欢送微信搜寻公众号【java版web我的项目】获取资源:java学习视频/设计模式笔记/算法手册/java我的项目
一、什么是单点登陆
单点登录(Single Sign On),简称为 SSO,是目前比拟风行的企业业务整合的解决方案之一。SSO的定义是在多个利用零碎中,用户只须要登录一次就能够拜访所有相互信任的利用零碎
二、简略的运行机制
单点登录的机制其实是比较简单的,用一个事实中的例子做比拟。某公园外部有许多独立的景点,游客能够在各个景点门口独自买票。对于须要玩耍所有的景点的游客,这种买票形式很不不便,须要在每个景点门口排队买票,钱包拿 进拿出的,容易失落,很不平安。于是绝大多数游客抉择在大门口买一张通票(也叫套票),就能够玩遍所有的景点而不须要从新再买票。他们只须要在每个景点门 口出示一下方才买的套票就可能被容许进入每个独立的景点。
单点登录的机制也一样,如下图所示,
用户认证:这一环节次要是用户向认证服务器发动认证申请,认证服务器给用户返回一个胜利的令牌token,次要在认证服务器中实现,即图中的认证零碎,留神认证零碎只能有一个。身份校验:这一环节是用户携带token去拜访其余服务器时,在其余服务器中要对token的真伪进行测验,次要在资源服务器中实现,即图中的利用零碎2 3
三、JWT介绍
概念阐明
从分布式认证流程中,咱们不难发现,这两头起最关键作用的就是token,token的平安与否,间接关系到零碎的健壮性,这里咱们抉择应用JWT来实现token的生成和校验。
JWT,全称JSON Web Token,官网地址https://jwt.io,是一款杰出的分布式身份校验计划。能够生成token,也能够解析测验token。
JWT生成的token由三局部组成:
头部:次要设置一些标准信息,签名局部的编码格局就在头部中申明。载荷:token中寄存无效信息的局部,比方用户名,用户角色,过期工夫等,然而不要放明码,会泄露!签名:将头部与载荷别离采纳base64编码后,用“.”相连,再退出盐,最初应用头部申明的编码类型进行编码,就失去了签名。
JWT生成token的安全性剖析
从JWT生成的token组成上来看,要想防止token被伪造,次要就得看签名局部了,而签名局部又有三局部组成,其中头部和载荷的base64编码,简直是通明的,毫无安全性可言,那么最终守护token平安的重任就落在了退出的盐下面了!试想:如果生成token所用的盐与解析token时退出的盐是一样的。岂不是相似于中国人民银行把人民币防伪技术公开了?大家能够用这个盐来解析token,就能用来伪造token。这时,咱们就须要对盐采纳非对称加密的形式进行加密,以达到生成token与校验token方所用的盐不统一的平安成果!
非对称加密RSA介绍
基本原理:同时生成两把密钥:私钥和公钥,私钥隐秘保留,公钥能够下发给信赖客户端私钥加密,持有私钥或公钥才能够解密公钥加密,持有私钥才可解密
长处:平安,难以破解
毛病:算法比拟耗时,为了平安,能够承受
历史:三位数学家Rivest、Shamir 和 Adleman 设计了一种算法,能够实现非对称加密。这种算法用他们三个人的名字缩写:RSA。
四、SpringSecurity整合JWT
1.认证思路剖析
SpringSecurity次要是通过过滤器来实现性能的!咱们要找到SpringSecurity实现认证和校验身份的过滤器!
回顾集中式认证流程
用户认证:
应用UsernamePasswordAuthenticationFilter过滤器中attemptAuthentication办法实现认证性能,该过滤器父类中successfulAuthentication办法实现认证胜利后的操作。身份校验:
应用BasicAuthenticationFilter过滤器中doFilterInternal办法验证是否登录,以决定是否进入后续过滤器。
剖析分布式认证流程
用户认证:
因为分布式我的项目,少数是前后端拆散的架构设计,咱们要满足能够承受异步post的认证申请参数,须要批改UsernamePasswordAuthenticationFilter过滤器中attemptAuthentication办法,让其可能接管申请体。
另外,默认successfulAuthentication办法在认证通过后,是把用户信息间接放入session就完事了,当初咱们须要批改这个办法,在认证通过后生成token并返回给用户。身份校验:
原来BasicAuthenticationFilter过滤器中doFilterInternal办法校验用户是否登录,就是看session中是否有用户信息,咱们要批改为,验证用户携带的token是否非法,并解析出用户信息,交给SpringSecurity,以便于后续的受权性能能够失常应用。
2.具体实现
为了演示单点登录的成果,咱们设计如下我的项目构造
2.1父工程创立
因为本案例须要创立多个零碎,所以咱们应用maven聚合工程来实现,首先创立一个父工程,导入springboot的父依赖即可
<parent> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-parent</artifactId> <version>2.1.3.RELEASE</version> <relativePath/></parent>1234562.2公共工程创立
而后创立一个common工程,其余工程依赖此零碎
导入JWT相干的依赖
<dependencies> <dependency> <groupId>io.jsonwebtoken</groupId> <artifactId>jjwt-api</artifactId> <version>0.10.7</version> </dependency> <dependency> <groupId>io.jsonwebtoken</groupId> <artifactId>jjwt-impl</artifactId> <version>0.10.7</version> <scope>runtime</scope> </dependency> <dependency> <groupId>io.jsonwebtoken</groupId> <artifactId>jjwt-jackson</artifactId> <version>0.10.7</version> <scope>runtime</scope> </dependency> <!--jackson包--> <dependency> <groupId>com.fasterxml.jackson.core</groupId> <artifactId>jackson-databind</artifactId> <version>2.9.9</version> </dependency> <!--日志包--> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-logging</artifactId> </dependency> <dependency> <groupId>joda-time</groupId> <artifactId>joda-time</artifactId> </dependency> <dependency> <groupId>org.projectlombok</groupId> <artifactId>lombok</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-test</artifactId> </dependency></dependencies>123456789101112131415161718192021222324252627282930313233343536373839404142创立相干的工具类
Payload
/** * @program: springboot-54-security-jwt-demo * @description: * @author: 波波烤鸭 * @create: 2019-12-03 10:28 */@Datapublic class Payload <T>{ private String id; private T userInfo; private Date expiration;}123456789101112JsonUtils
package com.dpb.utils;import com.fasterxml.jackson.core.JsonProcessingException;import com.fasterxml.jackson.core.type.TypeReference;import com.fasterxml.jackson.databind.ObjectMapper;import org.slf4j.Logger;import org.slf4j.LoggerFactory;import java.io.IOException;import java.util.List;import java.util.Map;/** * @author: 波波烤鸭 **/public class JsonUtils { public static final ObjectMapper mapper = new ObjectMapper(); private static final Logger logger = LoggerFactory.getLogger(JsonUtils.class); public static String toString(Object obj) { if (obj == null) { return null; } if (obj.getClass() == String.class) { return (String) obj; } try { return mapper.writeValueAsString(obj); } catch (JsonProcessingException e) { logger.error("json序列化出错:" + obj, e); return null; } } public static <T> T toBean(String json, Class<T> tClass) { try { return mapper.readValue(json, tClass); } catch (IOException e) { logger.error("json解析出错:" + json, e); return null; } } public static <E> List<E> toList(String json, Class<E> eClass) { try { return mapper.readValue(json, mapper.getTypeFactory().constructCollectionType(List.class, eClass)); } catch (IOException e) { logger.error("json解析出错:" + json, e); return null; } } public static <K, V> Map<K, V> toMap(String json, Class<K> kClass, Class<V> vClass) { try { return mapper.readValue(json, mapper.getTypeFactory().constructMapType(Map.class, kClass, vClass)); } catch (IOException e) { logger.error("json解析出错:" + json, e); return null; } } public static <T> T nativeRead(String json, TypeReference<T> type) { try { return mapper.readValue(json, type); } catch (IOException e) { logger.error("json解析出错:" + json, e); return null; } }}123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172JwtUtils
package com.dpb.utils;import com.dpb.domain.Payload;import io.jsonwebtoken.Claims;import io.jsonwebtoken.Jws;import io.jsonwebtoken.Jwts;import io.jsonwebtoken.SignatureAlgorithm;import org.joda.time.DateTime;import java.security.PrivateKey;import java.security.PublicKey;import java.util.Base64;import java.util.UUID;/** * @author: 波波烤鸭 * 生成token以及校验token相干办法 */public class JwtUtils { private static final String JWT_PAYLOAD_USER_KEY = "user"; /** * 私钥加密token * * @param userInfo 载荷中的数据 * @param privateKey 私钥 * @param expire 过期工夫,单位分钟 * @return JWT */ public static String generateTokenExpireInMinutes(Object userInfo, PrivateKey privateKey, int expire) { return Jwts.builder() .claim(JWT_PAYLOAD_USER_KEY, JsonUtils.toString(userInfo)) .setId(createJTI()) .setExpiration(DateTime.now().plusMinutes(expire).toDate()) .signWith(privateKey, SignatureAlgorithm.RS256) .compact(); } /** * 私钥加密token * * @param userInfo 载荷中的数据 * @param privateKey 私钥 * @param expire 过期工夫,单位秒 * @return JWT */ public static String generateTokenExpireInSeconds(Object userInfo, PrivateKey privateKey, int expire) { return Jwts.builder() .claim(JWT_PAYLOAD_USER_KEY, JsonUtils.toString(userInfo)) .setId(createJTI()) .setExpiration(DateTime.now().plusSeconds(expire).toDate()) .signWith(privateKey, SignatureAlgorithm.RS256) .compact(); } /** * 公钥解析token * * @param token 用户申请中的token * @param publicKey 公钥 * @return Jws<Claims> */ private static Jws<Claims> parserToken(String token, PublicKey publicKey) { return Jwts.parser().setSigningKey(publicKey).parseClaimsJws(token); } private static String createJTI() { return new String(Base64.getEncoder().encode(UUID.randomUUID().toString().getBytes())); } /** * 获取token中的用户信息 * * @param token 用户申请中的令牌 * @param publicKey 公钥 * @return 用户信息 */ public static <T> Payload<T> getInfoFromToken(String token, PublicKey publicKey, Class<T> userType) { Jws<Claims> claimsJws = parserToken(token, publicKey); Claims body = claimsJws.getBody(); Payload<T> claims = new Payload<>(); claims.setId(body.getId()); claims.setUserInfo(JsonUtils.toBean(body.get(JWT_PAYLOAD_USER_KEY).toString(), userType)); claims.setExpiration(body.getExpiration()); return claims; } /** * 获取token中的载荷信息 * * @param token 用户申请中的令牌 * @param publicKey 公钥 * @return 用户信息 */ public static <T> Payload<T> getInfoFromToken(String token, PublicKey publicKey) { Jws<Claims> claimsJws = parserToken(token, publicKey); Claims body = claimsJws.getBody(); Payload<T> claims = new Payload<>(); claims.setId(body.getId()); claims.setExpiration(body.getExpiration()); return claims; }}123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104RsaUtils
package com.dpb.utils;import java.io.File;import java.io.IOException;import java.nio.file.Files;import java.security.*;import java.security.spec.InvalidKeySpecException;import java.security.spec.PKCS8EncodedKeySpec;import java.security.spec.X509EncodedKeySpec;import java.util.Base64;/** * @author 波波烤鸭 */public class RsaUtils { private static final int DEFAULT_KEY_SIZE = 2048; /** * 从文件中读取公钥 * * @param filename 公钥保留门路,绝对于classpath * @return 公钥对象 * @throws Exception */ public static PublicKey getPublicKey(String filename) throws Exception { byte[] bytes = readFile(filename); return getPublicKey(bytes); } /** * 从文件中读取密钥 * * @param filename 私钥保留门路,绝对于classpath * @return 私钥对象 * @throws Exception */ public static PrivateKey getPrivateKey(String filename) throws Exception { byte[] bytes = readFile(filename); return getPrivateKey(bytes); } /** * 获取公钥 * * @param bytes 公钥的字节模式 * @return * @throws Exception */ private static PublicKey getPublicKey(byte[] bytes) throws Exception { bytes = Base64.getDecoder().decode(bytes); X509EncodedKeySpec spec = new X509EncodedKeySpec(bytes); KeyFactory factory = KeyFactory.getInstance("RSA"); return factory.generatePublic(spec); } /** * 获取密钥 * * @param bytes 私钥的字节模式 * @return * @throws Exception */ private static PrivateKey getPrivateKey(byte[] bytes) throws NoSuchAlgorithmException, InvalidKeySpecException { bytes = Base64.getDecoder().decode(bytes); PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(bytes); KeyFactory factory = KeyFactory.getInstance("RSA"); return factory.generatePrivate(spec); } /** * 依据密文,生存rsa公钥和私钥,并写入指定文件 * * @param publicKeyFilename 公钥文件门路 * @param privateKeyFilename 私钥文件门路 * @param secret 生成密钥的密文 */ public static void generateKey(String publicKeyFilename, String privateKeyFilename, String secret, int keySize) throws Exception { KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA"); SecureRandom secureRandom = new SecureRandom(secret.getBytes()); keyPairGenerator.initialize(Math.max(keySize, DEFAULT_KEY_SIZE), secureRandom); KeyPair keyPair = keyPairGenerator.genKeyPair(); // 获取公钥并写出 byte[] publicKeyBytes = keyPair.getPublic().getEncoded(); publicKeyBytes = Base64.getEncoder().encode(publicKeyBytes); writeFile(publicKeyFilename, publicKeyBytes); // 获取私钥并写出 byte[] privateKeyBytes = keyPair.getPrivate().getEncoded(); privateKeyBytes = Base64.getEncoder().encode(privateKeyBytes); writeFile(privateKeyFilename, privateKeyBytes); } private static byte[] readFile(String fileName) throws Exception { return Files.readAllBytes(new File(fileName).toPath()); } private static void writeFile(String destPath, byte[] bytes) throws IOException { File dest = new File(destPath); if (!dest.exists()) { dest.createNewFile(); } Files.write(dest.toPath(), bytes); }}123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103在通用子模块中编写测试类生成rsa公钥和私钥
/** * @program: springboot-54-security-jwt-demo * @description: * @author: 波波烤鸭 * @create: 2019-12-03 11:08 */public class JwtTest { private String privateKey = "c:/tools/auth_key/id_key_rsa"; private String publicKey = "c:/tools/auth_key/id_key_rsa.pub"; @Test public void test1() throws Exception{ RsaUtils.generateKey(publicKey,privateKey,"dpb",1024); }}12345678910111213141516172.3认证零碎创立
接下来咱们创立咱们的认证服务。
导入相干的依赖
<dependencies> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency> <dependency> <artifactId>security-jwt-common</artifactId> <groupId>com.dpb</groupId> <version>1.0-SNAPSHOT</version> </dependency> <dependency> <groupId>mysql</groupId> <artifactId>mysql-connector-java</artifactId> <version>5.1.47</version> </dependency> <dependency> <groupId>org.mybatis.spring.boot</groupId> <artifactId>mybatis-spring-boot-starter</artifactId> <version>2.1.0</version> </dependency> <dependency> <groupId>com.alibaba</groupId> <artifactId>druid</artifactId> <version>1.1.10</version> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-configuration-processor</artifactId> <optional>true</optional> </dependency></dependencies>1234567891011121314151617181920212223242526272829303132333435创立配置文件
spring: datasource: driver-class-name: com.mysql.jdbc.Driver url: jdbc:mysql://localhost:3306/srm username: root password: 123456 type: com.alibaba.druid.pool.DruidDataSourcemybatis: type-aliases-package: com.dpb.domain mapper-locations: classpath:mapper/*.xmllogging: level: com.dpb: debugrsa: key: pubKeyFile: c:\tools\auth_key\id_key_rsa.pub priKeyFile: c:\tools\auth_key\id_key_rsa1234567891011121314151617提供公钥私钥的配置类
package com.dpb.config;import com.dpb.utils.RsaUtils;import lombok.Data;import org.springframework.boot.context.properties.ConfigurationProperties;import org.springframework.context.annotation.Configuration;import javax.annotation.PostConstruct;import java.security.PrivateKey;import java.security.PublicKey;/** * @program: springboot-54-security-jwt-demo * @description: * @author: 波波烤鸭 * @create: 2019-12-03 11:25 */@Data@ConfigurationProperties(prefix = "rsa.key")public class RsaKeyProperties { private String pubKeyFile; private String priKeyFile; private PublicKey publicKey; private PrivateKey privateKey; /** * 系统启动的时候触发 * @throws Exception */ @PostConstruct public void createRsaKey() throws Exception { publicKey = RsaUtils.getPublicKey(pubKeyFile); privateKey = RsaUtils.getPrivateKey(priKeyFile); }}1234567891011121314151617181920212223242526272829303132333435363738创立启动类
/** * @program: springboot-54-security-jwt-demo * @description: 启动类 * @author: 波波烤鸭 * @create: 2019-12-03 11:23 */@SpringBootApplication@MapperScan("com.dpb.mapper")@EnableConfigurationProperties(RsaKeyProperties.class)public class App { public static void main(String[] args) { SpringApplication.run(App.class,args); }}123456789101112131415实现数据认证的逻辑
pojo
package com.dpb.domain;import com.fasterxml.jackson.annotation.JsonIgnore;import lombok.Data;import org.springframework.security.core.GrantedAuthority;/** * @program: springboot-54-security-jwt-demo * @description: * @author: 波波烤鸭 * @create: 2019-12-03 15:21 */@Datapublic class RolePojo implements GrantedAuthority { private Integer id; private String roleName; private String roleDesc; @JsonIgnore @Override public String getAuthority() { return roleName; }}12345678910111213141516171819202122232425package com.dpb.domain;import com.fasterxml.jackson.annotation.JsonIgnore;import lombok.Data;import org.springframework.security.core.GrantedAuthority;import org.springframework.security.core.authority.SimpleGrantedAuthority;import org.springframework.security.core.userdetails.UserDetails;import java.util.ArrayList;import java.util.Collection;import java.util.List;/** * @program: springboot-54-security-jwt-demo * @description: * @author: 波波烤鸭 * @create: 2019-12-03 11:33 */@Datapublic class UserPojo implements UserDetails { private Integer id; private String username; private String password; private Integer status; private List<RolePojo> roles; @JsonIgnore @Override public Collection<? extends GrantedAuthority> getAuthorities() { List<SimpleGrantedAuthority> auth = new ArrayList<>(); auth.add(new SimpleGrantedAuthority("ADMIN")); return auth; } @Override public String getPassword() { return this.password; } @Override public String getUsername() { return this.username; } @JsonIgnore @Override public boolean isAccountNonExpired() { return true; } @JsonIgnore @Override public boolean isAccountNonLocked() { return true; } @JsonIgnore @Override public boolean isCredentialsNonExpired() { return true; } @JsonIgnore @Override public boolean isEnabled() { return true; }}123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869Mapper接口
public interface UserMapper { public UserPojo queryByUserName(@Param("userName") String userName);}123Mapper映射文件
<?xml version="1.0" encoding="UTF-8" ?><!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd"><mapper namespace="com.dpb.mapper.UserMapper"> <select id="queryByUserName" resultType="UserPojo"> select * from t_user where username = #{userName} </select></mapper>123456789Service
public interface UserService extends UserDetailsService {}123@Service@Transactionalpublic class UserServiceImpl implements UserService { @Autowired private UserMapper mapper; @Override public UserDetails loadUserByUsername(String s) throws UsernameNotFoundException { UserPojo user = mapper.queryByUserName(s); return user; }}1234567891011121314自定义认证过滤器
package com.dpb.filter;import com.dpb.config.RsaKeyProperties;import com.dpb.domain.RolePojo;import com.dpb.domain.UserPojo;import com.dpb.utils.JwtUtils;import com.fasterxml.jackson.databind.ObjectMapper;import net.bytebuddy.agent.builder.AgentBuilder;import org.springframework.security.authentication.AuthenticationManager;import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;import org.springframework.security.core.Authentication;import org.springframework.security.core.AuthenticationException;import org.springframework.security.core.authority.SimpleGrantedAuthority;import org.springframework.security.core.userdetails.User;import org.springframework.security.core.userdetails.UserDetails;import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;import javax.servlet.FilterChain;import javax.servlet.ServletException;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import java.io.IOException;import java.io.PrintWriter;import java.util.ArrayList;import java.util.HashMap;import java.util.List;import java.util.Map;/** * @program: springboot-54-security-jwt-demo * @description: * @author: 波波烤鸭 * @create: 2019-12-03 11:57 */public class TokenLoginFilter extends UsernamePasswordAuthenticationFilter { private AuthenticationManager authenticationManager; private RsaKeyProperties prop; public TokenLoginFilter(AuthenticationManager authenticationManager, RsaKeyProperties prop) { this.authenticationManager = authenticationManager; this.prop = prop; } public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException { try { UserPojo sysUser = new ObjectMapper().readValue(request.getInputStream(), UserPojo.class); UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(sysUser.getUsername(), sysUser.getPassword()); return authenticationManager.authenticate(authRequest); }catch (Exception e){ try { response.setContentType("application/json;charset=utf-8"); response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); PrintWriter out = response.getWriter(); Map resultMap = new HashMap(); resultMap.put("code", HttpServletResponse.SC_UNAUTHORIZED); resultMap.put("msg", "用户名或明码谬误!"); out.write(new ObjectMapper().writeValueAsString(resultMap)); out.flush(); out.close(); }catch (Exception outEx){ outEx.printStackTrace(); } throw new RuntimeException(e); } } public void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain chain, Authentication authResult) throws IOException, ServletException { UserPojo user = new UserPojo(); user.setUsername(authResult.getName()); user.setRoles((List<RolePojo>)authResult.getAuthorities()); String token = JwtUtils.generateTokenExpireInMinutes(user, prop.getPrivateKey(), 24 * 60); response.addHeader("Authorization", "Bearer "+token); try { response.setContentType("application/json;charset=utf-8"); response.setStatus(HttpServletResponse.SC_OK); PrintWriter out = response.getWriter(); Map resultMap = new HashMap(); resultMap.put("code", HttpServletResponse.SC_OK); resultMap.put("msg", "认证通过!"); out.write(new ObjectMapper().writeValueAsString(resultMap)); out.flush(); out.close(); }catch (Exception outEx){ outEx.printStackTrace(); } }}1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889自定义校验token的过滤器
package com.dpb.filter;import com.dpb.config.RsaKeyProperties;import com.dpb.domain.Payload;import com.dpb.domain.UserPojo;import com.dpb.utils.JwtUtils;import com.fasterxml.jackson.databind.ObjectMapper;import org.springframework.security.authentication.AuthenticationManager;import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;import org.springframework.security.core.context.SecurityContextHolder;import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;import javax.servlet.FilterChain;import javax.servlet.ServletException;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import java.io.IOException;import java.io.PrintWriter;import java.util.HashMap;import java.util.Map;/** * @program: springboot-54-security-jwt-demo * @description: * @author: 波波烤鸭 * @create: 2019-12-03 12:39 */public class TokenVerifyFilter extends BasicAuthenticationFilter { private RsaKeyProperties prop; public TokenVerifyFilter(AuthenticationManager authenticationManager, RsaKeyProperties prop) { super(authenticationManager); this.prop = prop; } public void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException { String header = request.getHeader("Authorization"); if (header == null || !header.startsWith("Bearer ")) { //如果携带谬误的token,则给用户提醒请登录! chain.doFilter(request, response); response.setContentType("application/json;charset=utf-8"); response.setStatus(HttpServletResponse.SC_FORBIDDEN); PrintWriter out = response.getWriter(); Map resultMap = new HashMap(); resultMap.put("code", HttpServletResponse.SC_FORBIDDEN); resultMap.put("msg", "请登录!"); out.write(new ObjectMapper().writeValueAsString(resultMap)); out.flush(); out.close(); } else { //如果携带了正确格局的token要先失去token String token = header.replace("Bearer ", ""); //验证tken是否正确 Payload<UserPojo> payload = JwtUtils.getInfoFromToken(token, prop.getPublicKey(), UserPojo.class); UserPojo user = payload.getUserInfo(); if(user!=null){ UsernamePasswordAuthenticationToken authResult = new UsernamePasswordAuthenticationToken(user.getUsername(), null, user.getAuthorities()); SecurityContextHolder.getContext().setAuthentication(authResult); chain.doFilter(request, response); } } }}12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364\###编写SpringSecurity的配置类
package com.dpb.config;import com.dpb.filter.TokenLoginFilter;import com.dpb.filter.TokenVerifyFilter;import com.dpb.service.UserService;import org.springframework.beans.factory.annotation.Autowired;import org.springframework.context.annotation.Bean;import org.springframework.context.annotation.Configuration;import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;import org.springframework.security.config.annotation.web.builders.HttpSecurity;import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;import org.springframework.security.config.http.SessionCreationPolicy;import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;/** * @program: springboot-54-security-jwt-demo * @description: * @author: 波波烤鸭 * @create: 2019-12-03 12:41 */@Configuration@EnableWebSecurity@EnableGlobalMethodSecurity(securedEnabled=true)public class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Autowired private UserService userService; @Autowired private RsaKeyProperties prop; @Bean public BCryptPasswordEncoder passwordEncoder(){ return new BCryptPasswordEncoder(); } //指定认证对象的起源 public void configure(AuthenticationManagerBuilder auth) throws Exception { auth.userDetailsService(userService).passwordEncoder(passwordEncoder()); } //SpringSecurity配置信息 public void configure(HttpSecurity http) throws Exception { http.csrf() .disable() .authorizeRequests() .antMatchers("/user/query").hasAnyRole("ADMIN") .anyRequest() .authenticated() .and() .addFilter(new TokenLoginFilter(super.authenticationManager(), prop)) .addFilter(new TokenVerifyFilter(super.authenticationManager(), prop)) .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS); }}1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556启动服务测试
启动服务
通过Postman来拜访测试
依据token信息咱们拜访其余资源
2.4资源零碎创立
阐明
资源服务能够有很多个,这里只拿产品服务为例,记住,资源服务中只能通过公钥验证认证。不能签发token!创立产品服务并导入jar包依据理论业务导包即可,咱们就临时和认证服务一样了。
接下来咱们再创立一个资源服务
导入相干的依赖
<dependencies> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency> <dependency> <artifactId>security-jwt-common</artifactId> <groupId>com.dpb</groupId> <version>1.0-SNAPSHOT</version> </dependency> <dependency> <groupId>mysql</groupId> <artifactId>mysql-connector-java</artifactId> <version>5.1.47</version> </dependency> <dependency> <groupId>org.mybatis.spring.boot</groupId> <artifactId>mybatis-spring-boot-starter</artifactId> <version>2.1.0</version> </dependency> <dependency> <groupId>com.alibaba</groupId> <artifactId>druid</artifactId> <version>1.1.10</version> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-configuration-processor</artifactId> <optional>true</optional> </dependency></dependencies>1234567891011121314151617181920212223242526272829303132333435编写产品服务配置文件
切记这里只能有公钥地址!
server: port: 9002spring: datasource: driver-class-name: com.mysql.jdbc.Driver url: jdbc:mysql://localhost:3306/srm username: root password: 123456 type: com.alibaba.druid.pool.DruidDataSourcemybatis: type-aliases-package: com.dpb.domain mapper-locations: classpath:mapper/*.xmllogging: level: com.dpb: debugrsa: key: pubKeyFile: c:\tools\auth_key\id_key_rsa.pub123456789101112131415161718编写读取公钥的配置类
package com.dpb.config;import com.dpb.utils.RsaUtils;import lombok.Data;import org.springframework.boot.context.properties.ConfigurationProperties;import javax.annotation.PostConstruct;import java.security.PrivateKey;import java.security.PublicKey;/** * @program: springboot-54-security-jwt-demo * @description: * @author: 波波烤鸭 * @create: 2019-12-03 11:25 */@Data@ConfigurationProperties(prefix = "rsa.key")public class RsaKeyProperties { private String pubKeyFile; private PublicKey publicKey; /** * 系统启动的时候触发 * @throws Exception */ @PostConstruct public void createRsaKey() throws Exception { publicKey = RsaUtils.getPublicKey(pubKeyFile); }}12345678910111213141516171819202122232425262728293031323334编写启动类
package com.dpb;import com.dpb.config.RsaKeyProperties;import org.mybatis.spring.annotation.MapperScan;import org.springframework.boot.SpringApplication;import org.springframework.boot.autoconfigure.SpringBootApplication;import org.springframework.boot.context.properties.EnableConfigurationProperties;/** * @program: springboot-54-security-jwt-demo * @description: * @author: 波波烤鸭 * @create: 2019-12-03 17:23 */@SpringBootApplication@MapperScan("com.dpb.mapper")@EnableConfigurationProperties(RsaKeyProperties.class)public class App { public static void main(String[] args) { SpringApplication.run(App.class,args); }}1234567891011121314151617181920212223复制认证服务中,用户对象,角色对象和校验认证的接口
复制认证服务中的相干内容即可
复制认证服务中SpringSecurity配置类做批改
package com.dpb.config;import com.dpb.filter.TokenVerifyFilter;import com.dpb.service.UserService;import org.springframework.beans.factory.annotation.Autowired;import org.springframework.context.annotation.Bean;import org.springframework.context.annotation.Configuration;import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;import org.springframework.security.config.annotation.web.builders.HttpSecurity;import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;import org.springframework.security.config.http.SessionCreationPolicy;import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;/** * @program: springboot-54-security-jwt-demo * @description: * @author: 波波烤鸭 * @create: 2019-12-03 12:41 */@Configuration@EnableWebSecurity@EnableGlobalMethodSecurity(securedEnabled=true)public class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Autowired private UserService userService; @Autowired private RsaKeyProperties prop; @Bean public BCryptPasswordEncoder passwordEncoder(){ return new BCryptPasswordEncoder(); } //指定认证对象的起源 public void configure(AuthenticationManagerBuilder auth) throws Exception { auth.userDetailsService(userService).passwordEncoder(passwordEncoder()); } //SpringSecurity配置信息 public void configure(HttpSecurity http) throws Exception { http.csrf() .disable() .authorizeRequests() //.antMatchers("/user/query").hasAnyRole("USER") .anyRequest() .authenticated() .and() .addFilter(new TokenVerifyFilter(super.authenticationManager(), prop)) // 禁用掉session .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS); }}1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556去掉“减少自定义认证过滤器”即可!
编写产品处理器
package com.dpb.controller;import org.springframework.security.access.annotation.Secured;import org.springframework.web.bind.annotation.RequestMapping;import org.springframework.web.bind.annotation.RestController;/** * @program: springboot-54-security-jwt-demo * @description: * @author: 波波烤鸭 * @create: 2019-12-03 11:55 */@RestController@RequestMapping("/user")public class UserController { @RequestMapping("/query") public String query(){ return "success"; } @RequestMapping("/update") public String update(){ return "update"; }}1234567891011121314151617181920212223242526测试
搞定~
作者:波波烤鸭
起源:https://blog.csdn.net/qq_3852...
近期热文举荐:
SpringCloud微服务电商我的项目教程