springboot框架集成token实现登录校验功能(app)
时间: 2023-08-14 10:00:26 浏览: 57
Spring Boot框架可以集成Token实现登录校验功能,以下是一种实现方式:
首先,我们需要引入相关的依赖,包括Spring Security和JWT(JSON Web Token)依赖:
```xml
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt</artifactId>
<version>0.11.2</version>
</dependency>
```
然后,我们创建一个Token生成和校验的工具类,该类可以用于生成Token和解析Token中的信息,这里使用JWT生成Token:
```java
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import javax.annotation.PostConstruct;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;
@Component
public class TokenUtils {
@Value("${jwt.secret}")
private String secret;
private static String staticSecret;
@PostConstruct
private void init() {
staticSecret = secret;
}
public static String generateToken(String username) {
return Jwts.builder()
.setSubject(username)
.signWith(SignatureAlgorithm.HS512, staticSecret)
.compact();
}
public static String getUsernameFromToken(String token) {
return Jwts.parser()
.setSigningKey(staticSecret)
.parseClaimsJws(token)
.getBody()
.getSubject();
}
public static boolean validateToken(String token, String username) {
String tokenUsername = getUsernameFromToken(token);
return tokenUsername.equals(username);
}
}
```
接下来,我们创建一个登录接口,在用户登录时生成Token并返回给客户端:
```java
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RestController;
@RestController
public class LoginController {
@Autowired
private TokenUtils tokenUtils;
@Autowired
private PasswordEncoder passwordEncoder;
@PostMapping("/login")
public String login(@RequestBody UserLoginRequest request) {
String username = request.getUsername();
String password = request.getPassword();
// 根据用户名和密码验证登录信息,这里省略具体的验证逻辑
if (authenticate(username, password)) {
String token = tokenUtils.generateToken(username);
return token;
} else {
throw new RuntimeException("Invalid username or password");
}
}
private boolean authenticate(String username, String password) {
// 验证用户名和密码,这里假设只有一个固定的用户名和密码
String validUsername = "admin";
String validPassword = "password";
return validUsername.equals(username) && passwordEncoder.matches(password, validPassword);
}
}
```
最后,我们可以在需要进行登录校验的接口上加上`@PreAuthorize`注解,指定需要进行校验的权限:
```java
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;
@RestController
public class HelloController {
@GetMapping("/hello")
@PreAuthorize("hasRole('ROLE_USER')")
public String hello() {
return "Hello World!";
}
}
```
以上就是使用Spring Boot框架集成Token实现登录校验功能的基本步骤。通过生成Token并在需要校验的接口上进行权限校验,可以实现简单的登录功能。