本文介绍basic auth和JWT验证结合

目录结构

依赖

<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt</artifactId>
<version>0.9.1</version>
</dependency> <dependency>
<groupId>com.auth0</groupId>
<artifactId>auth0</artifactId>
<version>1.8.0</version>
</dependency> <dependency>
<groupId>com.auth0</groupId>
<artifactId>auth0-spring-security-api</artifactId>
<version>1.1.0</version>
</dependency> <dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency> <dependency>
<groupId>org.json</groupId>
<artifactId>json</artifactId>
<version>20180813</version>
</dependency> <dependency>
<groupId>org.glassfish</groupId>
<artifactId>javax.xml.bind</artifactId>
<version>10.0-b28</version>
</dependency>

config配置文件WebSecurityConfig

package com.springlearn.learn.config;

import com.springlearn.learn.filter.JWTAuthenticationFilter;
import com.springlearn.learn.filter.JWTLoginFilter; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.authentication.configurers.provisioning.InMemoryUserDetailsManagerConfigurer;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; @Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter implements WebMvcConfigurer { @Override
protected void configure(HttpSecurity http) throws Exception {
http.cors().and().csrf().disable();
// 所有的请求都要验证
http.authorizeRequests()
.antMatchers("/").permitAll() // 访问 "/" 无需验证
.antMatchers(HttpMethod.POST, "/login").permitAll() // 访问 "/login" 无需token即可进入
.antMatchers(HttpMethod.GET, "/login").permitAll()
.anyRequest()
.authenticated()
.and()
.addFilterBefore( // 添加验证过滤器
new JWTLoginFilter("/login", authenticationManager()),
UsernamePasswordAuthenticationFilter.class
)
.addFilterBefore(
new JWTAuthenticationFilter(),
UsernamePasswordAuthenticationFilter.class
);
} @Bean
public BCryptPasswordEncoder passwordEncoder() {
BCryptPasswordEncoder bCryptPasswordEncoder = new BCryptPasswordEncoder();
return bCryptPasswordEncoder;
} @Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
String password = "234";
String encrytedPassword = this.passwordEncoder().encode(password);
System.out.println("Encoded password = " + encrytedPassword); // 这里使用写死的验证,你可以在这里访问数据库
InMemoryUserDetailsManagerConfigurer<AuthenticationManagerBuilder> mngConfig = auth.inMemoryAuthentication(); UserDetails u1 = User.withUsername("yejiawei").password(encrytedPassword).roles("ADMIN").build();
UserDetails u2 = User.withUsername("donglei").password(encrytedPassword).roles("USER").build(); mngConfig.withUser(u1);
mngConfig.withUser(u2);
} @Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**").allowedOrigins("*").allowedMethods("GET", "POST", "PUT", "DELETE").allowedOrigins("*")
.allowedHeaders("*");
}
}

filter过滤器JWTLoginFilter

package com.springlearn.learn.filter;

import java.io.IOException;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.stream.Collectors; import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import com.springlearn.learn.service.TokenAuthenticationService; import org.json.JSONObject;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher; public class JWTLoginFilter extends AbstractAuthenticationProcessingFilter{
public JWTLoginFilter(String url, AuthenticationManager authManager) {
super(new AntPathRequestMatcher(url));
setAuthenticationManager(authManager);
} @Override
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)
throws AuthenticationException, IOException, ServletException { // get方式获取参数
// String username = request.getParameter("username");
// String password = request.getParameter("password"); // post方式获取数据
String s = request.getReader().lines().collect(Collectors.joining(System.lineSeparator()));
JSONObject jsonObject = new JSONObject(s);
HashMap<String, String> result = new HashMap<String, String>();
String key = null;
Iterator<?> keys = jsonObject.keys();
while(keys.hasNext()) {
key = (String) keys.next();
result.put(key, jsonObject.getString(key));
} System.out.printf("JWTLoginFilter.attemptAuthentication: username/password= %s,%s", result.get("username"), result.get("password"));
System.out.println(); return getAuthenticationManager().authenticate(new UsernamePasswordAuthenticationToken(result.get("username"), result.get("password"), Collections.emptyList()));
} @Override
protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain chain,
Authentication authResult) throws IOException, ServletException { System.out.println("JWTLoginFilter.successfulAuthentication:"); // Write Authorization to Headers of Response.
TokenAuthenticationService.addAuthentication(response, authResult.getName()); String authorizationString = response.getHeader("Authorization"); System.out.println("Authorization String=" + authorizationString);
} @Override
protected void unsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response, AuthenticationException failed) throws IOException, ServletException { response.setContentType("application/json");
response.setStatus(HttpServletResponse.SC_OK);
response.getOutputStream().println((new JSONObject(){{
put("status", 500);
put("message", "Internal Server Error!!!");
put("result", JSONObject.NULL);
}}).toString());
}
}

filter过滤器JWTAuthenticationFilter

package com.springlearn.learn.filter;

import java.io.IOException;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest; import com.springlearn.learn.service.TokenAuthenticationService; import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.filter.GenericFilterBean; public class JWTAuthenticationFilter extends GenericFilterBean {
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)
throws IOException, ServletException { System.out.println("JWTAuthenticationFilter.doFilter"); Authentication authentication = TokenAuthenticationService.getAuthentication((HttpServletRequest) servletRequest); SecurityContextHolder.getContext().setAuthentication(authentication); filterChain.doFilter(servletRequest, servletResponse);
}
}

service中的TokenAuthenticationService

package com.springlearn.learn.service;

import java.io.IOException;
import java.util.Collections;
import java.util.Date; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import org.json.JSONObject;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication; import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm; public class TokenAuthenticationService { static final long _expiretime = 864_000_000;
static final String _secret = "ThisIsASecret";
static final String _token_prefix = "Bearer";
static final String _header_string = "Authorization"; public static void addAuthentication(HttpServletResponse res, String username) throws IOException {
String JWT =
Jwts.builder()
.setSubject(username)
.setExpiration(new Date(System.currentTimeMillis() + _expiretime))
.signWith(SignatureAlgorithm.HS512, _secret).compact(); res.addHeader(_header_string, _token_prefix + " " + JWT);
res.setContentType("application/json");
res.setStatus(HttpServletResponse.SC_OK);
res.getOutputStream().println((new JSONObject(){{
put("status", 0);
put("message", "");
put("result", JWT);
}}).toString()); } public static Authentication getAuthentication(HttpServletRequest request) {
String token = request.getHeader(_header_string);
if (token != null) {
// parse the token.
String user = Jwts.parser().setSigningKey(_secret).parseClaimsJws(token.replace(_token_prefix, "")).getBody()
.getSubject(); return user != null ? new UsernamePasswordAuthenticationToken(user, null, Collections.emptyList()) : null;
}
return null;
}
}

启动文件DemoApplication

package com.springlearn.learn;

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication; @SpringBootApplication
public class DemoApplication { public static void main(String[] args) {
SpringApplication.run(DemoApplication.class, args);
}
}

Controller中的TestController

package com.springlearn.learn.controller;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.bind.annotation.RestController; @RestController
public class TestController { @ResponseBody
@RequestMapping(value = "/AuthTest", method = RequestMethod.GET)
public String AuthTest(HttpServletRequest request, HttpServletResponse response) {
return "OK";
} @ResponseBody
@RequestMapping(value = "/login", method = RequestMethod.GET)
public String Login(@RequestBody Object user, HttpServletRequest request, HttpServletResponse response) {
return "OK";
}
}

前端测试

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="ie=edge">
<title>Document</title>
<script src="https://unpkg.com/axios/dist/axios.min.js"></script>
<script>
axios.defaults.headers.post['Content-Type'] = 'application/x-www-form-urlencoded'; axios.post('http://localhost:9001/login', {
username: 'yejiawei',
password: '234'
}).then(function (response) {
localStorage.setItem("token", response.data.result)
}).catch(function (error) {
console.log(error);
}).then(function () {
}); // axios.get('http://localhost:9001/AuthTest', {
// headers: {
// "Authorization": localStorage.getItem("token")
// }
// }).then(function (response) {
// console.log(response.data);
// }).catch(function (error) {
// console.log(error);
// }).then(function () {
// }); </script>
</head>
<body>
</body>
</html>

springboot成神之——basic auth和JWT验证结合的更多相关文章

  1. springboot成神之——Basic Auth应用

    本文介绍Basic Auth在spring中的应用 目录结构 依赖 入口DemoApplication 验证Authenication 配置WebSecurityConfig 控制器TestContr ...

  2. springboot成神之——ioc容器(依赖注入)

    springboot成神之--ioc容器(依赖注入) spring的ioc功能 文件目录结构 lang Chinese English GreetingService MyRepository MyC ...

  3. springboot成神之——application.properties所有可用属性

    application.properties所有可用属性 # =================================================================== # ...

  4. springboot成神之——springboot入门使用

    springboot创建webservice访问mysql(使用maven) 安装 起步 spring常用命令 spring常见注释 springboot入门级使用 配置你的pom.xml文件 配置文 ...

  5. springboot成神之——mybatis和mybatis-generator

    项目结构 依赖 generator配置文件 properties配置 生成文件 使用Example 本文讲解如何在spring-boot中使用mybatis和mybatis-generator自动生成 ...

  6. springboot成神之——swagger文档自动生成工具

    本文讲解如何在spring-boot中使用swagger文档自动生成工具 目录结构 说明 依赖 SwaggerConfig 开启api界面 JSR 303注释信息 Swagger核心注释 User T ...

  7. springboot成神之——log4j2的使用

    本文介绍如何在spring-boot中使用log4j2 说明 依赖 日志记录语句 log4j2配置文件 本文介绍如何在spring-boot中使用log4j2 说明 log4j2本身使用是非常简单的, ...

  8. springboot成神之——mybatis在spring-boot中使用的几种方式

    本文介绍mybatis在spring-boot中使用的几种方式 项目结构 依赖 WebConfig DemoApplication 方式一--@Select User DemoApplication ...

  9. springboot成神之——发送邮件

    本文介绍如何用spring发送邮件 目录结构 依赖 MailConfig TestController 测试 本文介绍如何用spring发送邮件 目录结构 依赖 <dependency> ...

随机推荐

  1. Django进阶Admin篇 - admin基本配置

    django admin 是django自带的一个后台app,提供了后台的管理功能. 基础知识点: 一.认识ModelAdmin 管理界面的定制类,如需扩展特定的model界面,需要从该类继承 二.注 ...

  2. [转]HTTP协议通信原理

    本文转自<HTTP协议通信原理> 了解HTTP HTTP(HyperText Transfer Protocol)是一套计算机通过网络进行通信的规则.计算机专家设计出HTTP,使HTTP客 ...

  3. JsonTools 工具类

    import net.sf.json.JSONObject; public class JsonTools { public static JSONObject getJSONObject(Strin ...

  4. Ant Design

    https://ant.design/components/form-cn/    (Ant Design of React 中文网) 1.Ant Design of react (相关资料) htt ...

  5. ARM的异常处理方式

    1.什么是异常? 正常工作之外的流程都叫异常 异常会打断正在执行的工作,并且一般我们希望异常处理完成后继续回来执行原来的工作 中断是异常的一种 2.异常向量表 所有的CPU都有异常向量表,这是CPU设 ...

  6. 剑指offer--36.整数中1出现的次数(从1到n整数中1出现的次数)

    暴力挨个数 ---------------------------------------------------------------------- 时间限制:1秒 空间限制:32768K 热度指 ...

  7. 【Java 并发】Executor框架机制与线程池配置使用

    [Java 并发]Executor框架机制与线程池配置使用 一,Executor框架Executor框架便是Java 5中引入的,其内部使用了线程池机制,在java.util.cocurrent 包下 ...

  8. Ant入门: Hello World with Apache Ant

    笔者因项目需要进行java程序打包,之前一直使用的最多的打包工具要数fat-jar了.此工具将所有引用的jar包以及源码生成的class一起打到一个包里面,运行程序的时候直接运行命令:java –ja ...

  9. 【英语】Bingo口语笔记(87) - 不要做某事的常见表达

  10. NOI 2018 你的名字

    因为机房里的小伙伴都在看<你的名字.>而我不想看 所以来写了这道题... 给一个 $S$ 串,$q$ 次询问,每次一个 $T$ 串,问 $T$ 有多少没在 $S[l,r]$ 中以子串形式出 ...