本文介绍basic auth和JWT验证结合

目录结构

依赖

  1. <dependency>
  2.     <groupId>io.jsonwebtoken</groupId>
  3.     <artifactId>jjwt</artifactId>
  4.     <version>0.9.1</version>
  5. </dependency>
  7. <dependency>
  8.     <groupId>com.auth0</groupId>
  9.     <artifactId>auth0</artifactId>
  10.     <version>1.8.0</version>
  11. </dependency>
  13. <dependency>
  14. 	<groupId>com.auth0</groupId>
  15. 	<artifactId>auth0-spring-security-api</artifactId>
  16. 	<version>1.1.0</version>
  17. </dependency>
  19. <dependency>
  20.     <groupId>org.springframework.boot</groupId>
  21.     <artifactId>spring-boot-starter-security</artifactId>
  22. </dependency>
  24. <dependency>
  25.     <groupId>org.json</groupId>
  26. 	<artifactId>json</artifactId>
  27. 	<version>20180813</version>
  28. </dependency>
  30. <dependency>
  31. 	<groupId>org.glassfish</groupId>
  32. 	<artifactId>javax.xml.bind</artifactId>
  33. 	<version>10.0-b28</version>
  34. </dependency>

config配置文件WebSecurityConfig

  1. package com.springlearn.learn.config;
  3. import com.springlearn.learn.filter.JWTAuthenticationFilter;
  4. import com.springlearn.learn.filter.JWTLoginFilter;
  6. import org.springframework.beans.factory.annotation.Autowired;
  7. import org.springframework.context.annotation.Bean;
  8. import org.springframework.context.annotation.Configuration;
  9. import org.springframework.http.HttpMethod;
  10. import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
  11. import org.springframework.security.config.annotation.authentication.configurers.provisioning.InMemoryUserDetailsManagerConfigurer;
  12. import org.springframework.security.config.annotation.web.builders.HttpSecurity;
  13. import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
  14. import org.springframework.security.core.userdetails.User;
  15. import org.springframework.security.core.userdetails.UserDetails;
  16. import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
  17. import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
  18. import org.springframework.web.servlet.config.annotation.CorsRegistry;
  19. import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
  21. @Configuration
  22. public class WebSecurityConfig extends WebSecurityConfigurerAdapter implements WebMvcConfigurer {
  24.     @Override
  25.     protected void configure(HttpSecurity http) throws Exception {
  26.         http.cors().and().csrf().disable();
  27.         // 所有的请求都要验证
  28.         http.authorizeRequests()
  29.         .antMatchers("/").permitAll() // 访问 "/" 无需验证
  30.         .antMatchers(HttpMethod.POST, "/login").permitAll() // 访问 "/login" 无需token即可进入
  31.         .antMatchers(HttpMethod.GET, "/login").permitAll()
  32.         .anyRequest()
  33.         .authenticated()
  34.         .and()
  35.         .addFilterBefore( // 添加验证过滤器
  36.             new JWTLoginFilter("/login", authenticationManager()),
  37.             UsernamePasswordAuthenticationFilter.class
  38.         )
  39.         .addFilterBefore(
  40.             new JWTAuthenticationFilter(),
  41.             UsernamePasswordAuthenticationFilter.class
  42.         );
  43.     }
  45.     @Bean
  46.     public BCryptPasswordEncoder passwordEncoder() {
  47.         BCryptPasswordEncoder bCryptPasswordEncoder = new BCryptPasswordEncoder();
  48.         return bCryptPasswordEncoder;
  49.     }
  51.     @Autowired
  52.     public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
  53.         String password = "234";
  54.         String encrytedPassword = this.passwordEncoder().encode(password);
  55.         System.out.println("Encoded password = " + encrytedPassword);
  57.         // 这里使用写死的验证,你可以在这里访问数据库
  58.         InMemoryUserDetailsManagerConfigurer<AuthenticationManagerBuilder> mngConfig = auth.inMemoryAuthentication();
  60.         UserDetails u1 = User.withUsername("yejiawei").password(encrytedPassword).roles("ADMIN").build();
  61.         UserDetails u2 = User.withUsername("donglei").password(encrytedPassword).roles("USER").build();
  63.         mngConfig.withUser(u1);
  64.         mngConfig.withUser(u2);
  65.     }
  67.     @Override
  68.     public void addCorsMappings(CorsRegistry registry) {
  69.         registry.addMapping("/**").allowedOrigins("*").allowedMethods("GET", "POST", "PUT", "DELETE").allowedOrigins("*")
  70.         .allowedHeaders("*");
  71.     }
  72. }

filter过滤器JWTLoginFilter

  1. package com.springlearn.learn.filter;
  3. import java.io.IOException;
  4. import java.util.Collections;
  5. import java.util.HashMap;
  6. import java.util.Iterator;
  7. import java.util.Map;
  8. import java.util.stream.Collectors;
  10. import javax.servlet.FilterChain;
  11. import javax.servlet.ServletException;
  12. import javax.servlet.http.HttpServletRequest;
  13. import javax.servlet.http.HttpServletResponse;
  15. import com.springlearn.learn.service.TokenAuthenticationService;
  17. import org.json.JSONObject;
  18. import org.springframework.security.authentication.AuthenticationManager;
  19. import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
  20. import org.springframework.security.core.Authentication;
  21. import org.springframework.security.core.AuthenticationException;
  22. import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
  23. import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
  25. public class JWTLoginFilter extends AbstractAuthenticationProcessingFilter{
  26.     public JWTLoginFilter(String url, AuthenticationManager authManager) {
  27.         super(new AntPathRequestMatcher(url));
  28.         setAuthenticationManager(authManager);
  29.     }
  31.     @Override
  32.     public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)
  33.             throws AuthenticationException, IOException, ServletException {
  35.         // get方式获取参数
  36.         // String username = request.getParameter("username");
  37.         // String password = request.getParameter("password");
  39.         // post方式获取数据
  40.         String s = request.getReader().lines().collect(Collectors.joining(System.lineSeparator()));
  41.         JSONObject jsonObject = new JSONObject(s);
  42.         HashMap<String, String> result = new HashMap<String, String>();
  43.         String key = null;
  44.         Iterator<?> keys = jsonObject.keys();
  45.         while(keys.hasNext()) {
  46.             key = (String) keys.next();
  47.             result.put(key, jsonObject.getString(key));
  48.         }
  50.         System.out.printf("JWTLoginFilter.attemptAuthentication: username/password= %s,%s", result.get("username"), result.get("password"));
  51.         System.out.println();
  53.         return getAuthenticationManager().authenticate(new UsernamePasswordAuthenticationToken(result.get("username"), result.get("password"), Collections.emptyList()));
  54.     }
  56.     @Override
  57.     protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain chain,
  58.             Authentication authResult) throws IOException, ServletException {
  60.         System.out.println("JWTLoginFilter.successfulAuthentication:");
  62.         // Write Authorization to Headers of Response.
  63.         TokenAuthenticationService.addAuthentication(response, authResult.getName());
  65.         String authorizationString = response.getHeader("Authorization");
  67.         System.out.println("Authorization String=" + authorizationString);
  68.     }
  70.     @Override
  71.     protected void unsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response, AuthenticationException failed) throws IOException, ServletException {
  73.         response.setContentType("application/json");
  74.         response.setStatus(HttpServletResponse.SC_OK);
  75.         response.getOutputStream().println((new JSONObject(){{
  76.             put("status", 500);
  77.             put("message", "Internal Server Error!!!");
  78.             put("result", JSONObject.NULL);
  79.         }}).toString());
  80.     }
  81. }

filter过滤器JWTAuthenticationFilter

  1. package com.springlearn.learn.filter;
  3. import java.io.IOException;
  5. import javax.servlet.FilterChain;
  6. import javax.servlet.ServletException;
  7. import javax.servlet.ServletRequest;
  8. import javax.servlet.ServletResponse;
  9. import javax.servlet.http.HttpServletRequest;
  11. import com.springlearn.learn.service.TokenAuthenticationService;
  13. import org.springframework.security.core.Authentication;
  14. import org.springframework.security.core.context.SecurityContextHolder;
  15. import org.springframework.web.filter.GenericFilterBean;
  17. public class JWTAuthenticationFilter extends GenericFilterBean {
  18.     @Override
  19.     public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)
  20.             throws IOException, ServletException {
  22.         System.out.println("JWTAuthenticationFilter.doFilter");
  24.         Authentication authentication = TokenAuthenticationService.getAuthentication((HttpServletRequest) servletRequest);
  26.         SecurityContextHolder.getContext().setAuthentication(authentication);
  28.         filterChain.doFilter(servletRequest, servletResponse);
  29.     }
  30. }

service中的TokenAuthenticationService

  1. package com.springlearn.learn.service;
  3. import java.io.IOException;
  4. import java.util.Collections;
  5. import java.util.Date;
  7. import javax.servlet.http.HttpServletRequest;
  8. import javax.servlet.http.HttpServletResponse;
  10. import org.json.JSONObject;
  11. import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
  12. import org.springframework.security.core.Authentication;
  14. import io.jsonwebtoken.Jwts;
  15. import io.jsonwebtoken.SignatureAlgorithm;
  17. public class TokenAuthenticationService {
  19.     static final long _expiretime = 864_000_000;
  20.     static final String _secret = "ThisIsASecret";
  21.     static final String _token_prefix = "Bearer";
  22.     static final String _header_string = "Authorization";
  24.     public static void addAuthentication(HttpServletResponse res, String username) throws IOException {
  25.         String JWT =
  26.                 Jwts.builder()
  27.                 .setSubject(username)
  28.                 .setExpiration(new Date(System.currentTimeMillis() + _expiretime))
  29.                 .signWith(SignatureAlgorithm.HS512, _secret).compact();
  31.         res.addHeader(_header_string, _token_prefix + " " + JWT);
  32.         res.setContentType("application/json");
  33.         res.setStatus(HttpServletResponse.SC_OK);
  34.         res.getOutputStream().println((new JSONObject(){{
  35.             put("status", 0);
  36.             put("message", "");
  37.             put("result", JWT);
  38.         }}).toString());
  40.     }
  42.     public static Authentication getAuthentication(HttpServletRequest request) {
  43.         String token = request.getHeader(_header_string);
  44.         if (token != null) {
  45.             // parse the token.
  46.             String user = Jwts.parser().setSigningKey(_secret).parseClaimsJws(token.replace(_token_prefix, "")).getBody()
  47.                     .getSubject();
  49.             return user != null ? new UsernamePasswordAuthenticationToken(user, null, Collections.emptyList()) : null;
  50.         }
  51.         return null;
  52.     }
  53. }

启动文件DemoApplication

  1. package com.springlearn.learn;
  3. import org.springframework.boot.SpringApplication;
  4. import org.springframework.boot.autoconfigure.SpringBootApplication;
  6. @SpringBootApplication
  7. public class DemoApplication {
  9. 	public static void main(String[] args) {
  10. 		SpringApplication.run(DemoApplication.class, args);
  11. 	}
  12. }

Controller中的TestController

  1. package com.springlearn.learn.controller;
  3. import javax.servlet.http.HttpServletRequest;
  4. import javax.servlet.http.HttpServletResponse;
  6. import org.springframework.web.bind.annotation.RequestBody;
  7. import org.springframework.web.bind.annotation.RequestMapping;
  8. import org.springframework.web.bind.annotation.RequestMethod;
  9. import org.springframework.web.bind.annotation.ResponseBody;
  10. import org.springframework.web.bind.annotation.RestController;
  12. @RestController
  13. public class TestController {
  15.     @ResponseBody
  16.     @RequestMapping(value = "/AuthTest", method = RequestMethod.GET)
  17.     public String AuthTest(HttpServletRequest request, HttpServletResponse response) {
  18.         return "OK";
  19.     }
  21.     @ResponseBody
  22.     @RequestMapping(value = "/login", method = RequestMethod.GET)
  23.     public String Login(@RequestBody Object user, HttpServletRequest request, HttpServletResponse response) {
  24.         return "OK";
  25.     }
  26. }

前端测试

  1. <!DOCTYPE html>
  2. <html lang="en">
  3. <head>
  4.     <meta charset="UTF-8">
  5.     <meta name="viewport" content="width=device-width, initial-scale=1.0">
  6.     <meta http-equiv="X-UA-Compatible" content="ie=edge">
  7.     <title>Document</title>
  8.     <script src="https://unpkg.com/axios/dist/axios.min.js"></script>
  9.     <script>
  10.         axios.defaults.headers.post['Content-Type'] = 'application/x-www-form-urlencoded'; 
  12.         axios.post('http://localhost:9001/login', {
  13.             username: 'yejiawei',
  14.             password: '234'
  15.         }).then(function (response) {
  16.             localStorage.setItem("token", response.data.result)
  17.         }).catch(function (error) {
  18.             console.log(error);
  19.         }).then(function () {
  20.         });
  22.         // axios.get('http://localhost:9001/AuthTest', {
  23.         //     headers: {
  24.         //         "Authorization": localStorage.getItem("token")
  25.         //     }
  26.         // }).then(function (response) {
  27.         //     console.log(response.data);
  28.         // }).catch(function (error) {
  29.         //     console.log(error);
  30.         // }).then(function () {
  31.         // });
  33.     </script>
  34. </head>
  35. <body>
  36. </body>
  37. </html>

springboot成神之——basic auth和JWT验证结合的更多相关文章

  1. springboot成神之——Basic Auth应用

    本文介绍Basic Auth在spring中的应用 目录结构 依赖 入口DemoApplication 验证Authenication 配置WebSecurityConfig 控制器TestContr ...

  2. springboot成神之——ioc容器(依赖注入)

    springboot成神之--ioc容器(依赖注入) spring的ioc功能 文件目录结构 lang Chinese English GreetingService MyRepository MyC ...

  3. springboot成神之——application.properties所有可用属性

    application.properties所有可用属性 # =================================================================== # ...

  4. springboot成神之——springboot入门使用

    springboot创建webservice访问mysql(使用maven) 安装 起步 spring常用命令 spring常见注释 springboot入门级使用 配置你的pom.xml文件 配置文 ...

  5. springboot成神之——mybatis和mybatis-generator

    项目结构 依赖 generator配置文件 properties配置 生成文件 使用Example 本文讲解如何在spring-boot中使用mybatis和mybatis-generator自动生成 ...

  6. springboot成神之——swagger文档自动生成工具

    本文讲解如何在spring-boot中使用swagger文档自动生成工具 目录结构 说明 依赖 SwaggerConfig 开启api界面 JSR 303注释信息 Swagger核心注释 User T ...

  7. springboot成神之——log4j2的使用

    本文介绍如何在spring-boot中使用log4j2 说明 依赖 日志记录语句 log4j2配置文件 本文介绍如何在spring-boot中使用log4j2 说明 log4j2本身使用是非常简单的, ...

  8. springboot成神之——mybatis在spring-boot中使用的几种方式

    本文介绍mybatis在spring-boot中使用的几种方式 项目结构 依赖 WebConfig DemoApplication 方式一--@Select User DemoApplication ...

  9. springboot成神之——发送邮件

    本文介绍如何用spring发送邮件 目录结构 依赖 MailConfig TestController 测试 本文介绍如何用spring发送邮件 目录结构 依赖 <dependency> ...

随机推荐

  1. H5测试

    H5是什么? H5的全称是HTML5,其实就是:移动端WEB页面. H5与原生 APP的区别: APP是使用原生系统内核的,相当于直接在系统上操作,是我们传统意义上的软件,更加稳定. H5的APP先得 ...

  2. JAVA定时任务Timer

    故事起因 因业务需要,写了一个定时任务Timer,任务将在每天的凌晨2点执行,代码顺利码完,一切就绪,开始测试.运行程序,为了节省时间,将系统时间调整为第二天凌晨1点59分,看着秒针滴答滴答的转动,期 ...

  3. 51nod-1259-分块+dp

    http://www.51nod.com/onlineJudge/questionCode.html#!problemId=1259 1259 整数划分 V2 基准时间限制:1 秒 空间限制:1310 ...

  4. JavaScript中url 传递参数(特殊字符)解决方法及转码解码的介绍

    有些符号在URL中是不能直接传递的,如果要在URL中传递这些特殊符号,那么就要使用他们的编码了.下表中列出了一些URL特殊符号及编码   十六进制值 1. + URL 中+号表示空格 %2B 2. 空 ...

  5. H264的start code是什么?

    H.264起始码 在网络传输h264数据时,一个UDP包就是一个NALU,解码器可以很方便的检测出NAL分界和解码.但是如果编码数据存储为一个文件,原来的解码器将无法从数据流中分别出每个NAL的起始位 ...

  6. Git介绍及基本操作

    Git基本概念 在Git中,我们将需要进行版本控制的文件目录叫做一个仓库(repository),每个仓库可以简单理解成一个目录,这个目录里面的所有文件都通过Git来实现版本管理,Git都能跟踪并记录 ...

  7. Java并发编程总结

    基础概念 1.什么是原子操作?在Java Concurrency API中有哪些原子类(atomic classes)?原子操作(atomic operation)意为"不可被中断的一个或一 ...

  8. 混用Application.LoadLevel 和 PhotonNetwork.LoadLevel

    最近这一周从上周五晚上加完班回家夜里都12点了. 又赶紧送孩子去儿童医院  .. 就肺炎住院了.  真是有啥别有病呢.  悲剧的是我周三夜里陪了一夜后. 转天晚上也发烧了.. 周四 周五输了两天液. ...

  9. xcode加载静态链接库.a文件总是失败

    明明项目是对的,代码没有问题,并且把项目作为库项目引入到新项目中没问题,可是一旦把项目编译出.a文件,引入到新项目中不知为何会有几率出现一大堆错误,其实是xcode的缓存机制在作怪,去这个目录: /U ...

  10. Jolt Awards: The Best Books

    Jolt大奖素有“软件业界的奥斯卡”之美誉,共设通用类图书.技术类图书.语言和开发环境.框架库和组件.开发者网站等十余个分类,每个分类设有一个“震撼奖”(Jolt Award)和三个“生产力奖”(Pr ...