shiro在springboot中一般为统一配置,每个需要的请求都可以用注解拦截和认证。在springcloud中,你可以单拉一个shiro模块,每个模块pom文件引入这个shiro模块,也可以只在网关模块配置shiro。
如果只是实现请求拦截,spring拦截器和注解AOP也方便实现。但本文拉入了shiro,原理是同spirng拦截器实现的,具体如下。
引入shiro/jwt/session实现所需依赖:
<dependency>
<groupId>org.crazycake</groupId>
<artifactId>shiro-redis-spring-boot-starter</artifactId>
<version>3.2.1</version>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-redis</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.session</groupId>
<artifactId>spring-session-data-redis</artifactId>
</dependency>
jwt工具类:
@Slf4j
@Data
@Component
@ConfigurationProperties(prefix = "xzc.jwt")
public class JwtUtils {
private String secret;
private long expire;
private String header;
/**
* 生成jwt token
*/
public String generateToken(long userId) {
Date nowDate = new Date();
//过期时间
Date expireDate = new Date(nowDate.getTime() + expire * 1000);
return Jwts.builder()
.setHeaderParam("typ", "JWT")
.setSubject(userId+"")
.setIssuedAt(nowDate)
.setExpiration(expireDate)
.signWith(SignatureAlgorithm.HS512, secret)
.compact();
}
public Claims