SpringSecurity+JWT使用步骤及心得

最新推荐文章于 2024-04-22 10:14:07 发布
最新推荐文章于 2024-04-22 10:14:07 发布
阅读量1.2k 收藏 7
点赞数 1
分类专栏: java 文章标签: spring boot java spring
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/qq_35213765/article/details/124620221
版权

1、添加相关依赖

主要是springsecurity和jwt依赖

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
     xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-parent</artifactId>
    <version>2.6.4</version>
    <relativePath/> <!-- lookup parent from repository -->
</parent>
<groupId>com.njwj</groupId>
<artifactId>gx</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>gx</name>
<description>guanxian</description>
<properties>
    <java.version>1.8</java.version>
    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
    <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
</properties>
<dependencies>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-web</artifactId>
    </dependency>
    <dependency>
        <groupId>org.mybatis.spring.boot</groupId>
        <artifactId>mybatis-spring-boot-starter</artifactId>
        <version>2.2.2</version>
    </dependency>

    <!-- json转换依赖-->
    <dependency>
        <groupId>com.fasterxml.jackson.core</groupId>
        <artifactId>jackson-core</artifactId>
    </dependency>

    <dependency>
        <groupId>com.fasterxml.jackson.core</groupId>
        <artifactId>jackson-databind</artifactId>
    </dependency>

    <dependency>
        <groupId>com.fasterxml.jackson.core</groupId>
        <artifactId>jackson-annotations</artifactId>
    </dependency>

    <!--springsecurity依赖-->
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-security</artifactId>
    </dependency>
    <!--jwt依赖-->
    <dependency>
        <groupId>io.jsonwebtoken</groupId>
        <artifactId>jjwt</artifactId>
        <version>0.9.0</version>
    </dependency>

    <dependency>
        <groupId>com.oracle.database.jdbc</groupId>
        <artifactId>ojdbc8</artifactId>
        <scope>runtime</scope>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-test</artifactId>
        <scope>test</scope>
    </dependency>
    <!--        通用mapper的依赖-->
    <dependency>
        <groupId>tk.mybatis</groupId>
        <artifactId>mapper-spring-boot-starter</artifactId>
        <version>2.0.4</version>
    </dependency>

    <dependency>
        <groupId>org.projectlombok</groupId>
        <artifactId>lombok</artifactId>
        <scope>provided</scope>
    </dependency>
</dependencies>

<build>
    <plugins>
        <plugin>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-maven-plugin</artifactId>
            <version>2.6.4</version>
        </plugin>
    </plugins>
</build>
</project>

2、配置数据库和myabtis

这里就不一一赘述了

3、User类、UserMapper、UserService、UserServiceImpl

3.1 User类

@Data
@Table(name = "USER_S")
public class User implements Serializable {
    private static final long serialVersionUID = 2L;
    @Id
    @Column(name = "USER_S_ID")
    private Integer userId;
    @Column(name = "USER_S_NAME")
    private String userName;
    @Column(name = "USER_S_PASS")
    private String userPassword;
    @Column(name = "USER_S_CODE")
    private String userCode;
    @Column(name = "USER_S_SEX")
    private String userSex;
    @Column(name = "USER_S_PHONE")
    private String userPhone;
    @Column(name = "USER_S_STATUS")
    private String userStatus;
    @Column(name = "USER_S_IN")
    private Date userIn;
    @Column(name = "USER_S_SKILL")
    private String userSkill;
    @Column(name = "USER_S_LEVEL")
    private String userLevel;
    @Column(name = "USER_S_W_STATUS")
    private String userWStatus;
}

3.2 UserMapper

这里使用了通用Mapper

@Mapper
public interface UserMapper extends tk.mybatis.mapper.common.Mapper<User> {

}

3.3 UserService

public interface UserService {
    Map<String, String> addUser(User user);

    User findByUserName(String username);

    List<User> findAll();

    Map<String,String> deleteUser(Integer id);
}

3.4 UserServiceImpl

@Service
public class UserServiceImpl implements UserService {
    @Autowired
    private UserMapper userMapper;

    @Override
    public Map<String, String> addUser(User user) {
        Map<String, String> addMap = new HashMap<>();
        if (userMapper.insert(user)>0) {
            addMap.put("result", "true");
            addMap.put("msg", "添加成功");
        } else {
            addMap.put("result", "false");
            addMap.put("msg", "添加失败");
        }
        return addMap;
    }

    @Override
    public User findByUserName(String username) {
        User user = new User();
        user.setUserName(username);
        return userMapper.selectOne(user);
    }

    @Override
    public List<User> findAll() {
        return userMapper.selectAll();
    }

    @Override
    public Map<String, String> deleteUser(Integer id) {
        Map<String, String> delMap = new HashMap<>();
        if (userMapper.deleteByPrimaryKey(id)>0) {
            delMap.put("result", "true");
            delMap.put("msg", "删除成功");
        } else {
            delMap.put("result", "false");
            delMap.put("msg", "删除失败");
        }
        return delMap;
    }
}

4、创建JWT工具类

用于管理token操作

public class JWTUtil {

    public static final String TOKEN_HEADER = "Authorization";
    public static final String TOKEN_PREFIX = "Bearer";

    // TOKEN 过期时间
    public static final long EXPIRATION = 1000 * 60 * 30; // 三十分钟

    public static final String APP_SECRET_KEY = "secret";

    private static final String ROLE_CLAIMS = "rol";

    /**
     * 生成token
     *
     * @param username
     * @param role
     * @return
     */
    public static String createToken(String username, String role) {

        Map<String, Object> map = new HashMap<>();
        map.put(ROLE_CLAIMS, role);

        String token = Jwts
                .builder()
                .setSubject(username)
                .setClaims(map)
                .claim("username", username)
                .setIssuedAt(new Date())
                .setExpiration(new Date(System.currentTimeMillis() + EXPIRATION))
                .signWith(SignatureAlgorithm.HS256, APP_SECRET_KEY).compact();
        return token;
    }

    /**
     * 获取当前登录用户用户名
     *
     * @param token
     * @return
     */
    public static String getUsername(String token) {
        Claims claims = Jwts.parser().setSigningKey(APP_SECRET_KEY).parseClaimsJws(token).getBody();
        return claims.get("username").toString();
    }

    /**
     * 获取当前登录用户角色
     *
     * @param token
     * @return
     */
    public static String getUserRole(String token) {
        Claims claims = Jwts.parser().setSigningKey(APP_SECRET_KEY).parseClaimsJws(token).getBody();
        return claims.get("rol").toString();
    }

    /**
     * 解析token中的信息
     *
     * @param token
     * @return
     */
    public static Claims checkJWT(String token) {
        try {
            final Claims claims = Jwts.parser().setSigningKey(APP_SECRET_KEY).parseClaimsJws(token).getBody();
            return claims;
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    /**
     * 检查token是否过期
     *
     * @param token
     * @return
     */
    public static boolean isExpiration(String token) {
        Claims claims = Jwts.parser().setSigningKey(APP_SECRET_KEY).parseClaimsJws(token).getBody();
        return claims.getExpiration().before(new Date());
    }
}

5、创建JwtUser类

主要用于封装登录用户相关信息,例如用户名,密码,权限集合等,必须实现UserDetails接口

public class JWTUser implements UserDetails {

    private Integer userId;
    private String userName;
    private String userPassword;
    private Collection<? extends GrantedAuthority> authorities;

    public JWTUser(){

    }

    public JWTUser(User user) {
        userId = user.getUserId();
        userName = user.getUserName();
        userPassword = user.getUserPassword();
        authorities = Collections.singleton(new SimpleGrantedAuthority(user.getUserLevel()));
    }


    public Collection<? extends GrantedAuthority> getAuthorities() {
        return authorities;
    }

    public String getPassword() {
        return userPassword;
    }

    public String getUsername() {
        return userName;
    }

    public boolean isAccountNonExpired() {
        return true;
    }

    public boolean isAccountNonLocked() {
        return true;
    }

    public boolean isCredentialsNonExpired() {
        return true;
    }

    public boolean isEnabled() {
        return true;
    }
}

6、创建JwtUserService

必须实现UserDetailsService,重写loadUserByUsername()方法

@Service
public class JWTUserService implements UserDetailsService {
    @Autowired
    private UserService userService;
    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
        User user = userService.findByUserName(username);
        if (user != null){
            JWTUser jwtUser = new JWTUser(user);
            return jwtUser;
        }else {
            try {
                throw new ValidationException("该用户不存在");
            }catch (ValidationException e){
                e.printStackTrace();
            }
        }
        return null;
    }
}

7、配置认证拦截器

拦截用户登录信息

/**
 *
 * 验证用户名密码正确后,生成一个token,并将token返回给客户端
 * 该类继承自UsernamePasswordAuthenticationFilter,重写了其中的2个方法
 * attemptAuthentication:接收并解析用户凭证。
 * successfulAuthentication:用户成功登录后,这个方法会被调用,我们在这个方法里生成token并返回。
 *
 */
public class JWTAuthenticationFilter extends UsernamePasswordAuthenticationFilter {

    private AuthenticationManager authenticationManager;

    /**
     * 拦截登录请求
     * @param authenticationManager
     */
    public JWTAuthenticationFilter(AuthenticationManager authenticationManager) {
        this.authenticationManager = authenticationManager;
       // super.setFilterProcessesUrl("/login");

    }

    @Override
    public Authentication attemptAuthentication(HttpServletRequest request,
                                                HttpServletResponse response) throws AuthenticationException {

        // 从输入流中获取到登录的信息
        try {
            User loginUser = new ObjectMapper().readValue(request.getInputStream(), User.class);
            return authenticationManager.authenticate(
                    new UsernamePasswordAuthenticationToken(loginUser.getUserName(), loginUser.getUserPassword())
            );
        } catch (IOException e) {
            e.printStackTrace();
            return null;
        }
    }

    // 成功验证后调用的方法
    // 如果验证成功,就生成token并返回
    @Override
    protected void successfulAuthentication(HttpServletRequest request,
                                            HttpServletResponse response,
                                            FilterChain chain,
                                            Authentication authResult) throws IOException, ServletException {

        JWTUser jwtUser = (JWTUser) authResult.getPrincipal();

        String role = "";
        Collection<? extends GrantedAuthority> authorities = jwtUser.getAuthorities();
        for (GrantedAuthority authority : authorities) {
            role = authority.getAuthority();
        }
        //生成token
        String token = JWTUtil.createToken(jwtUser.getUsername(), role);
        // 返回创建成功的token  但是这里创建的token只是单纯的token
        // 按照jwt的规定,最后请求的时候应该是 `Bearer token`
        response.setCharacterEncoding("UTF-8");
        response.setContentType("application/json; charset=utf-8");
        String tokenStr = JWTUtil.TOKEN_PREFIX + token;
        response.setHeader("token", tokenStr);

        ResultInfo resultInfo = new ResultInfo();
        response.setStatus(200);
        PrintWriter writer = response.getWriter();
        resultInfo.setResult(true);
        resultInfo.setMsg("登录成功");
        ObjectMapper mapper = new ObjectMapper();
        String resultJson = mapper.writeValueAsString(resultInfo);
        writer.write(resultJson);
        writer.flush();
        writer.close();
    }

    // 失败 返回错误就行
    @Override
    protected void unsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response, AuthenticationException failed) throws IOException, ServletException {
        response.setCharacterEncoding("UTF-8");
        response.setStatus(401);
        PrintWriter writer = response.getWriter();
        ResultInfo resultInfo = new ResultInfo();
        resultInfo.setResult(false);
        resultInfo.setMsg("用户名或密码不正确,请重新登录");
        ObjectMapper mapper = new ObjectMapper();
        String resultJson = mapper.writeValueAsString(resultInfo);
        writer.write(resultJson);
        writer.flush();
        writer.close();
    }
}

8、配置权限拦截器

public class JWTAuthorizationFilter extends BasicAuthenticationFilter {

    public JWTAuthorizationFilter(AuthenticationManager authenticationManager) {
        super(authenticationManager);
    }

    @SneakyThrows
    @Override
    protected void doFilterInternal(HttpServletRequest request,
                                    HttpServletResponse response,
                                    FilterChain chain) throws IOException, ServletException {

        String tokenHeader = request.getHeader(JWTUtil.TOKEN_HEADER);
        // 如果请求头中没有Authorization信息则直接放行了
        if (tokenHeader == null || !tokenHeader.startsWith(JWTUtil.TOKEN_PREFIX)) {
            chain.doFilter(request, response);
            return;
        }
        // 如果请求头中有token,则进行解析,并且设置认证信息
        SecurityContextHolder.getContext().setAuthentication(getAuthentication(tokenHeader));
        super.doFilterInternal(request, response, chain);
    }

    // 这里从token中获取用户信息并新建一个token 就是上面说的设置认证信息
    private UsernamePasswordAuthenticationToken getAuthentication(String tokenHeader) throws Exception {

        String token = tokenHeader.replace(JWTUtil.TOKEN_PREFIX, "");
        // 检测token是否过期 如果过期会自动抛出错误
        JWTUtil.isExpiration(token);
        String username = JWTUtil.getUsername(token);
        String role = JWTUtil.getUserRole(token);
        if (username != null) {
            return new UsernamePasswordAuthenticationToken(username, null,
                    Collections.singleton(new SimpleGrantedAuthority(role))
            );
        }
        return null;
    }
}

9、配置SecurityConfig文件

@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private  JWTUserService jwtUserService;

    @Autowired
    private UrlLogoutSuccessHandler logoutSuccessHandler;

    @Autowired
    private UrlAccessDeniedHandler accessDeniedHandler;

    @Autowired
    private UrlAuthenticationEntryPoint authenticationEntryPoint;

    @Bean
    public BCryptPasswordEncoder bCryptPasswordEncoder() {
        return new BCryptPasswordEncoder();
    }

/**
 * 这边 通过重写configure(),去数据库查询用户是否存在
 * @param auth
 * @throws Exception
 */

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(jwtUserService).passwordEncoder(bCryptPasswordEncoder());
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.cors().and().csrf().disable()
                .httpBasic().authenticationEntryPoint(authenticationEntryPoint)
                .and()
                .formLogin()
                .loginProcessingUrl("/login")
                .and()
                .addFilter(new JWTAuthenticationFilter(authenticationManager())) // 用户登录拦截
                .addFilter(new JWTAuthorizationFilter(authenticationManager()))  // 权限拦截
                // 不需要session
                .sessionManagement()
                .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                .and()
                .authorizeRequests()
                // 以/user 开头的请求 都需要进行验证
                .antMatchers("/user/**")
                .authenticated()
                // 其他都放行了
                .anyRequest().permitAll()
                //.anyRequest().authenticated()
                .and()
                .logout()
                .logoutUrl("/logout")
                .logoutSuccessHandler(logoutSuccessHandler)
                .clearAuthentication(true)
                .and()
                .exceptionHandling().accessDeniedHandler(accessDeniedHandler);
    }

    @Bean
    CorsConfigurationSource corsConfigurationSource() {
        final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        source.registerCorsConfiguration("/**", new CorsConfiguration().applyPermitDefaultValues());
        return source;
    }
}

10、UserController

@Controller
@RequestMapping("/user")
public class UserController {
    @Autowired
    private UserService userService;
    @Autowired
    private BCryptPasswordEncoder bCryptPasswordEncoder;

    @PostMapping(value = "/addUser")
    public @ResponseBody ResultInfo addUser(@RequestBody User user){
        user.setUserPassword(bCryptPasswordEncoder.encode(user.getUserPassword()));
        Map<String,String> resultMap = userService.addUser(user);
        ResultInfo<DownloadAreaRecordData> resultInfo = new ResultInfo<>();
        if (Boolean.valueOf(resultMap.get("result"))){
            resultInfo.setResult(true);
            resultInfo.setMsg(resultMap.get("msg"));
        }else{
            resultInfo.setResult(false);
            resultInfo.setMsg(resultMap.get("msg"));
        }
        return resultInfo;
    }

    @GetMapping
    public User findByUserName(String userName){
        return userService.findByUserName(userName);
    }

    @GetMapping("/findAll")
    @ResponseBody
    @PreAuthorize("hasAnyAuthority('admin')")
    public ResultInfo findAll(){
        ResultInfo<User> resultInfo = new ResultInfo<>();
        List<User> list = userService.findAll();
        if (list!=null&&list.size()>0){
            resultInfo.setResult(true);
            resultInfo.setMsg("success");
            resultInfo.setList(list);
        }else{
            resultInfo.setResult(false);
            resultInfo.setMsg("failure");
            resultInfo.setList(null);
        }
        return resultInfo;
    }

    @GetMapping("/delUser")
    public @ResponseBody ResultInfo delUser(@RequestParam Integer id){
        Map<String,String> resultMap = userService.deleteUser(id);
        ResultInfo<DownloadAreaRecordData> delResultInfo = new ResultInfo<>();
        if (Boolean.valueOf(resultMap.get("result"))){
            delResultInfo.setResult(true);
            delResultInfo.setMsg(resultMap.get("msg"));
        }else{
            delResultInfo.setResult(false);
            delResultInfo.setMsg(resultMap.get("msg"));
        }
        return delResultInfo;
    }
}

11、最后配置handler

主要考虑到前后端分离,传递给前端json字符串
11.1 无权访问的AccessDeniedHandler

@Component
public class UrlAccessDeniedHandler implements AccessDeniedHandler {
    @Override
    public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException) throws IOException, ServletException {
        ResultInfo resultInfo = new ResultInfo();
        response.setCharacterEncoding("UTF-8");
        PrintWriter writer = response.getWriter();
        resultInfo.setResult(false);
        resultInfo.setMsg("对不起,您无权访问");
        ObjectMapper mapper = new ObjectMapper();
        String resultJson = mapper.writeValueAsString(resultInfo);
        writer.write(resultJson);
        writer.flush();
        writer.close();
    }
}

11.2 未登录就访问的AuthencationEntryPoint

@Component
public class UrlAuthenticationEntryPoint implements AuthenticationEntryPoint {
    @Override
    public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException, ServletException {
        ResultInfo resultInfo = new ResultInfo();
        response.setCharacterEncoding("UTF-8");
        PrintWriter writer = response.getWriter();
        resultInfo.setResult(false);
        resultInfo.setMsg("未登录,请先登录");
        ObjectMapper mapper = new ObjectMapper();
        String resultJson = mapper.writeValueAsString(resultInfo);
        writer.write(resultJson);
        writer.flush();
        writer.close();
    }
}

11.3 注销成功的LogoutSuccessHandler

@Component
public class UrlLogoutSuccessHandler implements LogoutSuccessHandler {
    @Override
    public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
        ResultInfo resultInfo = new ResultInfo();
        response.setCharacterEncoding("UTF-8");
        response.setStatus(200);
        PrintWriter writer = response.getWriter();
        resultInfo.setResult(true);
        resultInfo.setMsg("注销成功");
        ObjectMapper mapper = new ObjectMapper();
        String resultJson = mapper.writeValueAsString(resultInfo);
        writer.write(resultJson);
        writer.flush();
        writer.close();
    }
}

引用借鉴https://blog.csdn.net/weixin_45452416/article/details/109528425

顺逸顺心
关注
  • 1
    点赞
  • 7
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
Spring Security + JWT基础整合
weixin_45565886的博客
02-08 1372
Spring Security + JWT基础整合
SpringSecurity+JWT快速入门
胡云峰的博客
01-02 3356
SpringSecurity+JWT快速入门
Spring Security系列】Spring Security整合JWT:构建安全的Web应用
最新发布
小威的博客
04-22 1万+
前面两个章节介绍过了Spring Security,这里就不再赘述了!!!JWT是一种轻量级的身份验证和授权机制,通过发送包含用户信息的加密令牌来实现身份验证。这个工具我们在前面的文章中也提起过。
一文搞懂SpringSecurity+JWT前后端分离~
weixin_45647685的博客
04-27 1万+
1、简介 SpringSecurity属于Spring家族中的一款安全管理框架,,它提供了一套Web应用安全性的完整解决案。主要的功能是认证和授权。 **认证 *验证当前访问系统的是不是本系统的用户,并且要确定具体是哪个用户。 **授权 *经过认证后判断当前用户是否有权限进行某个操作。 2、快速入门 2.1、创建一个SpringBoot工程 1、先创建一个最基本的SpringBoot工程,配置好相关数据库,并且编写一个Controller进行测试。 ① 导入依赖 ...
厉害,我带的实习生仅用四步就整合好SpringSecurity+JWT实现登录认证
热门推荐
沉默王二
04-07 2万+
小二是新来的实习生,作为技术 leader,我还是很负责任的,有什么锅都想甩给他,啊,不,一不小心怎么把心里话全说出来了呢?重来! 小二是新来的实习生,作为技术 leader,我还是很负责任的,有什么好事都想着他,这不,我就安排了一个整合SpringSecurity+JWT实现登录认证的小任务交,没想到,他仅用四步就搞定了,这让我感觉倍有面。 一、关于 SpringSecuritySpring Boot 出现之前,SpringSecurity使用场景是被另外一个安全管理框架 Shiro 牢牢霸占
傻瓜式使用SpringSecurity完成前后端分离+JWT+登录认证+权限控制
weixin_46684099的博客
06-01 1940
流程分析 流程说明: 客户端发起一个请求,进入 Security 过滤器链。当到 LogoutFilter 的时候判断是否是登出路径,如果是登出路径则到 logoutHandler ,如果登出成功则到 logoutSuccessHandler 登出成功处理。 如果不是登出路径则直接进入下一个过滤器。当到 UsernamePasswordAuthenticationFilter 的时候判断是否为登录路径,如果是,则进入该过滤器进行登录操作,如果登录失败则到 AuthenticationFailureHan
SpringBoot+SpringSecurity+JWT+MybatisPlus实现基于注解的权限验证
08-26
SpringBoot+SpringSecurity+JWT+MybatisPlus实现基于注解的权限验证,可根据注解的格式不同,做到角色权限控制,角色加资源权限控制等,粒度比较细化。 @PreAuthorize("hasAnyRole('ADMIN','USER')"):具有admin或...
基于SpringBoot2+MybatisPlus+SpringSecurity+jwt+redis+Vue的前后端商城系统源码
05-13
yshop基于当前流行技术组合的前后端分离商城系统: SpringBoot2+MybatisPlus+SpringSecurity+jwt+redis+Vue的前后端分离的商城系统, 包含分类、sku、运费模板、素材库、小程序直播、拼团、砍价、商户管理、 秒杀、...
详解SpringBoot+SpringSecurity+jwt整合及初体验
08-25
主要介绍了详解SpringBoot+SpringSecurity+jwt整合及初体验,小编觉得挺不错的,现在分享给大家,也给大家做个参考。一起跟随小编过来看看吧
SpringBoot2.7整合SpringSecurity+Jwt+Redis+MySQL+MyBatis完整项目代码
10-30
SpringBoot2.7整合SpringSecurity+Jwt+Redis+MySQL+MyBatis完整项目代码
SpringBoot2+MybatisPlus+SpringSecurity+jwt+redis+Vue的前后端分离的商城系统
04-30
基于当前流行技术组合的前后端分离商城系统:SpringBoot2+MybatisPlus+SpringSecurity+jwt+redis+Vue的前后端分离的商城系统, 包含商城、sku、运费模板、素材库、小程序直播、拼团、砍价、商户管理、 秒杀、优惠券...
spring-security-jwt, 演示如何在 Spring Security使用 JWT.zip
09-18
spring-security-jwt, 演示如何在 Spring Security使用 JWT Spring SecurityJWT教程这里代码主要用于使用 Spring SecurityJWT 教程补充无状态身份验证。如果你选择了代码,还可以使用这个库发现添加XSRF保护的策略,以及在Java项目中注册/登录功能的策
【全网最细致】SpringBoot整合Spring Security + JWT实现用户认证
m0_67393039的博客
07-31 453
token是无状态的,后端不需要记录信息,每次请求过来进行解密就能得到对应信息。session是有状态的,需要后端每次去检索id的有效性。不同的session都需要进行保存,但也可以设置单点登录,减少保存的数据。session与token的选择是空间与时间博弈,为什么这么说呢,是因为token不需要保存,不占存储空间,但每次访问都需要进行解密,消耗了一定的时间。在一般的前后端分离项目中,token展现出了它的优势,成为了比session更好的选择userlist')")});}...
SpringBoot整合SpringSecurity+JWT
qq_43975645的博客
07-18 647
注意:SIGNATURE是生成token的公钥,当外部token进来时需要公钥解密。
SpringBoot整合Spring Security + JWT实现用户认证
leveretz的博客
07-13 1597
SpringBoot整合Spring Security + JWT实现用户认证
maven项目整合spring boot+mybatis+spring security+jwt(二)
ygynmei的博客
09-07 780
接着上一篇(maven项目整合spring boot+mybatis+jwt+spring security(一))的继续。。。。 再就是整合jwtspring security。 maven依赖: <!-- spring-securityjwt--> <dependency> <groupId>org.sprin...
Spring Boot】IDEA + Maven + Spring Boot + JPA + Spring Security + JWT
Dream it Possible
04-30 2236
&nbsp;&nbsp;&nbsp;&nbsp;在上篇博客中,我们搭建好了一个用户服务框架,本篇博客紧接着用户的业务场景的使用,在此基础上集成spring securityjwt 实现用户的登录,注册以及权限控制。 &nbsp;&nbsp;&nbsp;&nbsp;进行框架整合之前,我们先简单了解一下Spring SecurityJWTSpring Security : &nbsp...
JWT详解及使用Springboot整合)
m0_59508658的博客
09-06 902
什么是JWT JWT(JSON Web Token)是一个开放标准(RFC 7519),它定义了一种紧凑且独立的式,可以在各之间作为JSON对象安全地传输信息。此信息可以通过数字签名进行验证和信任。JWT可以使用秘密(使用HMAC算法)或使用RSA或ECDSA的公钥/私钥对进行签名。 也就是通过JSON形式作为 Web应用中的令牌,用于在各之间安全的将信息作为JSON对象传输。在数据传输过程中还可以完成数据加密、签名等相关处理。 通俗的讲就是一个json形式的web应用令牌。 什么时候..
SpringSecurity+JWT使用
qq_42218187的博客
03-20 1443
maven依赖 <dependencies> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency> <dependen
Spring Security + jwt
08-19
在该过滤器中,您可以使用JWT工具类来解析JWT,并将用户信息添加到Spring Security的上下文中。 6. 配置Spring Security过滤器链:在Spring Security配置类中,将JWT过滤器添加到过滤器链中,以确保每个请求都经过...

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值