spring boot 整合token java
时间: 2023-05-19 10:07:26 浏览: 86
可以使用 Spring Security 来实现 Token 认证。首先需要在 pom.xml 中添加 Spring Security 的依赖,然后在 Spring Boot 的配置文件中配置相关的安全信息,包括认证方式、用户信息等。接着在代码中使用 @EnableWebSecurity 注解开启 Web 安全性,并实现一个继承自 WebSecurityConfigurerAdapter 的配置类,重写其中的 configure(HttpSecurity http) 方法,配置认证和授权规则。最后,可以使用 JWT(JSON Web Token)来生成和验证 Token。
关于具体的实现细节,可以参考以下链接:
https://www.baeldung.com/spring-security-oauth-jwt
https://www.javainuse.com/spring/boot-jwt
https://www.callicoder.com/spring-boot-security-oauth2-jwt-example/
相关问题
shiro框架整合spring boot
Shiro框架与Spring Boot的整合相对简单,可以通过一些配置和依赖来实现。以下是一个基本的整合示例:
1. 在Spring Boot的pom.xml文件中添加Shiro和Web依赖:
```xml
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring-boot-web-starter</artifactId>
<version>1.8.0</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-ehcache</artifactId>
<version>1.8.0</version>
</dependency>
```
2. 创建一个Shiro配置类,用于配置Shiro相关的Bean和过滤器:
```java
@Configuration
public class ShiroConfig {
@Bean
public Realm realm() {
return new MyRealm(); // 自定义的Realm实现
}
@Bean
public ShiroFilterFactoryBean shiroFilterFactoryBean(DefaultWebSecurityManager securityManager) {
ShiroFilterFactoryBean factoryBean = new ShiroFilterFactoryBean();
factoryBean.setSecurityManager(securityManager);
// 配置过滤规则等
// factoryBean.setFilterChainDefinitionMap(...);
return factoryBean;
}
@Bean
public DefaultWebSecurityManager securityManager(Realm realm) {
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setRealm(realm);
return securityManager;
}
}
```
3. 创建一个自定义的Realm实现,用于处理身份认证和权限授权逻辑:
```java
public class MyRealm extends AuthorizingRealm {
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
// 处理授权逻辑
return null;
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
// 处理认证逻辑
return null;
}
}
```
4. 在Spring Boot的application.properties或application.yml文件中配置Shiro相关属性:
```yaml
shiro:
loginUrl: /login
successUrl: /home
unauthorizedUrl: /unauthorized
```
这样,你就完成了Shiro框架与Spring Boot的整合。你可以根据自己的需求继续配置Shiro的过滤规则、权限配置等。
springboot整合token认证
Spring Boot提供了多种方式来实现Token认证,下面是一种基本的实现方式:
首先,在pom.xml文件中添加Spring Security和JWT依赖:
```xml
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt</artifactId>
<version>0.9.1</version>
</dependency>
```
接下来,创建一个JWTUtil类,用于生成和解析Token:
```java
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;
import java.util.Date;
@Component
public class JWTUtil {
@Value("${jwt.secret}")
private String secret;
@Value("${jwt.expiration}")
private Long expiration;
public String generateToken(String username) {
Date now = new Date();
Date expireDate = new Date(now.getTime() + expiration * 1000);
return Jwts.builder()
.setSubject(username)
.setIssuedAt(now)
.setExpiration(expireDate)
.signWith(SignatureAlgorithm.HS512, secret)
.compact();
}
public String getUsernameFromToken(String token) {
Claims claims = Jwts.parser()
.setSigningKey(secret)
.parseClaimsJws(token)
.getBody();
return claims.getSubject();
}
public boolean validateToken(String token, String username) {
String tokenUsername = getUsernameFromToken(token);
return tokenUsername.equals(username) && !isTokenExpired(token);
}
private boolean isTokenExpired(String token) {
Date expirationDate = Jwts.parser()
.setSigningKey(secret)
.parseClaimsJws(token)
.getBody()
.getExpiration();
return expirationDate.before(new Date());
}
}
```
然后,创建一个JwtAuthenticationFilter类,用于处理Token认证:
```java
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
public class JwtAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
private final JWTUtil jwtUtil;
public JwtAuthenticationFilter(AuthenticationManager authenticationManager, JWTUtil jwtUtil) {
super(new AntPathRequestMatcher("/api/login", "POST"));
setAuthenticationManager(authenticationManager);
this.jwtUtil = jwtUtil;
}
@Override
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException, IOException, ServletException {
String username = request.getParameter("username");
String password = request.getParameter("password");
return getAuthenticationManager().authenticate(
new UsernamePasswordAuthenticationToken(username, password)
);
}
@Override
protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain chain, Authentication authResult) throws IOException, ServletException {
String username = ((UserDetails) authResult.getPrincipal()).getUsername();
String token = jwtUtil.generateToken(username);
response.addHeader("Authorization", "Bearer " + token);
}
}
```
最后,在SecurityConfig中配置认证:
```java
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.password.PasswordEncoder;
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
private final UserDetailsService userDetailsService;
private final PasswordEncoder passwordEncoder;
private final JWTUtil jwtUtil;
@Autowired
public SecurityConfig(UserDetailsService userDetailsService, PasswordEncoder passwordEncoder, JWTUtil jwtUtil) {
this.userDetailsService = userDetailsService;
this.passwordEncoder = passwordEncoder;
this.jwtUtil = jwtUtil;
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.authorizeRequests()
.antMatchers("/api/login").permitAll()
.anyRequest().authenticated()
.and()
.addFilter(new JwtAuthenticationFilter(authenticationManager(), jwtUtil));
}
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
}
```
以上即为使用Spring Boot整合Token认证的基本步骤。首先,在JWTUtil类中实现Token的生成和解析逻辑,然后通过JwtAuthenticationFilter处理请求中的Token,最后在SecurityConfig中配置认证规则。