用java结合springboot给登录写个用户名和密码JWT令牌验证
时间: 2023-06-05 21:04:07 浏览: 77
好的,这个问题属于技术问题,关于Java结合SpringBoot给登录写个用户名和密码JWT令牌验证,你可以参考以下步骤:
1. 在SpringBoot项目的pom.xml文件中添加JWT依赖:
```
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt</artifactId>
<version>0.9.1</version>
</dependency>
```
2. 编写一个jwt工具类,该类用于生成和解析JWT令牌:
```
public class JwtUtils {
private static final long EXPIRE_TIME = 30 * 60 * 1000; // 过期时间为30分钟
private static final String SECRET_KEY = "your_secret_key"; // 自定义秘钥,用于签名和解密
public static String generateToken(String username) {
Date now = new Date();
Date expireTime = new Date(now.getTime() + EXPIRE_TIME);
return Jwts.builder()
.setSubject(username)
.setIssuedAt(now)
.setExpiration(expireTime)
.signWith(SignatureAlgorithm.HS256, SECRET_KEY)
.compact();
}
public static String getUsernameFromToken(String token) {
Claims claims = Jwts.parser()
.setSigningKey(SECRET_KEY)
.parseClaimsJws(token)
.getBody();
return claims.getSubject();
}
public static boolean validateToken(String token) {
try {
Jwts.parser().setSigningKey(SECRET_KEY).parseClaimsJws(token);
return true;
} catch (Exception e) {
return false;
}
}
}
```
3. 编写一个登录接口,该接口接收用户名和密码参数,并返回生成的JWT令牌:
```
@RestController
public class LoginController {
@PostMapping("/login")
public RespBean login(@RequestParam("username") String username,
@RequestParam("password") String password) {
// TODO: 在此处校验用户名和密码是否正确
String token = JwtUtils.generateToken(username);
return RespBean.success(token);
}
}
```
4. 在需要验证访问权限的接口中,使用Spring Security和JWT进行验证:
```
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private UserDetailsService userDetailsService;
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/login").permitAll()
.anyRequest().authenticated()
.and()
.addFilter(new JwtAuthenticationFilter(authenticationManager()))
.addFilter(new JwtAuthorizationFilter(authenticationManager(), userDetailsService));
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService)
.passwordEncoder(passwordEncoder());
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
}
public class JwtAuthenticationFilter extends UsernamePasswordAuthenticationFilter {
@Override
public Authentication attemptAuthentication(HttpServletRequest request,
HttpServletResponse response) throws AuthenticationException {
try {
String username = request.getParameter("username");
String password = request.getParameter("password");
Authentication authentication = new UsernamePasswordAuthenticationToken(
username, password, Collections.emptyList());
return getAuthenticationManager().authenticate(authentication);
} catch (Exception e) {
throw new RuntimeException(e);
}
}
}
public class JwtAuthorizationFilter extends BasicAuthenticationFilter {
private final UserDetailsService userDetailsService;
public JwtAuthorizationFilter(AuthenticationManager authenticationManager,
UserDetailsService userDetailsService) {
super(authenticationManager);
this.userDetailsService = userDetailsService;
}
@Override
protected void doFilterInternal(HttpServletRequest request,
HttpServletResponse response,
FilterChain chain) throws IOException, ServletException {
String header = request.getHeader("Authorization");
if (header == null || !header.startsWith("Bearer ")) {
chain.doFilter(request, response);
return;
}
String token = header.replace("Bearer ", "");
if (JwtUtils.validateToken(token)) {
String username = JwtUtils.getUsernameFromToken(token);
UserDetails userDetails = userDetailsService.loadUserByUsername(username);
UsernamePasswordAuthenticationToken authentication =
new UsernamePasswordAuthenticationToken(userDetails, null,
userDetails.getAuthorities());
SecurityContextHolder.getContext().setAuthentication(authentication);
}
chain.doFilter(request, response);
}
}
```
我希望上述内容对你有所帮助,如果需要了解更详细的内容,可以自行查询相关资料。