Spring Security + JWT 实现基于Token的安全验证

最新推荐文章于 2024-05-31 09:30:00 发布
最新推荐文章于 2024-05-31 09:30:00 发布
阅读量1.1k 收藏 1
点赞数 1
分类专栏: Spring Security 文章标签: spring 安全 java
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/m0_56282664/article/details/123053083
版权

1、JWT的结构

JWT包含了使用 . 分隔的三部分:

1.Header 头部,包含了两部分:token类型和采用的加密算法。 
2.Payload 负载,Token的第二部分是负载,它包含了claim, Claim是一些实体(通常指的用户)的状态和额外的元数据。 
3.Signature 签名,创建签名需要使用编码后的header和payload以及一个秘钥,使用header中指定签名算法进行签名。

2、实现

添加依赖

    <!--security 依赖-->
    <dependency>
      <groupId>org.springframework.boot</groupId>
      <artifactId>spring-boot-starter-security</artifactId>
    </dependency>
    <!--JWT 依赖-->
    <dependency>
      <groupId>io.jsonwebtoken</groupId>
      <artifactId>jjwt</artifactId>
      <version>0.9.0</version>
    </dependency>

application.yml

jwt:
  # JWT存储的请求头
  tokenHeader: Authorization
  # JWT 加解密使用的密钥
  secret: fgdgfh-secret
  # JWT的超期限时间(60*60*24)
  expiration: 604800
  # JWT 负载中拿到开头
  tokenHead: Bearer

config.security文件里,JwtTokenUtil类

package com.crz.server.config.security.component;

import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.stereotype.Component;

import java.util.Date;
import java.util.HashMap;
import java.util.Map;

/**
 * @Description:JwtToken工具类
 * @Author:crz
 * @Date:2022/2/21 16:51
 */
@Component
public class JwtTokenUtil {

	private static final String CLAIM_KEY_USERNAME = "sub";
	private static final String CLAIM_KEY_CREATED = "created";
	@Value("${jwt.secret}")
	private String secret;
	@Value("${jwt.expiration}")
	private Long expiration;


	/*根据用户信息生成token*/
	public String generateToken(UserDetails userDetails) {
		Map<String, Object> claims = new HashMap<>();
		claims.put(CLAIM_KEY_USERNAME, userDetails.getUsername());
		claims.put(CLAIM_KEY_CREATED, new Date());
		return generateToken(claims);
	}

	/*从token中获取登录用户名*/
	public String getUserNameFromToken(String token){
		String username;
		try {
			Claims claims = getClaimsFormToken(token);
			username = claims.getSubject();
		} catch (Exception e) {
			username = null;
		}
		return username;
	}

	/*验证token是否有效*/
	public boolean validateToken(String token,UserDetails userDetails){
		String username = getUserNameFromToken(token);
		return username.equals(userDetails.getUsername()) && !isTokenExpired(token);
	}


	/*判断token是否可以被刷新*/
	public boolean canRefresh(String token){
		return !isTokenExpired(token);
	}

	/*刷新token*/
	public String refreshToken(String token){
		Claims claims = getClaimsFormToken(token);
		claims.put(CLAIM_KEY_CREATED,new Date());
		return generateToken(claims);
	}

	/*判断token是否失效*/
	private boolean isTokenExpired(String token) {
		Date expireDate = getExpiredDateFromToken(token);
		return expireDate.before(new Date());
	}

	/*从token中获取过期时间*/
	private Date getExpiredDateFromToken(String token) {
		Claims claims = getClaimsFormToken(token);
		return claims.getExpiration();
	}

	/*从token中获取荷载*/
	private Claims getClaimsFormToken(String token) {
		Claims claims = null;
		try {
			claims = Jwts.parser()
					.setSigningKey(secret)
					.parseClaimsJws(token)
					.getBody();
		} catch (Exception e) {
			e.printStackTrace();
		}
		return claims;
	}


	/*根据荷载生成JWT TOKEN*/
	private String generateToken(Map<String, Object> claims) {
		return Jwts.builder()
				.setClaims(claims)
				.setExpiration(generateExpirationDate())
				.signWith(SignatureAlgorithm.HS512, secret)
				.compact();
	}

	/*生成token失效时间*/
	private Date generateExpirationDate() {
		return new Date(System.currentTimeMillis() + expiration * 1000);
	}


}

pojo文件里,RespBean类

package com.crz.server.pojo;

import lombok.AllArgsConstructor;
import lombok.Data;
import lombok.NoArgsConstructor;

/**
 * @Description:公共返回对象
 * @Author:crz
 * @Date:2022/2/21 17:14
 */
@Data
@NoArgsConstructor
@AllArgsConstructor
public class RespBean {
	private long code;
	private String message;
	private Object obj;

	/*成功返回结果*/
	public static RespBean success(String message){
		return new RespBean(200,message,null);
	}

	/*成功返回结果*/
	public static RespBean success(String message,Object obj){
		return new RespBean(200,message,obj);
	}

	/*失败返回结果*/
	public static RespBean error(String message){
		return new RespBean(500,message,null);
	}

	/*失败返回结果*/
	public static RespBean error(String message,Object obj){
		return new RespBean(500,message,obj);
	}
}

pojo文件里,Admin类

package com.crz.server.pojo;

import com.baomidou.mybatisplus.annotation.IdType;
import com.baomidou.mybatisplus.annotation.TableId;
import com.baomidou.mybatisplus.annotation.TableName;
import io.swagger.annotations.ApiModel;
import io.swagger.annotations.ApiModelProperty;
import lombok.Data;
import lombok.EqualsAndHashCode;
import lombok.experimental.Accessors;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;

import java.io.Serializable;
import java.util.Collection;

@Data
@EqualsAndHashCode(callSuper = false)
@Accessors(chain = true)
@TableName("t_admin")
@ApiModel(value="Admin对象", description="")
public class Admin implements Serializable, UserDetails {

    private static final long serialVersionUID = 1L;

    @ApiModelProperty(value = "id")
    @TableId(value = "id", type = IdType.AUTO)
    private Integer id;

    @ApiModelProperty(value = "姓名")
    private String name;

    @ApiModelProperty(value = "手机号码")
    private String phone;

    @ApiModelProperty(value = "住宅电话")
    private String telephone;

    @ApiModelProperty(value = "联系地址")
    private String address;

    @ApiModelProperty(value = "是否启用")
    private Boolean enabled;

    @ApiModelProperty(value = "用户名")
    private String username;

    @ApiModelProperty(value = "密码")
    private String password;

    @ApiModelProperty(value = "用户头像")
    private String userFace;

    @ApiModelProperty(value = "备注")
    private String remark;


    @Override
    public Collection<? extends GrantedAuthority> getAuthorities() {
        return null;
    }

    @Override
    public boolean isAccountNonExpired() {
        return true;
    }

    @Override
    public boolean isAccountNonLocked() {
        return true;
    }

    @Override
    public boolean isCredentialsNonExpired() {
        return true;
    }

    @Override
    public boolean isEnabled() {
        return enabled;
    }
}

pojo文件里,AdminLoginParam类

package com.crz.server.pojo;

import io.swagger.annotations.ApiModel;
import io.swagger.annotations.ApiModelProperty;
import lombok.Data;
import lombok.EqualsAndHashCode;
import lombok.experimental.Accessors;

/**
 * @Description:用户登录实体类
 * @Author:crz
 * @Date:2022/2/21 17:13
 */
@Data
@EqualsAndHashCode(callSuper = false)
@Accessors(chain = true)
@ApiModel(value = "AdminLogin对象",description = "")
public class AdminLoginParam {
	@ApiModelProperty(value = "用户名",required = true)
	private String username;
	@ApiModelProperty(value = "密码",required = true)
	private String password;
	@ApiModelProperty(value = "验证码",required = true)
	private String code;
}

controller文件里,LoginController类

package com.crz.server.controller;

import com.crz.server.pojo.Admin;
import com.crz.server.pojo.AdminLoginParam;
import com.crz.server.pojo.RespBean;
import com.crz.server.service.IAdminService;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RestController;

import javax.servlet.http.HttpServletRequest;
import java.security.Principal;

/**
 * @Description:登录
 * @Author:crz
 * @Date:2022/2/21 17:11
 */
@Api(tags = "LoginController")
@RestController
public class LoginController {

	@Autowired
	private IAdminService adminService;

	@ApiOperation(value = "登录之后返回token")
	@PostMapping("/login")
	public RespBean login(@RequestBody AdminLoginParam adminLoginParam, HttpServletRequest request){
		return adminService.login(adminLoginParam.getUsername(),adminLoginParam.getPassword(),adminLoginParam.getCode(),request);
	}


	@ApiOperation(value = "获取当前登录用户的信息")
	@GetMapping("/admin/info")
	public Admin getAdminInfo(Principal principal){
		if (null==principal){
			return null;
		}
		String username = principal.getName();
		Admin admin = adminService.getAdminByUserName(username);
		admin.setPassword(null);
		//admin.setRoles(adminService.getRoles(admin.getId()));
		return admin;
	}

	@ApiOperation(value = "退出登录")
	@PostMapping("/logout")
	public RespBean logout(){
		return RespBean.success("注销成功!");
	}

}

service.impl文件里,AdminServiceImpl类

package com.crz.server.service.impl;

import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
import com.crz.server.config.security.component.JwtTokenUtil;
import com.crz.server.mapper.AdminMapper;
import com.crz.server.pojo.Admin;
import com.crz.server.pojo.RespBean;
import com.crz.server.service.IAdminService;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Service;

import javax.servlet.http.HttpServletRequest;
import java.util.HashMap;
import java.util.Map;

/**
 * @Description:服务实现类
 * @Author:crz
 * @Date:2022/2/21 17:18
 */
@Service
public class AdminServiceImpl extends ServiceImpl<AdminMapper, Admin> implements IAdminService {

    @Autowired
    private AdminMapper adminMapper;
    @Autowired
    private UserDetailsService userDetailsService;
    @Autowired
    private PasswordEncoder passwordEncoder;
    @Autowired
    private JwtTokenUtil jwtTokenUtil;
    @Value("${jwt.tokenHead}")
    private String tokenHead;

    @Override
    public RespBean login(String username, String password, String code, HttpServletRequest request) {
        String captcha = (String) request.getSession().getAttribute("captcha");
        if (StringUtils.isEmpty(code)||!captcha.equalsIgnoreCase(code)){
            return RespBean.error("验证码输入错误,请重新输入!");
        }
        //登录
        UserDetails userDetails = userDetailsService.loadUserByUsername(username);
        if(null==userDetails || !passwordEncoder.matches(password,userDetails.getPassword())){
            return RespBean.error("用户名或密码不正确!");
        }
        if(!userDetails.isEnabled()){
            return RespBean.error("账号被禁用,请联系管理员!");
        }
        //更新securty登录用户对象
        UsernamePasswordAuthenticationToken authenticationToken = new
                UsernamePasswordAuthenticationToken(userDetails
        ,null,userDetails.getAuthorities());
        SecurityContextHolder.getContext().setAuthentication(authenticationToken);
        //生成token
        String token = jwtTokenUtil.generateToken(userDetails);
        Map<String,String> tokenMap = new HashMap<>();
        tokenMap.put("token",token);
        tokenMap.put("tokenHead",tokenHead);
        return RespBean.success("登录成功",tokenMap);
    }

    @Override
    public Admin getAdminByUserName(String username) {
        return adminMapper.selectOne(new QueryWrapper<Admin>().eq("username",username).eq
                ("enabled",true));
    }

}

config.security文件中,SecurityConfig类

package com.crz.server.config.security;

import com.crz.server.config.security.component.JwtAuthencationTokenFilter;
import com.crz.server.config.security.component.RestAuthorizationEntryPoint;
import com.crz.server.config.security.component.RestfulAccessDeniedHandler;
import com.crz.server.pojo.Admin;
import com.crz.server.service.IAdminService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

/**
 * @Description:Security配置类
 * @Author:crz
 * @Date:2022/2/21 16:57
 */
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {

	@Autowired
	private IAdminService adminService;
	@Autowired
	private RestAuthorizationEntryPoint restAuthorizationEntryPoint;
	@Autowired
	private RestfulAccessDeniedHandler restfulAccessDeniedHandler;
	/*@Autowired
	private CustomFilter customFilter;
	@Autowired
	private CustomUrlDecisionManager customUrlDecisionManager;*/

	@Override
	protected void configure(AuthenticationManagerBuilder auth) throws Exception {
		auth.userDetailsService(userDetailsService()).passwordEncoder(passwordEncoder());
	}

	@Override
	public void configure(WebSecurity web) throws Exception {
		web.ignoring().antMatchers(
				"/login",
				"/logout",
				"/css/**",
				"/js/**",
				"/index.html",
				"favicon.ico",
				"/doc.html",
				"/webjars/**",
				"/swagger-resources/**",
				"/v2/api-docs/**",
				"/captcha",
				"/ws/**"
		);
	}

	@Override
	protected void configure(HttpSecurity http) throws Exception {
		//使用JWT,不需要csrf
		http.csrf()
				.disable()
				//基于token,不需要session
				.sessionManagement()
				.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
				.and()
				.authorizeRequests()
				//所有请求都要求认证
				.anyRequest()
				.authenticated()
				//动态权限配置
				/*.withObjectPostProcessor(new ObjectPostProcessor<FilterSecurityInterceptor>() {
					@Override
					public <O extends FilterSecurityInterceptor> O postProcess(O object) {
						object.setAccessDecisionManager(customUrlDecisionManager);
						object.setSecurityMetadataSource(customFilter);
						return object;
					}
				})*/
				.and()
				//禁用缓存
				.headers()
				.cacheControl();
		//添加jwt 登录授权过滤器
		http.addFilterBefore(jwtAuthencationTokenFilter(), UsernamePasswordAuthenticationFilter.class);
		//添加自定义未授权和未登录结果返回
		http.exceptionHandling()
				.accessDeniedHandler(restfulAccessDeniedHandler)
				.authenticationEntryPoint(restAuthorizationEntryPoint);
	}

	@Override
	@Bean
	public UserDetailsService userDetailsService(){
		return username -> {
			Admin admin = adminService.getAdminByUserName(username);
			if (null!=admin){
				//admin.setRoles(adminService.getRoles(admin.getId()));
				return admin;
			}
			//throw new UsernameNotFoundException("用户名或密码不正确");
			return null;
		};
	}


	@Bean
	public PasswordEncoder passwordEncoder(){
		return new BCryptPasswordEncoder();
	}

	@Bean
	public JwtAuthencationTokenFilter jwtAuthencationTokenFilter(){
		return new JwtAuthencationTokenFilter();
	}

}

config.security.component文件中,JwtAuthencationTokenFilter类

package com.crz.server.config.security.component;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
import org.springframework.web.filter.OncePerRequestFilter;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

/**
 * @Description:JWT登录授权过滤器
 * @Author:crz
 * @Date:2022/2/21 16:50
 */
public class JwtAuthencationTokenFilter extends OncePerRequestFilter {

	@Value("${jwt.tokenHeader}")
	private String tokenHeader;
	@Value("${jwt.tokenHead}")
	private String tokenHead;
	@Autowired
	private JwtTokenUtil jwtTokenUtil;
	@Autowired
	private UserDetailsService userDetailsService;

	@Override
	protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
		String authHeader = request.getHeader(tokenHeader);
		//存在token
		if (null != authHeader && authHeader.startsWith(tokenHead)) {
			String authToken = authHeader.substring(tokenHead.length());
			String username = jwtTokenUtil.getUserNameFromToken(authToken);
			//token存在用户名但未登录
			if (null != username && null == SecurityContextHolder.getContext().getAuthentication()) {
				//登录
				UserDetails userDetails = userDetailsService.loadUserByUsername(username);
				//验证token是否有效,重新设置用户对象
				if (jwtTokenUtil.validateToken(authToken, userDetails)) {
					UsernamePasswordAuthenticationToken authenticationToken =
							new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
					authenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
					SecurityContextHolder.getContext().setAuthentication(authenticationToken);
				}
			}

		}
		filterChain.doFilter(request, response);
	}
}

config.security.component文件中,RestAuthorizationEntryPoint类

package com.crz.server.config.security.component;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.crz.server.pojo.RespBean;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.stereotype.Component;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;

/**
 * @Description:当未登录或者token失效时访问接口时,自定义的返回结果
 * @Author:crz
 * @Date:2022/2/21 16:51
 */
@Component
public class RestAuthorizationEntryPoint implements AuthenticationEntryPoint {

	@Override
	public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException, ServletException {
		response.setCharacterEncoding("UTF-8");
		response.setContentType("application/json");
		PrintWriter out = response.getWriter();
		RespBean bean = RespBean.error("尚未登录,请登录!");
		bean.setCode(401);
		out.write(new ObjectMapper().writeValueAsString(bean));
		out.flush();
		out.close();
	}
}

config.security.component文件中,RestfulAccessDeniedHandler类

package com.crz.server.config.security.component;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.crz.server.pojo.RespBean;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.stereotype.Component;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;

/**
 * @Description:当访问接口没有权限时,自定义返回结果
 * @Author:crz
 * @Date:2022/2/21 16:57
 */
@Component
public class RestfulAccessDeniedHandler implements AccessDeniedHandler {

	@Override
	public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException) throws IOException, ServletException {
		response.setCharacterEncoding("UTF-8");
		response.setContentType("application/json");
		PrintWriter out = response.getWriter();
		RespBean bean = RespBean.error("权限不足,请联系管理员!");
		bean.setCode(403);
		out.write(new ObjectMapper().writeValueAsString(bean));
		out.flush();
		out.close();
	}
}

fgdgfh。
关注
  • 1
    点赞
  • 1
    收藏
    觉得还不错? 一键收藏
  • 打赏
    打赏
  • 0
    评论
专栏目录
Spring Security + JWT 实现基于token的登录验证
weixin_41037842的博客
04-11 2536
一、JWT JWT:json web token,是目前最流行的一个跨域认证解决方案:客户端发起用户登录请求,服务器端接收并认证成功后,生成一个 JSON 对象,然后将其返回给客户端。 基于spring security实现登录认证 基础配置 /** * @Description 安全配置 * @Date * */ @Configuration @EnableWebSecurity @EnableGlobalMethodSecurity(prePostEnabled = true) public
3.Spring Security实现JWT token验证
相互学习 共同进步
04-24 3153
Component@Autowired/*** hasPermission鉴权方法* 这里仅仅判断PreAuthorize注解中的权限表达式* 实际中可以根据业务需求设计数据库通过targetUrl和permission做更复杂鉴权* 当然targetUrl不一定是URL可以是数据Id还可以是管理员标识等,这里根据需求自行设计* @Param authentication 用户身份(在使用hasPermission表达式时Authentication参数默认会自动带上)
Spring Security系列】Spring Security整合JWT:构建安全的Web应用
最新发布
qq_44005305的博客
05-31 776
前面两个章节介绍过了Spring Security,这里就不再赘述了!!!JWT是一种轻量级的身份验证和授权机制,通过发送包含用户信息的加密令牌来实现身份验证。这个工具我们在前面的文章中也提起过。
前后端分离架构 -- SpringSecurity用法+自定义token校验
weixin_44795847的博客
02-11 3993
前后端分离架构 -- SpringSecurity用法+自定义token校验
springboot + spring security验证token进行用户认证
热门推荐
孟林洁的博客
11-23 6万+
核心组件 SecurityContextHolder SecurityContextHolder是spring security最基本的组件。用于存储安全上下文(security context)的信息。当前操作的用户是谁,该用户是否已经被认证,他拥有哪些角色权限等这些都被保存在SecurityContextHolder中。SecurityContextHolder默认是使用ThreadLoc...
SpringSecurity认证流程详解和代码实现
qq_44749491的博客
06-29 1万+
/ 封装该用户拥有的权限信息,这里还只是讲认证,所以直接返回null跳过 @Override public Collection
【第十一篇】SpringSecurity基于JWT实现Token的处理
yqqの博客
03-18 739
SpringSecurity中的认证是通过UsernamePasswordAuthenticationFilter来处理的,现在我们要通过JWT来处理,那么我们就需要重写其中几个处理的方法然后就是当客户端提交请求,我们需要拦截请求检查header头中是否携带了对应的Token信息,并检查是否合法。/*** 校验Token是否合法的Filter//如果携带错误的token,则给用户提示请登录!resultMap . put("msg" , "请登录!");} else {
基于springboot+springSecurity+jwt实现的基于token的权限管理
02-24
这个基于"springboot+springSecurity+jwt实现的基于token的权限管理"的示例项目,旨在帮助开发者理解和实践这些技术。 首先,Spring Boot是Spring框架的简化版,它提供了快速构建和部署应用程序的能力。通过自动...
springsecurity+oauth2+jwt实现单点登录demo
06-06
该资源是springsecurity+oauth2+jwt实现的单点登录demo,模式为授权码模式,实现自定义登录页面和自定义授权页面。应用数据存在内存中或者存在数据库中(附带数据库表结构),token存储分为数据库或者Redis。demo...
springboot+springSecurity+jwt实现的基于token的权限管理的一个demo
02-16
这个“springboot+springSecurity+jwt实现的基于token的权限管理的一个demo”旨在演示如何在Spring Boot应用中集成这些技术,以创建一个安全的、基于令牌的身份验证系统。 首先,Spring Boot是Java领域的一个快速...
基于springboot+springSecurity+jwt实现的基于token的权限管理+源代码+文档
04-09
本项目通过集成Spring Boot、Spring SecurityJWT(JSON Web Tokens)技术,构建了一个基于token的权限管理系统。下面将详细阐述这些关键技术及其相互间的协同工作原理。 1. **Spring Boot**: Spring Boot是...
基于springsecurityjwt实现的单体项目token认证
Instanceztt的博客
07-13 855
在一些体量较小的的系统,我们一般使用单体系统就可以满足项目的需求。而基于token的认证方式基本成为了现有主要认证方式,本文主要介绍通过jwt实现springsecurity单体项目的认证方式,希望能对你有一些启发。jks是java keystore的简称,是java的数字证书库,查看证书私钥需要密码,避免私钥一名文的形式出现在代码中在命令行(cmd)中执行命令:keytool -genkeypair -alias mytest -keyalg RSA -keypass mypass -keystore
Spring Security+redis+jwt的简单使用(登入登出及token验证)
weixin_65247941的博客
09-22 1283
​ 自定义的登入接口放行@Autowired//创建BCryptPasswordEncoder 注入容器@Bean //注入IOC容器@Overridehttp//关闭csrf//不通过Session获取SecurityContext.and()// 对于登录接口 允许匿名访问// 除上面外的所有请求全部需要鉴权认证//把token校验过滤器添加到过滤器链中http@Override@Bean//用户认证后的封装@Autowired。
SpringSecurity 进行自定义Token校验
weixin_30645617的博客
04-29 3616
背景 Spring Security默认使用「用户名/密码」的方式进行登陆校验,并通过cookie的方式存留登陆信息。在一些定制化场景,比如希望单独使用token串进行部分页面的访问权限控制时,默认方案无法支持。在未能在网上搜索出相关实践的情况下,通过官方文档及个别Stack Overflow的零散案例,形成整体思路并实践测试通过,本文即关于该方案的一个分享。 参考 官方文档:https://do...
SpringSecurity认证详解,保姆级教学_springsecurity认证流程
2401_84103386的博客
04-04 2392
目的:默认的UserDetails里面只有用户的用户名, 没有其它的信息如果需要用到类似id和nickname等信息的话需要自定义UserDetails@Getter@ToStringthis.id=id;SpringSecurity框架默认开启了跨域攻击的防护,通过携带CSRF token对请求进行判断.因为现在都是前后端分离架构,客户端发出的请求都是异步请求,不存在form表单,所以不存在跨域攻击的问题,通过以下代码关闭跨域攻击,否则请求受限。
security登录详解及token校验
weixin_42293526的博客
08-16 675
token
Security认证流程
hao843788037的博客
07-21 1016
Security认证流程
Spring Security+JWT实现
08-20
Spring Security JWT实现是指使用JWT(JSON Web Token)作为身份验证和授权机制的Spring Security解决方案。Spring SecurityJWT提供了自动化配置,使得使用JWT进行身份验证和授权变得更加简单和高效。通过配置...

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包

打赏作者

fgdgfh。

你的鼓励将是我创作的最大动力

¥1 ¥2 ¥4 ¥6 ¥10 ¥20
扫码支付:¥1
获取中
扫码支付

您的余额不足,请更换扫码支付或充值

打赏作者

实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值