From cd1dd9190afae2dd865f4eccb63e1572d720199c Mon Sep 17 00:00:00 2001 From: zhh Date: Fri, 20 Apr 2018 17:49:25 +0800 Subject: [PATCH] =?UTF-8?q?=E6=B7=BB=E5=8A=A0jwt=E6=94=AF=E6=8C=81?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 1 + mall-admin/pom.xml | 14 ++- .../JwtAuthenticationTokenFilter.java | 58 +++++++++ .../macro/mall/component/WebLogAspect.java | 7 +- .../com/macro/mall/config/SecurityConfig.java | 64 +++++----- .../java/com/macro/mall/dto/CommonResult.java | 4 +- .../util/{JsonUtils.java => JsonUtil.java} | 2 +- .../com/macro/mall/util/JwtTokenUtil.java | 114 ++++++++++++++++++ .../src/main/resources/application.properties | 23 +++- 9 files changed, 246 insertions(+), 41 deletions(-) create mode 100644 mall-admin/src/main/java/com/macro/mall/component/JwtAuthenticationTokenFilter.java rename mall-admin/src/main/java/com/macro/mall/util/{JsonUtils.java => JsonUtil.java} (98%) create mode 100644 mall-admin/src/main/java/com/macro/mall/util/JwtTokenUtil.java diff --git a/README.md b/README.md index 383a252..f62b93b 100644 --- a/README.md +++ b/README.md @@ -32,6 +32,7 @@ SpringAOP通用日志处理 | ✔ SpringAOP通用验证失败结果返回 | ✔ CommonResult对通用返回结果进行封装 | ✔ SpringSecurity登录改为Restful形式 | +JWT登录、注册、获取token | ### 功能完善 diff --git a/mall-admin/pom.xml b/mall-admin/pom.xml index 712f97a..1ec5454 100644 --- a/mall-admin/pom.xml +++ b/mall-admin/pom.xml @@ -55,6 +55,13 @@ org.springframework.boot spring-boot-starter-aop + + + com.github.pagehelper + pagehelper-spring-boot-starter + 1.2.3 + + io.springfox springfox-swagger2 @@ -65,10 +72,11 @@ springfox-swagger-ui 2.6.1 + - com.github.pagehelper - pagehelper-spring-boot-starter - 1.2.3 + io.jsonwebtoken + jjwt + 0.9.0 diff --git a/mall-admin/src/main/java/com/macro/mall/component/JwtAuthenticationTokenFilter.java b/mall-admin/src/main/java/com/macro/mall/component/JwtAuthenticationTokenFilter.java new file mode 100644 index 0000000..ac36fcf --- /dev/null +++ b/mall-admin/src/main/java/com/macro/mall/component/JwtAuthenticationTokenFilter.java @@ -0,0 +1,58 @@ +package com.macro.mall.component; + +import com.macro.mall.util.JwtTokenUtil; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.annotation.Value; +import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; +import org.springframework.security.core.context.SecurityContextHolder; +import org.springframework.security.core.userdetails.UserDetails; +import org.springframework.security.core.userdetails.UserDetailsService; +import org.springframework.security.web.authentication.WebAuthenticationDetailsSource; +import org.springframework.stereotype.Component; +import org.springframework.web.filter.OncePerRequestFilter; + +import javax.servlet.FilterChain; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; + +/** + * JWT登录授权过滤器 + */ +@Component +public class JwtAuthenticationTokenFilter extends OncePerRequestFilter { + private static final Logger LOGGER = LoggerFactory.getLogger(JwtAuthenticationTokenFilter.class); + @Autowired + private UserDetailsService userDetailsService; + @Autowired + private JwtTokenUtil jwtTokenUtil; + @Value("${jwt.tokenHeader}") + private String tokenHeader; + @Value("${jwt.tokenHead}") + private String tokenHead; + + @Override + protected void doFilterInternal(HttpServletRequest request, + HttpServletResponse response, + FilterChain chain) throws ServletException, IOException { + String authHeader = request.getHeader(this.tokenHeader); + if (authHeader != null && authHeader.startsWith(this.tokenHead)) { + String authToken = authHeader.substring(this.tokenHead.length());// The part after "Bearer " + String username = jwtTokenUtil.getUserNameFromToken(authToken); + LOGGER.info("checking username:{}", username); + if (username != null && SecurityContextHolder.getContext().getAuthentication() == null) { + UserDetails userDetails = this.userDetailsService.loadUserByUsername(username); + if (jwtTokenUtil.validateToken(authToken, userDetails)) { + UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities()); + authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(request)); + LOGGER.info("authenticated user:{}", username); + SecurityContextHolder.getContext().setAuthentication(authentication); + } + } + } + chain.doFilter(request, response); + } +} diff --git a/mall-admin/src/main/java/com/macro/mall/component/WebLogAspect.java b/mall-admin/src/main/java/com/macro/mall/component/WebLogAspect.java index 71d8810..1085e1f 100644 --- a/mall-admin/src/main/java/com/macro/mall/component/WebLogAspect.java +++ b/mall-admin/src/main/java/com/macro/mall/component/WebLogAspect.java @@ -1,7 +1,7 @@ package com.macro.mall.component; import com.macro.mall.bo.WebLog; -import com.macro.mall.util.JsonUtils; +import com.macro.mall.util.JsonUtil; import com.macro.mall.util.RequestUtil; import io.swagger.annotations.ApiOperation; import org.aspectj.lang.JoinPoint; @@ -13,16 +13,13 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.core.annotation.Order; import org.springframework.stereotype.Component; -import org.springframework.util.ObjectUtils; import org.springframework.util.StringUtils; -import org.springframework.validation.BindingResult; import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.context.request.RequestContextHolder; import org.springframework.web.context.request.ServletRequestAttributes; import javax.servlet.http.HttpServletRequest; -import java.lang.annotation.Annotation; import java.lang.reflect.Method; import java.lang.reflect.Parameter; import java.util.*; @@ -75,7 +72,7 @@ public class WebLogAspect { webLog.setStartTime(startTime.get()); webLog.setUri(request.getRequestURI()); webLog.setUrl(request.getRequestURL().toString()); - LOGGER.info("{}", JsonUtils.objectToJson(webLog)); + LOGGER.info("{}", JsonUtil.objectToJson(webLog)); return result; } diff --git a/mall-admin/src/main/java/com/macro/mall/config/SecurityConfig.java b/mall-admin/src/main/java/com/macro/mall/config/SecurityConfig.java index faa50bb..4583f84 100644 --- a/mall-admin/src/main/java/com/macro/mall/config/SecurityConfig.java +++ b/mall-admin/src/main/java/com/macro/mall/config/SecurityConfig.java @@ -1,19 +1,23 @@ package com.macro.mall.config; import com.macro.mall.bo.AdminUserDetails; +import com.macro.mall.component.JwtAuthenticationTokenFilter; import com.macro.mall.model.UmsAdmin; import com.macro.mall.service.UmsAdminService; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; +import org.springframework.http.HttpMethod; import org.springframework.security.authentication.encoding.Md5PasswordEncoder; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UsernameNotFoundException; +import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; /** @@ -26,37 +30,38 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter { private UmsAdminService adminService; @Override - protected void configure(HttpSecurity http) throws Exception { - http.authorizeRequests()//配置权限 -// .antMatchers("/").access("hasRole('TEST')")//该路径需要TEST角色 - .antMatchers("/").authenticated()//该路径需要登录认证 -// .antMatchers("/brand/getList").hasAuthority("TEST")//该路径需要TEST权限 - .antMatchers("/**").permitAll() - .and()//启用基于http的认证 - .httpBasic() - .realmName("/") - .and()//配置登录页面 - .formLogin() - .loginPage("/login") - .failureUrl("/login?error=true") - .and()//配置退出路径 - .logout() - .logoutSuccessUrl("/") -// .and()//记住密码功能 -// .rememberMe() -// .tokenValiditySeconds(60*60*24) -// .key("rememberMeKey") - .and()//关闭跨域伪造 - .csrf() - .disable() - .headers()//去除X-Frame-Options - .frameOptions() - .disable(); + protected void configure(HttpSecurity httpSecurity) throws Exception { + httpSecurity.csrf()// 由于使用的是JWT,我们这里不需要csrf + .disable() + .sessionManagement()// 基于token,所以不需要session + .sessionCreationPolicy(SessionCreationPolicy.STATELESS) + .and() + .authorizeRequests() + .antMatchers(HttpMethod.GET, // 允许对于网站静态资源的无授权访问 + "/", + "/*.html", + "/favicon.ico", + "/**/*.html", + "/**/*.css", + "/**/*.js", + "/swagger-resources/**", + "/v2/api-docs/**" + ) + .permitAll() + .antMatchers("/auth/**")// 对于获取token的rest api要允许匿名访问 + .permitAll() + .anyRequest()// 除上面外的所有请求全部需要鉴权认证 + .authenticated(); + // 禁用缓存 + httpSecurity.headers().cacheControl(); + // 添加JWT filter + httpSecurity.addFilterBefore(jwtAuthenticationTokenFilter(), UsernamePasswordAuthenticationFilter.class); } @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { - auth.userDetailsService(userDetailsService()).passwordEncoder(new Md5PasswordEncoder()); + auth.userDetailsService(userDetailsService()) + .passwordEncoder(new Md5PasswordEncoder()); } @Bean @@ -73,4 +78,9 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter { } }; } + + @Bean + public JwtAuthenticationTokenFilter jwtAuthenticationTokenFilter(){ + return new JwtAuthenticationTokenFilter(); + } } diff --git a/mall-admin/src/main/java/com/macro/mall/dto/CommonResult.java b/mall-admin/src/main/java/com/macro/mall/dto/CommonResult.java index d7955d3..277eeff 100644 --- a/mall-admin/src/main/java/com/macro/mall/dto/CommonResult.java +++ b/mall-admin/src/main/java/com/macro/mall/dto/CommonResult.java @@ -1,7 +1,7 @@ package com.macro.mall.dto; import com.github.pagehelper.PageInfo; -import com.macro.mall.util.JsonUtils; +import com.macro.mall.util.JsonUtil; import org.springframework.validation.BindingResult; import java.util.HashMap; @@ -79,7 +79,7 @@ public class CommonResult { @Override public String toString() { - return JsonUtils.objectToJson(this); + return JsonUtil.objectToJson(this); } public int getCode() { diff --git a/mall-admin/src/main/java/com/macro/mall/util/JsonUtils.java b/mall-admin/src/main/java/com/macro/mall/util/JsonUtil.java similarity index 98% rename from mall-admin/src/main/java/com/macro/mall/util/JsonUtils.java rename to mall-admin/src/main/java/com/macro/mall/util/JsonUtil.java index 8b7da2d..c75a786 100644 --- a/mall-admin/src/main/java/com/macro/mall/util/JsonUtils.java +++ b/mall-admin/src/main/java/com/macro/mall/util/JsonUtil.java @@ -9,7 +9,7 @@ import java.util.List; /** * 淘淘商城自定义响应结构 */ -public class JsonUtils { +public class JsonUtil { // 定义jackson对象 private static final ObjectMapper MAPPER = new ObjectMapper(); diff --git a/mall-admin/src/main/java/com/macro/mall/util/JwtTokenUtil.java b/mall-admin/src/main/java/com/macro/mall/util/JwtTokenUtil.java new file mode 100644 index 0000000..45f7640 --- /dev/null +++ b/mall-admin/src/main/java/com/macro/mall/util/JwtTokenUtil.java @@ -0,0 +1,114 @@ +package com.macro.mall.util; + +import io.jsonwebtoken.Claims; +import io.jsonwebtoken.Jwts; +import io.jsonwebtoken.SignatureAlgorithm; +import org.springframework.beans.factory.annotation.Value; +import org.springframework.security.core.userdetails.UserDetails; +import org.springframework.stereotype.Component; + +import java.util.Date; +import java.util.Map; + +/** + * JwtToken生成的工具类 + * JWT token的格式:header.payload.signature + * header的格式(算法、token的类型): + * {"alg": "HS512","typ": "JWT"} + * payload的格式(用户名、创建时间、生成时间): + * {"sub":"wang","created":1489079981393,"exp":1489684781} + * signature的生成算法: + * HMACSHA256(base64UrlEncode(header) + "." +base64UrlEncode(payload),secret) + */ +@Component +public class JwtTokenUtil { + private static final String CLAIM_KEY_USERNAME = "sub"; + private static final String CLAIM_KEY_CREATED = "created"; + @Value("${jwt.secret}") + private String secret; + @Value("${jwt.expiration}") + private Long expiration; + + /** + * 根据负责生成JWT的token + */ + String generateToken(Map claims) { + return Jwts.builder() + .setClaims(claims) + .setExpiration(generateExpirationDate()) + .signWith(SignatureAlgorithm.RS512, secret) + .compact(); + } + + /** + * 从token中获取JWT中的负载 + */ + Claims getClaimsFromToken(String token) { + Claims claims; + try { + claims = Jwts.parser() + .setSigningKey(secret) + .parseClaimsJws(token) + .getBody(); + } finally { + claims = null; + } + return claims; + } + + /** + * 生成token的过期时间 + */ + private Date generateExpirationDate() { + return new Date(System.currentTimeMillis() + expiration * 1000); + } + + /** + * 从token中获取登录用户名 + */ + public String getUserNameFromToken(String token) { + String username; + try { + Claims claims = getClaimsFromToken(token); + username = claims.getSubject(); + } catch (Exception e) { + e.printStackTrace(); + username = null; + } + return username; + } + + /** + * 验证token是否还有效 + * + * @param token 客户端传入的token + * @param userDetails 从数据库中查询出来的用户信息 + */ + public boolean validateToken(String token, UserDetails userDetails) { + String username = getUserNameFromToken(token); + return username.equals(userDetails.getUsername()) && !isTokenExpired(token); + } + + /** + * 判断token是否已经失效 + */ + private boolean isTokenExpired(String token) { + Date expiredDate = getExpiredDateFromToken(token); + return expiredDate.before(new Date()); + } + + /** + * 从token中获取过期时间 + */ + private Date getExpiredDateFromToken(String token) { + Date expiredDate = null; + try { + Claims claims = getClaimsFromToken(token); + expiredDate = claims.getExpiration(); + } catch (Exception e) { + e.printStackTrace(); + } + return expiredDate; + } + +} diff --git a/mall-admin/src/main/resources/application.properties b/mall-admin/src/main/resources/application.properties index ee5aaf9..98c866e 100644 --- a/mall-admin/src/main/resources/application.properties +++ b/mall-admin/src/main/resources/application.properties @@ -1,10 +1,14 @@ +#===datasource start=== spring.datasource.url=jdbc:mysql://localhost:3306/mall spring.datasource.username=root spring.datasource.password=root +#===datasource end=== -#mybatis +#===mybatis start=== mybatis.mapper-locations=classpath:mapper/*.xml,classpath*:com/**/mapper/*.xml +#===mybatis end=== +#===log start=== #־DEBUG,INFO,WARN,ERROR logging.level.root=info #־ @@ -13,10 +17,23 @@ logging.level.com.macro.mall=debug #logging.path=/var/logs #־ļ #logging.file=demo_log.log -#thymeleaf start +#===log end=== + +#===thymeleaf start=== spring.thymeleaf.mode=HTML5 spring.thymeleaf.encoding=UTF-8 spring.thymeleaf.content-type=text/html #ʱرջ,Ȼûʵʱҳ spring.thymeleaf.cache=false -#thymeleaf end \ No newline at end of file +#===thymeleaf end== + +#===JWT start=== +#JWT洢ͷ +jwt.tokenHeader=Authorization +#JWTӽʹõԿ +jwt.secret=mySecret +#JWTijʱ +jwt.expiration=604800 +#JWTõͷ +jwt.tokenHead="Bearer " +#===JWT end=== \ No newline at end of file