10分钟搞定Java带token验证的注册登录
这是spring boot框架下的登录注册功能,并且带有token验证,可以用于生产环境的实例
原理太简单,直接上代码,让你知道什么叫拿来主义!!
1,java中项目介绍
2,resources 中的内容
3,用法:
创建好所有的需要的类,,数据库中创建好需要的数据库,代码复制粘贴,启动,就可以用了
实际代码:
pom.xml
- "1.0" encoding="UTF-8"?>
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
-
4.0.0 -
com.test -
loginDemo -
1.0-SNAPSHOT -
jar -
-
org.springframework.boot -
spring-boot-starter-parent -
1.5.3.RELEASE -
-
-
UTF-8 -
UTF-8 -
1.8 -
2.6.1 -
0.7.0 -
1.4.1-rc.7 -
1.26.0-rc.3 -
3.0.3 -
2.19.1 -
1.0.0-beta2 -
-
-
org.springframework.boot -
spring-boot-starter-data-jpa -
-
org.springframework.boot -
spring-boot-starter-security -
-
org.projectlombok -
lombok -
-
org.springframework.boot -
spring-boot-starter-web -
-
-
org.springframework.boot -
spring-boot-starter-tomcat -
-
org.springframework.boot -
spring-boot-starter-undertow -
-
com.zaxxer -
HikariCP -
${hikaricp.version} -
-
com.google.guava -
guava -
21.0 -
-
io.jsonwebtoken -
jjwt -
${jjwt.version} -
-
mysql -
mysql-connector-java -
runtime -
-
org.springframework.boot -
spring-boot-starter-test -
test -
-
com.h2database -
h2 -
1.4.194 -
test -
-
net.serenity-bdd -
serenity-core -
${serenity.version} -
test -
-
net.serenity-bdd -
serenity-junit -
${serenity.version} -
test -
-
net.serenity-bdd -
serenity-jbehave -
${serenity.jbehave.version} -
test -
-
net.serenity-bdd -
serenity-rest-assured -
${serenity.version} -
test -
-
io.rest-assured -
spring-mock-mvc -
${rest-assured.version} -
test -
-
net.serenity-bdd -
serenity-spring -
${serenity.version} -
test -
-
org.apache.commons -
commons-lang3 -
3.6 -
-
junit -
junit -
3.8.1 -
test -
-
com.google.code.gson -
gson -
-
com.alibaba -
dubbo -
2.5.3 -
-
io.dubbo.springboot -
spring-boot-starter-dubbo -
1.0.0 -
-
org.codehaus.groovy -
groovy -
-
org.codehaus.groovy -
groovy-all -
-
junit -
junit -
-
org.springframework -
spring-test -
4.3.8.RELEASE -
-
org.springframework.boot -
spring-boot-test -
-
io.rest-assured -
spring-mock-mvc -
3.0.3 -
-
net.serenity-bdd -
serenity-jbehave -
1.26.0-rc.3 -
-
net.serenity-bdd -
serenity-core -
1.4.1-rc.7 -
-
org.projectlombok -
lombok -
1.16.14 -
-
data-share -
-
-
org.apache.maven.plugins -
maven-compiler-plugin -
-
1.8 -
1.8 -
-
org.springframework.boot -
spring-boot-maven-plugin -
-
true -
-
org.apache.maven.plugins -
maven-surefire-plugin -
${maven-surefire-plugin.version} -
-
true -
-
net.serenity-bdd.maven.plugins -
serenity-maven-plugin -
${serenity.version} -
-
-
serenity-reports -
post-integration-test -
-
aggregate
- package com.test.auth;
- import com.fasterxml.jackson.databind.ObjectMapper;
- import org.springframework.security.access.AccessDeniedException;
- import org.springframework.security.core.AuthenticationException;
- import org.springframework.security.web.AuthenticationEntryPoint;
- import org.springframework.security.web.access.AccessDeniedHandler;
- import org.springframework.stereotype.Component;
- import javax.servlet.ServletException;
- import javax.servlet.http.HttpServletRequest;
- import javax.servlet.http.HttpServletResponse;
- import java.io.IOException;
- import static com.test.data.RestResp.fail;
- import static javax.servlet.http.HttpServletResponse.SC_FORBIDDEN;
- import static org.springframework.http.MediaType.APPLICATION_JSON_VALUE;
- @Component
- public class AuthError implements AuthenticationEntryPoint, AccessDeniedHandler {
- @Override
- public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException, ServletException {
- handleAccessDenied(request, response, authException);
- }
- private static void handleAccessDenied(HttpServletRequest request, HttpServletResponse response, Exception exception) throws IOException, ServletException {
- response.setStatus(SC_FORBIDDEN);
- response.setContentType(APPLICATION_JSON_VALUE);
- String message = "authentication error: ";
- if (exception.getCause() != null) {
- message += exception
- .getCause()
- .getMessage();
- } else {
- message += exception.getMessage();
- }
- byte[] body = new ObjectMapper().writeValueAsBytes(fail(message));
- response
- .getOutputStream()
- .write(body);
- }
- @Override
- public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException) throws IOException, ServletException {
- handleAccessDenied(request, response, accessDeniedException);
- }
- }
auth /JwtAuthentication.java
- package com.test.auth;
- import com.test.domain.User;
- import org.springframework.security.core.Authentication;
- import org.springframework.security.core.GrantedAuthority;
- import java.util.Collection;
- import java.util.Map;
- import java.util.Optional;
- import static java.util.Collections.emptyList;
- public class JwtAuthentication implements Authentication {
- private String token;
- private User user;
- private Map
- JwtAuthentication(User user, String token, Map
- this.token = token;
- this.user = user;
- this.details = details;
- }
- public Optional
user(){ - return Optional.ofNullable(user);
- }
- @Override
- public Collectionextends GrantedAuthority> getAuthorities() {
- return emptyList();
- }
- @Override
- public Object getCredentials() {
- return token;
- }
- @Override
- public Object getDetails() {
- return details;
- }
- @Override
- public Object getPrincipal() {
- return user;
- }
- @Override
- public boolean isAuthenticated() {
- return user != null && user.getName() != null && user.getMobile() != null;
- }
- @Override
- public void setAuthenticated(boolean b) throws IllegalArgumentException {
- if (!isAuthenticated()){
- user = null;
- }
- }
- @Override
- public String getName() {
- return user.getName();
- }
- @Override
- public String toString() {
- return token;
- }
- }
auth /JwtAuthenticationProvider.java
- package com.test.auth;
- import org.springframework.security.authentication.AuthenticationProvider;
- import org.springframework.security.core.Authentication;
- import org.springframework.security.core.AuthenticationException;
- import org.springframework.stereotype.Component;
- @Component
- public class JwtAuthenticationProvider implements AuthenticationProvider {
- @Override
- public Authentication authenticate(Authentication authentication) throws AuthenticationException {
- if (authentication != null) {
- authentication.setAuthenticated((authentication.getPrincipal() != null));
- }
- return authentication;
- }
- @Override
- public boolean supports(Class authentication) {
- return authentication.isAssignableFrom(JwtAuthentication.class);
- }
- }
auth /JwtService.java
- package com.test.auth;
- import com.test.data.UserRepo;
- import com.test.domain.User;
- import io.jsonwebtoken.Claims;
- import io.jsonwebtoken.Jws;
- import io.jsonwebtoken.SignatureAlgorithm;
- import io.jsonwebtoken.impl.DefaultJwtBuilder;
- import io.jsonwebtoken.impl.DefaultJwtParser;
- import org.slf4j.Logger;
- import org.slf4j.LoggerFactory;
- import org.springframework.beans.factory.annotation.Autowired;
- import org.springframework.beans.factory.annotation.Value;
- import org.springframework.core.io.ClassPathResource;
- import org.springframework.stereotype.Service;
- import javax.annotation.PostConstruct;
- import java.security.KeyStore;
- import java.security.PrivateKey;
- import java.security.PublicKey;
- import java.security.cert.CertificateFactory;
- import java.security.cert.X509Certificate;
- import java.security.interfaces.ECPrivateKey;
- import java.time.ZonedDateTime;
- import java.util.Date;
- import java.util.Optional;
- import java.util.UUID;
- import static java.util.Optional.empty;
- @Service
- public class JwtService {
- private Logger LOG = LoggerFactory.getLogger(getClass());
- @Value("${jwt.key.store}") private String keystore;
- @Value("${jwt.key.pass}") private String keypass;
- @Value("${jwt.key.alias}") private String keyalias;
- @Value("${jwt.cert}") private String cert;
- private UserRepo userRepo;
- private PrivateKey privateKey;
- private PublicKey publicKey;
- public JwtService(@Autowired UserRepo userRepo){
- this.userRepo = userRepo;
- }
- @PostConstruct
- private void init() throws Exception {
- char[] pass = keypass.toCharArray();
- KeyStore from = KeyStore.getInstance("JKS", "SUN");
- from.load(new ClassPathResource(keystore).getInputStream(), pass);
- privateKey = (ECPrivateKey) from.getKey(keyalias, pass);
- CertificateFactory certificatefactory = CertificateFactory.getInstance("X.509");
- X509Certificate x509Cert = (X509Certificate) certificatefactory.generateCertificate(new ClassPathResource(cert).getInputStream());
- publicKey = x509Cert.getPublicKey();
- }
- public String generate(User user){
- return new DefaultJwtBuilder()
- .setId(UUID.randomUUID().toString())
- .setSubject(user.getName())
- .setExpiration(Date.from(ZonedDateTime.now().plusWeeks(1).toInstant()))
- .signWith(SignatureAlgorithm.ES256, privateKey).compact();
- }
- Optional
parse(String token){ - try {
- Jws
jws = new DefaultJwtParser().setSigningKey(publicKey).parseClaimsJws(token); - Claims claims = jws.getBody();
- return userRepo.findByName(claims.getSubject()).map(u -> new JwtAuthentication(u, token, claims));
- }catch (Exception e){
- LOG.error("failed to parse jwt token {}", token, e);
- }
- return empty();
- }
- }
auth /JwtTokenFilter.java
- package com.test.auth;
- import org.springframework.beans.factory.annotation.Autowired;
- import org.springframework.security.core.context.SecurityContextHolder;
- import org.springframework.stereotype.Component;
- import javax.annotation.Resource;
- import javax.servlet.*;
- import javax.servlet.http.HttpServletRequest;
- import java.io.IOException;
- @Component
- public class JwtTokenFilter implements Filter {
- private JwtService jwtService;
- public JwtTokenFilter(@Autowired JwtService jwtService){
- this.jwtService = jwtService;
- }
- @Override
- public void init(FilterConfig filterConfig) throws ServletException {
- }
- @Override
- public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
- HttpServletRequest servletRequest = (HttpServletRequest) request;
- String authorization = servletRequest.getHeader("Authorization");
- if (authorization != null && authorization.startsWith("Bearer ")) {
- jwtService
- .parse(authorization.replaceAll("Bearer ", ""))
- .ifPresent(jwtAuthentication -> SecurityContextHolder
- .getContext()
- .setAuthentication(jwtAuthentication));
- }
- chain.doFilter(request, response);
- }
- @Override
- public void destroy() {
- }
- }
data / RestResp.java
- package com.test.data;
- public class RestResp {
- public final int status;
- public final String message;
- public final Object data;
- private RestResp(int status, String message, Object data) {
- this.status = status;
- this.message = message;
- this.data = data;
- }
- private RestResp(int status, String messsage) {
- this(status, messsage, null);
- }
- public static RestResp success(Object data) {
- return new RestResp(1, "success", data);
- }
- public static RestResp success(String message, Object data){
- return new RestResp(1, message, data);
- }
- public static RestResp fail(String message, Object data){
- return new RestResp(-1, message, data);
- }
- public static RestResp fail(String message){
- return new RestResp(-1, message);
- }
- public static RestResp fail(){
- return new RestResp(-1, "fail");
- }
- }
data /UserRepo.java
- package com.test.data;
- import com.test.domain.User;
- import org.springframework.data.repository.CrudRepository;
- import org.springframework.stereotype.Component;
- import org.springframework.stereotype.Repository;
- import java.util.Optional;
- /**
- * Created by Luo_xuri on 2017/9/29.
- */
- @Repository
- public interface UserRepo extends CrudRepository
- Optional
findByName(String userName); - Optional
findByNameAndPassword(String userName, String password); - }
- package com.test.data;
- import com.test.domain.UserToken;
- import org.springframework.data.repository.CrudRepository;
- import org.springframework.stereotype.Repository;
- @Repository
- public interface UserTokenRepo extends CrudRepository
- }
domain / NameAndPass.java
- package com.test.domain;
- /**
- * Created by Luo_xuri on 2017/9/30.
- */
- public class NameAndPass {
- private String username;
- private String password;
- public void setUsername(String username) {
- this.username = username;
- }
- public String getUsername() {
- return username;
- }
- public void setPassword(String password) {
- this.password = password;
- }
- public String getPassword() {
- return password;
- }
- }
domain /User.java
- package com.test.domain;
- import com.fasterxml.jackson.annotation.JsonIgnore;
- import javax.persistence.*;
- import java.util.HashSet;
- import java.util.Set;
- @Entity
- @Table(name = "user", uniqueConstraints = @UniqueConstraint(columnNames = {"name"})) // 唯一约束name
- public class User {
- @Id
- @GeneratedValue(strategy = GenerationType.AUTO)
- private Long id;
- private String mobile;
- private String password;
- private String name;
- @JsonIgnore
- @Transient
- private Set
authorities = new HashSet<>(); - public User() {
- }
- public User(String phone, String password) {
- this.mobile = phone;
- this.password = password;
- }
- public Long getId() {
- return id;
- }
- public void setId(Long id) {
- this.id = id;
- }
- public void setAuthorities(Set
authorities) { - this.authorities = authorities;
- }
- public Set
getAuthorities() { - return authorities;
- }
- public String getName() {
- return name;
- }
- public void setName(String name) {
- this.name = name;
- }
- public String getMobile() {
- return mobile;
- }
- public void setMobile(String mobile) {
- this.mobile = mobile;
- }
- public String getPassword() {
- return password;
- }
- public void setPassword(String password) {
- this.password = password;
- }
- public String toString() {
- return String.format("%s(%s)", name, mobile);
- }
- }
domain /UserToken.java
- package com.test.domain;
- import com.fasterxml.jackson.annotation.JsonFormat;
- import com.fasterxml.jackson.annotation.JsonIgnore;
- import lombok.Data;
- import lombok.NoArgsConstructor;
- import javax.annotation.sql.DataSourceDefinition;
- import javax.persistence.*;
- import java.util.Date;
- @Entity
- @Table(name = "user_token")
- @Data
- @NoArgsConstructor
- public class UserToken {
- @JsonIgnore
- @Id
- @GeneratedValue(strategy = GenerationType.AUTO)
- private Long id;
- @Column(length = 512)
- private String token;
- @JsonFormat(pattern = "yy-MM-dd hh:mm:ss")
- private Date createtime = new Date();
- public UserToken(String token){
- this.token = token;
- }
- }
rest / TokenController.java
- package com.test.rest;
- import com.test.auth.JwtService;
- import com.test.data.RestResp;
- import com.test.data.UserRepo;
- import com.test.data.UserTokenRepo;
- import com.test.domain.NameAndPass;
- import com.test.domain.UserToken;
- import lombok.extern.slf4j.Slf4j;
- import org.springframework.web.bind.annotation.PostMapping;
- import org.springframework.web.bind.annotation.RequestBody;
- import org.springframework.web.bind.annotation.RequestMapping;
- import org.springframework.web.bind.annotation.RestController;
- import javax.annotation.Resource;
- @Slf4j
- @RestController
- @RequestMapping("/token")
- public class TokenController {
- @Resource
- private UserRepo userRepo;
- @Resource
- private JwtService jwtService;
- @Resource
- private UserTokenRepo userTokenRepo;
- @PostMapping
- public RestResp enroll(@RequestBody NameAndPass user){
- return userRepo.findByNameAndPassword(user.getUsername(), user.getPassword()).map(u -> {
- UserToken userToken = new UserToken(jwtService.generate(u));
- log.info("{} enrolled", user.getUsername());
- userToken = userTokenRepo.save(userToken);
- return RestResp.success(userToken);
- }).orElse(RestResp.fail());
- }
- }
rest /UserController.java
- package com.test.rest;
- import com.test.data.RestResp;
- import com.test.data.UserRepo;
- import com.test.domain.User;
- import org.slf4j.Logger;
- import org.slf4j.LoggerFactory;
- import org.springframework.web.bind.annotation.PostMapping;
- import org.springframework.web.bind.annotation.RequestBody;
- import org.springframework.web.bind.annotation.RequestMapping;
- import org.springframework.web.bind.annotation.RestController;
- import javax.annotation.Resource;
- import java.util.Optional;
- @RestController
- @RequestMapping("/user")
- public class UserController {
- private Logger LOG = LoggerFactory.getLogger(getClass());
- @Resource
- private UserRepo userRepo;
- @PostMapping("/register")
- public RestResp register(@RequestBody User user){
- return userRepo.findByName(user.getName()).map(u -> RestResp.fail()).orElseGet(() -> {
- User u = userRepo.save(user);
- LOG.info("{} registered", u);
- return RestResp.success("注册成功");
- });
- }
- }
AppConfiguration.java
- package com.test;
- import com.test.auth.AuthError;
- import com.test.auth.JwtAuthenticationProvider;
- import com.test.auth.JwtTokenFilter;
- import org.springframework.beans.factory.annotation.Configurable;
- import org.springframework.context.annotation.Bean;
- import org.springframework.http.HttpMethod;
- import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
- import org.springframework.security.config.annotation.web.builders.HttpSecurity;
- import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
- import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
- import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
- import org.springframework.web.servlet.config.annotation.CorsRegistry;
- import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
- import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
- import javax.annotation.Resource;
- import static org.springframework.http.HttpMethod.POST;
- @EnableWebSecurity
- @Configurable
- public class AppConfiguration extends WebSecurityConfigurerAdapter {
- @Resource
- private JwtTokenFilter jwtTokenFilter;
- @Resource
- private JwtAuthenticationProvider jwtAuthenticationProvider;
- @Resource
- private AuthError authError;
- @Override
- protected void configure(HttpSecurity http) throws Exception {
- http
- .cors()
- .and()
- .csrf()
- .disable()
- .authorizeRequests()
- .antMatchers(POST ,"/user/register", "/token") // 不拦截
- .permitAll().antMatchers("/**/*") // 允许拦截
- .authenticated()
- .and()
- .addFilterBefore(jwtTokenFilter, UsernamePasswordAuthenticationFilter.class)
- .exceptionHandling()
- .authenticationEntryPoint(authError)
- .accessDeniedHandler(authError);
- }
- @Override
- protected void configure(AuthenticationManagerBuilder auth) throws Exception {
- auth.authenticationProvider(jwtAuthenticationProvider);
- }
- /**
- * allow cross origin requests
- * 跨域相关,请百度
- */
- @Bean
- public WebMvcConfigurer corsConfigurer() {
- return new WebMvcConfigurerAdapter() {
- @Override
- public void addCorsMappings(CorsRegistry registry) {
- registry
- .addMapping("/**")
- .allowedOrigins("*")
- .allowedMethods("GET", "POST", "PUT", "OPTIONS", "DELETE")
- .allowedHeaders("*");
- }
- };
- }
- }
Application.java
- package com.test;
- import org.springframework.boot.SpringApplication;
- import org.springframework.boot.autoconfigure.SpringBootApplication;
- import org.springframework.scheduling.annotation.EnableScheduling;
- @SpringBootApplication
- @EnableScheduling
- public class Application {
- public static void main(String[] args) {
- SpringApplication.run(Application.class, args);
- }
- }
resources/ security # 这是文件夹
oxcc.cer
oxcc.jks
上面两个是什么鬼,如果你不知道就百度一下
resources/ application.properties
- spring.freemarker.enabled=false
- spring.freemarker.checkTemplateLocation=false
- server.port=8686
- spring.datasource.url=jdbc:mysql://localhost:3306/logindemo?useSSL=false&useUnicode=true&characterEncoding=utf-8&zeroDateTimeBehavior=convertToNull
- spring.datasource.username=root
- spring.datasource.password=root
- spring.datasource.driver-class-name=com.mysql.jdbc.Driver
- spring.datasource.hikari.connection-timeout=3000
- spring.datasource.hikari.initialization-fail-fast=true
- spring.datasource.hikari.max-lifetime=600000
- spring.datasource.hikari.maximum-pool-size=5
- spring.datasource.hikari.minimum-idle=20000
- spring.datasource.hikari.idle-timeout=300000
- spring.jpa.hibernate.ddl-auto=update
- spring.jpa.show-sql=false
- jwt.key.store=security/oxcc.jks
- jwt.key.pass=test
- jwt.key.alias=oxkey-cc
- jwt.cert=security/oxcc.cer
代码直接复制粘贴,可用于生产环境的注册登录就这么简单的完成了!
如果觉得还可以,请点赞!