springboot怎么实现登录令牌
时间: 2023-12-21 13:04:45 浏览: 29
Spring Boot可以使用JSON Web Token(JWT)实现登录令牌。
JWT包括三个部分:头部,载荷和签名。头部包括JWT类型和算法,载荷包括用户信息和过期时间,签名用于验证JWT的完整性。
下面是一个示例JWT实现:
1. 添加依赖
在pom.xml文件中添加以下依赖:
```
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt</artifactId>
<version>0.9.1</version>
</dependency>
```
2. 创建JWT工具类
创建一个JWT工具类,用于生成和验证JWT:
```
public class JwtUtils {
private static final String SECRET_KEY = "secret";
private static final long EXPIRATION_TIME = 86400000; // 24 hours
public static String generateToken(UserDetails userDetails) {
Map<String, Object> claims = new HashMap<>();
claims.put("username", userDetails.getUsername());
claims.put("authorities", userDetails.getAuthorities());
return Jwts.builder()
.setClaims(claims)
.setExpiration(new Date(System.currentTimeMillis() + EXPIRATION_TIME))
.signWith(SignatureAlgorithm.HS512, SECRET_KEY)
.compact();
}
public static boolean validateToken(String token, UserDetails userDetails) {
Claims claims = Jwts.parser()
.setSigningKey(SECRET_KEY)
.parseClaimsJws(token)
.getBody();
String username = claims.get("username", String.class);
List<GrantedAuthority> authorities = (List<GrantedAuthority>) claims.get("authorities");
return username.equals(userDetails.getUsername()) && authorities.equals(userDetails.getAuthorities());
}
}
```
3. 在登录控制器中生成JWT
在登录控制器中生成JWT并返回给客户端:
```
@PostMapping("/login")
public ResponseEntity<?> login(@RequestBody LoginRequest loginRequest) {
Authentication authentication = authenticationManager.authenticate(
new UsernamePasswordAuthenticationToken(loginRequest.getUsername(), loginRequest.getPassword())
);
SecurityContextHolder.getContext().setAuthentication(authentication);
String token = JwtUtils.generateToken((UserDetails) authentication.getPrincipal());
return ResponseEntity.ok(new JwtResponse(token));
}
```
4. 在资源控制器中验证JWT
在资源控制器中验证JWT:
```
@GetMapping("/resource")
public ResponseEntity<?> getResource(@RequestHeader("Authorization") String authorizationHeader) {
String token = authorizationHeader.replace("Bearer ", "");
if (!JwtUtils.validateToken(token, (UserDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal())) {
return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build();
}
// do something with the resource
return ResponseEntity.ok("Resource accessed successfully");
}
```
以上就是使用Spring Boot和JWT实现登录令牌的示例。