碼上快樂

相關內容    簡體    繁體

在SpringBoot中使用JWT

本文轉載自   查看原文   2019-07-02 16:46   431    通用實踐/ 安全/ java經驗集錦/ SpringBoot/ 鑒權

JWT簡介

簡介

JSON Web token簡稱JWT, 是用於對應用程序上的用戶進行身份驗證的標記。也就是說, 使用 JWTS 的應用程序不再需要保存有關其用戶的 cookie 或其他session數據。此特性便於可伸縮性, 同時保證應用程序的安全。

在身份驗證過程中, 當用戶使用其憑據成功登錄時, 將返回 JSON Web token, 並且必須在本地保存 (通常在本地存儲中)。每當用戶要訪問受保護的路由或資源 (端點) 時, 用戶代理(user agent)必須連同請求一起發送 JWT, 通常在授權標頭中使用Bearer schema。后端服務器接收到帶有 JWT 的請求時, 首先要做的是驗證token。

JWT的格式

JWT就是一個字符串,經過加密處理與校驗處理的字符串,形式為:A.B.C
A由JWT頭部信息header加密得到
B由JWT用到的身份驗證信息json數據加密得到
C由A和B加密得到,是校驗部分

怎樣使用token?

可以放到HTTP請求的請求頭中,通常是Authorization字段。

流程圖

jwt流程圖.png

JWT 實戰

加入Maven jwt 依賴

<dependency>
  <groupId>io.jsonwebtoken</groupId>
  <artifactId>jjwt</artifactId>
  <version>0.9.1</version>
</dependency>

在application.proterties中加入配置

# 加密yan
jwt.secret=A0B1C2D3E4F5G6H7I8J9KALBMCNDOEPFQ0R1S2T3U4V5W6X7Y8Z9
# tocken 過期時間,單位秒
jwt.expire=300
# 需要認證的url,多個URL使用英文逗號,分割
jwt.authorised-urls=/apis/fis/redis/**

JwtHelper工具類

import java.text.SimpleDateFormat;
import java.util.Calendar;
import java.util.Date;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import com.alibaba.fastjson.JSONObject;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;

public class JwtHelper {
 private Long EXPIRATION_TIME;
 private String SECRET;
 private final String TOKEN_PREFIX = "Bearer";
 private final String HEADER_STRING = "Authorization";


public JwtHelper(<span class="hljs-built_in"><span class="hljs-built_in">String</span></span> secret, long expire) {
    <span class="hljs-keyword"><span class="hljs-keyword">this</span></span>.EXPIRATION_TIME = expire;
    <span class="hljs-keyword"><span class="hljs-keyword">this</span></span>.SECRET = secret;
    System.out.println(<span class="hljs-string"><span class="hljs-string">"正在初始化Jwthelper,expire="</span></span>+expire);
}

public JSONObject generateToken(<span class="hljs-built_in"><span class="hljs-built_in">Map</span></span>&lt;<span class="hljs-built_in"><span class="hljs-built_in">String</span></span>, <span class="hljs-built_in"><span class="hljs-built_in">Object</span></span>&gt; claims) {
    Calendar c = Calendar.getInstance();
    c.setTime(<span class="hljs-keyword"><span class="hljs-keyword">new</span></span> <span class="hljs-built_in"><span class="hljs-built_in">Date</span></span>());
    c.add(Calendar.SECOND, EXPIRATION_TIME.intValue());
    <span class="hljs-built_in"><span class="hljs-built_in">Date</span></span> d = c.getTime();
    <span class="hljs-built_in"><span class="hljs-built_in">String</span></span> jwt = Jwts.builder()
            .setClaims(claims)
            .setExpiration(d)
            .signWith(SignatureAlgorithm.HS512, SECRET)
            .compact();
    JSONObject json = <span class="hljs-keyword"><span class="hljs-keyword">new</span></span> JSONObject();
    json.put(<span class="hljs-string"><span class="hljs-string">"token"</span></span>,TOKEN_PREFIX + <span class="hljs-string"><span class="hljs-string">" "</span></span> + jwt);
    json.put(<span class="hljs-string"><span class="hljs-string">"token-type"</span></span>, TOKEN_PREFIX);
    json.put(<span class="hljs-string"><span class="hljs-string">"expire-time"</span></span>,<span class="hljs-keyword"><span class="hljs-keyword">new</span></span> SimpleDateFormat(<span class="hljs-string"><span class="hljs-string">"yyyy-MM-dd HH:ss:mm"</span></span>).format(d) );
    <span class="hljs-keyword"><span class="hljs-keyword">return</span></span> json;
}

public <span class="hljs-built_in"><span class="hljs-built_in">Map</span></span>&lt;<span class="hljs-built_in"><span class="hljs-built_in">String</span></span>, <span class="hljs-built_in"><span class="hljs-built_in">Object</span></span>&gt; validateTokenAndGetClaims(HttpServletRequest request) {
    <span class="hljs-built_in"><span class="hljs-built_in">String</span></span> token = request.getHeader(HEADER_STRING);
    System.out.println(<span class="hljs-string"><span class="hljs-string">"token is:"</span></span>+token);
    <span class="hljs-keyword"><span class="hljs-keyword">if</span></span> (token == <span class="hljs-literal"><span class="hljs-literal">null</span></span>) {
        <span class="hljs-keyword"><span class="hljs-keyword">return</span></span> <span class="hljs-literal"><span class="hljs-literal">null</span></span>;
    } 
    <span class="hljs-built_in"><span class="hljs-built_in">Map</span></span>&lt;<span class="hljs-built_in"><span class="hljs-built_in">String</span></span>, <span class="hljs-built_in"><span class="hljs-built_in">Object</span></span>&gt; body = Jwts.parser()
            .setSigningKey(SECRET)
            .parseClaimsJws(token.replace(TOKEN_PREFIX, <span class="hljs-string"><span class="hljs-string">""</span></span>))
            .getBody();
    <span class="hljs-keyword"><span class="hljs-keyword">return</span></span> body;
}



}

JWT過濾器JwtFilter

import java.io.IOException;
import java.util.Arrays;
import java.util.List;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.http.HttpStatus;
import org.springframework.util.AntPathMatcher;

/**


    
    
   
   
           
     
            
  • JWT過濾器
    •  
            
  •  
            
  • @author 李慶海
    •  
            
  •  
           


*/
 public class JwtFilter implements Filter {
 private JwtHelper jwtHelper;
 private List<String> urls = null;
 private static final org.springframework.util.PathMatcher pathMatcher = new AntPathMatcher();
 public JwtFilter(JwtHelper jwtHelper, String[] authorisedUrls) {
 this.jwtHelper = jwtHelper;
 urls = Arrays.asList(authorisedUrls);
 }


<span class="hljs-meta"><span class="hljs-meta">@Override</span></span>
<span class="hljs-function"><span class="hljs-keyword"><span class="hljs-function"><span class="hljs-keyword">public</span></span></span><span class="hljs-function"> </span><span class="hljs-keyword"><span class="hljs-function"><span class="hljs-keyword">void</span></span></span><span class="hljs-function"> </span><span class="hljs-title"><span class="hljs-function"><span class="hljs-title">init</span></span></span><span class="hljs-params"><span class="hljs-function"><span class="hljs-params">(FilterConfig filterConfig)</span></span></span><span class="hljs-function"> </span><span class="hljs-keyword"><span class="hljs-function"><span class="hljs-keyword">throws</span></span></span><span class="hljs-function"> ServletException </span></span>{
    <span class="hljs-comment"><span class="hljs-comment">//SpringBeanAutowiringSupport.processInjectionBasedOnServletContext(this, filterConfig.getServletContext());</span></span>
}

<span class="hljs-meta"><span class="hljs-meta">@Override</span></span>
<span class="hljs-function"><span class="hljs-keyword"><span class="hljs-function"><span class="hljs-keyword">public</span></span></span><span class="hljs-function"> </span><span class="hljs-keyword"><span class="hljs-function"><span class="hljs-keyword">void</span></span></span><span class="hljs-function"> </span><span class="hljs-title"><span class="hljs-function"><span class="hljs-title">doFilter</span></span></span><span class="hljs-params"><span class="hljs-function"><span class="hljs-params">(ServletRequest request, ServletResponse response, FilterChain chain)</span></span></span><span class="hljs-function"> </span><span class="hljs-keyword"><span class="hljs-function"><span class="hljs-keyword">throws</span></span></span><span class="hljs-function"> IOException, ServletException </span></span>{
    HttpServletRequest httpRequest = (HttpServletRequest) request;
    HttpServletResponse httpResponse = (HttpServletResponse) response;
    httpResponse.setCharacterEncoding(<span class="hljs-string"><span class="hljs-string">"UTF-8"</span></span>);
    httpResponse.setContentType(<span class="hljs-string"><span class="hljs-string">"application/json; charset=utf-8"</span></span>);
    httpResponse.setHeader(<span class="hljs-string"><span class="hljs-string">"Access-Control-Allow-Origin"</span></span>, <span class="hljs-string"><span class="hljs-string">"*"</span></span>);
    <span class="hljs-keyword"><span class="hljs-keyword">if</span></span> (<span class="hljs-string"><span class="hljs-string">"OPTIONS"</span></span>.equals(httpRequest.getMethod())) {
        httpResponse.setStatus(HttpStatus.NO_CONTENT.value()); <span class="hljs-comment"><span class="hljs-comment">// HttpStatus.SC_NO_CONTENT = 204</span></span>
        httpResponse.setHeader(<span class="hljs-string"><span class="hljs-string">"Access-Control-Allow-Credentials"</span></span>, <span class="hljs-string"><span class="hljs-string">"true"</span></span>);
        httpResponse.setHeader(<span class="hljs-string"><span class="hljs-string">"Access-Control-Allow-Headers"</span></span>, <span class="hljs-string"><span class="hljs-string">"Content-Type, x-requested-with, Token"</span></span>);
        httpResponse.setHeader(<span class="hljs-string"><span class="hljs-string">"Access-Control-Allow-Methods"</span></span>, <span class="hljs-string"><span class="hljs-string">"OPTIONS,GET,POST,DELETE,PUT"</span></span>);
    }
    String spath = httpRequest.getServletPath();
    <span class="hljs-keyword"><span class="hljs-keyword">try</span></span> {
        <span class="hljs-comment"><span class="hljs-comment">// 驗證受保護的接口</span></span>
        <span class="hljs-keyword"><span class="hljs-keyword">for</span></span> (String url : urls) {
            <span class="hljs-keyword"><span class="hljs-keyword">if</span></span> (pathMatcher.match(url, spath)) {
                Object token = jwtHelper.validateTokenAndGetClaims(httpRequest);
                <span class="hljs-keyword"><span class="hljs-keyword">if</span></span> (token != <span class="hljs-keyword"><span class="hljs-keyword">null</span></span>) {
                    chain.doFilter(request, response);
                    <span class="hljs-keyword"><span class="hljs-keyword">return</span></span>;
                }<span class="hljs-keyword"><span class="hljs-keyword">else</span></span>{
                     httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED, <span class="hljs-string"><span class="hljs-string">"未授權或者授權已經過期"</span></span>);
                     <span class="hljs-keyword"><span class="hljs-keyword">return</span></span>;
                }
            }<span class="hljs-keyword"><span class="hljs-keyword">else</span></span>{
                chain.doFilter(request, response);
                <span class="hljs-keyword"><span class="hljs-keyword">return</span></span>;
            }
        }
    } <span class="hljs-keyword"><span class="hljs-keyword">catch</span></span> (Exception e) {
        e.printStackTrace();
    }
    chain.doFilter(request, response);
    <span class="hljs-keyword"><span class="hljs-keyword">return</span></span>;
}

<span class="hljs-meta"><span class="hljs-meta">@Override</span></span>
<span class="hljs-function"><span class="hljs-keyword"><span class="hljs-function"><span class="hljs-keyword">public</span></span></span><span class="hljs-function"> </span><span class="hljs-keyword"><span class="hljs-function"><span class="hljs-keyword">void</span></span></span><span class="hljs-function"> </span><span class="hljs-title"><span class="hljs-function"><span class="hljs-title">destroy</span></span></span><span class="hljs-params"><span class="hljs-function"><span class="hljs-params">()</span></span></span><span class="hljs-function"> </span></span>{

}



}

配置JWT

import java.util.ArrayList;
import java.util.List;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import cn.com.yd.fis.client.jwt.JwtFilter;
 import cn.com.yd.fis.client.jwt.JwtHelper;


@Configuration
 public class JwtConfig {


<span class="hljs-meta"><span class="hljs-meta">@Value</span></span>(<span class="hljs-string"><span class="hljs-string">"${jwt.secret}"</span></span>)
<span class="hljs-keyword"><span class="hljs-keyword">private</span></span> String secret;

<span class="hljs-meta"><span class="hljs-meta">@Value</span></span>(<span class="hljs-string"><span class="hljs-string">"${jwt.expire}"</span></span>)
<span class="hljs-keyword"><span class="hljs-keyword">private</span></span> <span class="hljs-keyword"><span class="hljs-keyword">long</span></span> expire;

<span class="hljs-meta"><span class="hljs-meta">@Value</span></span>(<span class="hljs-string"><span class="hljs-string">"${jwt.authorised-urls}"</span></span>)
<span class="hljs-keyword"><span class="hljs-keyword">private</span></span> String[] authorisedUrls;

<span class="hljs-meta"><span class="hljs-meta">@Bean</span></span>
<span class="hljs-function"><span class="hljs-keyword"><span class="hljs-function"><span class="hljs-keyword">public</span></span></span><span class="hljs-function"> JwtHelper </span><span class="hljs-title"><span class="hljs-function"><span class="hljs-title">jwtHelperBean</span></span></span><span class="hljs-params"><span class="hljs-function"><span class="hljs-params">()</span></span></span><span class="hljs-function"> </span></span>{
    <span class="hljs-keyword"><span class="hljs-keyword">return</span></span> <span class="hljs-keyword"><span class="hljs-keyword">new</span></span> JwtHelper(secret, expire);
}

<span class="hljs-meta"><span class="hljs-meta">@Bean</span></span>
<span class="hljs-function"><span class="hljs-keyword"><span class="hljs-function"><span class="hljs-keyword">public</span></span></span><span class="hljs-function"> FilterRegistrationBean </span><span class="hljs-title"><span class="hljs-function"><span class="hljs-title">basicFilterRegistrationBean</span></span></span><span class="hljs-params"><span class="hljs-function"><span class="hljs-params">()</span></span></span><span class="hljs-function"> </span></span>{
    FilterRegistrationBean registrationBean = <span class="hljs-keyword"><span class="hljs-keyword">new</span></span> FilterRegistrationBean();
    JwtFilter filter = <span class="hljs-keyword"><span class="hljs-keyword">new</span></span> JwtFilter(jwtHelperBean(), authorisedUrls);
    registrationBean.setFilter(filter);
    List&lt;String&gt; urlPatterns = <span class="hljs-keyword"><span class="hljs-keyword">new</span></span> ArrayList&lt;String&gt;();
    urlPatterns.add(<span class="hljs-string"><span class="hljs-string">"/*"</span></span>);
    registrationBean.setUrlPatterns(urlPatterns);
    <span class="hljs-keyword"><span class="hljs-keyword">return</span></span> registrationBean;
}



}

在Controller中使用JWT

此處僅為說明jwt的用法,在實際應用時可以根據具體的業務需要加入不同的或者更多的參數,一並作為claims進行參數傳遞。

import java.util.HashMap;
import java.util.Map;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;
import cn.com.yd.fis.client.jwt.JwtHelper;
import cn.com.yd.fis.client.util.JsonResult;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiParam;

@RestController
 @RequestMapping("${api-url}/auth")
 public class AuthorizeController {


<span class="hljs-meta"><span class="hljs-meta">@Autowired</span></span>
<span class="hljs-keyword"><span class="hljs-keyword">private</span></span> JwtHelper jwtHelper;

<span class="hljs-meta"><span class="hljs-meta">@PostMapping</span></span>(<span class="hljs-string"><span class="hljs-string">"/login"</span></span>)
<span class="hljs-function"><span class="hljs-keyword"><span class="hljs-function"><span class="hljs-keyword">public</span></span></span><span class="hljs-function"> Object </span><span class="hljs-title"><span class="hljs-function"><span class="hljs-title">login</span></span></span><span class="hljs-params"><span class="hljs-function"><span class="hljs-params">(String loginName,String password)</span></span></span><span class="hljs-function"> </span><span class="hljs-keyword"><span class="hljs-function"><span class="hljs-keyword">throws</span></span></span><span class="hljs-function"> Exception </span></span>{
    Map&lt;String, Object&gt; claims = <span class="hljs-keyword"><span class="hljs-keyword">new</span></span> HashMap&lt;String, Object&gt;();
    claims.put(<span class="hljs-string"><span class="hljs-string">"loginName"</span></span>, loginName);
    <span class="hljs-keyword"><span class="hljs-keyword">if</span></span> (<span class="hljs-string"><span class="hljs-string">"1"</span></span>.equals(password)) {
        <span class="hljs-keyword"><span class="hljs-keyword">return</span></span> JsonResult.success(jwtHelper.generateToken(claims));
    } <span class="hljs-keyword"><span class="hljs-keyword">else</span></span> {
        <span class="hljs-keyword"><span class="hljs-keyword">return</span></span> JsonResult.fail(<span class="hljs-string"><span class="hljs-string">"登錄帳號或者登錄密碼錯誤"</span></span>);
    }
}



}

輔助工具類JsonResult

import com.alibaba.fastjson.JSONObject;

public class JsonResult {
 public static JSONObject success(Object obj) {
 JSONObject json = new JSONObject();
 json.put("state", true);
 json.put("msg", "成功");
 if (null != obj) {
 json.put("obj", obj);
 }
 return json;
 }


<span class="hljs-function"><span class="hljs-keyword"><span class="hljs-function"><span class="hljs-keyword">public</span></span></span><span class="hljs-function"> </span><span class="hljs-keyword"><span class="hljs-function"><span class="hljs-keyword">static</span></span></span><span class="hljs-function"> JSONObject </span><span class="hljs-title"><span class="hljs-function"><span class="hljs-title">fail</span></span></span><span class="hljs-params"><span class="hljs-function"><span class="hljs-params">(Object obj)</span></span></span><span class="hljs-function"> </span></span>{
    JSONObject json = <span class="hljs-keyword"><span class="hljs-keyword">new</span></span> JSONObject();
    json.put(<span class="hljs-string"><span class="hljs-string">"state"</span></span>, <span class="hljs-keyword"><span class="hljs-keyword">false</span></span>);
    json.put(<span class="hljs-string"><span class="hljs-string">"msg"</span></span>, <span class="hljs-string"><span class="hljs-string">"失敗"</span></span>);
    <span class="hljs-keyword"><span class="hljs-keyword">if</span></span> (<span class="hljs-keyword"><span class="hljs-keyword">null</span></span> != obj) {
        json.put(<span class="hljs-string"><span class="hljs-string">"obj"</span></span>, obj);
    }
    <span class="hljs-keyword"><span class="hljs-keyword">return</span></span> json;
}

<span class="hljs-function"><span class="hljs-keyword"><span class="hljs-function"><span class="hljs-keyword">public</span></span></span><span class="hljs-function"> </span><span class="hljs-keyword"><span class="hljs-function"><span class="hljs-keyword">static</span></span></span><span class="hljs-function"> JSONObject </span><span class="hljs-title"><span class="hljs-function"><span class="hljs-title">toJSONObject</span></span></span><span class="hljs-params"><span class="hljs-function"><span class="hljs-params">(</span></span><span class="hljs-keyword"><span class="hljs-function"><span class="hljs-params"><span class="hljs-keyword">boolean</span></span></span></span><span class="hljs-function"><span class="hljs-params"> state, String msg, Object obj)</span></span></span><span class="hljs-function"> </span></span>{
    JSONObject json = <span class="hljs-keyword"><span class="hljs-keyword">new</span></span> JSONObject();
    json.put(<span class="hljs-string"><span class="hljs-string">"state"</span></span>, state);
    json.put(<span class="hljs-string"><span class="hljs-string">"msg"</span></span>, msg);
    <span class="hljs-keyword"><span class="hljs-keyword">if</span></span> (<span class="hljs-keyword"><span class="hljs-keyword">null</span></span> != obj) {
        json.put(<span class="hljs-string"><span class="hljs-string">"obj"</span></span>, obj);
    }
    <span class="hljs-keyword"><span class="hljs-keyword">return</span></span> json;
}



}

原文地址: https://www.jianshu.com/p/620a9b15a619


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



猜您在找 SpringBoot中使用JWT SpringBoot中使用 JWT + 攔截器實現登錄驗證 SpringBoot中使用Shiro和JWT做認證和鑒權 JAVA中使用JWT SPA中使用jwt egg中使用jwt Django中使用JWT Laravel中使用JWT SpringBoot 使用 JWT JWT的使用與SpringBoot的整合
 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM