main/java/com/platform/shiro/UserRealm.java

@@ -1,5 +1,6 @@
 package com.platform.shiro;
 
+import com.auth0.jwt.JWT;
 import com.alibaba.fastjson.JSONObject;
 import com.platform.cache.J2CacheUtils;
 import com.platform.dao.SysMenuDao;
@@ -7,9 +8,13 @@ import com.platform.dao.SysUserDao;
 import com.platform.dao.SysUserRoleDao;
 import com.platform.entity.SysMenuEntity;
 import com.platform.entity.SysUserEntity;
+import com.platform.shiro.jwt.JwtToken;
 import com.platform.service.impl.ZhiHouseService;
 import com.platform.utils.Constant;
+import com.platform.utils.JwtUtil;
 import com.platform.vos.CurrentUserLoginVo;
+import io.jsonwebtoken.Claims;
+import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang.StringUtils;
 import org.apache.shiro.SecurityUtils;
 import org.apache.shiro.authc.*;
@@ -31,6 +36,7 @@ import java.util.*;
  * @author lipengjun
  * @date 2017年11月19日 上午9:49:19
  */
+@Slf4j
 public class UserRealm extends AuthorizingRealm {
     @Autowired
     private SysUserDao sysUserDao;
@@ -43,25 +49,34 @@ public class UserRealm extends AuthorizingRealm {
     @Autowired
     private ZhiHouseService zhiHouseService;
 
+    @Override
+    public boolean supports(AuthenticationToken token) {
+        return token instanceof JwtToken;
+    }
+
+
     /**
      * 授权(验证权限时调用)
      */
     @Override
     protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
-        SysUserEntity user = (SysUserEntity) principals.getPrimaryPrincipal();
-        Long userId = user.getUserId();
+
+//        Claims claims = JwtUtil.parseJWT(principals.toString());
+//        Long userId = Long.valueOf(claims.get("id", String.class));
+
+      SysUserEntity user = (SysUserEntity) principals.getPrimaryPrincipal();
 
         List<String> permsList;
 
         //系统管理员，拥有最高权限
-        if (userId == Constant.SUPER_ADMIN) {
+        if (user.getUserId() == Constant.SUPER_ADMIN) {
             List<SysMenuEntity> menuList = sysMenuDao.queryList(new HashMap<>());
             permsList = new ArrayList<>(menuList.size());
             for (SysMenuEntity menu : menuList) {
                 permsList.add(menu.getPerms());
             }
         } else {
-            permsList = sysUserDao.queryAllPerms(userId);
+            permsList = sysUserDao.queryAllPerms(user.getUserId());
         }
         //用户权限列表
         Set<String> permsSet = new HashSet<String>();
@@ -84,12 +99,15 @@ public class UserRealm extends AuthorizingRealm {
      */
     @Override
     protected AuthenticationInfo doGetAuthenticationInfo(
-            AuthenticationToken token) throws AuthenticationException {
-        String username = (String) token.getPrincipal();
-        String password = new String((char[]) token.getCredentials());
+            AuthenticationToken auth) throws AuthenticationException {
+        String token = (String) auth.getCredentials();
+        Claims claims = JwtUtil.parseJWT(token);
+        String userId = claims.get("id", String.class);
+        String username = claims.get("username", String.class);
+        String password = claims.get("password", String.class);
 
         //查询用户信息
-        SysUserEntity userEntity = sysUserDao.queryByUserMobile(username);
+        SysUserEntity userEntity = sysUserDao.queryObject(userId);
 
         //账号不存在
         if (userEntity == null) {
@@ -135,7 +153,7 @@ public class UserRealm extends AuthorizingRealm {
         }
         J2CacheUtils.put(Constant.PERMS_LIST + user.getUserId(), permsList);
 
-        SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(user, password, getName());
+        SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(user, token, getName());
         return info;
     }
 

platform-common/src/main/java/com/platform/shiro/jwt/JwtFilter.java

@@ -0,0 +1,102 @@
+package com.platform.shiro.jwt;
+
+import com.alibaba.fastjson.JSON;
+import com.platform.entity.Result;
+import lombok.extern.slf4j.Slf4j;
+import org.apache.shiro.authc.AuthenticationException;
+import org.apache.shiro.authz.UnauthorizedException;
+import org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter;
+import org.apache.shiro.web.util.WebUtils;
+import org.springframework.http.HttpStatus;
+import org.springframework.web.bind.annotation.RequestMethod;
+
+import javax.servlet.ServletOutputStream;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+@Slf4j
+public class JwtFilter extends BasicHttpAuthenticationFilter {
+    private boolean allowOrigin = true;
+
+    public JwtFilter(){}
+    public JwtFilter(boolean allowOrigin){
+        this.allowOrigin = allowOrigin;
+    }
+    /**
+     * 如果带有 token，则对 token 进行检查，否则直接通过
+     */
+    @Override
+    protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) throws UnauthorizedException {
+        try {
+            executeLogin(request, response);
+        } catch (Exception e) {
+            responseError(response);
+        }
+        return true;
+    }
+
+    /**
+     * 判断用户是否想要登入。
+     * 检测 header 里面是否包含 token 字段
+     */
+    @Override
+    protected boolean isLoginAttempt(ServletRequest request, ServletResponse response) {
+        HttpServletRequest req = (HttpServletRequest) request;
+        String token = req.getHeader("token");
+        return token != null;
+    }
+
+    /**
+     * 执行登陆操作
+     */
+    @Override
+    protected boolean executeLogin(ServletRequest request, ServletResponse response) throws Exception {
+        HttpServletRequest httpServletRequest = (HttpServletRequest) request;
+        String token = httpServletRequest.getHeader("token");
+        JwtToken jwtToken = new JwtToken(token);
+        // 提交给realm进行登入，如果错误它会抛出异常并被捕获
+        getSubject(request, response).login(jwtToken);
+        // 如果没有抛出异常则代表登入成功，返回true
+        return true;
+    }
+
+    /**
+     * 对跨域提供支持
+     */
+    @Override
+    protected boolean preHandle(ServletRequest request, ServletResponse response) throws Exception {
+        HttpServletRequest httpServletRequest = (HttpServletRequest) request;
+        HttpServletResponse httpServletResponse = (HttpServletResponse) response;
+        httpServletResponse.setHeader("Access-control-Allow-Origin", httpServletRequest.getHeader("Origin"));
+        httpServletResponse.setHeader("Access-Control-Allow-Methods", "GET,POST,OPTIONS,PUT,DELETE");
+        httpServletResponse.setHeader("Access-Control-Allow-Headers", httpServletRequest.getHeader("Access-Control-Request-Headers"));
+        //前后端分离，shiro过滤器配置引起的跨域问题
+        // 是否允许发送Cookie，默认Cookie不包括在CORS请求之中。设为true时，表示服务器允许Cookie包含在请求中。
+        httpServletResponse.setHeader("Access-Control-Allow-Credentials", "true");
+        //前后端分离，shiro过滤器配置引起的跨域问题
+        // 跨域时会首先发送一个option请求，这里我们给option请求直接返回正常状态
+        if (httpServletRequest.getMethod().equals(RequestMethod.OPTIONS.name())) {
+            httpServletResponse.setStatus(HttpStatus.OK.value());
+            return false;
+        }
+        return super.preHandle(request, response);
+    }
+
+    /**
+     * 非法请求返回401，前端拦截到登录页
+     */
+    private void responseError(ServletResponse response) {
+        HttpServletResponse httpServletResponse = WebUtils.toHttp(response);
+        httpServletResponse.setStatus(HttpStatus.UNAUTHORIZED.value());
+        httpServletResponse.setCharacterEncoding("UTF-8");
+        httpServletResponse.setContentType("application/json; charset=utf-8");
+        try (ServletOutputStream out = httpServletResponse.getOutputStream()) {
+            out.write(JSON.toJSONString(Result.failure(401,"身份验证失败，请重新登陆！")).getBytes("utf-8"));
+        } catch (IOException e) {
+            throw new AuthenticationException("直接返回Response信息出现IOException异常:" + e.getMessage());
+        }
+    }
+}

platform-common/src/main/java/com/platform/shiro/jwt/JwtToken.java

@@ -0,0 +1,24 @@
+package com.platform.shiro.jwt;
+
+import org.apache.shiro.authc.AuthenticationToken;
+
+public class JwtToken implements AuthenticationToken {
+
+    private String token;
+
+    public JwtToken(String token) {
+        this.token = token;
+    }
+
+    @Override
+    public Object getPrincipal() {
+        return token;
+    }
+
+    @Override
+    public Object getCredentials() {
+        return token;
+    }
+
+}
+

platform-common/src/main/java/com/platform/utils/JwtUtil.java

@@ -0,0 +1,139 @@
+package com.platform.utils;
+
+import com.auth0.jwt.JWT;
+import com.auth0.jwt.exceptions.JWTDecodeException;
+import com.auth0.jwt.interfaces.DecodedJWT;
+import io.jsonwebtoken.Claims;
+import io.jsonwebtoken.JwtBuilder;
+import io.jsonwebtoken.Jwts;
+import io.jsonwebtoken.SignatureAlgorithm;
+import org.springframework.util.ObjectUtils;
+import org.springframework.util.StringUtils;
+
+import java.util.Date;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.UUID;
+
+/**
+ * Created by Hb_zzZ on 2018/12/7.
+ */
+public class JwtUtil {
+
+    /**
+     * 用户登录成功后生成Jwt
+     * 使用Hs256算法  私匙使用用户密码
+     *
+     * @param ttlMillis jwt过期时间
+     * @param map      登录成功的user对象
+     * @return
+     */
+    public static String createJWT(long ttlMillis, Map<String, String> map) {
+        //指定签名的时候使用的签名算法，也就是header那部分，jjwt已经将这部分内容封装好了。
+        SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.HS256;
+
+        //生成JWT的时间
+        long nowMillis = System.currentTimeMillis();
+        Date now = new Date(nowMillis);
+
+        //创建payload的私有声明（根据特定的业务需要添加，如果要拿这个做验证，一般是需要和jwt的接收方提前沟通好验证方式的）
+        Map<String, Object> claims = new HashMap<String, Object>();
+        claims.put("id", map.get("id"));
+        claims.put("username", map.get("username"));
+        if(map.containsKey("sceneNum")){
+            claims.put("sceneNum", map.get("sceneNum"));
+        }
+        claims.put("password", StringUtils.isEmpty(map.get("password")) ? "4dage" : map.get("password"));
+
+        //生成签名的时候使用的秘钥secret,这个方法本地封装了的，一般可以从本地配置文件中读取，切记这个秘钥不能外露哦。它就是你服务端的私钥，在任何场景都不应该流露出去。一旦客户端得知这个secret, 那就意味着客户端是可以自我签发jwt了。
+        String key = "zhiHouse_4dage";
+
+        //生成签发人
+        String subject = map.get("username");
+
+
+
+        //下面就是在为payload添加各种标准声明和私有声明了
+        //这里其实就是new一个JwtBuilder，设置jwt的body
+        JwtBuilder builder = Jwts.builder()
+                //如果有私有声明，一定要先设置这个自己创建的私有的声明，这个是给builder的claim赋值，一旦写在标准的声明赋值之后，就是覆盖了那些标准的声明的
+                .setClaims(claims)
+                //设置jti(JWT ID)：是JWT的唯一标识，根据业务需要，这个可以设置为一个不重复的值，主要用来作为一次性token,从而回避重放攻击。
+                .setId(UUID.randomUUID().toString())
+                //iat: jwt的签发时间
+                .setIssuedAt(now)
+                //代表这个JWT的主体，即它的所有人，这个是一个json格式的字符串，可以存放什么userid，roldid之类的，作为什么用户的唯一标志。
+                .setSubject(subject)
+                //设置签名使用的签名算法和签名使用的秘钥
+                .signWith(signatureAlgorithm, key);
+        if (ttlMillis >= 0) {
+            long expMillis = nowMillis + ttlMillis;
+            Date exp = new Date(expMillis);
+            //设置过期时间
+            builder.setExpiration(exp);
+        }
+        return builder.compact();
+    }
+
+
+    /**
+     * Token的解密
+     * @param token 加密后的token
+     * @return
+     */
+    public static Claims parseJWT(String token) {
+        if(ObjectUtils.isEmpty(token)){
+            throw new RRException("token为空",-1);
+        }
+        //签名秘钥，和生成的签名的秘钥一模一样
+        String key = "zhiHouse_4dage";
+
+        //得到DefaultJwtParser
+        Claims claims = Jwts.parser()
+                //设置签名的秘钥
+                .setSigningKey(key)
+                //设置需要解析的jwt
+                .parseClaimsJws(token).getBody();
+        return claims;
+    }
+
+
+
+
+    /**
+     * 校验token
+     * 在这里可以使用官方的校验，我这里校验的是token中携带的密码于数据库一致的话就校验通过
+     * @param token
+     * @param map
+     * @return
+     */
+    public static Boolean isVerify(String token, Map<String, String> map) {
+        //签名秘钥，和生成的签名的秘钥一模一样
+        String key = map.get("password");
+
+        //得到DefaultJwtParser
+        Claims claims = Jwts.parser()
+                //设置签名的秘钥
+                .setSigningKey(key)
+                //设置需要解析的jwt
+                .parseClaimsJws(token).getBody();
+
+        if (claims.get("password").equals(map.get("password"))) {
+            return true;
+        }
+
+        return false;
+    }
+
+    public static void main(String[] args) {
+//        Map<String, String> map = new HashMap<>();
+//        map.put("id","1");
+//        map.put("username","13800138000");
+//        map.put("password","123456");
+//        String token = createJWT(-1, map);
+//        System.out.println("token:" + token);
+
+        Claims claims = parseJWT("eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxMzg4ODg4ODg4OCIsInBhc3N3b3JkIjoiemZiODg4ODg4IiwiaWQiOiIxMDExIiwiaWF0IjoxNTQ2ODMxOTQzLCJqdGkiOiI3NjQwM2VhMy0xMTcyLTQ0NzYtOGU0NC05OTEwZmIxMmQ4YjciLCJ1c2VybmFtZSI6IjEzODg4ODg4ODg4In0.Yd9fTEtg2j2C7u6dNL4o0DOHn85UOfe8fbmhdnt5Hbk");
+        System.out.println(claims.get("username", String.class));
+    }
+}

platform-common/src/main/java/com/platform/utils/ShiroUtils.java

@@ -23,7 +23,8 @@ public class ShiroUtils {
     }
 
     public static CurrentUserLoginVo getUserEntity() {
-        return (CurrentUserLoginVo) SecurityUtils.getSubject().getPrincipal();
+        Subject subject = SecurityUtils.getSubject();
+        return (CurrentUserLoginVo) subject.getPrincipal();
     }
 
     public static Long getUserId() {

platform-common/src/main/resources/platform-shiro.xml

@@ -1,9 +1,8 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <beans xmlns="http://www.springframework.org/schema/beans"
-	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-	xsi:schemaLocation="
-        http://www.springframework.org/schema/beans 
-        http://www.springframework.org/schema/beans/spring-beans-4.2.xsd">
+	   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:util="http://www.springframework.org/schema/util"
+	   xsi:schemaLocation="http://www.springframework.org/schema/beans
+        http://www.springframework.org/schema/beans/spring-beans-4.2.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd">
 
 	<!-- 继承自AuthorizingRealm的自定义Realm,即指定Shiro验证用户登录的类为自定义的UserRealm.java -->  
 	<bean id="userRealm" class="com.platform.shiro.UserRealm"/>
@@ -25,16 +24,23 @@
 		<property name="sessionManager" ref="sessionManager"></property>
 	    <property name="realm" ref="userRealm"/>
 	</bean>
-
+	<bean id="JwtFilter" class="com.platform.shiro.jwt.JwtFilter">
+	</bean>
 	<!-- Shiro主过滤器本身功能十分强大,其强大之处就在于它支持任何基于URL路径表达式的、自定义的过滤器的执行 -->
 	<!-- Web应用中,Shiro可控制的Web请求必须经过Shiro主过滤器的拦截,Shiro对基于Spring的Web应用提供了完美的支持 -->
 	<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
 	    <!-- Shiro的核心安全接口,这个属性是必须的 -->
 	    <property name="securityManager" ref="securityManager"/>
 	    <!-- 要求登录时的链接(可根据项目的URL进行替换),非必须的属性,默认会自动寻找Web工程根目录下的"/login.html"页面 -->
-	    <property name="loginUrl" value="/login.do"/>
-	    <!-- 登录成功后要跳转的连接 -->
-	    <property name="successUrl" value="/index.html"/>
+		<property name="filters">
+			<util:map>
+				<!-- key 定义 Filter的别名，而 value-ref 对应上面bean的id -->
+				<entry key="jwt" value-ref="JwtFilter"/>
+			</util:map>
+		</property>
+		<property name="loginUrl" value="/loginFilet"/>
+		<!-- 登录成功后要跳转的连接 -->
+		<property name="successUrl" value="/index.html"/>
 	    <!-- 用户访问未对其授权的资源时,所显示的连接 -->
 	    <!-- 若想更明显的测试此属性可以修改它的值,如unauthor.jsp,然后用[玄玉]登录后访问/admin/listUser.jsp就看见浏览器会显示unauthor.jsp -->
 	    <property name="unauthorizedUrl" value="/"/>
@@ -61,7 +67,7 @@
 				/app/census/getSceneCensus=anon
 				/app/census/addGoodsQueryNum=anon
 				/goods/getGoodsDetail=anon
-	        	/**=authc
+	        	/**=jwt
 	        </value>
 	    </property>
 	</bean>

platform-framework/src/main/java/com/platform/PlatformApplication.java

@@ -0,0 +1,8 @@
+//package com.platform;
+//
+//@SpringBootApplication
+//public class PlatformApplication {
+//    public static void main(String[] args) {
+//        SpringApplication.run(PlatformApplication.class, args);
+//    }
+//}

pom.xml

@@ -14,6 +14,12 @@
         <module>platform-shop</module>
         <module>platform-framework</module>
     </modules>
+<!--    <parent>-->
+<!--        <groupId>org.springframework.boot</groupId>-->
+<!--        <artifactId>spring-boot-starter-parent</artifactId>-->
+<!--        <version>2.3.12.RELEASE</version>-->
+<!--        <relativePath/>-->
+<!--    </parent>-->
 
     <properties>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>