springboot security项目如何封装jwt 及token 其中数据表为package com.aokace.entity; import com.baomidou.mybatisplus.annotation.IdType; import com.baomidou.mybatisplus.annotation.TableField; import com.baomidou.mybatisplus.annotation.TableId; import com.baomidou.mybatisplus.annotation.TableName; import java.io.Serializable; import io.swagger.annotations.ApiModel; import io.swagger.annotations.ApiModelProperty; import lombok.Getter; import lombok.Setter; /** * <p> * * </p> * * @author aokace * @since 2023-05-23 */ @Getter @Setter @TableName("user") @ApiModel(value = "User对象", description = "") public class User implements Serializable { private static final long serialVersionUID = 1L; @TableId(value = "userid", type = IdType.AUTO) private Integer userid; @TableField("authority") private String authority; @TableField("role") private String role; @TableField("username") private String username; @TableField("password") private String password; }

时间: 2024-01-05 19:03:02 浏览: 37

首先需要引入相关的依赖，包括JWT和Spring Security的依赖： ``` <dependency> <groupId>io.jsonwebtoken</groupId> <artifactId>jjwt</artifactId> <version>0.9.1</version> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency> ``` 然后创建一个JwtTokenUtil类来实现JWT的签发和验证功能： ```java import io.jsonwebtoken.Claims; import io.jsonwebtoken.JwtBuilder; import io.jsonwebtoken.Jwts; import io.jsonwebtoken.SignatureAlgorithm; import org.springframework.beans.factory.annotation.Value; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.stereotype.Component; import java.util.Date; import java.util.HashMap; import java.util.Map; @Component public class JwtTokenUtil { private static final String CLAIM_KEY_USERNAME = "sub"; private static final String CLAIM_KEY_CREATED = "created"; @Value("${jwt.secret}") private String secret; @Value("${jwt.expiration}") private Long expiration; public String generateToken(UserDetails userDetails) { Map<String, Object> claims = new HashMap<>(); claims.put(CLAIM_KEY_USERNAME, userDetails.getUsername()); claims.put(CLAIM_KEY_CREATED, new Date()); return generateToken(claims); } public String getUsernameFromToken(String token) { String username; try { Claims claims = getClaimsFromToken(token); username = claims.getSubject(); } catch (Exception e) { username = null; } return username; } public Date getCreatedDateFromToken(String token) { Date created; try { Claims claims = getClaimsFromToken(token); created = new Date((Long) claims.get(CLAIM_KEY_CREATED)); } catch (Exception e) { created = null; } return created; } public Date getExpirationDateFromToken(String token) { Date expiration; try { Claims claims = getClaimsFromToken(token); expiration = claims.getExpiration(); } catch (Exception e) { expiration = null; } return expiration; } public boolean isTokenExpired(String token) { Date expiration = getExpirationDateFromToken(token); return expiration.before(new Date()); } public String refreshToken(String token) { String refreshedToken; try { Claims claims = getClaimsFromToken(token); claims.put(CLAIM_KEY_CREATED, new Date()); refreshedToken = generateToken(claims); } catch (Exception e) { refreshedToken = null; } return refreshedToken; } public boolean validateToken(String token, UserDetails userDetails) { String username = getUsernameFromToken(token); return username.equals(userDetails.getUsername()) && !isTokenExpired(token); } private Claims getClaimsFromToken(String token) { Claims claims; try { claims = Jwts.parser() .setSigningKey(secret) .parseClaimsJws(token) .getBody(); } catch (Exception e) { claims = null; } return claims; } private String generateToken(Map<String, Object> claims) { Date expirationDate = new Date(System.currentTimeMillis() + expiration * 1000); JwtBuilder builder = Jwts.builder() .setClaims(claims) .setExpiration(expirationDate) .signWith(SignatureAlgorithm.HS512, secret); return builder.compact(); } } ``` 其中，JwtTokenUtil类中的generateToken方法用于生成JWT Token，getUsernameFromToken和getExpirationDateFromToken方法用于解析JWT Token中的用户名和过期时间，isTokenExpired方法用于判断JWT Token是否已经过期，refreshToken方法用于刷新JWT Token，validateToken方法用于验证JWT Token是否有效，getClaimsFromToken方法用于从JWT Token中获取Claims。然后在Spring Security的配置类中添加JwtTokenFilter来实现JWT的过滤和验证： ```java import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Configuration; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; @Configuration @EnableWebSecurity @EnableGlobalMethodSecurity(prePostEnabled = true) public class SecurityConfig extends WebSecurityConfigurerAdapter { @Autowired private UserDetailsService userDetailsService; @Autowired private JwtTokenFilter jwtTokenFilter; @Autowired private JwtAuthenticationEntryPoint jwtAuthenticationEntryPoint; @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth.userDetailsService(userDetailsService).passwordEncoder(new BCryptPasswordEncoder()); } @Override protected void configure(HttpSecurity http) throws Exception { http.csrf().disable() .authorizeRequests() .antMatchers("/login").permitAll() .anyRequest().authenticated() .and() .exceptionHandling().authenticationEntryPoint(jwtAuthenticationEntryPoint) .and() .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS); http.addFilterBefore(jwtTokenFilter, UsernamePasswordAuthenticationFilter.class); } @Override public AuthenticationManager authenticationManagerBean() throws Exception { return super.authenticationManagerBean(); } } ``` 其中，SecurityConfig类中的configure方法用于配置Spring Security的策略，addFilterBefore方法用于添加JwtTokenFilter，authenticationManagerBean方法用于获取AuthenticationManager。最后，在登录接口中，使用JwtTokenUtil生成JWT Token并返回给前端： ```java import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.ResponseEntity; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.Authentication; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RestController; @RestController public class AuthController { @Autowired private AuthenticationManager authenticationManager; @Autowired private JwtTokenUtil jwtTokenUtil; @Autowired private UserDetailsService userDetailsService; @PostMapping("/login") public ResponseEntity<?> login(@RequestBody AuthRequest authRequest) throws Exception { try { Authentication authentication = authenticationManager.authenticate( new UsernamePasswordAuthenticationToken(authRequest.getUsername(), authRequest.getPassword()) ); UserDetails userDetails = userDetailsService.loadUserByUsername(authRequest.getUsername()); String token = jwtTokenUtil.generateToken(userDetails); return ResponseEntity.ok(new AuthResponse(token)); } catch (Exception e) { throw new Exception("Incorrect username or password", e); } } } ``` 其中，AuthController类中的login方法用于处理登录请求，通过authenticationManager.authenticate方法验证用户名和密码，然后使用JwtTokenUtil生成JWT Token并返回给前端。

相关推荐

基于springboot+security+jwt+redis实现微信小程序登录及token权限鉴定源码+项目说明.zip

springboot+security+jwt+redis 实现微信小程序登录及token权限鉴定.zip

(RuoYi)官方仓库 基于SpringBoot，Spring Security，JWT，Vue & 2Ele.zip

springboot如何调用jwt.io库实现解析jwt

django jwt.encode设置token超时时间为永久

基于springboot+springcloud+vue前后端分离项目实战 --开篇 cha138.com

gin-jwt/v2 与 "github.com/golang-jwt/jwt/v4" 使用jwt 冲突

Consider defining a bean of type 'org.springframework.security.oauth2.jwt.ReactiveJwtDecoder' in your configuration

Consider defining a bean of type 'org.springframework.security.oauth2.jwt.JwtDecoder' in your configuration.

@jwt.token_in_blocklist_loader 不会触发 写一个例子给我

写一个node.js图书管理系统后端服务器(使用koa+json+jwt+token)

@jwt.token_in_blocklist_loader 不会触发

github.com/appleboy/gin-jwt/v2

jwt_security.zip

gin "github.com/golang-jwt/jwt/v5"

"github.com/golang-jwt/jwt/v5"

python3.12.0 from jwt.jwt import JWT 报错

.netcore jwt自动刷新token

jwt.withExpiresAt

最新推荐

基于springboot+jwt实现刷新token过程解析

SpringCloud+SpringBoot+OAuth2+Spring Security+Redis实现的微服务统一认证授权.doc

Springboot+SpringSecurity+JWT实现用户登录和权限认证示例

SpringSecurity Jwt Token 自动刷新的实现

SpringBoot集成SpringSecurity和JWT做登陆鉴权的实现

RTL8188FU-Linux-v5.7.4.2-36687.20200602.tar(20765).gz

管理建模和仿真的文件

：YOLOv1目标检测算法：实时目标检测的先驱，开启计算机视觉新篇章

ActionContext.getContext().get()代码含义

c++校园超市商品信息管理系统课程设计说明书(含源代码) (2).pdf

(RuoYi)官方仓库基于SpringBoot，Spring Security，JWT，Vue & 2Ele.zip

@jwt.token_in_blocklist_loader 不会触发写一个例子给我