最近在学习安全框架,像那啥 Spring security。然后在学长的项目里学习了 JWT 生成 Token 用于身份验证,返回数据的时候将数据封装起来。
思路如下:
- 首先客户端进行登录,输入账号密码,传给服务端时,服务端进行登录校验,校验成功后返回一个token。
- 用户想要访问下一个页面时,客户端发送请求,携带刚开始返回的token,进入服务端时进行端口前置拦截,进行校验token,如果校验成功,放行,否则拦截。
具体实现
目录结构:
- IerInterceptor 包用来存放拦截器
- model包实体类
- ResponseDATA包封装Response的数据
- RSAtool包用来存放 JWT生成和Token实例
- swaggerConfig包是 Swagger 的配制,没写前端代码,用于测试。
- 以上均为个人理解,不够官方。
Controller包
- Login.java,登陆类:
package com.jwtandtoken.demo.Controller;
import com.jwtandtoken.demo.RSAtool.JWTutils;
import com.jwtandtoken.demo.RSAtool.UserToken;
import com.jwtandtoken.demo.ResponseDATA.ResponseData;
import com.jwtandtoken.demo.ResponseDATA.ResultEnum;
import com.jwtandtoken.demo.model.User;
import io.swagger.annotations.*;
import org.apache.catalina.connector.Response;
import org.springframework.web.bind.annotation.*;
import javax.servlet.http.HttpServletRequest;
@Api(protocols = "http,https", tags = {
"login"}, value = "/Login",description = "登陆")
@RestController
@RequestMapping(value = "/login")
public class Login {
@ApiOperation(value = "提交申请", notes = "提交申请,注意通用")
@ApiResponses({
@ApiResponse(code = Response.SC_OK, message = "提交成功"),})
@PostMapping(value = "/User")
public ResponseData<UserToken> user(
@RequestParam(value = "username",required = true) String username,
@RequestParam(value = "password",required = true) String password){
User user = new User();
user.setUsername(username);
user.setPassword(password);
UserToken userToken = new UserToken();
userToken.setToken(JWTutils.geneJsonWebToken(user));
ResponseData<UserToken> userTokenResponseData = new ResponseData<>(ResultEnum.SUCCESS,userToken);
return userTokenResponseData;
}
}
- Test.java,用来获取数据,进行token检验的测试类:
package com.jwtandtoken.demo.Controller;
import io.swagger.annotations.*;
import org.apache.catalina.connector.Response;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import javax.servlet.http.HttpServletRequest;
@Api(protocols = "http,https", tags = {
"mytext"}, value = "/mytext",description = "文章")
@RestController
@RequestMapping(value = "/mytext")
public class Test {
@ApiOperation(value = "获取文章", notes = "提交申请")
@ApiResponses({
@ApiResponse(code = Response.SC_OK, message = "提交成功"),})
@ApiImplicitParams({
@ApiImplicitParam(paramType = "header", name = "token", dataType = "String", required = true, value = "token")
})
@GetMapping(value = "/getHello")
public String getHello(HttpServletRequest request){
return "you are a ok";
}
}
IerInterceptor包
- IntercepterConfig.java 配制拦截器:
package com.jwtandtoken.demo.IerInterceptor;
import org.springframework.context.annotation