SpringBoot使⽤token简单鉴权的具体实现⽅法
实现思路:
1. ⽤户登录请求登录接⼝时,验证⽤户名密码等,验证成功会返回给前端⼀个token,这个token就是之后鉴权的唯⼀凭证。
2. 后台可能将token存储在redis或者数据库中。
3. 之后前端的请求,需要在header中携带token,后端取出token去redis或者数据库中进⾏验证,如果验证通过则放⾏,如果不通过则拒绝操作。当然,如上的说法只是简单的实现,实质上还有很多需要优化的地⽅。
可以参考:
具体实现⽅式
1、添加依赖
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="/POM/4.0.0" xmlns:xsi="/2001/XMLSchema-instance"
xsi:schemaLocation="/POM/4.0.0 /xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.3.4.RELEASE</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<groupId&ken</groupId>
<artifactId>demo</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>demo</name>
<description>Demo project for Spring Boot</description>
<properties>
<java.version>1.8</java.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<!-- mvnrepository/artifact/com.auth0/java-jwt -->
<dependency>
<groupId>com.auth0</groupId>
<artifactId>java-jwt</artifactId>
<version>3.10.3</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
<exclusions>
<exclusion>
<groupId>org.junit.vintage</groupId>
<artifactId>junit-vintage-engine</artifactId>
</exclusion>
</exclusions>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>
2、⽣成签名⽅法
/**
* ⽣成签名
*/
public String sign(String userName,String passWord){
Date date=new Date(System.currentTimeMillis()+3600);
//设置私钥和加密算法
Algorithm algorithm=Algorithm.HMAC256("sadfsfsf3r3r545dfdfasas");
//设置头部信息
Map<String,Object> header=new HashMap<>();
header.put("typ","JWT");
header.put("alg","HS256");
String token = ate().withHeader(header).withClaim("userName", userName)
.withClaim("passWord", passWord).withExpiresAt(date).sign(algorithm);
return token;
}
3、解码,通过token获取⽤户名
/**
* 通过token获取⽤户
* @param token
springframework和springboot*/
@GetMapping("/user/{token}")
public void getUserName(@PathVariable("token") String token){
String userName = JWT.decode(token).getClaim("userName").asString();
System.out.println(userName);
}
4、增加
public class LoginInterceptor implements HandlerInterceptor {
@Autowired
private LoginController loginController;
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { String token = Header("token");
if(StringUtils.isEmpty(token)){
throw new Exception("token不能为空");
}
Boolean verify = null;
try {
LoginController loginController=new LoginController();
verify = loginController.verify(token);
if(verify){
return true;
}else {
return false;
}
} catch (Exception e) {
return false;
}
}
}
@Configuration
public class WebMvcConfig implements WebMvcConfigurer {
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(new LoginInterceptor())
.addPathPatterns("/**")
.excludePathPatterns("/login")
;
}
}
5、测试
@GetMapping("/login")
public String login(){
//模拟⽤户名和密码
String userName="admin";
String passWord="admin";
String token = sign(userName, passWord);
return token;
}
版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系QQ:729038198,我们将在24小时内删除。
发表评论