SpringBoot整合token實(shí)現(xiàn)登錄認(rèn)證的示例代碼

更新時(shí)間：2022年07月07日 11:00:38 作者：小浪餓了嗎***

本文主要介紹了SpringBoot整合token實(shí)現(xiàn)登錄認(rèn)證的示例代碼，文中通過示例代碼介紹的非常詳細(xì)，對(duì)大家的學(xué)習(xí)或者工作具有一定的參考學(xué)習(xí)價(jià)值，需要的朋友們下面隨著小編來(lái)一起學(xué)習(xí)學(xué)習(xí)吧

1.pom.xml

<dependencies>
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-web</artifactId>
		</dependency>

		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-test</artifactId>
			<scope>test</scope>
		</dependency>
		
		<dependency>
		      <groupId>com.auth0</groupId>
		      <artifactId>java-jwt</artifactId>
		      <version>3.4.0</version>
		</dependency>
		
		 <dependency>
            <groupId>mysql</groupId>
            <artifactId>mysql-connector-java</artifactId>
            <scope>runtime</scope>
        </dependency>
        
        <dependency>
            <groupId>org.mybatis.spring.boot</groupId>
            <artifactId>mybatis-spring-boot-starter</artifactId>
            <version>1.3.2</version>
        </dependency>
        
		 <dependency>
            <groupId>com.alibaba</groupId>
            <artifactId>fastjson</artifactId>
            <version>1.2.47</version>
        </dependency>

		<dependency>
			<groupId>io.springfox</groupId>
			<artifactId>springfox-swagger2</artifactId>
			<version>2.8.0</version>
		</dependency>
		<dependency>
			<groupId>io.springfox</groupId>
			<artifactId>springfox-swagger-ui</artifactId>
			<version>2.8.0</version>
		</dependency>
        <dependency>
            <groupId>org.projectlombok</groupId>
            <artifactId>lombok</artifactId>
            <version>1.18.0</version>
        </dependency>

    </dependencies>

2.實(shí)體類

@Data
public class User {
	private String id;
    private String username;
    private String password;
}

3.Mapper接口

/**
 * @author qiaoyn
 * @date 2019/06/14
 */
@Mapper
public interface UserMapper {
	
    User findByUsername(String username);
    
    User findUserById(String id);
}

4.service層

@Service
public class UserService {
    @Autowired
    private UserMapper userMapper;
    public User findByUsername(User user){
        return userMapper.findByUsername(user.getUsername());
    }
    public User findUserById(String userId) {
        return userMapper.findUserById(userId);
    }
}

/***
 * token 下發(fā)
* @Title: TokenService.java 
* @author qiaoyn
* @date 2019/06/14
* @version V1.0
 */
@Service
public class TokenService {

	public String getToken(User user) {
		Date start = new Date();
		long currentTime = System.currentTimeMillis() + 60* 60 * 1000;//一小時(shí)有效時(shí)間
		Date end = new Date(currentTime);
		String token = "";
		
		token = JWT.create().withAudience(user.getId()).withIssuedAt(start).withExpiresAt(end)
				.sign(Algorithm.HMAC256(user.getPassword()));
		return token;
	}
}

5.Api層

@RestController
public class UserApi {
	@Autowired
	UserService userService;
	@Autowired
	TokenService tokenService;

	// 登錄
	@ApiOperation(value = "登陸", notes = "登陸")
	@RequestMapping(value = "/login" ,method = RequestMethod.GET)
	public Object login(User user, HttpServletResponse response) {
		JSONObject jsonObject = new JSONObject();
		User userForBase = new User();
		userForBase.setId(userService.findByUsername(user).getId());
		userForBase.setUsername(userService.findByUsername(user).getUsername());
		userForBase.setPassword(userService.findByUsername(user).getPassword());
		if (!userForBase.getPassword().equals(user.getPassword())) {
			jsonObject.put("message", "登錄失敗,密碼錯(cuò)誤");
			return jsonObject;
		} else {
			String token = tokenService.getToken(userForBase);
			jsonObject.put("token", token);

			Cookie cookie = new Cookie("token", token);
			cookie.setPath("/");
			response.addCookie(cookie);

			return jsonObject;

		}
	}
	/***
	 * 這個(gè)請(qǐng)求需要驗(yàn)證token才能訪問
	 * 
	 * @author: qiaoyn
	 * @date 2019/06/14
	 * @return String 返回類型
	 */
	@UserLoginToken
	@ApiOperation(value = "獲取信息", notes = "獲取信息")
	@RequestMapping(value = "/getMessage" ,method = RequestMethod.GET)
	public String getMessage() {

		// 取出token中帶的用戶id 進(jìn)行操作
		System.out.println(TokenUtil.getTokenUserId());

		return "您已通過驗(yàn)證";
	}
}

6.util

/* 
* @author qiaoyn
* @date 2019/06/14
* @version 1.0 
*/
public class TokenUtil {

	public static String getTokenUserId() {
		String token = getRequest().getHeader("token");// 從 http 請(qǐng)求頭中取出 token
		String userId = JWT.decode(token).getAudience().get(0);
		return userId;
	}

	/**
	 * 獲取request
	 * 
	 * @return
	 */
	public static HttpServletRequest getRequest() {
		ServletRequestAttributes requestAttributes = (ServletRequestAttributes) RequestContextHolder
				.getRequestAttributes();
		return requestAttributes == null ? null : requestAttributes.getRequest();
	}
}

7.Interceptor

/**
 * 攔截器
 * @author qiaoyn
 * @date 2019/06/14
 */
public class AuthenticationInterceptor implements HandlerInterceptor {
    @Autowired
    UserService userService;
    @Override
    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object object) throws Exception {
        String token = httpServletRequest.getHeader("token");// 從 http 請(qǐng)求頭中取出 token
        // 如果不是映射到方法直接通過
        if(!(object instanceof HandlerMethod)){
            return true;
        }
        HandlerMethod handlerMethod=(HandlerMethod)object;
        Method method=handlerMethod.getMethod();
        //檢查是否有passtoken注釋，有則跳過認(rèn)證
        if (method.isAnnotationPresent(PassToken.class)) {
            PassToken passToken = method.getAnnotation(PassToken.class);
            if (passToken.required()) {
                return true;
            }
        }
        //檢查有沒有需要用戶權(quán)限的注解
        if (method.isAnnotationPresent(UserLoginToken.class)) {
            UserLoginToken userLoginToken = method.getAnnotation(UserLoginToken.class);
            if (userLoginToken.required()) {
                // 執(zhí)行認(rèn)證
                if (token == null) {
                    throw new RuntimeException("無(wú)token，請(qǐng)重新登錄");
                }
                // 獲取 token 中的 user id
                String userId;
                try {
                    userId = JWT.decode(token).getAudience().get(0);
                } catch (JWTDecodeException j) {
                    throw new RuntimeException("401");
                }
                User user = userService.findUserById(userId);
                if (user == null) {
                    throw new RuntimeException("用戶不存在，請(qǐng)重新登錄");
                }
                // 驗(yàn)證 token
                JWTVerifier jwtVerifier = JWT.require(Algorithm.HMAC256(user.getPassword())).build();
                try {
                    jwtVerifier.verify(token);
                } catch (JWTVerificationException e) {
                    throw new RuntimeException("401");
                }
                return true;
            }
        }
        return true;
    }

    @Override
    public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, ModelAndView modelAndView) throws Exception {

    }
    @Override
    public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, Exception e) throws Exception {

    }
}

8.cofig

/***
 * 新建Token攔截器
* @Title: InterceptorConfig.java 
* @author qiaoyn
* @date 2019/06/14
* @version V1.0
 */
@Configuration
public class InterceptorConfig implements WebMvcConfigurer {
    @Override
    public void addInterceptors(InterceptorRegistry registry) {
        registry.addInterceptor(authenticationInterceptor())
                .addPathPatterns("/**");    // 攔截所有請(qǐng)求，通過判斷是否有 @LoginRequired 注解 決定是否需要登錄
    }
    @Bean
    public AuthenticationInterceptor authenticationInterceptor() {
        return new AuthenticationInterceptor();
    }
	@Override
	public void addArgumentResolvers(List<HandlerMethodArgumentResolver> arg0) {
		// TODO Auto-generated method stub
		
	}
	@Override
	public void addCorsMappings(CorsRegistry arg0) {
		// TODO Auto-generated method stub
		
	}
	@Override
	public void addFormatters(FormatterRegistry arg0) {
		// TODO Auto-generated method stub
		
	}
	@Override
	public void addResourceHandlers(ResourceHandlerRegistry arg0) {
		// TODO Auto-generated method stub
		
	}
	@Override
	public void addReturnValueHandlers(List<HandlerMethodReturnValueHandler> arg0) {
		// TODO Auto-generated method stub
		
	}
	@Override
	public void addViewControllers(ViewControllerRegistry arg0) {
		// TODO Auto-generated method stub
		
	}
	@Override
	public void configureAsyncSupport(AsyncSupportConfigurer arg0) {
		// TODO Auto-generated method stub
		
	}
	@Override
	public void configureContentNegotiation(ContentNegotiationConfigurer arg0) {
		// TODO Auto-generated method stub
		
	}
	@Override
	public void configureDefaultServletHandling(DefaultServletHandlerConfigurer arg0) {
		// TODO Auto-generated method stub
		
	}
	@Override
	public void configureHandlerExceptionResolvers(List<HandlerExceptionResolver> arg0) {
		// TODO Auto-generated method stub
		
	}
	@Override
	public void configureMessageConverters(List<HttpMessageConverter<?>> arg0) {
		// TODO Auto-generated method stub
		
	}
	@Override
	public void configurePathMatch(PathMatchConfigurer arg0) {
		// TODO Auto-generated method stub
		
	}
	@Override
	public void configureViewResolvers(ViewResolverRegistry arg0) {
		// TODO Auto-generated method stub
		
	}
	@Override
	public void extendHandlerExceptionResolvers(List<HandlerExceptionResolver> arg0) {
		// TODO Auto-generated method stub
		
	}
	@Override
	public void extendMessageConverters(List<HttpMessageConverter<?>> arg0) {
		// TODO Auto-generated method stub
		
	}
	@Override
	public MessageCodesResolver getMessageCodesResolver() {
		// TODO Auto-generated method stub
		return null;
	}
	@Override
	public Validator getValidator() {
		// TODO Auto-generated method stub
		return null;
	}
	
}

9.annotation

/***
 * 用來(lái)跳過驗(yàn)證的 PassToken
 * @author qiaoyn
 * @date 2019/06/14
 */
@Target({ElementType.METHOD, ElementType.TYPE})
@Retention(RetentionPolicy.RUNTIME)
public @interface PassToken {
    boolean required() default true;
}

/**
 * 用于登錄后才能操作的token
 * @author qiaoyn
 * @date 2019/06/14
 */
@Target({ElementType.METHOD, ElementType.TYPE})
@Retention(RetentionPolicy.RUNTIME)
public @interface UserLoginToken {
    boolean required() default true;
}

/*RetentionPolicy.RUNTIME:這種類型的Annotations將被JVM保留,
所以他們能在運(yùn)行時(shí)被JVM或其他使用反射機(jī)制的代碼所讀取和使用。*/

10.mapper.xml

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
<mapper namespace="com.example.demo.mapper.UserMapper">
    <select id="findByUsername" resultType="com.example.demo.entity.User">
      SELECT id,password
      FROM user
      WHERE
      username=#{username}
    </select>
    <select id="findUserById" resultType="com.example.demo.entity.User">
        SELECT username,password
        FROM user
        WHERE
        id=#{id}
    </select>

</mapper>

11.測(cè)試

在這里插入圖片描述

數(shù)據(jù)庫(kù)文件如下所示

在這里插入圖片描述

到此這篇關(guān)于SpringBoot整合token實(shí)現(xiàn)登錄認(rèn)證的示例代碼的文章就介紹到這了,更多相關(guān)SpringBoot token登錄認(rèn)證內(nèi)容請(qǐng)搜索腳本之家以前的文章或繼續(xù)瀏覽下面的相關(guān)文章希望大家以后多多支持腳本之家！

您可能感興趣的文章: