Spring Boot实战之Filter实现使用JWT进行接口认证
jwt(json web token)
用户发送按照约定,向服务端发送 Header、Payload 和 Signature,并包含认证信息(密码),验证通过后服务端返回一个token,之后用户使用该token作为登录凭证,适合于移动端和api
jwt使用流程
本文示例接上面几篇文章中的代码进行编写,请阅读本文的同时可以参考前面几篇文章
1、添加依赖库jjwt,本文中构造jwt及解析jwt都使用了jjwt库
[html] view plain copy
io.jsonwebtoken
jjwt
0.6.0
2、添加登录获取token时,所需要的认证信息类LoginPara.java
[java] view plain copy
package com.xiaofangtech.sunt.jwt;
public class LoginPara {
private String clientId;
private String userName;
private String password;
private String captchaCode;
private String captchaValue;
public String getClientId() {
return clientId;
}
public void setClientId(String clientId) {
this.clientId = clientId;
}
public String getUserName() {
return userName;
}
public void setUserName(String userName) {
this.userName = userName;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
public String getCaptchaCode() {
return captchaCode;
}
public void setCaptchaCode(String captchaCode) {
this.captchaCode = captchaCode;
}
public String getCaptchaValue() {
return captchaValue;
}
public void setCaptchaValue(String captchaValue) {
this.captchaValue = captchaValue;
}
}
3、添加构造jwt及解析jwt的帮助类JwtHelper.java
[java] view plain copy
package com.xiaofangtech.sunt.jwt;
import java.security.Key;
import java.util.Date;
import javax.crypto.spec.SecretKeySpec;
import javax.xml.bind.DatatypeConverter;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.JwtBuilder;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
public class JwtHelper {
public static Claims parseJWT(String jsonWebToken, String base64Security){
try
{
Claims claims = Jwts.parser()
.setSigningKey(DatatypeConverter.parseBase64Binary(base64Security))
.parseClaimsJws(jsonWebToken).getBody();
return claims;
}
catch(Exception ex)
{
return null;
}
}
public static String createJWT(String name, String userId, String role,
String audience, String issuer,long TTLMillis, String base64Security)
{
SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.HS256;
long nowMillis = System.currentTimeMillis();
Date now =new Date(nowMillis);
//生成签名密钥
byte[] apiKeySecretBytes = DatatypeConverter.parseBase64Binary(base64Security);
Key signingKey =new SecretKeySpec(apiKeySecretBytes, signatureAlgorithm.getJcaName());
//添加构成JWT的参数
JwtBuilder builder = Jwts.builder().setHeaderParam("typ", "JWT")
.claim("role", role)
.claim("unique_name", name)
.claim("userid", userId)
.setIssuer(issuer)
.setAudience(audience)
.signWith(signatureAlgorithm, signingKey);
//添加Token过期时间
if (TTLMillis >= 0) {
long expMillis = nowMillis + TTLMillis;
Date exp =new Date(expMillis);
builder.setExpiration(exp).setNotBefore(now);
}
//生成JWT
return builder.compact();
}
}
4、添加token返回结果类AccessToken.java
[java] view plain copy
package com.xiaofangtech.sunt.jwt;
public class AccessToken {
private String access_token;
private String token_type;
private long expires_in;
public String getAccess_token() {
return access_token;
}
public void setAccess_token(String access_token) {
this.access_token = access_token;
}
public String getToken_type() {
return token_type;
}
public void setToken_type(String token_type) {
this.token_type = token_type;
}
public long getExpires_in() {
return expires_in;
}
public void setExpires_in(long expires_in) {
this.expires_in = expires_in;
}
}
5、添加获取token的接口,通过传入用户认证信息(用户名、密码)进行认证获取
[java] view plain copy
package com.xiaofangtech.sunt.jwt;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import com.xiaofangtech.sunt.bean.UserInfo;
import com.xiaofangtech.sunt.repository.UserInfoRepository;
import com.xiaofangtech.sunt.utils.MyUtils;
import com.xiaofangtech.sunt.utils.ResultMsg;
import com.xiaofangtech.sunt.utils.ResultStatusCode;
@RestController
public class JsonWebToken {
@Autowired
private UserInfoRepository userRepositoy;
@Autowired
private Audience audienceEntity;
@RequestMapping("oauth/token")
public Object getAccessToken(@RequestBody LoginPara loginPara)
{
ResultMsg resultMsg;
try
{
if(loginPara.getClientId() == null
|| (loginPara.getClientId().compareTo(audienceEntity.getClientId()) !=0))
{
resultMsg =new ResultMsg(ResultStatusCode.INVALID_CLIENTID.getErrcode(),
ResultStatusCode.INVALID_CLIENTID.getErrmsg(),null);
return resultMsg;
}
//验证码校验在后面章节添加
//验证用户名密码
UserInfo user = userRepositoy.findUserInfoByName(loginPara.getUserName());
if (user == null)
{
resultMsg =new ResultMsg(ResultStatusCode.INVALID_PASSWORD.getErrcode(),
ResultStatusCode.INVALID_PASSWORD.getErrmsg(),null);
return resultMsg;
}
else
{
String md5Password = MyUtils.getMD5(loginPara.getPassword()+user.getSalt());
if (md5Password.compareTo(user.getPassword()) != 0)
{
resultMsg =new ResultMsg(ResultStatusCode.INVALID_PASSWORD.getErrcode(),
ResultStatusCode.INVALID_PASSWORD.getErrmsg(),null);
return resultMsg;
}
}
//拼装accessToken
String accessToken = JwtHelper.createJWT(loginPara.getUserName(), String.valueOf(user.getName()),
user.getRole(), audienceEntity.getClientId(), audienceEntity.getName(),
audienceEntity.getExpiresSecond() *1000, audienceEntity.getBase64Secret());
//返回accessToken
AccessToken accessTokenEntity =new AccessToken();
accessTokenEntity.setAccess_token(accessToken);
accessTokenEntity.setExpires_in(audienceEntity.getExpiresSecond());
accessTokenEntity.setToken_type("bearer");
resultMsg =new ResultMsg(ResultStatusCode.OK.getErrcode(),
ResultStatusCode.OK.getErrmsg(), accessTokenEntity);
return resultMsg;
}
catch(Exception ex)
{
resultMsg =new ResultMsg(ResultStatusCode.SYSTEM_ERR.getErrcode(),
ResultStatusCode.SYSTEM_ERR.getErrmsg(),null);
return resultMsg;
}
}
}