SpringBoot使用token简单鉴权的具体实现方法

实现思路:

  1. 用户登录请求登录接口时,验证用户名密码等,验证成功会返回给前端一个token,这个token就是之后鉴权的唯一凭证。
  2. 后台可能将token存储在redis或者数据库中。
  3. 之后前端的请求,需要在header中携带token,后端取出token去redis或者数据库中进行验证,如果验证通过则放行,如果不通过则拒绝操作。

当然,如上的说法只是简单的实现,实质上还有很多需要优化的地方。

可以参考:https://blog.csdn.net/kkkun_joe/article/details/81878231

https://www.javamall.com.cn/blog/archives/642

 

具体实现方式

1、添加依赖

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>
    <parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
        <version>2.3.4.RELEASE</version>
        <relativePath/> <!-- lookup parent from repository -->
    </parent>
    <groupId>com.example.jwt.token</groupId>
    <artifactId>demo</artifactId>
    <version>0.0.1-SNAPSHOT</version>
    <name>demo</name>
    <description>Demo project for Spring Boot</description>
 
    <properties>
        <java.version>1.8</java.version>
    </properties>
 
    <dependencies>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>
 
        <!-- https://mvnrepository.com/artifact/com.auth0/java-jwt -->
        <dependency>
            <groupId>com.auth0</groupId>
            <artifactId>java-jwt</artifactId>
            <version>3.10.3</version>
        </dependency>
 
 
 
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
            <scope>test</scope>
            <exclusions>
                <exclusion>
                    <groupId>org.junit.vintage</groupId>
                    <artifactId>junit-vintage-engine</artifactId>
                </exclusion>
            </exclusions>
        </dependency>
    </dependencies>
 
    <build>
        <plugins>
            <plugin>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-maven-plugin</artifactId>
            </plugin>
        </plugins>
    </build>
 
</project>

  2、生成签名方法

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
/**
     * 生成签名
     */
    public String sign(String userName,String passWord){
        Date date=new Date(System.currentTimeMillis()+3600);
        //设置私钥和加密算法
        Algorithm algorithm=Algorithm.HMAC256("sadfsfsf3r3r545dfdfasas");
        //设置头部信息
        Map<String,Object> header=new HashMap<>();
        header.put("typ","JWT");
        header.put("alg","HS256");
        String token = JWT.create().withHeader(header).withClaim("userName", userName)
                .withClaim("passWord", passWord).withExpiresAt(date).sign(algorithm);
        return token;
 
    }

  3、解码,通过token获取用户名

?
1
2
3
4
5
6
7
8
9
/**
     * 通过token获取用户
     * @param token
     */
    @GetMapping("/user/{token}")
    public void getUserName(@PathVariable("token") String token){
        String userName = JWT.decode(token).getClaim("userName").asString();
        System.out.println(userName);
    }

4、增加拦截器

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
public class LoginInterceptor implements HandlerInterceptor {
    @Autowired
    private LoginController loginController;
    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        String token = request.getHeader("token");
        if(StringUtils.isEmpty(token)){
           throw new Exception("token不能为空");
        }
        Boolean verify = null;
        try {
            LoginController loginController=new LoginController();
            verify = loginController.verify(token);
            if(verify){
               return true;
            }else {
                return false;
            }
        } catch (Exception e) {
            return false;
        }
    }
}

  

?
1
2
3
4
5
6
7
8
9
10
@Configuration
public class WebMvcConfig implements WebMvcConfigurer {
    @Override
    public void addInterceptors(InterceptorRegistry registry) {
        registry.addInterceptor(new LoginInterceptor())
                .addPathPatterns("/**")
        .excludePathPatterns("/login")
        ;
    }
}

  

5、测试

?
1
2
3
4
5
6
7
8
@GetMapping("/login")
    public String login(){
        //模拟用户名和密码
        String userName="admin";
        String passWord="admin";
        String token = sign(userName, passWord);
        return token;
    }

  

 

posted @   刘百会  阅读(2671)  评论(0编辑  收藏  举报
编辑推荐:
· AI与.NET技术实操系列(二):开始使用ML.NET
· 记一次.NET内存居高不下排查解决与启示
· 探究高空视频全景AR技术的实现原理
· 理解Rust引用及其生命周期标识(上)
· 浏览器原生「磁吸」效果!Anchor Positioning 锚点定位神器解析
阅读排行:
· DeepSeek 开源周回顾「GitHub 热点速览」
· 物流快递公司核心技术能力-地址解析分单基础技术分享
· .NET 10首个预览版发布:重大改进与新特性概览!
· AI与.NET技术实操系列(二):开始使用ML.NET
· 单线程的Redis速度为什么快?
点击右上角即可分享
微信分享提示
AI FOR CODE 大赛