2024年5月6日第四十四篇

今天完成了接祖作业中后端的开发，并着重对jwt令牌认证进行了学习。

Controller的函数的参数里面 加一个

Authentication authentication

然后调用

authentication.getName()

就能获取到用户名，查找使用即可

package com.example.stdudemo.controller;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.oauth2.jwt.JwtClaimsSet;
import org.springframework.security.oauth2.jwt.JwtEncoder;
import org.springframework.security.oauth2.jwt.JwtEncoderParameters;
import org.springframework.web.bind.annotation.CrossOrigin;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RestController;

import java.time.Instant;
import java.util.stream.Collectors;

@CrossOrigin
@RestController
public class TokenController {
    @Autowired
    JwtEncoder encoder;
    @PostMapping("/api/token")
    public String token(Authentication authentication)  {
        Instant now = Instant.now();
        long expiry = 3600000L;
        String scope = authentication.getAuthorities().stream()
                .map(GrantedAuthority::getAuthority)
                .collect(Collectors.joining(" "));
        JwtClaimsSet claims = JwtClaimsSet.builder()
                .issuer("self")
                .issuedAt(now)
                .expiresAt(now.plusSeconds(expiry))
                .subject(authentication.getName())
                .claim("scope", scope)
                .build();
        return "\"" +this.encoder.encode(JwtEncoderParameters.from(claims)).getTokenValue() + "\"";
    }
}

使用Rester的Authentication选项中，添加Basic Auth，填入用户名和密码，访问token controller