SpringBoot整合token实现登录认证的示例代码
1.pom.xml
<dependencies> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-test</artifactId> <scope>test</scope> </dependency> <dependency> <groupId>com.auth0</groupId> <artifactId>java-jwt</artifactId> <version>3.4.0</version> </dependency> <dependency> <groupId>mysql</groupId> <artifactId>mysql-connector-java</artifactId> <scope>runtime</scope> </dependency> <dependency> <groupId>org.mybatis.spring.boot</groupId> <artifactId>mybatis-spring-boot-starter</artifactId> <version>1.3.2</version> </dependency> <dependency> <groupId>com.alibaba</groupId> <artifactId>fastjson</artifactId> <version>1.2.47</version> </dependency> <dependency> <groupId>io.springfox</groupId> <artifactId>springfox-swagger2</artifactId> <version>2.8.0</version> </dependency> <dependency> <groupId>io.springfox</groupId> <artifactId>springfox-swagger-ui</artifactId> <version>2.8.0</version> </dependency> <dependency> <groupId>org.projectlombok</groupId> <artifactId>lombok</artifactId> <version>1.18.0</version> </dependency> </dependencies>
2.实体类
@Data public class User { private String id; private String username; private String password; }
3.Mapper接口
/** * @author qiaoyn * @date 2019/06/14 */ @Mapper public interface UserMapper { User findByUsername(String username); User findUserById(String id); }
4.service层
@Service public class UserService { @Autowired private UserMapper userMapper; public User findByUsername(User user){ return userMapper.findByUsername(user.getUsername()); } public User findUserById(String userId) { return userMapper.findUserById(userId); } }
/*** * token 下发 * @Title: TokenService.java * @author qiaoyn * @date 2019/06/14 * @version V1.0 */ @Service public class TokenService { public String getToken(User user) { Date start = new Date(); long currentTime = System.currentTimeMillis() + 60* 60 * 1000;//一小时有效时间 Date end = new Date(currentTime); String token = ""; token = JWT.create().withAudience(user.getId()).withIssuedAt(start).withExpiresAt(end) .sign(Algorithm.HMAC256(user.getPassword())); return token; } }
5.Api层
@RestController public class UserApi { @Autowired UserService userService; @Autowired TokenService tokenService; // 登录 @ApiOperation(value = "登陆", notes = "登陆") @RequestMapping(value = "/login" ,method = RequestMethod.GET) public Object login(User user, HttpServletResponse response) { JSONObject jsonObject = new JSONObject(); User userForBase = new User(); userForBase.setId(userService.findByUsername(user).getId()); userForBase.setUsername(userService.findByUsername(user).getUsername()); userForBase.setPassword(userService.findByUsername(user).getPassword()); if (!userForBase.getPassword().equals(user.getPassword())) { jsonObject.put("message", "登录失败,密码错误"); return jsonObject; } else { String token = tokenService.getToken(userForBase); jsonObject.put("token", token); Cookie cookie = new Cookie("token", token); cookie.setPath("/"); response.addCookie(cookie); return jsonObject; } } /*** * 这个请求需要验证token才能访问 * * @author: qiaoyn * @date 2019/06/14 * @return String 返回类型 */ @UserLoginToken @ApiOperation(value = "获取信息", notes = "获取信息") @RequestMapping(value = "/getMessage" ,method = RequestMethod.GET) public String getMessage() { // 取出token中带的用户id 进行操作 System.out.println(TokenUtil.getTokenUserId()); return "您已通过验证"; } }
6.util
/* * @author qiaoyn * @date 2019/06/14 * @version 1.0 */ public class TokenUtil { public static String getTokenUserId() { String token = getRequest().getHeader("token");// 从 http 请求头中取出 token String userId = JWT.decode(token).getAudience().get(0); return userId; } /** * 获取request * * @return */ public static HttpServletRequest getRequest() { ServletRequestAttributes requestAttributes = (ServletRequestAttributes) RequestContextHolder .getRequestAttributes(); return requestAttributes == null ? null : requestAttributes.getRequest(); } }
7.Interceptor
/** * 拦截器 * @author qiaoyn * @date 2019/06/14 */ public class AuthenticationInterceptor implements HandlerInterceptor { @Autowired UserService userService; @Override public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object object) throws Exception { String token = httpServletRequest.getHeader("token");// 从 http 请求头中取出 token // 如果不是映射到方法直接通过 if(!(object instanceof HandlerMethod)){ return true; } HandlerMethod handlerMethod=(HandlerMethod)object; Method method=handlerMethod.getMethod(); //检查是否有passtoken注释,有则跳过认证 if (method.isAnnotationPresent(PassToken.class)) { PassToken passToken = method.getAnnotation(PassToken.class); if (passToken.required()) { return true; } } //检查有没有需要用户权限的注解 if (method.isAnnotationPresent(UserLoginToken.class)) { UserLoginToken userLoginToken = method.getAnnotation(UserLoginToken.class); if (userLoginToken.required()) { // 执行认证 if (token == null) { throw new RuntimeException("无token,请重新登录"); } // 获取 token 中的 user id String userId; try { userId = JWT.decode(token).getAudience().get(0); } catch (JWTDecodeException j) { throw new RuntimeException("401"); } User user = userService.findUserById(userId); if (user == null) { throw new RuntimeException("用户不存在,请重新登录"); } // 验证 token JWTVerifier jwtVerifier = JWT.require(Algorithm.HMAC256(user.getPassword())).build(); try { jwtVerifier.verify(token); } catch (JWTVerificationException e) { throw new RuntimeException("401"); } return true; } } return true; } @Override public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, ModelAndView modelAndView) throws Exception { } @Override public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, Exception e) throws Exception { } }
8.cofig
/*** * 新建Token拦截器 * @Title: InterceptorConfig.java * @author qiaoyn * @date 2019/06/14 * @version V1.0 */ @Configuration public class InterceptorConfig implements WebMvcConfigurer { @Override public void addInterceptors(InterceptorRegistry registry) { registry.addInterceptor(authenticationInterceptor()) .addPathPatterns("/**"); // 拦截所有请求,通过判断是否有 @LoginRequired 注解 决定是否需要登录 } @Bean public AuthenticationInterceptor authenticationInterceptor() { return new AuthenticationInterceptor(); } @Override public void addArgumentResolvers(List<HandlerMethodArgumentResolver> arg0) { // TODO Auto-generated method stub } @Override public void addCorsMappings(CorsRegistry arg0) { // TODO Auto-generated method stub } @Override public void addFormatters(FormatterRegistry arg0) { // TODO Auto-generated method stub } @Override public void addResourceHandlers(ResourceHandlerRegistry arg0) { // TODO Auto-generated method stub } @Override public void addReturnValueHandlers(List<HandlerMethodReturnValueHandler> arg0) { // TODO Auto-generated method stub } @Override public void addViewControllers(ViewControllerRegistry arg0) { // TODO Auto-generated method stub } @Override public void configureAsyncSupport(AsyncSupportConfigurer arg0) { // TODO Auto-generated method stub } @Override public void configureContentNegotiation(ContentNegotiationConfigurer arg0) { // TODO Auto-generated method stub } @Override public void configureDefaultServletHandling(DefaultServletHandlerConfigurer arg0) { // TODO Auto-generated method stub } @Override public void configureHandlerExceptionResolvers(List<HandlerExceptionResolver> arg0) { // TODO Auto-generated method stub } @Override public void configureMessageConverters(List<HttpMessageConverter<?>> arg0) { // TODO Auto-generated method stub } @Override public void configurePathMatch(PathMatchConfigurer arg0) { // TODO Auto-generated method stub } @Override public void configureViewResolvers(ViewResolverRegistry arg0) { // TODO Auto-generated method stub } @Override public void extendHandlerExceptionResolvers(List<HandlerExceptionResolver> arg0) { // TODO Auto-generated method stub } @Override public void extendMessageConverters(List<HttpMessageConverter<?>> arg0) { // TODO Auto-generated method stub } @Override public MessageCodesResolver getMessageCodesResolver() { // TODO Auto-generated method stub return null; } @Override public Validator getValidator() { // TODO Auto-generated method stub return null; } }
9.annotation
/*** * 用来跳过验证的 PassToken * @author qiaoyn * @date 2019/06/14 */ @Target({ElementType.METHOD, ElementType.TYPE}) @Retention(RetentionPolicy.RUNTIME) public @interface PassToken { boolean required() default true; }
/** * 用于登录后才能操作的token * @author qiaoyn * @date 2019/06/14 */ @Target({ElementType.METHOD, ElementType.TYPE}) @Retention(RetentionPolicy.RUNTIME) public @interface UserLoginToken { boolean required() default true; } /*RetentionPolicy.RUNTIME:这种类型的Annotations将被JVM保留, 所以他们能在运行时被JVM或其他使用反射机制的代码所读取和使用。*/
10.mapper.xml
<?xml version="1.0" encoding="UTF-8" ?> <!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd" > <mapper namespace="com.example.demo.mapper.UserMapper"> <select id="findByUsername" resultType="com.example.demo.entity.User"> SELECT id,password FROM user WHERE username=#{username} </select> <select id="findUserById" resultType="com.example.demo.entity.User"> SELECT username,password FROM user WHERE id=#{id} </select> </mapper>
11.测试
数据库文件如下所示
到此这篇关于SpringBoot整合token实现登录认证的示例代码的文章就介绍到这了,更多相关SpringBoot token登录认证内容请搜索我们以前的文章或继续浏览下面的相关文章希望大家以后多多支持我们!
赞 (0)