Springboot 3 + Spring Security 6 +jwt 项目配置
时间: 2023-07-25 18:10:21 浏览: 146
好的,下面是Spring Boot 3 + Spring Security 6 + JWT的项目配置步骤:
1. 添加Spring Security和JWT的依赖
在pom.xml文件中添加以下依赖:
```
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt</artifactId>
<version>0.9.1</version>
</dependency>
```
2. 配置JWT
在application.yml或者application.properties文件中添加JWT的配置信息:
```
jwt:
secret: yourSecretKey
expiration: 604800000 # 7 days
```
3. 配置Spring Security
创建一个继承自WebSecurityConfigurerAdapter的配置类,并添加以下代码:
```java
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private CustomUserDetailsService customUserDetailsService;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(customUserDetailsService).passwordEncoder(passwordEncoder());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.authorizeRequests()
.antMatchers("/api/auth/**")
.permitAll()
.anyRequest()
.authenticated();
http.addFilterBefore(jwtAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Bean
public JwtAuthenticationFilter jwtAuthenticationFilter() {
return new JwtAuthenticationFilter();
}
}
```
其中,CustomUserDetailsService是自定义的用户认证服务,JwtAuthenticationFilter是自定义的JWT认证过滤器。
4. 编写JWT认证过滤器
创建一个继承自OncePerRequestFilter的JwtAuthenticationFilter,并添加以下代码:
```java
public class JwtAuthenticationFilter extends OncePerRequestFilter {
@Autowired
private JwtTokenProvider jwtTokenProvider;
@Autowired
private CustomUserDetailsService customUserDetailsService;
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
try {
String token = jwtTokenProvider.resolveToken(request);
if (token != null && jwtTokenProvider.validateToken(token)) {
Authentication authentication = jwtTokenProvider.getAuthentication(token);
SecurityContextHolder.getContext().setAuthentication(authentication);
}
} catch (JwtAuthenticationException ex) {
SecurityContextHolder.clearContext();
response.sendError(ex.getHttpStatus().value(), ex.getMessage());
return;
}
filterChain.doFilter(request, response);
}
}
```
其中,JwtTokenProvider是自定义的JWT Token提供器。在这个过滤器中,我们通过JWT Token提供器解析请求中的Token,并将用户认证信息存储在SecurityContextHolder中。
5. 编写JWT Token提供器
创建一个JwtTokenProvider类,并添加以下代码:
```java
@Service
public class JwtTokenProvider {
@Value("${jwt.secret}")
private String secret;
@Value("${jwt.expiration}")
private Long expiration;
public String createToken(UserDetails userDetails) {
Map<String, Object> claims = new HashMap<>();
return Jwts.builder()
.setClaims(claims)
.setSubject(userDetails.getUsername())
.setIssuedAt(new Date())
.setExpiration(new Date(System.currentTimeMillis() + expiration))
.signWith(SignatureAlgorithm.HS512, secret)
.compact();
}
public boolean validateToken(String token) {
try {
Jwts.parser().setSigningKey(secret).parseClaimsJws(token);
return true;
} catch (JwtException | IllegalArgumentException ex) {
throw new JwtAuthenticationException("Expired or invalid JWT token", HttpStatus.INTERNAL_SERVER_ERROR);
}
}
public Authentication getAuthentication(String token) {
UserDetails userDetails = customUserDetailsService.loadUserByUsername(getUsername(token));
return new UsernamePasswordAuthenticationToken(userDetails, "", userDetails.getAuthorities());
}
public String getUsername(String token) {
return Jwts.parser()
.setSigningKey(secret)
.parseClaimsJws(token)
.getBody()
.getSubject();
}
public String resolveToken(HttpServletRequest request) {
String bearerToken = request.getHeader("Authorization");
if (StringUtils.hasText(bearerToken) && bearerToken.startsWith("Bearer ")) {
return bearerToken.substring(7);
}
return null;
}
}
```
其中,UserDetails是Spring Security提供的用户认证信息对象,CustomUserDetailsService是自定义的用户认证服务。
在这个类中,我们使用JJWT库来创建和解析JWT Token,并在getAuthentication方法中从Token中获取用户认证信息,并将其封装成Spring Security的Authentication对象。
以上就是Spring Boot 3 + Spring Security 6 + JWT的项目配置步骤。希望能够帮到您!