springboot 添加JWT接口認證

時間 2021-08-12

標籤 java mysql web 算法 spring sql apache json api springboot 欄目 Spring 简体版

原文原文鏈接

注：此認證方式生成token基本jdk8.0, jdk其它版本有些方法不支持java

　　pom.xml文件添加引用mysql

<dependency>            <groupId>io.jsonwebtoken</groupId>            <artifactId>jjwt</artifactId>            <version>0.9.1</version>        </dependency>

　完整pom文件web

<?xml version="1.0" encoding="utf-8"?><project        xmlns="http://maven.apache.org/POM/4.0.0"        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">    <modelVersion>4.0.0</modelVersion>    <parent>        <groupId>org.springframework.boot</groupId>        <artifactId>spring-boot-starter-parent</artifactId>        <version>2.3.2.RELEASE</version>        <relativePath/>        <!-- lookup parent from repository -->    </parent>    <groupId>com.xj</groupId>    <artifactId>demo</artifactId>    <version>0.0.1-SNAPSHOT</version>    <name>demo</name>    <description>Demo project for Spring Boot</description>    <properties>        <java.version>1.8</java.version>        <kotlin.version>1.4.0</kotlin.version>    </properties>    <dependencies>        <dependency>            <groupId>org.springframework.boot</groupId>            <artifactId>spring-boot-starter-web</artifactId>        </dependency>        <dependency>            <groupId>org.mybatis.spring.boot</groupId>            <artifactId>mybatis-spring-boot-starter</artifactId>            <version>2.1.1</version>        </dependency>        <dependency>            <groupId>mysql</groupId>            <artifactId>mysql-connector-java</artifactId>            <scope>runtime</scope>        </dependency>        <dependency>            <groupId>org.springframework.boot</groupId>            <artifactId>spring-boot-starter-test</artifactId>            <scope>test</scope>            <exclusions>                <exclusion>                    <groupId>org.junit.vintage</groupId>                    <artifactId>junit-vintage-engine</artifactId>                </exclusion>            </exclusions>        </dependency>        <dependency>            <groupId>io.springfox</groupId>            <artifactId>springfox-swagger-ui</artifactId>            <version>3.0.0</version>            <scope>compile</scope>        </dependency>        <dependency>            <groupId>io.jsonwebtoken</groupId>            <artifactId>jjwt</artifactId>            <version>0.9.1</version>        </dependency>        <!-- SLf4j 日誌記錄-->        <dependency>            <groupId>org.projectlombok</groupId>            <artifactId>lombok</artifactId>            <optional>true</optional>            <version>1.18.12</version>        </dependency>        <!--JSONObject-->        <dependency>            <groupId>com.alibaba</groupId>            <artifactId>fastjson</artifactId>            <version>1.2.73</version>        </dependency>        <!-- JSONObject對象依賴的jar包 開始 -->        <dependency>            <groupId>commons-beanutils</groupId>            <artifactId>commons-beanutils</artifactId>            <version>1.9.3</version>        </dependency>        <dependency>            <groupId>commons-collections</groupId>            <artifactId>commons-collections</artifactId>            <version>3.2.1</version>        </dependency>        <dependency>            <groupId>commons-lang</groupId>            <artifactId>commons-lang</artifactId>            <version>2.6</version>        </dependency>        <dependency>            <groupId>commons-logging</groupId>            <artifactId>commons-logging</artifactId>            <version>1.1.1</version>        </dependency>        <dependency>            <groupId>net.sf.ezmorph</groupId>            <artifactId>ezmorph</artifactId>            <version>1.0.6</version>        </dependency>        <dependency>            <groupId>net.sf.json-lib</groupId>            <artifactId>json-lib</artifactId>            <version>2.2.3</version>            <classifier>jdk15</classifier>            <!-- jdk版本 -->        </dependency>        <!-- Json依賴架包下載結束 -->        <dependency>            <groupId>com.alibaba</groupId>            <artifactId>fastjson</artifactId>            <version>1.2.7</version>        </dependency>        <!-- swagger3.0 -->        <dependency>            <groupId>io.springfox</groupId>            <artifactId>springfox-boot-starter</artifactId>            <version>3.0.0</version>        </dependency>    </dependencies>    <build>        <plugins>            <plugin>                <groupId>org.springframework.boot</groupId>                <artifactId>spring-boot-maven-plugin</artifactId>                <configuration>                    <mainClass>com.xj.demo.DemoApplication</mainClass>                </configuration>                <executions>                    <execution>                        <goals>                            <goal>repackage</goal>                        </goals>                    </execution>                </executions>            </plugin>            <plugin>                <groupId>org.apache.maven.plugins</groupId>                <artifactId>maven-jar-plugin</artifactId>                <version>2.6</version>                <configuration>                    <archive>                        <manifest>                            <addClasspath>true</addClasspath>                            <classpathPrefix>lib/</classpathPrefix>                            <mainClass>com.xj.demo.DemoApplication</mainClass>                        </manifest>                    </archive>                </configuration>            </plugin>            <plugin>                <groupId>org.apache.maven.plugins</groupId>                <artifactId>maven-dependency-plugin</artifactId>                <version>2.10</version>                <executions>                    <execution>                        <id>copy-dependencies</id>                        <phase>package</phase>                        <goals>                            <goal>copy-dependencies</goal>                        </goals>                        <configuration>                            <outputDirectory>${project.build.directory}/config</outputDirectory>                        </configuration>                    </execution>                </executions>            </plugin>        </plugins>    </build></project>

jwt密鑰配置 application.properties算法

#基本配置spring.datasource.url=jdbc:mysql://127.0.0.1:3306/business?useUnicode=true&characterEncoding=utf-8&useJDBCCompliantTimezoneShift=true&useLegacyDatetimeCode=false&serverTimezone=UTCspring.datasource.username=rootspring.datasource.password=rootspring.datasource.driverClassName=com.mysql.cj.jdbc.Driver#使用mysqlspring.jpa.database = mysql#是否顯示sql語句spring.jpa.show-sql=true#mybatis配置 mybatis.config-location=classpath:mybatis-config.xml // 配置文件位置mybatis.typeAliasesPackage=com.xj.demo.model mybatis.mapper-locations=classpath:mapper/*.xml

#表明這個JWT的接收對象,存入audienceaudience.clientId=098f6bcd4621d373cade4e832627b4f6# 密鑰, 通過Base64加密, 可自行替換audience.base64Secret=MDk4ZjZiY2Q0NjIxZDM3M2NhZGU0ZTgzMjYyN2I0ZjY=#JWT的簽發主體，存入issueraudience.name=springbootapi# 過時時間，48小時過時audience.expiresSecond= 172800
#配置mybaits自定義類型轉換類所在的包# mybatis.type-handlers-package=com.hl.handler

JWTToken類

package com.xj.demo.common;
import com.xj.demo.common.exception.CustomException;import com.xj.demo.common.response.ResultCode;import com.xj.demo.config.Audience;import io.jsonwebtoken.*;import org.apache.logging.log4j.util.Base64Util;import org.slf4j.Logger;import org.slf4j.LoggerFactory;
import javax.crypto.spec.SecretKeySpec;import javax.xml.bind.DatatypeConverter;import java.security.Key;import java.util.Date;
/** * JWTToken類 */public class JwtTokenUtil {
    private static Logger log = LoggerFactory.getLogger(JwtTokenUtil.class);
    public static final String AUTH_HEADER_KEY = "Authorization";
    public static final String TOKEN_PREFIX = "Bearer ";
    /**     * 解析jwt     * @param jsonWebToken     * @param base64Security     * @return     */    public static Claims parseJWT(String jsonWebToken, String base64Security) {        try {            Claims claims = Jwts.parser()                    .setSigningKey(DatatypeConverter.parseBase64Binary(base64Security))                    .parseClaimsJws(jsonWebToken).getBody();            return claims;        } catch (ExpiredJwtException  eje) {            log.error("===== Token過時 =====", eje);            throw new CustomException(ResultCode.PERMISSION_TOKEN_EXPIRED);        } catch (Exception e){            log.error("===== token解析異常 =====", e);            throw new CustomException(ResultCode.PERMISSION_TOKEN_INVALID);        }    }
    /**     * 構建jwt     * @param userId     * @param username     * @param role     * @param audience     * @return     */    public static String createJWT(String userId, String username, String role, Audience audience) {        try {            // 使用HS256加密算法            SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.HS256;
            long nowMillis = System.currentTimeMillis();            Date now = new Date(nowMillis);
            //生成簽名密鑰            byte[] apiKeySecretBytes = DatatypeConverter.parseBase64Binary(audience.getBase64Secret());            Key signingKey = new SecretKeySpec(apiKeySecretBytes, signatureAlgorithm.getJcaName());
            //userId是重要信息，進行加密下            String encryId = Base64Util.encode(userId);
            //添加構成JWT的參數            JwtBuilder builder = Jwts.builder().setHeaderParam("typ", "JWT")                    // 能夠將基本不重要的對象信息放到claims                    .claim("role", role)                    .claim("userId", userId)                    .setSubject(username)           // 表明這個JWT的主體，即它的全部人                    .setIssuer(audience.getClientId())              // 表明這個JWT的簽發主體；                    .setIssuedAt(new Date())        // 是一個時間戳，表明這個JWT的簽發時間；                    .setAudience(audience.getName())          // 表明這個JWT的接收對象；                    .signWith(signatureAlgorithm, signingKey);            //添加Token過時時間            int TTLMillis = audience.getExpiresSecond();            if (TTLMillis >= 0) {                long expMillis = nowMillis + TTLMillis;                Date exp = new Date(expMillis);                builder.setExpiration(exp)  // 是一個時間戳，表明這個JWT的過時時間；                        .setNotBefore(now); // 是一個時間戳，表明這個JWT生效的開始時間，意味着在這個時間以前驗證JWT是會失敗的            }
            //生成JWT            return builder.compact();        } catch (Exception e) {            log.error("簽名失敗", e);            throw new CustomException(ResultCode.PERMISSION_SIGNATURE_ERROR);        }    }
    /**     * 從token中獲取用戶名     * @param token     * @param base64Security     * @return     */    public static String getUsername(String token, String base64Security){        return parseJWT(token, base64Security).getSubject();    }
    /**     * 從token中獲取用戶ID     * @param token     * @param base64Security     * @return     */    public static String getUserId(String token, String base64Security){        String userId = parseJWT(token, base64Security).get("userId", String.class);        //return Base64Util.decode(userId);        return  userId;    }
    /**     * 是否已過時     * @param token     * @param base64Security     * @return     */    public static boolean isExpiration(String token, String base64Security) {        return parseJWT(token, base64Security).getExpiration().before(new Date());    }}

token驗證攔截器(filter)

package com.xj.demo.filter;

import com.xj.demo.annotation.JwtIgnore;import com.xj.demo.common.JwtTokenUtil;import com.xj.demo.common.exception.CustomException;import com.xj.demo.common.response.ResultCode;import com.xj.demo.config.Audience;import lombok.extern.slf4j.Slf4j;import org.apache.commons.lang.StringUtils;import org.springframework.beans.factory.BeanFactory;import org.springframework.beans.factory.annotation.Autowired;import org.springframework.http.HttpMethod;import org.springframework.web.context.support.WebApplicationContextUtils;import org.springframework.web.method.HandlerMethod;import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
import javax.servlet.annotation.WebFilter;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;

/** * ======================== * token驗證攔截器 * Created with IntelliJ IDEA. * User：xj * Date：2020/8/18 * Version: v1.0 * ======================== */
@Slf4j//@WebFilter(urlPatterns = "/filter-api/*", filterName = "jwkTokenFilter")public class JwtInterceptor extends HandlerInterceptorAdapter {
    @Autowired    private Audience audience;
    @Override    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {        // 忽略帶JwtIgnore註解的請求, 不作後續token認證校驗        if (handler instanceof HandlerMethod) {            HandlerMethod handlerMethod = (HandlerMethod) handler;            JwtIgnore jwtIgnore = handlerMethod.getMethodAnnotation(JwtIgnore.class);            if (jwtIgnore != null) {                return true;            }        }
        if (HttpMethod.OPTIONS.equals(request.getMethod())) {            response.setStatus(HttpServletResponse.SC_OK);            return true;        }
        // 獲取請求頭信息authorization信息        final String authHeader = request.getHeader(JwtTokenUtil.AUTH_HEADER_KEY);        log.info("## authHeader= {}", authHeader);
        if (StringUtils.isBlank(authHeader) || !authHeader.startsWith(JwtTokenUtil.TOKEN_PREFIX)) {            log.info("### 用戶未登陸，請先登陸 ###");            response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);            throw new CustomException(ResultCode.USER_NOT_LOGGED_IN);        }
        // 獲取token        final String token = authHeader.substring(7);
        if(audience == null){            BeanFactory factory = WebApplicationContextUtils.getRequiredWebApplicationContext(request.getServletContext());            audience = (Audience) factory.getBean("audience");        }        try {        // 驗證token是否有效--無效已作異常拋出，由全局異常處理後返回對應信息        JwtTokenUtil.parseJWT(token, audience.getBase64Secret());        }        catch (Exception e){            response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);            throw new CustomException(ResultCode.USER_NOT_LOGGED_IN);        }        return true;    }
}

JWT驗證忽略註解

package com.xj.demo.annotation;
import java.lang.annotation.*;
/** * ======================== * JWT驗證忽略註解 * Created with IntelliJ IDEA. * User：xj * Date：2020/8/18 9:50 * Version: v1.0 * ======================== */@Target({ElementType.METHOD})@Retention(RetentionPolicy.RUNTIME)@Documentedpublic @interface JwtIgnore {}

自定義異常類型

package com.xj.demo.common.exception;


import com.xj.demo.common.response.ResultCode;
import java.text.MessageFormat;
/** * 自定義異常類型 * @author xj **/public class CustomException extends RuntimeException {
    //錯誤代碼    ResultCode resultCode;
    public CustomException(ResultCode resultCode){        super(resultCode.message());        this.resultCode = resultCode;    }
    public CustomException(ResultCode resultCode, Object... args){        super(resultCode.message());        String message = MessageFormat.format(resultCode.message(), args);        resultCode.setMessage(message);        this.resultCode = resultCode;    }
    public ResultCode getResultCode(){        return resultCode;    }
}

統一響應結果集

package com.xj.demo.common.response;

import com.fasterxml.jackson.databind.annotation.JsonSerialize;
/** * ======================== * 統一響應結果集 * Created with IntelliJ IDEA. * User：xj * Date：2020/8/18 9:50 * Version: v1.0 * ======================== */@JsonSerialize(include=JsonSerialize.Inclusion.NON_NULL)public class Result<T> {
    //操做代碼    int code;
    //提示信息    String message;
    //結果數據    T data;
    public Result(ResultCode resultCode){        this.code = resultCode.code();        this.message = resultCode.message();    }
    public Result(ResultCode resultCode, T data){        this.code = resultCode.code();        this.message = resultCode.message();        this.data = data;    }
    public Result(String message){        this.message = message;    }
    public static Result SUCCESS(){        return new Result(ResultCode.SUCCESS);    }
    public static <T> Result SUCCESS(T data){        return new Result(ResultCode.SUCCESS, data);    }
    public static Result FAIL(){        return new Result(ResultCode.FAIL);    }
    public static Result FAIL(String message){        return new Result(message);    }
    public int getCode() {        return code;    }
    public void setCode(int code) {        this.code = code;    }
    public String getMessage() {        return message;    }
    public void setMessage(String message) {        this.message = message;    }
    public T getData() {        return data;    }
    public void setData(T data) {        this.data = data;    }}

package com.xj.demo.common.response;
/** * ======================== * 通用響應狀態 * Created with IntelliJ IDEA. * User：xj * Date：2020/8/18 * Time：10:10 * Version: v1.0 * ======================== */public enum  ResultCode {
    /* 成功狀態碼 */    SUCCESS(1,"操做成功！"),
    /* 錯誤狀態碼 */    FAIL(-1,"操做失敗！"),
    /* 參數錯誤：10001-19999 */    PARAM_IS_INVALID(10001, "參數無效"),    PARAM_IS_BLANK(10002, "參數爲空"),    PARAM_TYPE_BIND_ERROR(10003, "參數格式錯誤"),    PARAM_NOT_COMPLETE(10004, "參數缺失"),
    /* 用戶錯誤：20001-29999*/    USER_NOT_LOGGED_IN(20001, "用戶未登陸，請先登陸"),    USER_LOGIN_ERROR(20002, "帳號不存在或密碼錯誤"),    USER_ACCOUNT_FORBIDDEN(20003, "帳號已被禁用"),    USER_NOT_EXIST(20004, "用戶不存在"),    USER_HAS_EXISTED(20005, "用戶已存在"),

    /* 數據錯誤：50001-599999 */    RESULT_DATA_NONE(50001, "數據未找到"),    DATA_IS_WRONG(50002, "數據有誤"),    DATA_ALREADY_EXISTED(50003, "數據已存在"),
    /* 權限錯誤：70001-79999 */    PERMISSION_UNAUTHENTICATED(70001,"此操做須要登錄系統！"),    PERMISSION_UNAUTHORISE(70002,"權限不足，無權操做！"),    PERMISSION_EXPIRE(70003,"登陸狀態過時！"),    PERMISSION_TOKEN_EXPIRED(70004, "token已過時"),    PERMISSION_LIMIT(70005, "訪問次數受限制"),    PERMISSION_TOKEN_INVALID(70006, "無效token"),    PERMISSION_SIGNATURE_ERROR(70007, "簽名失敗");
    //操做代碼    int code;
    public int code() {        return code;    }
    public void setCode(int code) {        this.code = code;    }
    public String message() {        return message;    }
    public void setMessage(String message) {        this.message = message;    }


    //提示信息    String message;    ResultCode(int code, String message){        this.code = code;        this.message = message;    }}

登陸接口spring

package com.xj.demo.controller;
import com.alibaba.fastjson.JSONObject;import com.fasterxml.jackson.databind.util.JSONPObject;import com.xj.demo.annotation.JwtIgnore;import com.xj.demo.common.JwtTokenUtil;import com.xj.demo.common.response.Result;import com.xj.demo.config.Audience;import io.swagger.annotations.Api;import io.swagger.annotations.ApiOperation;import lombok.extern.slf4j.Slf4j;import org.springframework.beans.factory.annotation.Autowired;import org.springframework.boot.jackson.JsonObjectDeserializer;import org.springframework.web.bind.annotation.PostMapping;import org.springframework.web.bind.annotation.RequestMapping;import org.springframework.web.bind.annotation.RestController;
import javax.servlet.http.HttpServletResponse;import java.util.UUID;
@Api(tags = "登陸")@RestController@RequestMapping("/login")@Slf4jpublic class LoginController {    @Autowired    private Audience audience;
    @ApiOperation("登陸")    @PostMapping("/login")    @JwtIgnore    public Result adminLogin(HttpServletResponse response, String username, String password) {        // 這裏模擬測試, 默認登陸成功，返回用戶ID和角色信息        String userId = UUID.randomUUID().toString();        String role = "admin";
        // 建立token        String token = JwtTokenUtil.createJWT(userId, username, role, audience);        log.info("### 登陸成功, token={} ###", token);
        // 將token放在響應頭        response.setHeader(JwtTokenUtil.AUTH_HEADER_KEY, JwtTokenUtil.TOKEN_PREFIX + token);        return Result.SUCCESS(token);    }}

驗證登陸截圖sql