怎么在SpringBootSecurity中利用JWT授權(quán)RestAPI

本篇文章為大家展示了怎么在SpringBoot Security中利用JWT授權(quán)RestAPI，內(nèi)容簡(jiǎn)明扼要并且容易理解，絕對(duì)能使你眼前一亮，通過(guò)這篇文章的詳細(xì)介紹希望你能有所收獲。

創(chuàng)新互聯(lián)自2013年創(chuàng)立以來(lái)，是專業(yè)互聯(lián)網(wǎng)技術(shù)服務(wù)公司，擁有項(xiàng)目網(wǎng)站設(shè)計(jì)制作、成都做網(wǎng)站網(wǎng)站策劃，項(xiàng)目實(shí)施與項(xiàng)目整合能力。我們以讓每一個(gè)夢(mèng)想脫穎而出為使命，1280元寧鄉(xiāng)做網(wǎng)站,已為上家服務(wù),為寧鄉(xiāng)各地企業(yè)和個(gè)人服務(wù),聯(lián)系電話:18982081108

基礎(chǔ)環(huán)境

技術(shù)	版本
Java	1.8+
SpringBoot	2.x.x
Security	5.x
JWT	0.9.0

創(chuàng)建項(xiàng)目

初始化項(xiàng)目

mvn archetype:generate -DgroupId=com.edurt.sli.slisj -DartifactId=spring-learn-integration-security-jwt -DarchetypeArtifactId=maven-archetype-quickstart -Dversion=1.0.0 -DinteractiveMode=false

修改pom.xml增加security和jwt的支持




  
    spring-learn-integration-security
    com.edurt.sli
    1.0.0
  

  4.0.0

  spring-learn-integration-security-jwt

  SpringBoot Security整合JWT授權(quán)RestAPI

  
    1.8
    3.3
    2.0.3.RELEASE
    1.18.6
    0.9.0
    2.9.9
  

  
    
      org.springframework.boot
      spring-boot-starter-web
      ${dependency.springboot2.common.version}
    
    
      org.springframework.boot
      spring-boot-starter-security
      ${dependency.springboot2.common.version}
    
    
      io.jsonwebtoken
      jjwt
      ${dependency.jwt.version}
    
    
      org.projectlombok
      lombok
      ${dependency.lombok.version}
    
    
      com.fasterxml.jackson.core
      jackson-databind
      ${dependency.jackson.version}
    
  

  
    
      
        org.springframework.boot
        spring-boot-maven-plugin
        ${dependency.springboot2.common.version}
        
          true
        
      
      
        org.apache.maven.plugins
        maven-compiler-plugin
        ${plugin.maven.compiler.version}
        
          ${system.java.version}
          ${system.java.version}

spring-boot-starter-security啟動(dòng)spring security安全框架

jjwt啟動(dòng)spring security jwt框架支持

一個(gè)簡(jiǎn)單的應(yīng)用類

/** * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file * distributed with this work for additional information * regarding copyright ownership. The ASF licenses this file * to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at *

* http://www.apache.org/licenses/LICENSE-2.0 *

SpringBootSecurityJwtIntegration

Description : SpringBootSecurityJwtIntegration

Author : qianmoQ

Version : 1.0

Create Time : 2019-11-26 20:45

Author Email: qianmoQ

*/ @SpringBootApplication @Component(value = "com.edurt.sli.slisj") public class SpringBootSecurityJwtIntegration { public static void main(String[] args) { SpringApplication.run(SpringBootSecurityJwtIntegration.class, args); } }

配置 JWT

在/src/main/java/com/edurt/sli/slisj目錄下創(chuàng)建config目錄,并在該目錄下新建jwt目錄,在該目錄下新建JwtTokenTemplate工具模板

/**
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements. See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership. The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License. You may obtain a copy of the License at
 * 
 * http://www.apache.org/licenses/LICENSE-2.0
 * 

 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package com.edurt.sli.slisj.config.jwt;

import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.stereotype.Component;

import java.io.Serializable;
import java.time.Instant;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;

/**
 * 
 JwtTokenTemplate 
 *  Description : JwtTokenTemplate 
 *  Author : qianmoQ 
 *  Version : 1.0 
 *  Create Time : 2019-11-26 20:49 
 *  Author Email: qianmoQ 
 */
@Component
public class JwtTokenTemplate implements Serializable {

  private static final String CLAIM_KEY_USERNAME = "sub";

  private static final long EXPIRATION_TIME = 432000000;

  private static final String SECRET = "secret";

  public String generateToken(UserDetails userDetails) {
    Map claims = new HashMap<>(16);
    claims.put(CLAIM_KEY_USERNAME, userDetails.getUsername());
    return Jwts.builder()
        .setClaims(claims)
        .setExpiration(new Date(Instant.now().toEpochMilli() + EXPIRATION_TIME))
        .signWith(SignatureAlgorithm.HS512, SECRET)
        .compact();
  }

  public Boolean validateToken(String token, UserDetails userDetails) {
    User user = (User) userDetails;
    String username = getUsernameFromToken(token);
    return (username.equals(user.getUsername()) && !isTokenExpired(token));
  }

  public Boolean isTokenExpired(String token) {
    Date expiration = getExpirationDateFromToken(token);
    return expiration.before(new Date());
  }

  public String getUsernameFromToken(String token) {
    String username = getClaimsFromToken(token).getSubject();
    return username;
  }

  public Date getExpirationDateFromToken(String token) {
    Date expiration = getClaimsFromToken(token).getExpiration();
    return expiration;
  }

  private Claims getClaimsFromToken(String token) {
    Claims claims = Jwts.parser()
        .setSigningKey(SECRET)
        .parseClaimsJws(token)
        .getBody();
    return claims;
  }

}

在jwt該目錄下新建JwtTokenFilter過(guò)濾器

* http://www.apache.org/licenses/LICENSE-2.0 *

* Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package com.edurt.sli.slisj.config.jwt; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.web.authentication.WebAuthenticationDetailsSource; import org.springframework.stereotype.Component; import org.springframework.web.filter.OncePerRequestFilter; import javax.servlet.FilterChain; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; /** *

JwtTokenFilter

Description : JwtTokenFilter

Author : qianmoQ

Version : 1.0

Create Time : 2019-11-26 20:49

Author Email: qianmoQ

*/ @Component public class JwtTokenFilter extends OncePerRequestFilter { public static final String HEADER_STRING = "Authorization"; @Autowired private UserDetailsService userDetailsService; @Autowired private JwtTokenTemplate jwtTokenTemplate; @Override protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws ServletException, IOException { String token = request.getHeader(HEADER_STRING); if (null != token) { String username = jwtTokenTemplate.getUsernameFromToken(token); if (username != null && SecurityContextHolder.getContext().getAuthentication() == null) { UserDetails userDetails = this.userDetailsService.loadUserByUsername(username); if (jwtTokenTemplate.validateToken(token, userDetails)) { UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken( userDetails, null, userDetails.getAuthorities()); authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails( request)); SecurityContextHolder.getContext().setAuthentication(authentication); } } } chain.doFilter(request, response); } }

配置Security

在config目錄下新建JwtSecurityConfig文件

/**
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements. See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership. The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License. You may obtain a copy of the License at
 * 
 * http://www.apache.org/licenses/LICENSE-2.0
 * 

 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package com.edurt.sli.slisj.config;

import com.edurt.sli.slisj.config.jwt.JwtTokenFilter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

/**
 * 
 JwtSecurityConfig 
 *  Description : JwtSecurityConfig 
 *  Author : qianmoQ 
 *  Version : 1.0 
 *  Create Time : 2019-11-26 20:46 
 *  Author Email: qianmoQ 
 */
@Configuration
@EnableWebSecurity
public class JwtSecurityConfig extends WebSecurityConfigurerAdapter {

  @Autowired
  private UserDetailsService userDetailsService;

  @Autowired
  public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
    auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
  }

  @Bean
  public PasswordEncoder passwordEncoder() {
    return new BCryptPasswordEncoder();
  }

  @Override
  protected void configure(HttpSecurity http) throws Exception {
    http.csrf().disable()
        .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
        .authorizeRequests()
        .antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
        .antMatchers("/auth/login").permitAll()
        .anyRequest().authenticated();
    http.addFilterBefore(authenticationTokenFilterBean(), UsernamePasswordAuthenticationFilter.class);
    http.headers().cacheControl();
  }

  @Bean
  public JwtTokenFilter authenticationTokenFilterBean() {
    return new JwtTokenFilter();
  }

  @Bean
  @Override
  public AuthenticationManager authenticationManagerBean() throws Exception {
    return super.authenticationManagerBean();
  }

}

在config目錄下新建JwtUserDetailsService文件

* http://www.apache.org/licenses/LICENSE-2.0 *

JwtUserDetailsService

Description : JwtUserDetailsService

Author : qianmoQ

Version : 1.0

Create Time : 2019-11-26 20:54

Author Email: qianmoQ

*/ @Service public class JwtUserDetailsService implements UserDetailsService { @Override public UserDetails loadUserByUsername(String userName) throws UsernameNotFoundException { if (userName.equals("admin")) { return new User("admin", "$2a$10$slYQmyNdGzTn7ZLBXBChFOC9f6kFjAqPhccnP6DxlWXx2lPk1C3G6", new ArrayList<>()); } return null; } }

在resources資源目錄下創(chuàng)建一個(gè)application.properties的配置文件,內(nèi)容如下

server.port=8989

創(chuàng)建授權(quán)參數(shù)

在/src/main/java/com/edurt/sli/slisj目錄下創(chuàng)建param目錄,并在該目錄下新建JwtParam文件

* http://www.apache.org/licenses/LICENSE-2.0 *

JwtParam

Description : JwtParam

Author : qianmoQ

Version : 1.0

Create Time : 2019-11-26 20:59

Author Email: qianmoQ

*/ @Data @ToString @AllArgsConstructor @NoArgsConstructor public class JwtParam { private String username; private String password; }

創(chuàng)建授權(quán)接口

在/src/main/java/com/edurt/sli/slisj目錄下創(chuàng)建controller目錄,并在該目錄下新建HelloJwtController文件

* http://www.apache.org/licenses/LICENSE-2.0 *

* Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package com.edurt.sli.slisj.controller; import com.edurt.sli.slisj.config.JwtUserDetailsService; import com.edurt.sli.slisj.config.jwt.JwtTokenTemplate; import com.edurt.sli.slisj.param.JwtParam; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.web.bind.annotation.*; /** *

HelloJwtController

Description : HelloJwtController

Author : qianmoQ

Version : 1.0

Create Time : 2019-11-26 20:58

Author Email: qianmoQ

*/ @RestController @RequestMapping(value = "auth") public class HelloJwtController { @Autowired private JwtTokenTemplate jwtTokenTemplate; @Autowired private AuthenticationManager authenticationManager; @Autowired private JwtUserDetailsService userDetailsService; @PostMapping(value = "login") public String login(@RequestBody JwtParam body) throws AuthenticationException { UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(body.getUsername(), body.getPassword()); Authentication authentication = authenticationManager.authenticate(authenticationToken); SecurityContextHolder.getContext().setAuthentication(authentication); UserDetails userDetails = userDetailsService.loadUserByUsername(body.getUsername()); return jwtTokenTemplate.generateToken(userDetails); } @GetMapping(value = "hello") public String hello() { return "Hello Jwt!!!"; } }

校驗(yàn)授權(quán)

在控制臺(tái)輸入以下命令(未授權(quán)時(shí))

curl -X GET 'http://localhost:8989/auth/hello'

會(huì)出現(xiàn)以下錯(cuò)誤信息

{
  "timestamp": "2019-11-26T13:05:05.204+0000",
  "status": 403,
  "error": "Forbidden",
  "message": "Access Denied",
  "path": "/auth/hello"
}

提示我們未授權(quán),這時(shí)我們使用/auth/login去獲得授權(quán)的token

curl -X POST 'http://127.0.0.1:8989/auth/login' --header 'Content-Type: application/json' -d '{"username": "admin", "password": "password"}'

返回以下token信息

eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJhZG1pbiIsImV4cCI6MTU3NTIwNTg4OH0.zc3JTsIHIZSmi-hrgCB1AKrrjVWtnWB4YJjOhzml2k9qRdTGdoDYKM1XriQIAInvIrTDDkpozT4Ny58Wcpm4JA

這時(shí)我們使用返回的token進(jìn)行訪問(wèn)/auth/hello接口獲取數(shù)據(jù)

curl -X GET 'http://127.0.0.1:8989/auth/hello' --header 'Authorization: eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJhZG1pbiIsImV4cCI6MTU3NTIwNTg4OH0.zc3JTsIHIZSmi-hrgCB1AKrrjVWtnWB4YJjOhzml2k9qRdTGdoDYKM1XriQIAInvIrTDDkpozT4Ny58Wcpm4JA'

返回以下信息

Hello Jwt!!!

此時(shí)我們已經(jīng)完成JWT授權(quán)配置

打包文件部署

打包數(shù)據(jù)

mvn clean package -Dmaven.test.skip=true -X

運(yùn)行打包后的文件即可

java -jar target/spring-learn-integration-security-jwt-1.0.0.jar

上述內(nèi)容就是怎么在SpringBoot Security中利用JWT授權(quán)RestAPI，你們學(xué)到知識(shí)或技能了嗎？如果還想學(xué)到更多技能或者豐富自己的知識(shí)儲(chǔ)備，歡迎關(guān)注創(chuàng)新互聯(lián)行業(yè)資訊頻道。

分享文章：怎么在SpringBootSecurity中利用JWT授權(quán)RestAPI
本文鏈接：http://weahome.cn/article/gchocs.html

真实的国产乱ⅩXXX66竹夫人,五月香六月婷婷激情综合,亚洲日本VA一区二区三区,亚洲精品一区二区三区麻豆

怎么在SpringBootSecurity中利用JWT授權(quán)RestAPI

其他資訊

網(wǎng)站制作

企業(yè)服務(wù)

網(wǎng)站建設(shè)

服務(wù)器托管