国产 无码 综合区,色欲AV无码国产永久播放,无码天堂亚洲国产AV,国产日韩欧美女同一区二区

  1. Toy模板網(wǎng)首頁
  2. >Toy博客

SpringSecurity(07)——JWT整合

2年前作者:愛編程的小生分類:Toy博客閱讀(23)違法舉報

這篇具有很好參考價值的文章主要介紹了SpringSecurity(07)——JWT整合。希望對大家有所幫助。如果存在錯誤或未考慮完全的地方,請大家不吝賜教,您也可以點(diǎn)擊"舉報違法"按鈕提交疑問。

依賴配置

<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-data-redis</artifactId>
</dependency>
<dependency>
    <groupId>org.apache.commons</groupId>
    <artifactId>commons-pool2</artifactId>
    <version>2.9.0</version>
</dependency>
<dependency>
    <groupId>io.jsonwebtoken</groupId>
    <artifactId>jjwt</artifactId>
    <version>0.9.1</version>
</dependency>
<dependency>
    <groupId>com.github.axet</groupId>
    <artifactId>kaptcha</artifactId>
    <version>0.0.9</version>
</dependency>
<dependency>
    <groupId>cn.hutool</groupId>
    <artifactId>hutool-all</artifactId>
    <version>5.7.15</version>
</dependency>
<dependency>
    <groupId>org.apache.commons</groupId>
    <artifactId>commons-lang3</artifactId>
</dependency>
<dependency>
    <groupId>commons-codec</groupId>
    <artifactId>commons-codec</artifactId>
</dependency>
<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-validation</artifactId>
</dependency>
<dependency>
    <groupId>org.projectlombok</groupId>
    <artifactId>lombok</artifactId>
</dependency>
<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>

自定義全局返回結(jié)果

@Data
public class Result implements Serializable {
    private int code;
    private String msg;
    private Object data;

    public static Result succ(Object data) {
        return succ(200, "操作成功", data);
    }

    public static Result fail(String msg) {
        return fail(400, msg, null);
    }

    public static Result succ (int code, String msg, Object data) {
        Result result = new Result();
        result.setCode(code);
        result.setMsg(msg);
        result.setData(data);
        return result;
    }

    public static Result fail (int code, String msg, Object data) {
        Result result = new Result();
        result.setCode(code);
        result.setMsg(msg);
        result.setData(data);
        return result;
    }
}

JWT配置類

jwt:
  header: Authorization
  expire: 604800  #7天,s為單位
  secret: 123456

@Data
@Component
@ConfigurationProperties(prefix = "jwt")
public class JwtUtils {
    
    private long expire;
    private String secret;
    private String header;

    /**
     * 生成JWT
     * @param username
     * @return
     */
    public String generateToken(String username){
        Date nowDate = new Date();
        Date expireDate = new Date(nowDate.getTime() + 1000 * expire);
        
        return Jwts.builder()
                .setHeaderParam("typ","JWT")
                .setSubject(username)
                .setIssuedAt(nowDate)
                .setExpiration(expireDate)  //7天過期
                .signWith(SignatureAlgorithm.HS512,secret)
                .compact();
    }

    /**
     * 解析JWT
     * @param jwt
     * @return
     */
    public Claims getClaimsByToken(String jwt){
        try {
            return Jwts.parser()
                    .setSigningKey(secret)
                    .parseClaimsJws(jwt)
                    .getBody();
        }catch (Exception e){
            return null;
        }
    }

    /**
     * 判斷JWT是否過期
     * @param claims
     * @return
     */
    public boolean isTokenExpired(Claims claims){
        return claims.getExpiration().before(new Date());
    }
}

自定義登錄處理器

/**
 * 登錄成功控制器
 */
@Component
public class LoginSuccessHandler implements AuthenticationSuccessHandler {

    @Autowired
    private JwtUtils jwtUtils;

    @Override
    public void onAuthenticationSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException {
        httpServletResponse.setContentType("application/json;charset=UTF-8");
        ServletOutputStream outputStream = httpServletResponse.getOutputStream();

        //生成JWT,并放置到請求頭中
        String jwt = jwtUtils.generateToken(authentication.getName());
        httpServletResponse.setHeader(jwtUtils.getHeader(), jwt);

        Result result = Result.succ("SuccessLogin");
        outputStream.write(JSONUtil.toJsonStr(result).getBytes(StandardCharsets.UTF_8));
        outputStream.flush();
        outputStream.close();
    }
}

/**
 * 登錄失敗控制器
 */
@Component
public class LoginFailureHandler implements AuthenticationFailureHandler {

    @Override
    public void onAuthenticationFailure(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException e) throws IOException {
        httpServletResponse.setContentType("application/json;charset=UTF-8");
        ServletOutputStream outputStream = httpServletResponse.getOutputStream();

        String errorMessage = "用戶名或密碼錯誤";
        Result result;
        if (e instanceof CaptchaException) {
            errorMessage = "驗證碼錯誤";
            result = Result.fail(errorMessage);
        } else {
            result = Result.fail(errorMessage);
        }
        outputStream.write(JSONUtil.toJsonStr(result).getBytes(StandardCharsets.UTF_8));
        outputStream.flush();
        outputStream.close();
    }
}

自定義登出處理器

/**
 * 登出處理器
 */
@Component
public class JWTLogoutSuccessHandler implements LogoutSuccessHandler {
    
    @Autowired
    private JwtUtils jwtUtils;
    
    @Override
    public void onLogoutSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException {
        if (authentication!=null){
            new SecurityContextLogoutHandler().logout(httpServletRequest, httpServletResponse, authentication);
        }
        httpServletResponse.setContentType("application/json;charset=UTF-8");
        ServletOutputStream outputStream = httpServletResponse.getOutputStream();
        
        httpServletResponse.setHeader(jwtUtils.getHeader(), "");

        Result result = Result.succ("SuccessLogout");
        
        outputStream.write(JSONUtil.toJsonStr(result).getBytes(StandardCharsets.UTF_8));
        outputStream.flush();
        outputStream.close();
    }
}

驗證碼配置

public class CaptchaException extends AuthenticationException {
    
    public CaptchaException(String msg){
        super(msg);
    }
}

/**
 * 驗證碼配置
 */
@Configuration
public class KaptchaConfig {
    
    @Bean
    public DefaultKaptcha producer(){
        Properties properties = new Properties();
        properties.put("kaptcha.border", "no");
        properties.put("kaptcha.textproducer.font.color", "black");
        properties.put("kaptcha.textproducer.char.space", "4");
        properties.put("kaptcha.image.height", "40");
        properties.put("kaptcha.image.width", "120");
        properties.put("kaptcha.textproducer.font.size", "30");
        Config config = new Config(properties);
        DefaultKaptcha defaultKaptcha = new DefaultKaptcha();
        defaultKaptcha.setConfig(config);
        return defaultKaptcha;
    }
}

@RestController
public class CaptchaController {

    @Autowired
    private Producer producer;
    @Autowired
    private RedisUtil redisUtil;

    @GetMapping("/captcha")
    public void imageCode(HttpServletRequest request, HttpServletResponse response) throws IOException {
        String code = producer.createText();
        BufferedImage image = producer.createImage(code);

        redisUtil.set("captcha", code, 120);

        // 將驗證碼圖片返回,禁止驗證碼圖片緩存
        response.setHeader("Cache-Control", "no-store");
        response.setHeader("Pragma", "no-cache");
        response.setDateHeader("Expires", 0);
        response.setContentType("image/jpeg");
        ImageIO.write(image, "jpg", response.getOutputStream());
    }
}

自定義過濾器

OncePerRequestFilter:在每次請求時只執(zhí)行一次過濾,保證一次請求只通過一次filter,而不需要重復(fù)執(zhí)行

/**
 * 驗證碼過濾器
 */
@Component
public class CaptchaFilter extends OncePerRequestFilter {

    @Autowired
    private RedisUtil redisUtil;
    @Autowired
    private LoginFailureHandler loginFailureHandler;

    @Override
    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        String url = httpServletRequest.getRequestURI();
        if ("/login/form".equals(url) && httpServletRequest.getMethod().equals("POST")) {
            //校驗驗證碼
            try {
                validate(httpServletRequest);
            } catch (CaptchaException e) {
                //交給認(rèn)證失敗處理器
                loginFailureHandler.onAuthenticationFailure(httpServletRequest, httpServletResponse, e);
                return;
            }
        }
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }

    private void validate(HttpServletRequest request) {
        String code = request.getParameter("code");

        if (StringUtils.isBlank(code)) {
            throw new CaptchaException("驗證碼錯誤");
        }
        String captcha = (String) redisUtil.get("captcha");
        if (!code.equals(captcha)) {
            throw new CaptchaException("驗證碼錯誤");
        }

        //若驗證碼正確,執(zhí)行以下語句,一次性使用
        redisUtil.del("captcha");
    }
}

login.html

<!DOCTYPE html>
<html lang="en" xmlns:th="http://www.thymeleaf.org">
<head>
    <meta charset="UTF-8">
    <title>登錄</title>
</head>
<body>
<h3>表單登錄</h3>
<form method="post" th:action="@{/login/form}">
    <input type="text" name="username" placeholder="用戶名"><br>
    <input type="password" name="password" placeholder="密碼"><br>
    <input type="text" name="code" placeholder="驗證碼"><br>
    <img th:onclick="this.src='/captcha?'+Math.random()" th:src="@{/captcha}" alt="驗證碼"/><br>
    <div th:if="${param.error}">
        <span th:text="${session.SPRING_SECURITY_LAST_EXCEPTION.message}" style="color:red">用戶名或密碼錯誤</span>
    </div>
    <button type="submit">登錄</button>
</form>
</body>
</html>

BasicAuthenticationFilter:OncePerRequestFilter執(zhí)行完后,由BasicAuthenticationFilter檢測和處理http basic認(rèn)證,取出請求頭中的jwt,校驗jwt

/**
 * JWT過濾器
 */
public class JwtAuthenticationFilter extends BasicAuthenticationFilter {

    @Autowired
    private JwtUtils jwtUtils;
    @Autowired
    private UserDetailServiceImpl userDetailService;

    public JwtAuthenticationFilter(AuthenticationManager authenticationManager) {
        super(authenticationManager);
    }

    @Override
    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {
        String jwt = request.getHeader(jwtUtils.getHeader());
        //這里如果沒有jwt,繼續(xù)往后走,因為后面還有鑒權(quán)管理器等去判斷是否擁有身份憑證,所以是可以放行的
        //沒有jwt相當(dāng)于匿名訪問,若有一些接口是需要權(quán)限的,則不能訪問這些接口
        if (StrUtil.isBlankOrUndefined(jwt)) {
            chain.doFilter(request, response);
            return;
        }

        Claims claim = jwtUtils.getClaimsByToken(jwt);
        if (claim == null) {
            throw new JwtException("token異常");
        }
        if (jwtUtils.isTokenExpired(claim)) {
            throw new JwtException("token已過期");
        }
        String username = claim.getSubject();
        User user = UserDetailServiceImpl.userMap.get(username);

        //構(gòu)建token,這里密碼為null,是因為提供了正確的JWT,實(shí)現(xiàn)自動登錄
        UsernamePasswordAuthenticationToken token =
                new UsernamePasswordAuthenticationToken(username, null, userDetailService.getUserAuthority(user.getId()));
        SecurityContextHolder.getContext().setAuthentication(token);
        chain.doFilter(request, response);
    }
}

自定義權(quán)限異常處理器

當(dāng)BasicAuthenticationFilter認(rèn)證失敗的時候會進(jìn)入AuthenticationEntryPoint文章來源地址http://www.zghlxwxcb.cn/news/detail-811254.html

/**
 * JWT認(rèn)證失敗處理器
 */
@Component
public class JwtAuthenticationEntryPoint implements AuthenticationEntryPoint {
    
    @Override
    public void commence(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException e) throws IOException, ServletException {
        httpServletResponse.setContentType("application/json;charset=UTF-8");
        httpServletResponse.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
        ServletOutputStream outputStream = httpServletResponse.getOutputStream();

        Result result = Result.fail("請先登錄");
        outputStream.write(JSONUtil.toJsonStr(result).getBytes(StandardCharsets.UTF_8));
        outputStream.flush();
        outputStream.close();
    }
}

/**
 * 無權(quán)限訪問的處理
 */
@Component
public class JwtAccessDeniedHandler implements AccessDeniedHandler {
    
    @Override
    public void handle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AccessDeniedException e) throws IOException, ServletException {
        httpServletResponse.setContentType("application/json;charset=UTF-8");
        httpServletResponse.setStatus(HttpServletResponse.SC_FORBIDDEN);
        ServletOutputStream outputStream = httpServletResponse.getOutputStream();

        Result result = Result.fail(e.getMessage());
        
        outputStream.write(JSONUtil.toJsonStr(result).getBytes(StandardCharsets.UTF_8));
        outputStream.flush();
        outputStream.close();
    }
}

自定義用戶登錄邏輯

public class AccountUser implements UserDetails {

    private Long userId;

    private static final long serialVersionUID = 540L;
    private static final Log logger = LogFactory.getLog(User.class);
    private String password;
    private final String username;
    private final Collection<? extends GrantedAuthority> authorities;
    private final boolean accountNonExpired;
    private final boolean accountNonLocked;
    private final boolean credentialsNonExpired;
    private final boolean enabled;

    public AccountUser(Long userId, String username, String password, Collection<? extends GrantedAuthority> authorities) {
        this(userId, username, password, true, true, true, true, authorities);
    }

    public AccountUser(Long userId, String username, String password, boolean enabled, boolean accountNonExpired, boolean credentialsNonExpired, boolean accountNonLocked, Collection<? extends GrantedAuthority> authorities) {
        Assert.isTrue(username != null && !"".equals(username) && password != null, "Cannot pass null or empty values to constructor");
        this.userId = userId;
        this.username = username;
        this.password = password;
        this.enabled = enabled;
        this.accountNonExpired = accountNonExpired;
        this.credentialsNonExpired = credentialsNonExpired;
        this.accountNonLocked = accountNonLocked;
        this.authorities = authorities;
    }

    @Override
    public Collection<? extends GrantedAuthority> getAuthorities() {
        return this.authorities;
    }

    @Override
    public String getPassword() {
        return this.password;
    }

    @Override
    public String getUsername() {
        return this.username;
    }

    @Override
    public boolean isAccountNonExpired() {
        return this.accountNonExpired;
    }

    @Override
    public boolean isAccountNonLocked() {
        return this.accountNonLocked;
    }

    @Override
    public boolean isCredentialsNonExpired() {
        return this.credentialsNonExpired;
    }

    @Override
    public boolean isEnabled() {
        return this.enabled;
    }
}

@Service
public class UserDetailServiceImpl implements UserDetailsService {

     public static Map<String, User> userMap = new HashMap<>();

    static {
        userMap.put("root", new User("root", "123", AuthorityUtils.createAuthorityList("all")));
    }

    @Resource
    private PasswordEncoder passwordEncoder;

    @Override
    public UserDetails loadUserByUsername(String s) throws UsernameNotFoundException {
        User user = userMap.get(s);
        if (user == null) {
            throw new UsernameNotFoundException("用戶名或密碼錯誤");
        }
        return new AccountUser(1L, user.getUsername(), passwordEncoder.encode(user.getPassword()), user.getAuthorities());
    }
}

@Component
public class PasswordEncoder extends BCryptPasswordEncoder {

    /**
     * 加密
     * @param charSequence  明文字符串
     * @return
     */
    @Override
    public String encode(CharSequence charSequence) {
        try {
            MessageDigest digest = MessageDigest.getInstance("MD5");
            return toHexString(digest.digest(charSequence.toString().getBytes()));
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
            return "";
        }
    }

    /**
     * 密碼校驗
     * @param charSequence 明文,頁面收集密碼
     * @param s 密文 ,數(shù)據(jù)庫中存放密碼
     * @return
     */
    @Override
    public boolean matches(CharSequence charSequence, String s) {
        return s.equals(encode(charSequence));
    }

    /**
     * @param tmp 轉(zhuǎn)16進(jìn)制字節(jié)數(shù)組
     * @return 飯回16進(jìn)制字符串
     */
    private String toHexString(byte [] tmp){
        StringBuilder builder = new StringBuilder();
        for (byte b :tmp){
            String s = Integer.toHexString(b & 0xFF);
            if (s.length()==1){
                builder.append("0");
            }
            builder.append(s);
        }
        return builder.toString();
    }
}

@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    LoginFailureHandler loginFailureHandler;
    @Autowired
    LoginSuccessHandler loginSuccessHandler;
    @Autowired
    CaptchaFilter captchaFilter;
    @Autowired
    JwtAuthenticationEntryPoint jwtAuthenticationEntryPoint;
    @Autowired
    JwtAccessDeniedHandler jwtAccessDeniedHandler;
    @Autowired
    UserDetailServiceImpl userDetailService;
    @Autowired
    JWTLogoutSuccessHandler jwtLogoutSuccessHandler;

    @Bean
    JwtAuthenticationFilter jwtAuthenticationFilter() throws Exception {
        JwtAuthenticationFilter jwtAuthenticationFilter = new JwtAuthenticationFilter(authenticationManager());
        return jwtAuthenticationFilter;
    }

    private static final String[] URL_WHITELIST = {
            "/login",
            "/logout",
            "/captcha",
            "/favicon.ico"
    };

    @Bean
    public PasswordEncoderImpl passwordEncoder() {
        return new PasswordEncoderImpl();
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.cors()
                .and()
                .csrf().disable()
                //登錄配置
                .formLogin()
                .loginPage("/login")
                .loginProcessingUrl("/login/form")
                .successHandler(loginSuccessHandler)
                .failureHandler(loginFailureHandler)

                .and()
                .logout()
                .logoutSuccessHandler(jwtLogoutSuccessHandler)

                //禁用session
                .and()
                .sessionManagement()
                .sessionCreationPolicy(SessionCreationPolicy.STATELESS)

                //配置攔截規(guī)則
                .and()
                .authorizeRequests()
                .antMatchers(URL_WHITELIST).permitAll()
                .anyRequest().authenticated()

                //異常處理器
                .and()
                .exceptionHandling()
                .authenticationEntryPoint(jwtAuthenticationEntryPoint)
                .accessDeniedHandler(jwtAccessDeniedHandler)

                //配置自定義的過濾器
                .and()
                .addFilter(jwtAuthenticationFilter())
                //驗證碼過濾器放在UsernamePassword過濾器之前
                .addFilterBefore(captchaFilter, UsernamePasswordAuthenticationFilter.class);
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailService)
                .passwordEncoder(passwordEncoder());
    }

    /**
     * 定制一些全局性的安全配置,例如:不攔截靜態(tài)資源的訪問
     */
    @Override
    public void configure(WebSecurity web) throws Exception {
        // 靜態(tài)資源的訪問不需要攔截,直接放行
        web.ignoring().antMatchers("/**/*.css", "/**/*.js", "/**/*.png", "/**/*.jpg", "/**/*.jpeg");
    }
}

到了這里,關(guān)于SpringSecurity(07)——JWT整合的文章就介紹完了。如果您還想了解更多內(nèi)容,請在右上角搜索TOY模板網(wǎng)以前的文章或繼續(xù)瀏覽下面的相關(guān)文章,希望大家以后多多支持TOY模板網(wǎng)!

本文來自互聯(lián)網(wǎng)用戶投稿,該文觀點(diǎn)僅代表作者本人,不代表本站立場。本站僅提供信息存儲空間服務(wù),不擁有所有權(quán),不承擔(dān)相關(guān)法律責(zé)任。如若轉(zhuǎn)載,請注明出處: 如若內(nèi)容造成侵權(quán)/違法違規(guī)/事實(shí)不符,請點(diǎn)擊違法舉報進(jìn)行投訴反饋,一經(jīng)查實(shí),立即刪除!

領(lǐng)支付寶紅包贊助服務(wù)器費(fèi)用

相關(guān)文章

  • Spring Security詳細(xì)講解(JWT+SpringSecurity登入案例)

    Spring Security詳細(xì)講解(JWT+SpringSecurity登入案例)

    1.SpringSecurity SpringSecurity 是一個功能強(qiáng)大且高度可定制的身份驗證和訪問控制框架 。它是保護(hù)基于 Spring 的應(yīng)用程序的事實(shí)上的標(biāo)準(zhǔn)。 SpringSecurity 是一個致力于為 Java 應(yīng)用程序提供身份驗證和授權(quán)的框架 。像所有 Spring 項目一樣,Spring Security 的真正強(qiáng)大之處在于它可以如何輕

    2024年02月02日
    瀏覽(23)

  • Spring Boot + Vue的網(wǎng)上商城之springsecurity+jwt+redis實(shí)現(xiàn)用戶權(quán)限認(rèn)證實(shí)現(xiàn)

    在網(wǎng)上商城項目中,用戶的安全性是非常重要的。為了實(shí)現(xiàn)用戶權(quán)限認(rèn)證和安全校驗,我們可以使用Spring Security、JWT和Redis來實(shí)現(xiàn)。本篇博客將詳細(xì)介紹后端和前臺的實(shí)現(xiàn)過程,并提供相應(yīng)的代碼案例。 當(dāng)用戶點(diǎn)擊登錄按鈕時,前端發(fā)送一個POST請求到后端的登錄接口,傳遞用

    2024年02月07日
    瀏覽(22)
  • Spring boot 整合 JWT

    Spring boot 整合 JWT

    第一章 Java線程池技術(shù)應(yīng)用 第二章 CountDownLatch和Semaphone的應(yīng)用 第三章 Spring Cloud 簡介 第四章 Spring Cloud Netflix 之 Eureka 第五章 Spring Cloud Netflix 之 Ribbon 第六章 Spring Cloud 之 OpenFeign 第七章 Spring Cloud 之 GateWay 第八章 Spring Cloud Netflix 之 Hystrix 第九章 代碼管理gitlab 使用 第十章 Spr

    2024年02月05日
    瀏覽(20)
  • spring-security -oauth2 整合 JWT

    spring-security -oauth2 整合 JWT

    在這個基礎(chǔ)上,進(jìn)行整合。 spring security oauth2學(xué)習(xí) -- 快速入門_本郡主是喵的博客-CSDN博客 先把? reids,common-pools? 等依賴刪掉。 刪掉redis的下相關(guān)配置 1.1?導(dǎo)入依賴 1.2 核心代碼 創(chuàng)建 jwtTokenConfig.java 在 AuthenticationServer.java 里面新增這些。 ?運(yùn)行,啟動! ?復(fù)制這個token去官網(wǎng)解析

    2024年02月09日
    瀏覽(23)
  • 【Spring Security系列】Spring Security整合JWT:構(gòu)建安全的Web應(yīng)用

    【Spring Security系列】Spring Security整合JWT:構(gòu)建安全的Web應(yīng)用

    在企業(yè)級開發(fā)或者我們自己的課程設(shè)計中,確保用戶數(shù)據(jù)的安全性和訪問控制非常重要。而Spring Security和JWT是都兩個強(qiáng)大的工具,它倆結(jié)合可以幫助我們實(shí)現(xiàn)這一目標(biāo)。 Spring Security提供了全面的安全功能,而JWT則是一種用于身份驗證的令牌機(jī)制。 前面兩個章節(jié)介紹過了Spri

    2024年04月23日
    瀏覽(24)

  • 【項目實(shí)戰(zhàn)】一、Spring boot整合JWT、Vue案例展示用戶鑒權(quán)

    【項目實(shí)戰(zhàn)】Spring boot整合JWT、Vue案例展示用戶鑒權(quán) 【微服務(wù)實(shí)戰(zhàn)】JWT

    2024年02月09日
    瀏覽(20)
  • SpringSecurity實(shí)現(xiàn)角色權(quán)限控制(SpringBoot+SpringSecurity+JWT)

    SpringSecurity實(shí)現(xiàn)角色權(quán)限控制(SpringBoot+SpringSecurity+JWT)

    通過 springboot整合jwt和security ,以用戶名/密碼的方式進(jìn)行認(rèn)證和授權(quán)。認(rèn)證通過jwt+數(shù)據(jù)庫的,授權(quán)這里使用了兩種方式,分別是 SpringSecurity自帶的hasRole方法+SecurityConfig 和 我們自定義的 permission+@PreAuthorize注解。 SpringSecurity中的幾個重要組件: 1.SecurityContextHolder(class) 用來

    2024年02月05日
    瀏覽(21)
  • 【SpringSecurity】十一、SpringSecurity集成JWT實(shí)現(xiàn)token的方法與校驗

    【SpringSecurity】十一、SpringSecurity集成JWT實(shí)現(xiàn)token的方法與校驗

    添加JWT的maven依賴: application.yaml中配置密鑰的值,方便代碼中引用和后續(xù)更改: 這里的命名改為JWTService好點(diǎn),Utils命名似乎偏靜態(tài)方法一點(diǎn)。 再貼一下下統(tǒng)一結(jié)果類的定義: 下面是安全用戶類,用于在數(shù)據(jù)庫的用戶對象類SysUser和返給框架的官方對象類UserDetails之間做過渡轉(zhuǎn)

    2024年02月10日
    瀏覽(22)
  • Spring Boot入門(07):整合 MySQL 和 Druid數(shù)據(jù)源 | 全網(wǎng)最詳細(xì)保姆級教學(xué)(兩萬字)

    Spring Boot入門(07):整合 MySQL 和 Druid數(shù)據(jù)源 | 全網(wǎng)最詳細(xì)保姆級教學(xué)(兩萬字)

    ????????作為現(xiàn)代Web應(yīng)用開發(fā)的重要技術(shù)棧之一,Spring Boot在快速構(gòu)建可靠、高效、易維護(hù)的應(yīng)用方面具有獨(dú)特的優(yōu)勢。而在實(shí)際開發(fā)中,數(shù)據(jù)庫作為系統(tǒng)的重要組成部分,對于數(shù)據(jù)源的選擇和配置也是至關(guān)重要的。本篇文章將全面介紹如何使用Spring Boot整合MySQL和Druid數(shù)據(jù)

    2024年02月12日
    瀏覽(25)

  • SpringSecurity+Oauth2+JWT

    快速入門 1. 創(chuàng)建基礎(chǔ)項目 file == new == project == Spring Initializr ==next == web(Spring Web)、Security(Spring Security) ==一直下一步 2. 編寫代碼進(jìn)行測試 創(chuàng)建controller static下創(chuàng)建login.html、main.html 3. 啟動項目進(jìn)行測試 訪問http://localhost:8080/login.html 會進(jìn)入SpringSecurity框架自帶的登入頁面 用戶默認(rèn)

    2024年02月12日
    瀏覽(24)

覺得文章有用就打賞一下文章作者

支付寶掃一掃打賞

博客贊助

微信掃一掃打賞

請作者喝杯咖啡吧~博客贊助

支付寶掃一掃領(lǐng)取紅包,優(yōu)惠每天領(lǐng)

二維碼1

領(lǐng)取紅包

二維碼2

領(lǐng)紅包