spring-boot + JWT实现TOKEN登录接口验证

最新推荐文章于 2024-07-31 17:45:06 发布
最新推荐文章于 2024-07-31 17:45:06 发布
阅读量607 收藏 2
点赞数
文章标签: java spring boot
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/weixin_40105866/article/details/124561408
版权

pom.xml:

<dependencies>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter</artifactId>
        </dependency>

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
            <scope>test</scope>
        </dependency>

        <dependency>
            <groupId>mysql</groupId>
            <artifactId>mysql-connector-java</artifactId>
            <scope>runtime</scope>
        </dependency>

        <dependency>
            <groupId>com.baomidou</groupId>
            <artifactId>mybatis-plus-boot-starter</artifactId>
            <version>3.4.3</version>
        </dependency>

        <dependency>
            <groupId>com.baomidou</groupId>
            <artifactId>mybatis-plus-generator</artifactId>
            <version>3.5.0</version>
            <scope>provided</scope>
        </dependency>

        <dependency>
            <groupId>com.auth0</groupId>
            <artifactId>java-jwt</artifactId>
            <version>3.4.0</version>
        </dependency>

        <dependency>
            <groupId>org.projectlombok</groupId>
            <artifactId>lombok</artifactId>
            <optional>true</optional>
        </dependency>

        <dependency>
            <groupId>com.alibaba</groupId>
            <artifactId>fastjson</artifactId>
            <version>1.2.47</version>
        </dependency>

    </dependencies>

工程结构:

application.properties(spring-boot配置):

server.port=7778
server.servlet.context-path=/access-token

spring.datasource.url = jdbc:mysql://127.0.0.1/cxx?zeroDateTimeBehavior=convertToNull&useUnicode=true&characterEncoding=utf-8
spring.datasource.username = root
spring.datasource.password = root1234!
spring.datasource.driver-class-name = com.mysql.cj.jdbc.Driver
spring.datasource.minimum-idle = 5
spring.datasource.idle-timeout = 18000
spring.datasource.maximum-pool-size = 10
spring.datasource.auto-commit = true
spring.datasource.max-lifetime = 0

pagehelper.helperDialect = mysql
mybatis-plus.mapperLocations = classpath:mapper/*.xml
mybatis-plus.configuration.call-setters-on-nulls = true
mybatis-plus.typeAliasesPackage = com.example.access.token.entity

User:

package com.example.access.token.entity;

import lombok.Data;

import java.io.Serializable;

@Data
public class User implements Serializable {
    private static final long serialVersionUID = 1L;

    String id;
    String username;
    String password;
}

UserMapper:

package com.example.access.token.mapper;


import com.example.access.token.entity.User;
import org.apache.ibatis.annotations.Mapper;
import org.springframework.stereotype.Component;

@Mapper
@Component
public interface UserMapper {

    User findByUsername(String username);

    User findUserById(String id);

}

UserService:

package com.example.access.token.service;

import com.example.access.token.entity.User;
import com.example.access.token.mapper.UserMapper;
import org.springframework.stereotype.Service;

@Service
public class UserService {
    private final UserMapper userMapper;

    public UserService(UserMapper userMapper) {
        this.userMapper = userMapper;
    }

    public User findByUsername(User user){
        return userMapper.findByUsername(user.getUsername());
    }
    public User findUserById(String userId) {
        return userMapper.findUserById(userId);
    }
}

PassToken(自定义注解,跳过token验证):

package com.example.access.token.target;


import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;

@Target({ElementType.METHOD, ElementType.TYPE})
@Retention(RetentionPolicy.RUNTIME)
public @interface PassToken {
    boolean required() default true;
}

UserLoginToken(自定义注解,需要token验证):

package com.example.access.token.target;

import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;

@Target({ElementType.METHOD, ElementType.TYPE})
@Retention(RetentionPolicy.RUNTIME)
public @interface UserLoginToken {
    boolean required() default true;
}

AuthenticationInterceptor:

package com.example.access.token.tokenInit;

import com.auth0.jwt.JWT;
import com.auth0.jwt.JWTVerifier;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.exceptions.JWTDecodeException;
import com.auth0.jwt.exceptions.JWTVerificationException;
import com.example.access.token.entity.User;
import com.example.access.token.service.UserService;
import com.example.access.token.target.PassToken;
import com.example.access.token.target.UserLoginToken;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.lang.reflect.Method;

public class AuthenticationInterceptor implements HandlerInterceptor {
    @Autowired
    private UserService userService;

    private static final Logger log = LoggerFactory.getLogger(AuthenticationInterceptor.class);

    @Override
    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object object) {
        String token = httpServletRequest.getHeader("token");
        if (!(object instanceof HandlerMethod)) {
            return true;
        }
        HandlerMethod handlerMethod = (HandlerMethod) object;
        Method method = handlerMethod.getMethod();
        if (method.isAnnotationPresent(PassToken.class)) {
            PassToken passToken = method.getAnnotation(PassToken.class);
            if (passToken.required()) {
                return true;
            }
        }
        if (method.isAnnotationPresent(UserLoginToken.class)) {
            UserLoginToken userLoginToken = method.getAnnotation(UserLoginToken.class);
            if (userLoginToken.required()) {
                if (token == null) {
                    log.error("token is null");
                    throw new RuntimeException("401");
                }
                String userId;
                try {
                    userId = JWT.decode(token).getAudience().get(0);
                } catch (JWTDecodeException j) {
                    log.error("401");
                    throw new RuntimeException("401");
                }
                User user = userService.findUserById(userId);
                if (user == null) {
                    log.error("user is null");
                    throw new RuntimeException("401");
                }
                JWTVerifier jwtVerifier = JWT.require(Algorithm.HMAC256(user.getPassword())).build();
                try {
                    jwtVerifier.verify(token);
                } catch (JWTVerificationException e) {
                    log.error("401");
                    throw new RuntimeException("401");
                }
                return true;
            }
        }
        return true;
    }

    @Override
    public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, ModelAndView modelAndView) {

    }

    @Override
    public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, Exception e) {

    }
}

InterceptorConfig:

package com.example.access.token.tokenInit;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.format.FormatterRegistry;
import org.springframework.http.converter.HttpMessageConverter;
import org.springframework.validation.MessageCodesResolver;
import org.springframework.validation.Validator;
import org.springframework.web.method.support.HandlerMethodArgumentResolver;
import org.springframework.web.method.support.HandlerMethodReturnValueHandler;
import org.springframework.web.servlet.HandlerExceptionResolver;
import org.springframework.web.servlet.config.annotation.*;

import java.util.List;


@Configuration
public class InterceptorConfig implements WebMvcConfigurer {
    @Override
    public void addInterceptors(InterceptorRegistry registry) {
        registry.addInterceptor(authenticationInterceptor())
                .addPathPatterns("/**");    // 拦截所有请求,通过判断是否有 @LoginRequired 注解 决定是否需要登录
    }

    @Bean
    public AuthenticationInterceptor authenticationInterceptor() {
        return new AuthenticationInterceptor();
    }

    @Override
    public void addArgumentResolvers(List<HandlerMethodArgumentResolver> arg0) {
        // TODO Auto-generated method stub

    }

    @Override
    public void addCorsMappings(CorsRegistry arg0) {
        // TODO Auto-generated method stub

    }

    @Override
    public void addFormatters(FormatterRegistry arg0) {
        // TODO Auto-generated method stub

    }

    @Override
    public void addResourceHandlers(ResourceHandlerRegistry arg0) {
        // TODO Auto-generated method stub

    }

    @Override
    public void addReturnValueHandlers(List<HandlerMethodReturnValueHandler> arg0) {
        // TODO Auto-generated method stub

    }

    @Override
    public void addViewControllers(ViewControllerRegistry arg0) {
        // TODO Auto-generated method stub

    }

    @Override
    public void configureAsyncSupport(AsyncSupportConfigurer arg0) {
        // TODO Auto-generated method stub

    }

    @Override
    public void configureContentNegotiation(ContentNegotiationConfigurer arg0) {
        // TODO Auto-generated method stub

    }

    @Override
    public void configureDefaultServletHandling(DefaultServletHandlerConfigurer arg0) {
        // TODO Auto-generated method stub

    }

    @Override
    public void configureHandlerExceptionResolvers(List<HandlerExceptionResolver> arg0) {
        // TODO Auto-generated method stub

    }

    @Override
    public void configureMessageConverters(List<HttpMessageConverter<?>> arg0) {
        // TODO Auto-generated method stub

    }

    @Override
    public void configurePathMatch(PathMatchConfigurer arg0) {
        // TODO Auto-generated method stub

    }

    @Override
    public void configureViewResolvers(ViewResolverRegistry arg0) {
        // TODO Auto-generated method stub

    }

    @Override
    public void extendHandlerExceptionResolvers(List<HandlerExceptionResolver> arg0) {
        // TODO Auto-generated method stub

    }

    @Override
    public void extendMessageConverters(List<HttpMessageConverter<?>> arg0) {
        // TODO Auto-generated method stub

    }

    @Override
    public MessageCodesResolver getMessageCodesResolver() {
        // TODO Auto-generated method stub
        return null;
    }

    @Override
    public Validator getValidator() {
        // TODO Auto-generated method stub
        return null;
    }

}

TokenInit:

package com.example.access.token.tokenInit;

import com.auth0.jwt.JWT;
import com.auth0.jwt.algorithms.Algorithm;
import com.example.access.token.entity.User;

import java.util.Date;

public class TokenInit {

    public static String getToken (User user) {
        Date start = new Date();
        long currentTime = System.currentTimeMillis() +60*60*1000;//一小时有效时间
        Date end = new Date(currentTime);

        return JWT.create().withIssuedAt(start).withExpiresAt(end).withAudience(user.getId())
                .sign(Algorithm.HMAC256(user.getPassword()));
    }
}

TokenUtil:

package com.example.access.token.tokenInit;

import com.auth0.jwt.JWT;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;

import javax.servlet.http.HttpServletRequest;

public class TokenUtil {

    public static String getTokenUserId() {
        String token = getRequest().getHeader("token");// 从 http 请求头中取出 token
        String userId = null;
        try{
            userId = JWT.decode(token).getAudience().get(0);
        }catch (Exception e) {
            System.out.println(e.toString());
        }
        return userId;
    }

    public static long time () {
        String token = getRequest().getHeader("token");// 从 http 请求头中取出 token
        long st = 0;
        try{
            st = JWT.decode(token).getIssuedAt().getTime();
        }catch (Exception e) {
            System.out.println(e.toString());
        }
        return System.currentTimeMillis()-st;
    }
    
    public static HttpServletRequest getRequest() {
        ServletRequestAttributes requestAttributes = (ServletRequestAttributes) RequestContextHolder
                .getRequestAttributes();
        return requestAttributes == null ? null : requestAttributes.getRequest();
    }
}

UserMapper.xml:

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
<mapper namespace="com.example.access.token.mapper.UserMapper">
    <select id="findByUsername" parameterType="String" resultType="com.example.access.token.entity.User">
      SELECT id,password,username
      FROM user
      WHERE
      username=#{username}
    </select>
    <select id="findUserById" parameterType="String" resultType="com.example.access.token.entity.User">
        SELECT id,username,password
        FROM user
        WHERE
        id=#{id}
    </select>
</mapper>

GlobalExceptionHandler(自定义公共异常类):

package com.example.access.token.api;

import com.alibaba.fastjson.JSONObject;
import org.springframework.web.bind.annotation.ControllerAdvice;
import org.springframework.web.bind.annotation.ExceptionHandler;
import org.springframework.web.bind.annotation.ResponseBody;


@ControllerAdvice
public class GlobalExceptionHandler {
    @ResponseBody
    @ExceptionHandler(Exception.class)
    public Object handleException(Exception e) {
        String msg = e.getMessage();
        if (msg == null || msg.equals("")) {
            msg = "server is error";
        }
        JSONObject js = new JSONObject();
        js.put("success",false);
        js.put("message", msg);
        return js;
    }
}

UserApi(测试接口):

package com.example.access.token.api;

import com.alibaba.fastjson.JSONObject;
import com.example.access.token.entity.User;
import com.example.access.token.service.UserService;
import com.example.access.token.target.PassToken;
import com.example.access.token.target.UserLoginToken;
import com.example.access.token.tokenInit.TokenInit;
import org.springframework.web.bind.annotation.*;


@RestController
@RequestMapping("/userApi")
public class UserApi {
    final UserService userService;

    public UserApi(UserService userService) {
        this.userService = userService;
    }

    @PostMapping("/getToken")
    public Object getToken(@RequestBody User user) {
        JSONObject js = new JSONObject();
        User userForBase = userService.findByUsername(user);
        js.put("success", true);
        js.put("message", "login authorization success");
        js.put("token", "");
        if (userForBase == null) {
            js.put("success", false);
            js.put("message", "user is null");

        } else {
            if (!userForBase.getPassword().equals(user.getPassword())) {
                js.put("success", false);
                js.put("message", "password is error");
            } else {
                String token = TokenInit.getToken(userForBase);
                js.put("token", token);
            }
        }
        return js;
    }

    @UserLoginToken
    @GetMapping("/getMessage")
    public String getMessage() {
        return "你已通过验证";
    }

    @PassToken
    @GetMapping("/getMessage0")
    public String getMessage0() {
        return "你已通过验证";
    }
}

moxhan
关注
spring boot+jwt实现apitoken认证详解
08-26
主要给大家介绍了关于spring boot+jwt实现apitoken认证的相关资料,文中通过示例代码介绍的非常详细,对大家的学习或者工作具有一定的参考学习价值,需要的朋友们下面随着小编来一学习学习吧
SpringBoot集成JWT实现token验证
weixin_33994444的博客
07-10 2071
JWT官网: https://jwt.io/JWT(Java版)的github地址:https://github.com/jwtk/jjwt 什么是JWT Json web token (JWT), 是为了在网络应用环境间传递声明而执行的一种基于JSON的开放标准((RFC 7519).定义了一种简洁的,自包...
springboot系列教程(二十六):springboot整合JWT框架,解决Token验证问题
最新发布
weixin_43860634的博客
07-31 595
springboot系列教程(二十六):springboot整合JWT框架,解决Token验证问题
springboot+jwtapitoken认证
weixin_34318326的博客
12-15 486
本篇和大家分享jwt(json web token)的使用,她主要用来生成接口访问的token验证,其单独结合springboot来开发api接口token验证很是方便,由于jwttoken中存储有用户的信息并且有加密,所以适用于分布式,这样直接吧信息存储在用户本地减速了服务端存储sessiion或token的压力;如下快速使用: 1 &lt;!--jwt--&gt; 2 &lt;...
springboot+jwt实现token登陆权限认证
秃了也弱了
07-01 6012
目录 一 前言 二 jwt实现登陆认证流程 三 相关介绍jwt 3.1jwt 组成 3.2 jwt优点 四 jwt用户登陆发放token 4.1 pom.xml 4.2jwt工具类 4.3 用户实体 4.4Controller 4.5 测试 五 jwt登陆拦截认证 5.1自定义拦截器 5.2 service 5.3拦截器配置 5.4Controller 5.5 测试 六 官网链接 一 前言 此篇文章的内容也是学习不久,终于到周末有时间码一篇文章分享知识追寻者的粉.
java+spring-boot-jwt + spring security集成实战项目.zip
08-17
Spring Boot项目中,我们可以使用Spring Security的JWT扩展来实现登录验证和令牌管理。 项目的实施步骤可能包括以下几个关键部分: 1. **项目初始化**:使用Spring Initializr创建一个新的Spring Boot项目,添加...
Spring-Boot结合Security+JWT 简单实现前后端分离用户登录、授权案例
07-12
Spring-Security结合JWT 实现前后端分离完成权限验证功能案例,案例中,主要完成用户登录获取Token,通过Token访问Rest接口,没有权限或授权失败时返回JSON,前端根据状态码进行重新登录;案例中的用户名称: jake_j...
spring-boot-jwt-sample:spring-boot-jwt-sample
05-16
spring boot整合jwt完成接口授权认证 1、注册用户(POST) { "id": 1, "userName": "admin", "loginName": "admin", "password": "admin", "roles": "admin", "email": "admin@ameizi.net", "location": "xi'an...
shrio-with-jwt-spring-boot-starter:spring-boot环境下基于JWT Token的无状态shiro权限验证框架
05-14
如需了解本框架的设计细节,请阅读:这篇文章 简介 用户权限管理是每个信息系统最基本的需求,对基于 Java 的项目来说,最常用的权限管理框架就是大名鼎鼎的 Apache Shiro。Apache Shiro 功能非常强大,使用广泛,...
springboot 集成 jwt实现apitoken认证机制
阿啄debugIT
11-28 1623
JWT原理 JWT是Auth0提出的通过对JSON进行加密签名来实现授权验证的方案,编码之后的JWT看起来是这样的一串字符: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4...
基于springboot+oauth2.0+jwtToken鉴权认证开发的后台接口,整套架构采用restful风格,车牌识别,阿里云消息推送,短信接口
04-04
内容只为接口开发,配合前端和移动app调用使用,不包含html页面,基于springboot+oauth2.0+jwttoken鉴权(内有怎么使用redistoken和数据库token注释)+restful风格+阿里短信+阿里消息推送+车牌识别等。该项目为工作实际使用完整项目
SpringBoot使用token简单鉴权的具体实现方法
08-25
主要介绍了SpringBoot使用token简单鉴权的具体实现方法,文中通过示例代码介绍的非常详细,对大家的学习或者工作具有一定的参考学习价值,需要的朋友们下面随着小编来一起学习学习吧
SpringBoot结合JWT访问API实现Token验证
wuhongyuxuexi的博客
09-15 694
SpringBoot结合JWT实现token验证
jwt token java_spring boot+jwt实现apitoken认证详解
weixin_28871885的博客
02-21 483
前言本篇和大家分享jwt(json web token)的使用,她主要用来生成接口访问的token验证,其单独结合springboot来开发api接口token验证很是方便,由于jwttoken中存储有用户的信息并且有加密,所以适用于分布式,这样直接吧信息存储在用户本地减速了服务端存储sessiion或token的压力;如下快速使用:io.jsonwebtokenjjwt0.9.0com.al...
springboot 集成JWT实现token验证
laow的博客
11-29 1623
JWT实现token验证
SpringBoot 集成jwt实现token授权与验证
03-02 2449
SpringBoot Token 授权 验证
SpringBoot3.0集成Jwt实现token验证
LLiu001的博客
06-07 515
springboot+jwt进行登录的前后端分离,使用token验证机制
Spring Boot + JWTAPI token认证详解与实战示例
本文将深入探讨如何在Spring Boot应用中使用JWT (JSON Web Tokens) 实现APItoken认证JWT是一种轻量级的身份验证机制,特别适合于分布式系统,因为它允许在客户端存储加密过的令牌,从而减轻服务器端维护session...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值