Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
karl_lei
spring-boot-in-action
提交
ee5cda00
S
spring-boot-in-action
项目概览
karl_lei
/
spring-boot-in-action
与 Fork 源项目一致
从无法访问的项目Fork
通知
2
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
S
spring-boot-in-action
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
ee5cda00
编写于
3月 12, 2019
作者:
H
hansonwang99
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
基于Spring Security和 JWT设计一个权限系统
上级
f8f00b49
变更
17
隐藏空白更改
内联
并排
Showing
17 changed file
with
692 addition
and
0 deletion
+692
-0
springbt_security_jwt/README.md
springbt_security_jwt/README.md
+1
-0
springbt_security_jwt/pom.xml
springbt_security_jwt/pom.xml
+73
-0
springbt_security_jwt/src/main/java/cn/codesheep/springbt_security_jwt/SpringbtSecurityJwtApplication.java
...springbt_security_jwt/SpringbtSecurityJwtApplication.java
+16
-0
springbt_security_jwt/src/main/java/cn/codesheep/springbt_security_jwt/comm/Const.java
...n/java/cn/codesheep/springbt_security_jwt/comm/Const.java
+13
-0
springbt_security_jwt/src/main/java/cn/codesheep/springbt_security_jwt/config/WebSecurityConfig.java
...sheep/springbt_security_jwt/config/WebSecurityConfig.java
+65
-0
springbt_security_jwt/src/main/java/cn/codesheep/springbt_security_jwt/controller/JwtAuthController.java
...p/springbt_security_jwt/controller/JwtAuthController.java
+34
-0
springbt_security_jwt/src/main/java/cn/codesheep/springbt_security_jwt/controller/TestController.java
...heep/springbt_security_jwt/controller/TestController.java
+28
-0
springbt_security_jwt/src/main/java/cn/codesheep/springbt_security_jwt/filter/JwtTokenFilter.java
...odesheep/springbt_security_jwt/filter/JwtTokenFilter.java
+55
-0
springbt_security_jwt/src/main/java/cn/codesheep/springbt_security_jwt/model/entity/Role.java
...cn/codesheep/springbt_security_jwt/model/entity/Role.java
+35
-0
springbt_security_jwt/src/main/java/cn/codesheep/springbt_security_jwt/model/entity/User.java
...cn/codesheep/springbt_security_jwt/model/entity/User.java
+95
-0
springbt_security_jwt/src/main/java/cn/codesheep/springbt_security_jwt/repository/UserRepository.java
...heep/springbt_security_jwt/repository/UserRepository.java
+12
-0
springbt_security_jwt/src/main/java/cn/codesheep/springbt_security_jwt/service/AuthService.java
.../codesheep/springbt_security_jwt/service/AuthService.java
+13
-0
springbt_security_jwt/src/main/java/cn/codesheep/springbt_security_jwt/service/UserService.java
.../codesheep/springbt_security_jwt/service/UserService.java
+32
-0
springbt_security_jwt/src/main/java/cn/codesheep/springbt_security_jwt/service/impl/AuthServiceImpl.java
...p/springbt_security_jwt/service/impl/AuthServiceImpl.java
+64
-0
springbt_security_jwt/src/main/java/cn/codesheep/springbt_security_jwt/util/JwtTokenUtil.java
...cn/codesheep/springbt_security_jwt/util/JwtTokenUtil.java
+128
-0
springbt_security_jwt/src/main/resources/application.properties
...bt_security_jwt/src/main/resources/application.properties
+12
-0
springbt_security_jwt/src/test/java/cn/codesheep/springbt_security_jwt/SpringbtSecurityJwtApplicationTests.java
...gbt_security_jwt/SpringbtSecurityJwtApplicationTests.java
+16
-0
未找到文件。
springbt_security_jwt/README.md
0 → 100644
浏览文件 @
ee5cda00
## SpringBoot + Security + JWT
\ No newline at end of file
springbt_security_jwt/pom.xml
0 → 100644
浏览文件 @
ee5cda00
<?xml version="1.0" encoding="UTF-8"?>
<project
xmlns=
"http://maven.apache.org/POM/4.0.0"
xmlns:xsi=
"http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation=
"http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"
>
<modelVersion>
4.0.0
</modelVersion>
<groupId>
cn.codesheep
</groupId>
<artifactId>
springbt_security_jwt
</artifactId>
<version>
0.0.1
</version>
<packaging>
jar
</packaging>
<name>
springbt_security_jwt
</name>
<description>
springbt_security_jwt
</description>
<parent>
<groupId>
org.springframework.boot
</groupId>
<artifactId>
spring-boot-starter-parent
</artifactId>
<version>
2.0.6.RELEASE
</version>
<relativePath/>
<!-- lookup parent from repository -->
</parent>
<properties>
<project.build.sourceEncoding>
UTF-8
</project.build.sourceEncoding>
<project.reporting.outputEncoding>
UTF-8
</project.reporting.outputEncoding>
<java.version>
1.8
</java.version>
</properties>
<dependencies>
<dependency>
<groupId>
org.springframework.boot
</groupId>
<artifactId>
spring-boot-starter-web
</artifactId>
</dependency>
<dependency>
<groupId>
org.springframework.boot
</groupId>
<artifactId>
spring-boot-starter-test
</artifactId>
<scope>
test
</scope>
</dependency>
<dependency>
<groupId>
org.springframework.boot
</groupId>
<artifactId>
spring-boot-starter-data-jpa
</artifactId>
</dependency>
<dependency>
<groupId>
org.springframework.boot
</groupId>
<artifactId>
spring-boot-starter-security
</artifactId>
</dependency>
<dependency>
<groupId>
mysql
</groupId>
<artifactId>
mysql-connector-java
</artifactId>
<version>
5.1.40
</version>
</dependency>
<dependency>
<groupId>
io.jsonwebtoken
</groupId>
<artifactId>
jjwt
</artifactId>
<version>
0.9.0
</version>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>
org.springframework.boot
</groupId>
<artifactId>
spring-boot-maven-plugin
</artifactId>
</plugin>
</plugins>
</build>
</project>
springbt_security_jwt/src/main/java/cn/codesheep/springbt_security_jwt/SpringbtSecurityJwtApplication.java
0 → 100644
浏览文件 @
ee5cda00
package
cn.codesheep.springbt_security_jwt
;
import
org.springframework.boot.SpringApplication
;
import
org.springframework.boot.autoconfigure.SpringBootApplication
;
/**
* @www.codesheep.cn
* 20190312
*/
@SpringBootApplication
public
class
SpringbtSecurityJwtApplication
{
public
static
void
main
(
String
[]
args
)
{
SpringApplication
.
run
(
SpringbtSecurityJwtApplication
.
class
,
args
);
}
}
springbt_security_jwt/src/main/java/cn/codesheep/springbt_security_jwt/comm/Const.java
0 → 100644
浏览文件 @
ee5cda00
package
cn.codesheep.springbt_security_jwt.comm
;
/**
* @www.codesheep.cn
* 20190312
*/
public
class
Const
{
public
static
final
long
EXPIRATION_TIME
=
432_000_000
;
// 5天(以毫秒ms计)
public
static
final
String
SECRET
=
"CodeSheepSecret"
;
// JWT密码
public
static
final
String
TOKEN_PREFIX
=
"Bearer"
;
// Token前缀
public
static
final
String
HEADER_STRING
=
"Authorization"
;
// 存放Token的Header Key
}
springbt_security_jwt/src/main/java/cn/codesheep/springbt_security_jwt/config/WebSecurityConfig.java
0 → 100644
浏览文件 @
ee5cda00
package
cn.codesheep.springbt_security_jwt.config
;
import
cn.codesheep.springbt_security_jwt.filter.JwtTokenFilter
;
import
cn.codesheep.springbt_security_jwt.service.UserService
;
import
org.springframework.beans.factory.annotation.Autowired
;
import
org.springframework.context.annotation.Bean
;
import
org.springframework.context.annotation.Configuration
;
import
org.springframework.http.HttpMethod
;
import
org.springframework.security.authentication.AuthenticationManager
;
import
org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder
;
import
org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity
;
import
org.springframework.security.config.annotation.web.builders.HttpSecurity
;
import
org.springframework.security.config.annotation.web.builders.WebSecurity
;
import
org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
;
import
org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
;
import
org.springframework.security.config.http.SessionCreationPolicy
;
import
org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder
;
import
org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
;
/**
* @www.codesheep.cn
* 20190312
*/
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity
(
prePostEnabled
=
true
)
public
class
WebSecurityConfig
extends
WebSecurityConfigurerAdapter
{
@Autowired
private
UserService
userService
;
@Bean
public
JwtTokenFilter
authenticationTokenFilterBean
()
throws
Exception
{
return
new
JwtTokenFilter
();
}
@Bean
public
AuthenticationManager
authenticationManagerBean
()
throws
Exception
{
return
super
.
authenticationManagerBean
();
}
@Override
protected
void
configure
(
AuthenticationManagerBuilder
auth
)
throws
Exception
{
auth
.
userDetailsService
(
userService
).
passwordEncoder
(
new
BCryptPasswordEncoder
()
);
}
@Override
protected
void
configure
(
HttpSecurity
httpSecurity
)
throws
Exception
{
httpSecurity
.
csrf
().
disable
()
.
sessionManagement
().
sessionCreationPolicy
(
SessionCreationPolicy
.
STATELESS
).
and
()
.
authorizeRequests
()
.
antMatchers
(
HttpMethod
.
OPTIONS
,
"/**"
).
permitAll
()
.
antMatchers
(
HttpMethod
.
POST
,
"/authentication/**"
).
permitAll
()
.
antMatchers
(
HttpMethod
.
POST
).
authenticated
()
.
antMatchers
(
HttpMethod
.
PUT
).
authenticated
()
.
antMatchers
(
HttpMethod
.
DELETE
).
authenticated
()
.
antMatchers
(
HttpMethod
.
GET
).
authenticated
();
httpSecurity
.
addFilterBefore
(
authenticationTokenFilterBean
(),
UsernamePasswordAuthenticationFilter
.
class
);
httpSecurity
.
headers
().
cacheControl
();
}
}
springbt_security_jwt/src/main/java/cn/codesheep/springbt_security_jwt/controller/JwtAuthController.java
0 → 100644
浏览文件 @
ee5cda00
package
cn.codesheep.springbt_security_jwt.controller
;
import
cn.codesheep.springbt_security_jwt.model.entity.User
;
import
cn.codesheep.springbt_security_jwt.service.AuthService
;
import
org.springframework.beans.factory.annotation.Autowired
;
import
org.springframework.security.core.AuthenticationException
;
import
org.springframework.web.bind.annotation.RequestBody
;
import
org.springframework.web.bind.annotation.RequestMapping
;
import
org.springframework.web.bind.annotation.RequestMethod
;
import
org.springframework.web.bind.annotation.RestController
;
/**
* @www.codesheep.cn
* 20190312
*/
@RestController
public
class
JwtAuthController
{
@Autowired
private
AuthService
authService
;
// 登录
@RequestMapping
(
value
=
"/authentication/login"
,
method
=
RequestMethod
.
POST
)
public
String
createToken
(
String
username
,
String
password
)
throws
AuthenticationException
{
return
authService
.
login
(
username
,
password
);
}
// 注册
@RequestMapping
(
value
=
"/authentication/register"
,
method
=
RequestMethod
.
POST
)
public
User
register
(
@RequestBody
User
addedUser
)
throws
AuthenticationException
{
return
authService
.
register
(
addedUser
);
}
}
springbt_security_jwt/src/main/java/cn/codesheep/springbt_security_jwt/controller/TestController.java
0 → 100644
浏览文件 @
ee5cda00
package
cn.codesheep.springbt_security_jwt.controller
;
import
org.springframework.security.access.prepost.PreAuthorize
;
import
org.springframework.web.bind.annotation.RequestMapping
;
import
org.springframework.web.bind.annotation.RequestMethod
;
import
org.springframework.web.bind.annotation.RestController
;
/**
* @www.codesheep.cn
* 20190312
*/
@RestController
public
class
TestController
{
// 测试普通权限
@PreAuthorize
(
"hasAuthority('ROLE_NORMAL')"
)
@RequestMapping
(
value
=
"/normal/test"
,
method
=
RequestMethod
.
GET
)
public
String
test1
()
{
return
"ROLE_NORMAL /normal/test接口调用成功!"
;
}
// 测试管理员权限
@PreAuthorize
(
"hasAuthority('ROLE_ADMIN')"
)
@RequestMapping
(
value
=
"/admin/test"
,
method
=
RequestMethod
.
GET
)
public
String
test2
()
{
return
"ROLE_ADMIN /admin/test接口调用成功!"
;
}
}
springbt_security_jwt/src/main/java/cn/codesheep/springbt_security_jwt/filter/JwtTokenFilter.java
0 → 100644
浏览文件 @
ee5cda00
package
cn.codesheep.springbt_security_jwt.filter
;
import
cn.codesheep.springbt_security_jwt.comm.Const
;
import
cn.codesheep.springbt_security_jwt.util.JwtTokenUtil
;
import
org.springframework.beans.factory.annotation.Autowired
;
import
org.springframework.beans.factory.annotation.Value
;
import
org.springframework.security.authentication.UsernamePasswordAuthenticationToken
;
import
org.springframework.security.core.context.SecurityContextHolder
;
import
org.springframework.security.core.userdetails.UserDetails
;
import
org.springframework.security.core.userdetails.UserDetailsService
;
import
org.springframework.security.web.authentication.WebAuthenticationDetailsSource
;
import
org.springframework.stereotype.Component
;
import
org.springframework.web.filter.OncePerRequestFilter
;
import
javax.servlet.FilterChain
;
import
javax.servlet.ServletException
;
import
javax.servlet.http.HttpServletRequest
;
import
javax.servlet.http.HttpServletResponse
;
import
java.io.IOException
;
/**
* @www.codesheep.cn
* 20190312
*/
@Component
public
class
JwtTokenFilter
extends
OncePerRequestFilter
{
@Autowired
private
UserDetailsService
userDetailsService
;
@Autowired
private
JwtTokenUtil
jwtTokenUtil
;
@Override
protected
void
doFilterInternal
(
HttpServletRequest
request
,
HttpServletResponse
response
,
FilterChain
chain
)
throws
ServletException
,
IOException
{
String
authHeader
=
request
.
getHeader
(
Const
.
HEADER_STRING
);
if
(
authHeader
!=
null
&&
authHeader
.
startsWith
(
Const
.
TOKEN_PREFIX
))
{
final
String
authToken
=
authHeader
.
substring
(
Const
.
TOKEN_PREFIX
.
length
()
);
String
username
=
jwtTokenUtil
.
getUsernameFromToken
(
authToken
);
if
(
username
!=
null
&&
SecurityContextHolder
.
getContext
().
getAuthentication
()
==
null
)
{
UserDetails
userDetails
=
this
.
userDetailsService
.
loadUserByUsername
(
username
);
if
(
jwtTokenUtil
.
validateToken
(
authToken
,
userDetails
))
{
UsernamePasswordAuthenticationToken
authentication
=
new
UsernamePasswordAuthenticationToken
(
userDetails
,
null
,
userDetails
.
getAuthorities
());
authentication
.
setDetails
(
new
WebAuthenticationDetailsSource
().
buildDetails
(
request
));
SecurityContextHolder
.
getContext
().
setAuthentication
(
authentication
);
}
}
}
chain
.
doFilter
(
request
,
response
);
}
}
springbt_security_jwt/src/main/java/cn/codesheep/springbt_security_jwt/model/entity/Role.java
0 → 100644
浏览文件 @
ee5cda00
package
cn.codesheep.springbt_security_jwt.model.entity
;
import
javax.persistence.Entity
;
import
javax.persistence.GeneratedValue
;
import
javax.persistence.Id
;
/**
* @www.codesheep.cn
* 20190312
*/
@Entity
public
class
Role
{
@Id
@GeneratedValue
private
Long
id
;
private
String
name
;
public
Long
getId
()
{
return
id
;
}
public
void
setId
(
Long
id
)
{
this
.
id
=
id
;
}
public
String
getName
()
{
return
name
;
}
public
void
setName
(
String
name
)
{
this
.
name
=
name
;
}
}
springbt_security_jwt/src/main/java/cn/codesheep/springbt_security_jwt/model/entity/User.java
0 → 100644
浏览文件 @
ee5cda00
package
cn.codesheep.springbt_security_jwt.model.entity
;
import
org.springframework.security.core.GrantedAuthority
;
import
org.springframework.security.core.authority.SimpleGrantedAuthority
;
import
org.springframework.security.core.userdetails.UserDetails
;
import
javax.persistence.*
;
import
java.util.ArrayList
;
import
java.util.Collection
;
import
java.util.List
;
/**
* @www.codesheep.cn
* 20190312
*/
@Entity
public
class
User
implements
UserDetails
{
@Id
@GeneratedValue
private
Long
id
;
private
String
username
;
private
String
password
;
@ManyToMany
(
cascade
=
{
CascadeType
.
REFRESH
},
fetch
=
FetchType
.
EAGER
)
private
List
<
Role
>
roles
;
public
Long
getId
()
{
return
id
;
}
public
void
setId
(
Long
id
)
{
this
.
id
=
id
;
}
public
void
setUsername
(
String
username
)
{
this
.
username
=
username
;
}
public
void
setPassword
(
String
password
)
{
this
.
password
=
password
;
}
public
List
<
Role
>
getRoles
()
{
return
roles
;
}
public
void
setRoles
(
List
<
Role
>
roles
)
{
this
.
roles
=
roles
;
}
// 下面为实现UserDetails而需要的重写方法!
@Override
public
boolean
isAccountNonExpired
()
{
return
true
;
}
@Override
public
boolean
isAccountNonLocked
()
{
return
true
;
}
@Override
public
boolean
isCredentialsNonExpired
()
{
return
true
;
}
@Override
public
boolean
isEnabled
()
{
return
true
;
}
@Override
public
Collection
<?
extends
GrantedAuthority
>
getAuthorities
()
{
List
<
GrantedAuthority
>
authorities
=
new
ArrayList
<>();
for
(
Role
role
:
roles
)
{
authorities
.
add
(
new
SimpleGrantedAuthority
(
role
.
getName
()
)
);
}
return
authorities
;
}
@Override
public
String
getUsername
()
{
return
username
;
}
@Override
public
String
getPassword
()
{
return
password
;
}
}
springbt_security_jwt/src/main/java/cn/codesheep/springbt_security_jwt/repository/UserRepository.java
0 → 100644
浏览文件 @
ee5cda00
package
cn.codesheep.springbt_security_jwt.repository
;
import
cn.codesheep.springbt_security_jwt.model.entity.User
;
import
org.springframework.data.jpa.repository.JpaRepository
;
/**
* @www.codesheep.cn
* 20190312
*/
public
interface
UserRepository
extends
JpaRepository
<
User
,
Long
>
{
User
findByUsername
(
String
username
);
}
springbt_security_jwt/src/main/java/cn/codesheep/springbt_security_jwt/service/AuthService.java
0 → 100644
浏览文件 @
ee5cda00
package
cn.codesheep.springbt_security_jwt.service
;
import
cn.codesheep.springbt_security_jwt.model.entity.User
;
/**
* @www.codesheep.cn
* 20190312
*/
public
interface
AuthService
{
User
register
(
User
userToAdd
);
String
login
(
String
username
,
String
password
);
}
springbt_security_jwt/src/main/java/cn/codesheep/springbt_security_jwt/service/UserService.java
0 → 100644
浏览文件 @
ee5cda00
package
cn.codesheep.springbt_security_jwt.service
;
import
cn.codesheep.springbt_security_jwt.model.entity.Role
;
import
cn.codesheep.springbt_security_jwt.model.entity.User
;
import
cn.codesheep.springbt_security_jwt.repository.UserRepository
;
import
org.springframework.beans.factory.annotation.Autowired
;
import
org.springframework.security.core.userdetails.UserDetails
;
import
org.springframework.security.core.userdetails.UserDetailsService
;
import
org.springframework.security.core.userdetails.UsernameNotFoundException
;
import
org.springframework.stereotype.Service
;
/**
* @www.codesheep.cn
* 20190312
*/
@Service
public
class
UserService
implements
UserDetailsService
{
@Autowired
UserRepository
userRepository
;
@Override
public
UserDetails
loadUserByUsername
(
String
s
)
throws
UsernameNotFoundException
{
User
user
=
userRepository
.
findByUsername
(
s
);
if
(
user
==
null
)
{
throw
new
UsernameNotFoundException
(
"用户不存在"
);
}
return
user
;
}
}
springbt_security_jwt/src/main/java/cn/codesheep/springbt_security_jwt/service/impl/AuthServiceImpl.java
0 → 100644
浏览文件 @
ee5cda00
package
cn.codesheep.springbt_security_jwt.service.impl
;
import
cn.codesheep.springbt_security_jwt.comm.Const
;
import
cn.codesheep.springbt_security_jwt.model.entity.User
;
import
cn.codesheep.springbt_security_jwt.repository.UserRepository
;
import
cn.codesheep.springbt_security_jwt.service.AuthService
;
import
cn.codesheep.springbt_security_jwt.util.JwtTokenUtil
;
import
org.springframework.beans.factory.annotation.Autowired
;
import
org.springframework.security.authentication.AuthenticationManager
;
import
org.springframework.security.authentication.UsernamePasswordAuthenticationToken
;
import
org.springframework.security.core.Authentication
;
import
org.springframework.security.core.context.SecurityContextHolder
;
import
org.springframework.security.core.userdetails.UserDetails
;
import
org.springframework.security.core.userdetails.UserDetailsService
;
import
org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder
;
import
org.springframework.stereotype.Service
;
/**
* @www.codesheep.cn
* 20190312
*/
@Service
public
class
AuthServiceImpl
implements
AuthService
{
@Autowired
private
AuthenticationManager
authenticationManager
;
@Autowired
private
UserDetailsService
userDetailsService
;
@Autowired
private
JwtTokenUtil
jwtTokenUtil
;
@Autowired
private
UserRepository
userRepository
;
// 登录
@Override
public
String
login
(
String
username
,
String
password
)
{
UsernamePasswordAuthenticationToken
upToken
=
new
UsernamePasswordAuthenticationToken
(
username
,
password
);
final
Authentication
authentication
=
authenticationManager
.
authenticate
(
upToken
);
SecurityContextHolder
.
getContext
().
setAuthentication
(
authentication
);
final
UserDetails
userDetails
=
userDetailsService
.
loadUserByUsername
(
username
);
final
String
token
=
jwtTokenUtil
.
generateToken
(
userDetails
);
return
token
;
}
// 注册
@Override
public
User
register
(
User
userToAdd
)
{
final
String
username
=
userToAdd
.
getUsername
();
if
(
userRepository
.
findByUsername
(
username
)!=
null
)
{
return
null
;
}
BCryptPasswordEncoder
encoder
=
new
BCryptPasswordEncoder
();
final
String
rawPassword
=
userToAdd
.
getPassword
();
userToAdd
.
setPassword
(
encoder
.
encode
(
rawPassword
)
);
return
userRepository
.
save
(
userToAdd
);
}
}
springbt_security_jwt/src/main/java/cn/codesheep/springbt_security_jwt/util/JwtTokenUtil.java
0 → 100644
浏览文件 @
ee5cda00
package
cn.codesheep.springbt_security_jwt.util
;
import
cn.codesheep.springbt_security_jwt.comm.Const
;
import
cn.codesheep.springbt_security_jwt.model.entity.User
;
import
io.jsonwebtoken.Claims
;
import
io.jsonwebtoken.Jwts
;
import
io.jsonwebtoken.SignatureAlgorithm
;
import
org.springframework.security.core.userdetails.UserDetails
;
import
org.springframework.stereotype.Component
;
import
java.io.Serializable
;
import
java.util.Date
;
import
java.util.HashMap
;
import
java.util.Map
;
/**
* JWT 工具类
* @www.codesheep.cn
* 20190312
*/
@Component
public
class
JwtTokenUtil
implements
Serializable
{
private
static
final
long
serialVersionUID
=
-
5625635588908941275L
;
private
static
final
String
CLAIM_KEY_USERNAME
=
"sub"
;
private
static
final
String
CLAIM_KEY_CREATED
=
"created"
;
public
String
getUsernameFromToken
(
String
token
)
{
String
username
;
try
{
final
Claims
claims
=
getClaimsFromToken
(
token
);
username
=
claims
.
getSubject
();
}
catch
(
Exception
e
)
{
username
=
null
;
}
return
username
;
}
public
Date
getCreatedDateFromToken
(
String
token
)
{
Date
created
;
try
{
final
Claims
claims
=
getClaimsFromToken
(
token
);
created
=
new
Date
((
Long
)
claims
.
get
(
CLAIM_KEY_CREATED
));
}
catch
(
Exception
e
)
{
created
=
null
;
}
return
created
;
}
public
Date
getExpirationDateFromToken
(
String
token
)
{
Date
expiration
;
try
{
final
Claims
claims
=
getClaimsFromToken
(
token
);
expiration
=
claims
.
getExpiration
();
}
catch
(
Exception
e
)
{
expiration
=
null
;
}
return
expiration
;
}
private
Claims
getClaimsFromToken
(
String
token
)
{
Claims
claims
;
try
{
claims
=
Jwts
.
parser
()
.
setSigningKey
(
Const
.
SECRET
)
.
parseClaimsJws
(
token
)
.
getBody
();
}
catch
(
Exception
e
)
{
claims
=
null
;
}
return
claims
;
}
private
Date
generateExpirationDate
()
{
return
new
Date
(
System
.
currentTimeMillis
()
+
Const
.
EXPIRATION_TIME
*
1000
);
}
private
Boolean
isTokenExpired
(
String
token
)
{
final
Date
expiration
=
getExpirationDateFromToken
(
token
);
return
expiration
.
before
(
new
Date
());
}
private
Boolean
isCreatedBeforeLastPasswordReset
(
Date
created
,
Date
lastPasswordReset
)
{
return
(
lastPasswordReset
!=
null
&&
created
.
before
(
lastPasswordReset
));
}
public
String
generateToken
(
UserDetails
userDetails
)
{
Map
<
String
,
Object
>
claims
=
new
HashMap
<>();
claims
.
put
(
CLAIM_KEY_USERNAME
,
userDetails
.
getUsername
());
claims
.
put
(
CLAIM_KEY_CREATED
,
new
Date
());
return
generateToken
(
claims
);
}
String
generateToken
(
Map
<
String
,
Object
>
claims
)
{
return
Jwts
.
builder
()
.
setClaims
(
claims
)
.
setExpiration
(
generateExpirationDate
())
.
signWith
(
SignatureAlgorithm
.
HS512
,
Const
.
SECRET
)
.
compact
();
}
public
Boolean
canTokenBeRefreshed
(
String
token
)
{
return
!
isTokenExpired
(
token
);
}
public
String
refreshToken
(
String
token
)
{
String
refreshedToken
;
try
{
final
Claims
claims
=
getClaimsFromToken
(
token
);
claims
.
put
(
CLAIM_KEY_CREATED
,
new
Date
());
refreshedToken
=
generateToken
(
claims
);
}
catch
(
Exception
e
)
{
refreshedToken
=
null
;
}
return
refreshedToken
;
}
public
Boolean
validateToken
(
String
token
,
UserDetails
userDetails
)
{
User
user
=
(
User
)
userDetails
;
final
String
username
=
getUsernameFromToken
(
token
);
return
(
username
.
equals
(
user
.
getUsername
())
&&
!
isTokenExpired
(
token
)
);
}
}
springbt_security_jwt/src/main/resources/application.properties
0 → 100644
浏览文件 @
ee5cda00
server.port
=
9991
spring.datasource.driver-class-name
=
com.mysql.jdbc.Driver
spring.datasource.url
=
jdbc:mysql://121.196.XXX.XXX:3306/spring_security_jwt?useUnicode=true&characterEncoding=utf-8
spring.datasource.username
=
root
spring.datasource.password
=
XXXXXX
logging.level.org.springframework.security
=
info
spring.jpa.hibernate.ddl-auto
=
update
spring.jpa.show-sql
=
true
spring.jackson.serialization.indent_output
=
true
springbt_security_jwt/src/test/java/cn/codesheep/springbt_security_jwt/SpringbtSecurityJwtApplicationTests.java
0 → 100644
浏览文件 @
ee5cda00
package
cn.codesheep.springbt_security_jwt
;
import
org.junit.Test
;
import
org.junit.runner.RunWith
;
import
org.springframework.boot.test.context.SpringBootTest
;
import
org.springframework.test.context.junit4.SpringRunner
;
@RunWith
(
SpringRunner
.
class
)
@SpringBootTest
public
class
SpringbtSecurityJwtApplicationTests
{
@Test
public
void
contextLoads
()
{
}
}
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录