SpringBoot使用JWT实现Token登录验证
程序员文章站
2022-07-02 23:38:38
...
前言:之前搞了几天没成功…今天最终是写好了!
Token如何实现登录验证:登录时服务器接收用户名密码,如果正确就生成一个Token返回前端,以后每次需要登录才能发起的请求,要在请求头带服务器之前给的Token,正确才能访问。
遇到的几个头大问题:1.在Service层忘了写VO和PO的转换
2.请求时路径写了方法名还一直奇怪为什么404
总结:我是憨憨
但是真的头大了很久!
完整项目代码的github地址(感觉这样更友好一点 第一次在github上传自己的代码)https://github.com/Lirtson/1012c
啊啊啊啊啊啊啊啊啊这个过程中又碰到好多坑,你看它为什么叫c
【WebMvcConfigurer】
package com.example.mytoken.config;
import com.example.mytoken.interceptor.JWTInterceptor;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
@Configuration
public class WebConfiguration implements WebMvcConfigurer {
//spring拦截器加载在springcontentText之前,所以这里用@Bean提前加载。否则会导致过滤器中的@AutoWired注入为空
@Bean
JWTInterceptor jwtInterceptor(){
return new JWTInterceptor();
}
//拦截除登录外的请求
@Override
public void addInterceptors(InterceptorRegistry registry) {
System.out.println("JWT拦截器启动");
registry.addInterceptor(jwtInterceptor())
.excludePathPatterns("/mytoken/login")
.addPathPatterns();
}
}
【HandlerInterceptor】(应该要有全局异常处理,以后加上)
package com.example.mytoken.interceptor;
import com.example.mytoken.utils.JWTUtils;
import org.springframework.stereotype.Component;
import org.springframework.web.servlet.HandlerInterceptor;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.util.Optional;
@Component
public class JWTInterceptor implements HandlerInterceptor {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
// 允许跨域
response.setHeader("Access-Control-Allow-Origin", "*");
// 允许自定义请求头token(允许head跨域)
// response.setHeader("Access-Control-Allow-Headers", "token, Accept, Origin, X-Requested-With, Content-Type, Last-Modified");
//后台管理页面产生的token
String token = request.getHeader("authorization");
//判断是否过期
if(token==null)//return false;这里应该有一个统一异常处理
throw new RuntimeException("token不存在");
Optional.ofNullable(token)
.map(n -> {
try {
return JWTUtils.parseJWT(n);
} catch (Exception e) {
throw new RuntimeException("token不存在");
}
});
return true;
}
【JWTUtils】
package com.example.mytoken.utils;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.JwtBuilder;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import org.apache.commons.codec.binary.Base64;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import java.util.Date;
import java.util.Map;
public class JWTUtils {
//用于生成secret key的stingKey
private static String JWT_SECRET = "asdfghjkl1234567890";
/*
*@author arong
*@description 创建JWT Token
*@param: claims jwt的所含的用于校验的信息
*@param: subject 用户唯一标识
*@param: ttlMillis 过期时间(毫秒)
*@return java.lang.String
*@date 2019/1/19
*/
public static String createJWT(Map claims, String subject, long ttlMillis) throws Exception {
//指定签名的时候使用的签名算法,也就是header那部分,jjwt已经将这部分内容封装好了。
SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.HS256;
//生成JWT的时间
long nowMillis = System.currentTimeMillis();
//将long型的时间毫秒转为日期时间
Date now = new Date(nowMillis);
//生成签名的时候使用的秘钥secret
SecretKey key = generalKey();
//下面就是在为payload添加各种标准声明和私有声明了
JwtBuilder builder = Jwts.builder() //这里其实就是new一个JwtBuilder,设置jwt的body
.setClaims(claims) //如果有私有声明,一定要先设置这个自己创建的私有的声明,这个是给builder的claim赋值,一旦写在标准的声明赋值之后,就是覆盖了那些标准的声明的
.setIssuedAt(now) //iat: jwt的签发时间
.setSubject(subject)//一个json格式的字符串作为用户的唯一标志。
.signWith(signatureAlgorithm, key);//设置签名使用的签名算法和签名使用的秘钥
if (ttlMillis >= 0) {
long expMillis = nowMillis + ttlMillis;
Date exp = new Date(expMillis);
builder.setExpiration(exp); //设置过期时间戳
}
return builder.compact();
}
/*
*@author arong
*@description 通过jwt解析得到claims数据描述对象
*@param: jwt
*@return io.jsonwebtoken.Claims
*@date 2019/1/19
*/
public static Claims parseJWT(String jwt) throws Exception{
//得到原来的签名秘钥,用其才能解析JWT
SecretKey key = generalKey();
//得到 DefaultJwtParser
Claims claims = Jwts.parser()
.setSigningKey(key) //设置签名的秘钥
.parseClaimsJws(jwt).getBody();//设置需要解析的jwt
return claims;
}
/*
*@author arong
*@description
*@param: 生成secret key
*@return javax.crypto.SecretKey
*@date 2019/1/19
*/
private static SecretKey generalKey(){
//stringKey
String stringKey = JWT_SECRET;
// 使用base64解码
byte[] encodedKey = Base64.decodeBase64(stringKey);
// 根据给定的字节数组使用AES加密算法构造一个**
SecretKey secretKey = new SecretKeySpec(encodedKey, 0, encodedKey.length, "AES");
return secretKey;
}
}
【MyServiceImpl】
package com.example.mytoken.service;
import com.example.mytoken.jpa.Manager;
import com.example.mytoken.jpa.ManagerRepository;
import com.example.mytoken.jpa.Picture;
import com.example.mytoken.jpa.PictureRepository;
import com.example.mytoken.model.ManagerVO;
import com.example.mytoken.model.PictureVO;
import com.example.mytoken.utils.DozerUtils;
import com.example.mytoken.utils.JWTUtils;
import lombok.extern.slf4j.Slf4j;
import org.dozer.Mapper;
import org.springframework.stereotype.Service;
import javax.annotation.Resource;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Optional;
@Slf4j
@Service
public class MyServiceImpl implements MyService{
@Resource
private PictureRepository pictureRepository;
@Resource
private ManagerRepository managerRepository;
@Resource
private Mapper dozerMapper;
@Override
public List<PictureVO> getAllPicture(){
List<Picture> pictureLis = pictureRepository.findAll();
return DozerUtils.mapList(pictureLis,PictureVO.class);
}
@Override
public PictureVO savePicture(PictureVO picture){
Picture picturePO = dozerMapper.map(picture,Picture.class);
pictureRepository.save(picturePO);
return picture;
}
@Override
public void updatePicture(PictureVO picture){
Picture picturePO = dozerMapper.map(picture,Picture.class);
pictureRepository.save(picturePO);
}
@Override
public void deletePicture(Long id){
pictureRepository.deleteById(id);
}
@Override
public List<ManagerVO> getAllManager(){
List<Manager> managerLis = managerRepository.findAll();
return DozerUtils.mapList(managerLis,ManagerVO.class);
}
@Override
public ManagerVO findManagerById(Long id){
//return managerRepository.findManagerById(id)
Optional<Manager> manager = managerRepository.findById(id);
ManagerVO managerVO = dozerMapper.map(manager.get(),ManagerVO.class);
//articleVO.setReader();
return managerVO;
}
@Override
public String getToken(String username) {
//存入JWT的payload中生成token
Map claims = new HashMap<String,Integer>();
claims.put("admin_username",username);
String subject = "admin";
String token = null;
try {
//该token过期时间为12h
token = JWTUtils.createJWT(claims, subject, 1000*60*60*12 );
} catch (Exception e) {
throw new RuntimeException("创建Token失败");
}
System.out.println("token:"+token);
return token;
}
}
【MyController】
package com.example.mytoken.controller;
import com.example.mytoken.jpa.Manager;
import com.example.mytoken.model.AjaxResponse;
import com.example.mytoken.model.ManagerVO;
import com.example.mytoken.model.PictureVO;
import com.example.mytoken.service.MyServiceImpl;
import lombok.extern.slf4j.Slf4j;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.*;
import javax.annotation.Resource;
import javax.servlet.http.HttpSession;
import java.util.HashMap;
import java.util.Map;
@Slf4j
@RestController
@RequestMapping("/mytoken")
public class MyController {
@Resource
MyServiceImpl myService;
@PostMapping("/picture")
public @ResponseBody AjaxResponse savePicture(@RequestBody PictureVO picture) {
myService.savePicture(picture);
return AjaxResponse.success(picture);
}
@GetMapping("/picture")
public @ResponseBody AjaxResponse getAllPicture(){
return AjaxResponse.success(myService.getAllPicture());
}
@PutMapping("/picture/{id}")
public @ResponseBody AjaxResponse updatePicture(@PathVariable Long id, @RequestBody PictureVO picture){
picture.setId(id);
myService.updatePicture(picture);
return AjaxResponse.success(picture);
}
@DeleteMapping("/picture/{id}")
public @ResponseBody AjaxResponse deletePicture(@PathVariable Long id){
myService.deletePicture(id);
return AjaxResponse.success(id);
}
//登录
@PostMapping("/login")
public @ResponseBody AjaxResponse login(@RequestBody ManagerVO manager, HttpSession session) throws Exception{
ManagerVO manager1=myService.findManagerById(manager.getId());
Boolean isRight=false;
if(manager1.getPwd().equals(manager.getPwd()))
isRight=true;
if (isRight) {
//获取新token,过期时间为12h
String token = myService.getToken(manager.getId().toString());
Map map = new HashMap<String, Integer>();
map.put("username", manager.getId());
map.put("token", token);
return AjaxResponse.success(map);
}
System.out.println("我错了");
return AjaxResponse.fail();
}
}
用Postman测试一下吧
【登录】
【查看所有】GET
在header中加上刚刚POST时服务器返回的Token
上一篇: React高阶组件
推荐阅读
-
使用SpringBoot和SpringSecurity实现 JWT 认证与授权
-
Springboot+SpringSecurity+JWT实现用户登录和权限认证示例
-
使用selenium模拟登录解决滑块验证问题的实现
-
SpringBoot使用JWT实现登录验证的方法示例
-
PHP使用CURL实现对带有验证码的网站进行模拟登录的方法
-
Laravel5.2使用Captcha生成验证码实现登录(session巨坑)
-
vue登录注册及token验证实现代码
-
在node中使用jwt签发与验证token
-
SpringBoot集成JWT实现token验证的流程
-
详解基于JWT的springboot权限验证技术实现