feat(auth): 实现认证功能与Token管理

- 新增AuthController处理登录、登出及Token刷新接口 - 添加CustomDaoAuthenticationProvider支持用户名密码认证 - 引入RefreshTokenAuthenticationToken和RefreshTokenAuthProvider实现刷新令牌认证 - 扩展TokenRedisStorage支持分离存储Access Token与Refresh Token - 更新SecurityProps配置支持独立设置Access与Refresh Token过期时间 - 集成SpringDoc自定义登录/登出API文档 - 添加LoginResponse、TokenRefreshRequest及TokenRefreshResponse DTO类 - 调整WebSecurityConfig以适配新的认证流程与过滤器链配置
2025-11-22 12:05:27 +08:00
parent 5029ae6664
commit c2f2d0518b
15 changed files with 535 additions and 57 deletions
--- a/zkh-web/src/main/java/vip/jcfd/web/auth/CustomDaoAuthenticationProvider.java
+++ b/zkh-web/src/main/java/vip/jcfd/web/auth/CustomDaoAuthenticationProvider.java
@ -0,0 +1,17 @@
+package vip.jcfd.web.auth;
+
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
+import org.springframework.security.core.userdetails.UserDetailsService;
+
+public class CustomDaoAuthenticationProvider extends DaoAuthenticationProvider {
+
+    public CustomDaoAuthenticationProvider(UserDetailsService userDetailsService) {
+        super(userDetailsService);
+    }
+
+    @Override
+    public boolean supports(Class<?> authentication) {
+        return UsernamePasswordAuthenticationToken.class.equals(authentication);
+    }
+}
--- a/zkh-web/src/main/java/vip/jcfd/web/auth/RefreshTokenAuthProvider.java
+++ b/zkh-web/src/main/java/vip/jcfd/web/auth/RefreshTokenAuthProvider.java
@ -0,0 +1,24 @@
+package vip.jcfd.web.auth;
+
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+
+public class RefreshTokenAuthProvider extends DaoAuthenticationProvider {
+
+    public RefreshTokenAuthProvider(UserDetailsService userDetailsService) {
+        super(userDetailsService);
+    }
+
+    @Override
+    protected void additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken authentication) throws AuthenticationException {
+
+    }
+
+    @Override
+    public boolean supports(Class<?> authentication) {
+        return RefreshTokenAuthenticationToken.class.isAssignableFrom(authentication);
+    }
+}
--- a/zkh-web/src/main/java/vip/jcfd/web/auth/RefreshTokenAuthenticationToken.java
+++ b/zkh-web/src/main/java/vip/jcfd/web/auth/RefreshTokenAuthenticationToken.java
@ -0,0 +1,16 @@
+package vip.jcfd.web.auth;
+
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.GrantedAuthority;
+
+import java.util.Collection;
+
+public class RefreshTokenAuthenticationToken extends UsernamePasswordAuthenticationToken {
+    public RefreshTokenAuthenticationToken(Object principal, Object credentials) {
+        super(principal, credentials);
+    }
+
+    public RefreshTokenAuthenticationToken(Object principal, Object credentials, Collection<? extends GrantedAuthority> authorities) {
+        super(principal, credentials, authorities);
+    }
+}