Spring Security 使用JWT維護用戶信息狂鞋,jwt替代session

使用form表單登錄
使用JWT維護用戶狀態(tài)

項目源碼:https://github.com/dk980241/spring-boot-security-demo

site.yuyanjia.springbootsecuritydemo.config.JwtWebSecurityConfig

  • 有點看不懂網(wǎng)上很多文章都是寫spring security使用jwt登錄的著淆,個人理解jwt不應(yīng)該是維護用戶信息的嗎劫狠,和session功能類似拴疤,屬于登錄后的事物。
  • session將用戶信息維護在服務(wù)端嘉熊。
  • jwt將用戶信息維護再客戶端遥赚,服務(wù)端校驗成功后,信任用戶信息阐肤。

提示

  • 為了方便查看凫佛,還是將很多自定類寫成了內(nèi)部類,根據(jù)需要自行拆分孕惜。
  • 關(guān)鍵點都寫在注釋中愧薛,都是關(guān)于jwt的注釋,spring security的請查看其他文章
  • 兩個類JwtWebSecurityConfig.java, JwtUtil.java

代碼

JwtWebSecurityConfig

package site.yuyanjia.springbootsecuritydemo.config;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.http.HttpMethod;
import org.springframework.http.MediaType;
import org.springframework.security.access.AccessDecisionManager;
import org.springframework.security.access.AccessDecisionVoter;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.SecurityConfig;
import org.springframework.security.access.vote.AffirmativeBased;
import org.springframework.security.access.vote.UnanimousBased;
import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.DisabledException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.config.annotation.ObjectPostProcessor;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.security.web.access.expression.WebExpressionVoter;
import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
import org.springframework.security.web.context.HttpRequestResponseHolder;
import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
import org.springframework.security.web.context.SecurityContextPersistenceFilter;
import org.springframework.security.web.context.SecurityContextRepository;
import org.springframework.security.web.session.SessionManagementFilter;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsConfigurationSource;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import site.yuyanjia.springbootsecuritydemo.dao.WebUserDao;
import site.yuyanjia.springbootsecuritydemo.security.WebUserDetail;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import java.util.Set;

/**
 * jwt 安全配置
 * <p>
 * 基于form表單
 *
 * @author seer
 * @date 2020/7/16 10:01
 */
@Configuration
@EnableWebSecurity
@SuppressWarnings("all")
public class JwtWebSecurityConfig extends WebSecurityConfigurerAdapter {

    private static final Logger log = LoggerFactory.getLogger(JwtWebSecurityConfig.class);

    /**
     * 成功
     */
    private static final String SUCCESS = "{\"result_code\": \"00000\", \"result_msg\": \"處理成功\"}";

    /**
     * 失敗
     */
    private static final String FAILED = "{\"result_code\": \"99999\", \"result_msg\": \"處理失敗\"}";

    /**
     * 登錄過期
     */
    private static final String LOGIN_EXPIRE = "{\"result_code\": \"10001\", \"result_msg\": \"登錄過期\"}";

    /**
     * 權(quán)限限制
     */
    private static final String ROLE_LIMIT = "{\"result_code\": \"10002\", \"result_msg\": \"權(quán)限不足\"}";

    /**
     * 登錄 URL
     */
    private static final String LOGIN_URL = "/authc/login";

    /**
     * 登出 URL
     */
    private static final String LOGOUT_URL = "/authc/logout";

    /**
     * 授權(quán) URL
     */
    private static final String AUTH_URL = "/authc/";

    /**
     * 授權(quán) URL 正則
     */
    private static final String AUTH_URL_REG = AUTH_URL + "**";

    /**
     * 登錄用戶名參數(shù)名
     */
    private static final String LOGIN_NAME = "username";

    /**
     * 登錄密碼參數(shù)名
     */
    private static final String LOGIN_PWD = "password";

    /**
     * 記住登錄參數(shù)名
     */
    private static final String REMEMBER_ME = "rememberMe";

    /**
     * token有效時間10天
     * 框架實現(xiàn) {@link RememberMeConfigurer#tokenValiditySeconds}
     * 此處使用redis實現(xiàn)
     */
    private static final Long TOKEN_VALID_DAYS = 10L;

    @Autowired
    private UserDetailsService webUserDetailsService;

    @Autowired
    private WebUserDao webUserDao;

    @Autowired
    private RedisTemplate redisTemplate;

    /**
     * cors跨域
     *
     * @return object
     */
    @Bean
    public CorsConfigurationSource corsConfigurationSource() {
        CorsConfiguration corsConfiguration = new CorsConfiguration();
        corsConfiguration.addAllowedOrigin("*");
        corsConfiguration.addAllowedHeader("*");
        corsConfiguration.addAllowedMethod("*");
        corsConfiguration.setAllowCredentials(true);
        corsConfiguration.setMaxAge(3600L);
        corsConfiguration.addExposedHeader("access-control-allow-methods");
        corsConfiguration.addExposedHeader("access-control-allow-headers");
        corsConfiguration.addExposedHeader("access-control-allow-origin");
        corsConfiguration.addExposedHeader("access-control-max-age");
        corsConfiguration.addExposedHeader("X-Frame-Options");

        UrlBasedCorsConfigurationSource configurationSource = new UrlBasedCorsConfigurationSource();
        configurationSource.registerCorsConfiguration(AUTH_URL_REG, corsConfiguration);
        return configurationSource;
    }

    /**
     * http安全配置
     * <p>
     * 使用原生form表單登錄 {@link org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter}
     * 使用jwt 維護用戶狀態(tài) {@link JwtSecurityContextRepository}
     * 登錄成功生成jwt {@link DefinedAuthenticationSuccessHandler}
     * <p>
     * {@link SecurityContextPersistenceFilter}
     * {@link SessionManagementFilter}
     * 默認使用 {@link HttpSessionSecurityContextRepository} 基于session管理用戶信息
     * <p>
     * jwt不基于服務(wù)端狀態(tài)衫画,
     * 自定義{@link JwtSecurityContextRepository}維護用戶信息
     *
     * @param http http
     * @throws Exception exception
     */
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .cors()
                .and()
                .csrf().disable();

        http
                .exceptionHandling()
                .accessDeniedHandler(new DefinedAccessDeniedHandler())
                .authenticationEntryPoint(new DefinedAuthenticationEntryPoint());

        http
                .authorizeRequests()
                .accessDecisionManager(accessDecisionManager())
                .withObjectPostProcessor(new DefindeObjectPostProcessor());

        http
                .authorizeRequests()
                .antMatchers(AUTH_URL_REG).authenticated()
                .antMatchers(HttpMethod.OPTIONS).permitAll()
                .anyRequest().permitAll();

        http
                .formLogin()
                .usernameParameter(LOGIN_NAME)
                .passwordParameter(LOGIN_PWD)
                .loginProcessingUrl(LOGIN_URL)
                .successHandler(new DefinedAuthenticationSuccessHandler())
                .failureHandler(new DefindeAuthenticationFailureHandler());

        http
                .logout()
                .logoutUrl(LOGOUT_URL)
                .invalidateHttpSession(true)
                .invalidateHttpSession(true)
                .logoutSuccessHandler(new DefinedLogoutSuccessHandler());

        // 詳見注釋
        http
                .addFilterAt(new SecurityContextPersistenceFilter(new JwtSecurityContextRepository()), SecurityContextPersistenceFilter.class)
                .addFilterAt(new SessionManagementFilter(new JwtSecurityContextRepository()), SessionManagementFilter.class);
    }

    /**
     * 配置登錄驗證
     *
     * @param auth auth
     * @throws Exception exception
     */
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(webUserDetailsService);
        auth.authenticationProvider(new AuthenticationProvider() {
            @Override
            public Authentication authenticate(Authentication authentication) throws AuthenticationException {
                String loginUsername = authentication.getName();
                String loginPassword = (String) authentication.getCredentials();
                log.info("用戶登錄毫炉,用戶名 [{}],密碼 [{}]", loginUsername, loginPassword);

                WebUserDetail webUserDetail = (WebUserDetail) webUserDetailsService.loadUserByUsername(loginUsername);
                // 此處自定義密碼加密處理規(guī)則
                if (!loginPassword.equals(webUserDetail.getPassword())) {
                    throw new DisabledException("用戶登錄削罩,密碼錯誤");
                }

                return new UsernamePasswordAuthenticationToken(webUserDetail, webUserDetail.getPassword(), webUserDetail.getAuthorities());
            }

            /**
             * 支持使用此方法驗證
             *
             * @param aClass aClass
             * @return 沒有特殊處理瞄勾,返回true,否則不會用這個配置進行驗證
             */
            @Override
            public boolean supports(Class<?> aClass) {
                return true;
            }
        });
    }

    /**
     * 決策管理
     * {@link AffirmativeBased} 有一個贊成即可通過
     * {@link UnanimousBased} 不適用同權(quán)限歸屬多角色場景
     *
     * @return object
     */
    private AccessDecisionManager accessDecisionManager() {
        List<AccessDecisionVoter<? extends Object>> decisionVoters = new ArrayList<>();
        decisionVoters.add(new WebExpressionVoter());
        decisionVoters.add(new UrlRoleVoter());
        AffirmativeBased based = new AffirmativeBased(decisionVoters);
        return based;
    }

    class DefindeObjectPostProcessor implements ObjectPostProcessor<FilterSecurityInterceptor> {
        @Override
        public <O extends FilterSecurityInterceptor> O postProcess(O object) {
            object.setSecurityMetadataSource(new DefinedFilterInvocationSecurityMetadataSource());
            return object;
        }
    }

    /**
     * {@link org.springframework.security.access.vote.RoleVoter}
     */
    class UrlRoleVoter implements AccessDecisionVoter<Object> {

        @Override
        public boolean supports(ConfigAttribute attribute) {
            if (null == attribute.getAttribute()) {
                return false;
            }
            return true;
        }

        @Override
        public boolean supports(Class<?> clazz) {
            return true;
        }

        @Override
        public int vote(Authentication authentication, Object object, Collection<ConfigAttribute> attributes) {
            if (null == authentication) {
                return ACCESS_DENIED;
            }
            int result = ACCESS_ABSTAIN;
            Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();

            for (ConfigAttribute attribute : attributes) {
                if (this.supports(attribute)) {
                    result = ACCESS_DENIED;
                    for (GrantedAuthority authority : authorities) {
                        if (attribute.getAttribute().equals(authority.getAuthority())) {
                            return ACCESS_GRANTED;
                        }
                    }
                }
            }
            return result;
        }
    }

    /**
     * 權(quán)限驗證數(shù)據(jù)源
     * <p>
     * 此處實現(xiàn)
     * 從數(shù)據(jù)庫中獲取URL對應(yīng)的role信息
     */
    class DefinedFilterInvocationSecurityMetadataSource implements FilterInvocationSecurityMetadataSource {
        @Override
        public Collection<ConfigAttribute> getAttributes(Object o) throws IllegalArgumentException {
            String requestUrl = ((FilterInvocation) o).getRequestUrl();
            // 不需要授權(quán)的URL 無需查詢歸屬角色
            if (!requestUrl.startsWith(AUTH_URL)) {
                return SecurityConfig.createList();
            }
            List<String> roleIds = webUserDao.listRoleByUrl(requestUrl);
            return SecurityConfig.createList(roleIds.toArray(new String[0]));
        }

        @Override
        public Collection<ConfigAttribute> getAllConfigAttributes() {
            return null;
        }

        @Override
        public boolean supports(Class<?> aClass) {
            return FilterInvocation.class.isAssignableFrom(aClass);
        }
    }

    /**
     * 權(quán)限拒絕handler
     */
    class DefinedAccessDeniedHandler implements AccessDeniedHandler {
        @Override
        public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException) throws IOException, ServletException {
            if (log.isDebugEnabled()) {
                log.debug("權(quán)限不足 [{}]", accessDeniedException.getMessage());
            }
            response.setContentType(MediaType.APPLICATION_JSON_UTF8_VALUE);
            response.getWriter().write(ROLE_LIMIT);
        }
    }

    /**
     * 授權(quán)入口
     * 登錄過期
     */
    class DefinedAuthenticationEntryPoint implements AuthenticationEntryPoint {
        @Override
        public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException, ServletException {
            if (log.isDebugEnabled()) {
                log.debug("登錄過期 [{}]", authException.getMessage());
            }
            response.setContentType(MediaType.APPLICATION_JSON_UTF8_VALUE);
            response.getWriter().write(LOGIN_EXPIRE);
        }
    }

    /**
     * 授權(quán)成功handler
     */
    class DefinedAuthenticationSuccessHandler implements AuthenticationSuccessHandler {
        @Override
        public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
            Collection<? extends GrantedAuthority> roles = authentication.getAuthorities();
            // jwt token
            String token = JwtUtil.generateToken(authentication.getName(), roles);
            log.info("用戶登錄成功 {} {} {}", authentication.getName(), authentication.getAuthorities(), token);
            response.setHeader(JwtUtil.HEADER, token);
            // 獲取登錄成功信息
            response.setContentType(MediaType.APPLICATION_JSON_UTF8_VALUE);
            response.getWriter().write(SUCCESS);
        }
    }

    /**
     * 授權(quán)失敗handler
     */
    class DefindeAuthenticationFailureHandler implements AuthenticationFailureHandler {
        @Override
        public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException, ServletException {
            log.info("用戶登錄失敗 [{}]", exception.getMessage());
            response.setContentType(MediaType.APPLICATION_JSON_UTF8_VALUE);
            response.getWriter().write(FAILED);
        }
    }

    /**
     * 注銷成功hanlder
     */
    class DefinedLogoutSuccessHandler implements LogoutSuccessHandler {
        @Override
        public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
            log.info("注銷成功 [{}]", null != authentication ? authentication.getName() : null);
            response.setContentType(MediaType.APPLICATION_JSON_UTF8_VALUE);
            response.getWriter().write(SUCCESS);
        }
    }

    /**
     * JwtSecurityContextRepository
     */
    class JwtSecurityContextRepository implements SecurityContextRepository {

        @Override
        public SecurityContext loadContext(HttpRequestResponseHolder requestResponseHolder) {
            HttpServletRequest request = requestResponseHolder.getRequest();
            String authToken = request.getHeader(JwtUtil.HEADER);
            if (null == authToken) {
                if (log.isDebugEnabled()) {
                    log.debug("No SecurityContext was available, A new one will be created.");
                }
                return SecurityContextHolder.createEmptyContext();
            }

            if (!JwtUtil.isValid(authToken)) {
                if (log.isDebugEnabled()) {
                    log.debug("jwt 無效");
                }
                return SecurityContextHolder.createEmptyContext();
            }
            String username = JwtUtil.getUserName(authToken);
            Set<SimpleGrantedAuthority> roleSet = JwtUtil.getRoles(authToken);
            if (log.isDebugEnabled()) {
                log.debug("jwt username {} {}", username, roleSet);
            }
            SecurityContext securityContext = SecurityContextHolder.createEmptyContext();
            JwtAuthenticationToken authenticationToken = new JwtAuthenticationToken(username, roleSet);
            securityContext.setAuthentication(authenticationToken);
            return securityContext;
        }

        @Override
        public void saveContext(SecurityContext context, HttpServletRequest request, HttpServletResponse response) {
            if (log.isDebugEnabled()) {
                log.debug("jwt 無需服務(wù)端保存狀態(tài)");
            }
        }

        /**
         * Allows the repository to be queried as to whether it contains a security context
         * for the current request.
         *
         * @param request the current request
         * @return true if a context is found for the request, false otherwise
         */
        @Override
        public boolean containsContext(HttpServletRequest request) {
            String authToken = request.getHeader(JwtUtil.HEADER);
            return null != authToken && !authToken.isEmpty();
        }
    }

    /**
     * JwtAuthenticationToken
     */
    class JwtAuthenticationToken extends AbstractAuthenticationToken {
        private String username;

        /**
         * init
         *
         * @param username    用戶名
         * @param authorities 角色
         */
        public JwtAuthenticationToken(String username, Collection<? extends GrantedAuthority> authorities) {
            super(authorities);
            this.username = username;
        }

        /**
         * jwt 已做驗證 {@link JwtUtil#isValid(String)}
         *
         * @return object
         */
        @Override
        public Object getCredentials() {
            return null;
        }

        @Override
        public Object getPrincipal() {
            return username;
        }

        /**
         * jwt 已做驗證 {@link JwtUtil#isValid(String)}
         *
         * @return true
         */
        @Override
        public boolean isAuthenticated() {
            return true;
        }
    }
}

JwtUtil

package site.yuyanjia.springbootsecuritydemo.config;

import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import io.jsonwebtoken.SignatureException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;

import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.HashSet;
import java.util.List;
import java.util.Set;

/**
 * JwtUtil
 * <p>
 * TOKEN: eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJ5dXlhbmppYSIsImlhdCI6MTU5NDg2NTgyNSwiZXhwIjoxNTk1NDcwNjI0fQ.jrSiu-2AcTJfk5KZlecdFyjr3_JXjfNtrcAXIxyDDbE
 * 組成: HEADER.PAYLOAD.SIGNATURE
 * 翻譯:
 * HEADER: { "alg": "HS256" }
 * PAYLOAD: { "sub": "yuyanjia", "iat": 1594865825, "exp": 1595470624 }
 * SIGNATURE: HMACSHA256( base64UrlEncode(header) + "." + base64UrlEncode(payload),SECRET)
 *
 * @author seer
 * @date 2020/7/16 8:59
 */
public class JwtUtil {
    private static final Logger log = LoggerFactory.getLogger(JwtUtil.class);

    /**
     * token 有效時間我 7天
     */
    private final static long TOKEN_LIFETIME = 1000L * 60 * 60 * 24 * 7;

    /**
     * 算法
     */
    private final static SignatureAlgorithm ALGORITHM = SignatureAlgorithm.HS256;

    /**
     * 密鑰
     */
    private final static String SECRET = "1234-abcd-DCBA-4321";

    /**
     * token head
     */
    public final static String HEADER = "Authorization";

    /**
     * payload 角色組
     */
    public final static String PAYLOAD_ROLES = "roles";

    /**
     * token 是否有效
     *
     * @param token token
     * @return true 有效
     */
    public static boolean isValid(String token) {
        Date expiredDate;
        try {
            expiredDate = parseToken(token).getExpiration();
        } catch (SignatureException e) {
            if (log.isDebugEnabled()) {
                log.debug("簽名驗證失敗");
            }
            return false;
        }
        return expiredDate.after(new Date());
    }

    /**
     * 獲取用戶名
     *
     * @param token token
     * @return object
     */
    public static String getUserName(String token) {
        Claims claims = parseToken(token);
        return claims.getSubject();
    }

    /**
     * 獲取角色
     *
     * @param token token
     * @return object
     */
    public static Set<SimpleGrantedAuthority> getRoles(String token) {
        Claims claims = parseToken(token);
        Object roleObj = claims.get(PAYLOAD_ROLES);
        if (!(roleObj instanceof List)) {
            return Collections.emptySet();
        }
        List<String> roles = (List<String>) roleObj;
        Set<SimpleGrantedAuthority> roleSet = new HashSet<>();
        for (String role : roles) {
            roleSet.add(new SimpleGrantedAuthority(role));
        }
        return roleSet;
    }

    /**
     * 生成token
     * <p>
     * sub: 用戶名
     * roles: 角色數(shù)組
     * <p>
     * iss: jwt簽發(fā)者
     * sub: jwt所面向的用戶
     * aud: 接收jwt的一方
     * exp: jwt的過期時間弥激,這個過期時間必須要大于簽發(fā)時間
     * nbf: 定義在什么時間之前进陡,該jwt都是不可用的
     * iat: jwt的簽發(fā)時間
     * jti: jwt的唯一身份標識,主要用來作為一次性token,從而回避重放攻擊
     *
     * @param username username
     * @param roles    roles
     * @return object
     */
    public static String generateToken(String username, Collection<? extends GrantedAuthority> roles) {
        Set<String> roleSet = new HashSet<>();
        for (GrantedAuthority authority : roles) {
            roleSet.add(authority.getAuthority());
        }
        String[] roleArray = roleSet.toArray(new String[0]);
        Date expireDate = new Date(System.currentTimeMillis() + TOKEN_LIFETIME);
        return Jwts.builder()
                .setSubject(username)
                .setIssuedAt(new Date())
                .setExpiration(expireDate)
                .signWith(ALGORITHM, SECRET)
                .claim(PAYLOAD_ROLES, roleArray)
                .compact();
    }

    /**
     * 解析token
     * <p>
     * 驗簽失敗 {@link io.jsonwebtoken.SignatureException}
     *
     * @param token token
     * @return object
     */
    private static Claims parseToken(String token) {
        return Jwts.parser()
                .setSigningKey(SECRET)
                .parseClaimsJws(token)
                .getBody();
    }
}

最后編輯于
?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請聯(lián)系作者
  • 序言:七十年代末微服,一起剝皮案震驚了整個濱河市趾疚,隨后出現(xiàn)的幾起案子,更是在濱河造成了極大的恐慌以蕴,老刑警劉巖糙麦,帶你破解...
    沈念sama閱讀 211,743評論 6 492
  • 序言:濱河連續(xù)發(fā)生了三起死亡事件,死亡現(xiàn)場離奇詭異丛肮,居然都是意外死亡赡磅,警方通過查閱死者的電腦和手機,發(fā)現(xiàn)死者居然都...
    沈念sama閱讀 90,296評論 3 385
  • 文/潘曉璐 我一進店門宝与,熙熙樓的掌柜王于貴愁眉苦臉地迎上來焚廊,“玉大人,你說我怎么就攤上這事伴鳖〗谥担” “怎么了徙硅?”我有些...
    開封第一講書人閱讀 157,285評論 0 348
  • 文/不壞的土叔 我叫張陵榜聂,是天一觀的道長。 經(jīng)常有香客問我嗓蘑,道長须肆,這世上最難降的妖魔是什么匿乃? 我笑而不...
    開封第一講書人閱讀 56,485評論 1 283
  • 正文 為了忘掉前任,我火速辦了婚禮豌汇,結(jié)果婚禮上幢炸,老公的妹妹穿的比我還像新娘。我一直安慰自己拒贱,他們只是感情好宛徊,可當(dāng)我...
    茶點故事閱讀 65,581評論 6 386
  • 文/花漫 我一把揭開白布。 她就那樣靜靜地躺著逻澳,像睡著了一般闸天。 火紅的嫁衣襯著肌膚如雪。 梳的紋絲不亂的頭發(fā)上斜做,一...
    開封第一講書人閱讀 49,821評論 1 290
  • 那天苞氮,我揣著相機與錄音,去河邊找鬼瓤逼。 笑死笼吟,一個胖子當(dāng)著我的面吹牛,可吹牛的內(nèi)容都是我干的霸旗。 我是一名探鬼主播贷帮,決...
    沈念sama閱讀 38,960評論 3 408
  • 文/蒼蘭香墨 我猛地睜開眼,長吁一口氣:“原來是場噩夢啊……” “哼定硝!你這毒婦竟也來了皿桑?” 一聲冷哼從身側(cè)響起,我...
    開封第一講書人閱讀 37,719評論 0 266
  • 序言:老撾萬榮一對情侶失蹤蔬啡,失蹤者是張志新(化名)和其女友劉穎诲侮,沒想到半個月后,有當(dāng)?shù)厝嗽跇淞掷锇l(fā)現(xiàn)了一具尸體箱蟆,經(jīng)...
    沈念sama閱讀 44,186評論 1 303
  • 正文 獨居荒郊野嶺守林人離奇死亡沟绪,尸身上長有42處帶血的膿包…… 初始之章·張勛 以下內(nèi)容為張勛視角 年9月15日...
    茶點故事閱讀 36,516評論 2 327
  • 正文 我和宋清朗相戀三年,在試婚紗的時候發(fā)現(xiàn)自己被綠了空猜。 大學(xué)時的朋友給我發(fā)了我未婚夫和他白月光在一起吃飯的照片绽慈。...
    茶點故事閱讀 38,650評論 1 340
  • 序言:一個原本活蹦亂跳的男人離奇死亡,死狀恐怖辈毯,靈堂內(nèi)的尸體忽然破棺而出坝疼,到底是詐尸還是另有隱情,我是刑警寧澤谆沃,帶...
    沈念sama閱讀 34,329評論 4 330
  • 正文 年R本政府宣布钝凶,位于F島的核電站,受9級特大地震影響唁影,放射性物質(zhì)發(fā)生泄漏耕陷。R本人自食惡果不足惜掂名,卻給世界環(huán)境...
    茶點故事閱讀 39,936評論 3 313
  • 文/蒙蒙 一、第九天 我趴在偏房一處隱蔽的房頂上張望哟沫。 院中可真熱鬧饺蔑,春花似錦、人聲如沸嗜诀。這莊子的主人今日做“春日...
    開封第一講書人閱讀 30,757評論 0 21
  • 文/蒼蘭香墨 我抬頭看了看天上的太陽隆敢。三九已至肿嘲,卻和暖如春,著一層夾襖步出監(jiān)牢的瞬間筑公,已是汗流浹背雳窟。 一陣腳步聲響...
    開封第一講書人閱讀 31,991評論 1 266
  • 我被黑心中介騙來泰國打工, 沒想到剛下飛機就差點兒被人妖公主榨干…… 1. 我叫王不留匣屡,地道東北人封救。 一個月前我還...
    沈念sama閱讀 46,370評論 2 360
  • 正文 我出身青樓,卻偏偏與公主長得像捣作,于是被迫代替她去往敵國和親誉结。 傳聞我的和親對象是個殘疾皇子,可洞房花燭夜當(dāng)晚...
    茶點故事閱讀 43,527評論 2 349