91视频在线18,亚洲色图观看成人

JWT是一種用于雙方之間傳遞安全信息的簡潔的、URL安全的表述性聲明規(guī)范。JWT作為一個開放的標準（RFC 7519），定義了一種簡潔的，自包含的方法用于通信雙方之間以Json對象的形式安全的傳遞信息。因為數(shù)字簽名的存在，這些信息是可信的，JWT可以使用HMAC算法或者是RSA的公私秘鑰對進行簽名。簡潔(Compact): 可以通過URL，POST參數(shù)或者在HTTP header發(fā)送，因為數(shù)據(jù)量小，傳輸速度也很快自包含(Self-contained)：負載中包含了所有用戶所需要的信息，避免了多次查詢數(shù)據(jù)庫

1.賬戶實體類

@Data
public class Account {
    public String username;
    public String password;
}

2.認證過濾器

public class JwtAuthenticationFilter extends OncePerRequestFilter {

    private static final PathMatcher PATH_MATCHER = new AntPathMatcher();

    @Override
    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {

        try {
            if(isProtectedUrl(request)) {
                request = JwtUtil.  validateTokenAndAddUserIdToHeader(request);
            }
        } catch (Exception e) {
            response.sendError(HttpServletResponse.SC_UNAUTHORIZED, e.getMessage());
            return;
        }
        filterChain.doFilter(request, response);
    }

    private boolean isProtectedUrl(HttpServletRequest request) {
        return PATH_MATCHER.match("/api/**", request.getServletPath());
    }

}

3.jwt生成與校驗

public class JwtUtil {
    private static final Logger logger = LoggerFactory.getLogger(JwtUtil.class);
    /**
     * 1000 hour
     */
    private static final long EXPIRATION_TIME = 3600_000_000L;
    private static final String SECRET = "ThisIsASecret";
    private static final String TOKEN_PREFIX = "Bearer ";
    private static final String HEADER_STRING = "Authorization";
    public static final String USER_NAME = "userName";

    /**
     * 生成token
     */
    public static String generateToken(String userName) {
        HashMap<String, Object> map = Maps.newHashMap();
        map.put(USER_NAME, userName);
        String jwt = Jwts.builder()
                .setClaims(map)
                .setExpiration(new Date(System.currentTimeMillis() + EXPIRATION_TIME))
                .signWith(SignatureAlgorithm.HS512, SECRET)
                .compact();
        //jwt前面一般都會加Bearer
        return TOKEN_PREFIX + jwt;
    }

    /**
     * 校驗、解析token
     */
    public static HttpServletRequest validateTokenAndAddUserIdToHeader(HttpServletRequest request) {
        String token = request.getHeader(HEADER_STRING);
        if (token != null) {
            try {
                Map<String, Object> body = Jwts.parser()
                        .setSigningKey(SECRET)
                        .parseClaimsJws(token.replace(TOKEN_PREFIX, ""))
                        .getBody();
                return new CustomHttpServletRequest(request, body);
            } catch (Exception e) {
                logger.info(e.getMessage());
                throw new TokenValidationException(e.getMessage());
            }
        } else {
            throw new TokenValidationException("Missing token");
        }
    }

    public static class CustomHttpServletRequest extends HttpServletRequestWrapper {
        private Map<String, String> claims;

        public CustomHttpServletRequest(HttpServletRequest request, Map<String, ?> claims) {
            super(request);
            this.claims = new HashMap<>();
            claims.forEach((k, v) -> this.claims.put(k, String.valueOf(v)));
        }

        @Override
        public Enumeration<String> getHeaders(String name) {
            if (claims != null && claims.containsKey(name)) {
                return Collections.enumeration(Arrays.asList(claims.get(name)));
            }
            return super.getHeaders(name);
        }

        public Map<String, String> getClaims() {
            return claims;
        }
    }

    static class TokenValidationException extends RuntimeException {
        public TokenValidationException(String msg) {
            super(msg);
        }
    }
}

4.測試controller

@RestController
@Slf4j
public class JwtController {

    //需要token的接口
    @GetMapping("/api/protected")
    public Object hellWorld(@RequestHeader(value = USER_NAME) String userName) {
        log.info("user -- {}", userName);
        return "Success - AccessToken is validated ...";
    }

    @GetMapping("/hello")
    public String hello() {
        return "hello world";
    }


    //登錄 成功后返回token
    @PostMapping("/login")
    public Object login(@RequestBody final Account account){

        if (!isValidPassword(account)) {
            return new ResponseEntity(HttpStatus.UNAUTHORIZED);
        }

        String jwt = JwtUtil.generateToken(account.username);
        return new HashMap<String,String>(){{
            put("token", jwt);
        }};
    }



    private boolean isValidPassword(Account credentials) {
        if ("admin".equals(credentials.username)
                && "admin".equals(credentials.password)) {
            return true;
        }
        return false;
    }

}

5.啟動類

@SpringBootApplication
@Slf4j
public class JwtApplication {

    public static void main(String[] args) {
        SpringApplication app = new SpringApplication(JwtApplication.class);
        app.setBannerMode(Banner.Mode.CONSOLE);
        app.run(args);
        log.info("PortalApplication is success!");
    }

    //注冊過濾器
    @Bean
    public FilterRegistrationBean jwtFilter() {
        final FilterRegistrationBean registrationBean = new FilterRegistrationBean();
        registrationBean.setFilter(new JwtAuthenticationFilter());
        return registrationBean;
    }

}

6.測試

生成token如下

{
    "token": "Bearer eyJhbGciOiJIUzUxMiJ9.eyJ1c2VyTmFtZSI6ImFkbWluIiwiZXhwIjoxNTMzMDY0NzExfQ.8TGWbR8RXJS743u6hINmxnqLwycPZTN3iNPtKyW74rEBnLS3V0r0we9vJThfTVoz7bHYUa_R-nGiOiBGtq8XDA"
}

請求頭里帶上token正常訪問：

色偷偷精品伊人,欧洲久久精品,欧美综合婷婷骚逼,国产AV主播,国产最新探花在线,九色在线视频一区,伊人大交九欧美,1769亚洲,黄色成人av

SpringBoot集成JWT

SpringBoot集成JWT

相關(guān)閱讀更多精彩內(nèi)容

友情鏈接更多精彩內(nèi)容

色偷偷精品伊人,欧洲久久精品,欧美综合婷婷骚逼,国产AV主播,国产最新探花在线,九色在线视频一区,伊人大交九 欧美,1769亚洲,黄色成人av

SpringBoot集成JWT

相關(guān)閱讀更多精彩內(nèi)容

友情鏈接更多精彩內(nèi)容

色偷偷精品伊人,欧洲久久精品,欧美综合婷婷骚逼,国产AV主播,国产最新探花在线,九色在线视频一区,伊人大交九欧美,1769亚洲,黄色成人av