快捷導(dǎo)航

SpringBoot JWT接口驗證實現(xiàn)流程詳細介紹

更新時間：2022年09月15日 09:42:07 作者：杼蛘

這篇文章主要介紹了SpringBoot+JWT實現(xiàn)接口驗證，文中通過示例代碼介紹的非常詳細，對大家的學(xué)習(xí)或者工作具有一定的參考學(xué)習(xí)價值，需要的朋友們下面隨著小編來一起學(xué)習(xí)吧

添加pom.xml

新建Spring Boot（2.7.2）項目，添加如下依賴：

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>
    <parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
        <version>2.7.2</version>
        <relativePath/> <!-- lookup parent from repository -->
    </parent>
    <groupId>com.eaiw</groupId>
    <artifactId>springboot_jwt_verify</artifactId>
    <version>0.0.1-SNAPSHOT</version>
    <name>springboot_jwt_verify</name>
    <description>springboot_jwt_verify</description>
    <properties>
        <java.version>17</java.version>
        <mysql.version>5.1.40</mysql.version>
    </properties>
    <dependencies>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>
        <dependency>
            <groupId>org.projectlombok</groupId>
            <artifactId>lombok</artifactId>
            <optional>true</optional>
        </dependency>
        <!-- 引入jwt-->
        <dependency>
            <groupId>com.auth0</groupId>
            <artifactId>java-jwt</artifactId>
            <version>3.8.2</version>
        </dependency>
        <!--MySQL驅(qū)動-->
        <dependency>
            <groupId>mysql</groupId>
            <artifactId>mysql-connector-java</artifactId>
            <scope>runtime</scope>
        </dependency>
        <!--mybatis-plus啟動器-->
        <dependency>
            <groupId>com.baomidou</groupId>
            <artifactId>mybatis-plus-boot-starter</artifactId>
            <version>3.5.1</version>
        </dependency>
        <!--redis緩存-->
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-data-redis</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
            <scope>test</scope>
        </dependency>
    </dependencies>
    <build>
        <plugins>
            <plugin>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-maven-plugin</artifactId>
                <configuration>
                    <excludes>
                        <exclude>
                            <groupId>org.projectlombok</groupId>
                            <artifactId>lombok</artifactId>
                        </exclude>
                    </excludes>
                </configuration>
            </plugin>
        </plugins>
    </build>
</project>

修改配置文件

spring:
# 配置數(shù)據(jù)源信息
datasource:
# 配置數(shù)據(jù)源類型
type: com.zaxxer.hikari.HikariDataSource
# 配置連接數(shù)據(jù)庫的各個信息
driver-class-name: com.mysql.jdbc.Driver
url: jdbc:mysql://localhost:3306/test?characterEncoding=utf-8&useSSL=false
username: root
password: 123456

創(chuàng)建簡單的測試接口

package com.aiw.springboot_jwt_verify.controller;
import com.aiw.springboot_jwt_verify.entity.User;
import com.aiw.springboot_jwt_verify.response.R;
import com.aiw.springboot_jwt_verify.service.UserService;
import com.aiw.springboot_jwt_verify.utils.JwtUtil;
import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
@RestController
@RequestMapping("/user")
public class UserController {
    @Autowired
    private UserService userService;
    /**
     * 登錄，此處只做簡單測試
     *
     * @param user
     * @return
     */
    @RequestMapping(value = "/login", method = RequestMethod.POST)
    public R<Map> login(@RequestBody User user) {
        // 進行數(shù)據(jù)庫查詢
        LambdaQueryWrapper<User> wrapper = new LambdaQueryWrapper<>();
        wrapper.eq(User::getName, user.getName()).eq(User::getPwd, user.getPwd());
        User one = userService.getOne(wrapper);
        if (Objects.nonNull(one)) {
            // 登錄成功，根據(jù)用戶id生成token并返回登錄成功結(jié)果
            Map<String, Object> map = new HashMap<>();
            map.put("user", one);
            map.put("token", JwtUtil.sign(one.getId()));
            return R.success("登錄成功", map);
        }
        return R.fail("登錄失敗");
    }
    /**
     * 此處做測試，看用戶在未登錄時，能否訪問到此接口
     *
     * @return
     */
    @RequestMapping(value = "/list", method = RequestMethod.GET)
    public R<List<User>> index() {
        return R.success("訪問成功", userService.list());
    }
}

使用攔截器實現(xiàn)

創(chuàng)建JwtInterceptor.java類，實現(xiàn)HandlerInterceptor接口

package com.aiw.springboot_jwt_verify.interceptor;
import com.aiw.springboot_jwt_verify.response.R;
import com.aiw.springboot_jwt_verify.utils.JwtUtil;
import com.fasterxml.jackson.databind.ObjectMapper;
import lombok.extern.slf4j.Slf4j;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.HandlerInterceptor;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.util.Objects;
@Slf4j
public class JwtInterceptor implements HandlerInterceptor {
    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        // 從 http 請求頭中取出 token
        String token = request.getHeader("token");
        // 如果不是映射到方法直接通過
        if (!(handler instanceof HandlerMethod)) {
            return true;
        }
        if (Objects.nonNull(token) && JwtUtil.verify(token)) {
            return true;
        }
        response.setContentType("application/json; charset=utf-8");
        response.getWriter().write(new ObjectMapper().writeValueAsString(R.error("未通過身份認證")));
        return false;
    }
}

注冊攔截器，新建配置類WebConfig.java，實現(xiàn)WebMvcConfigurer接口

package com.aiw.springboot_jwt_verify.config;
import com.aiw.springboot_jwt_verify.interceptor.JwtInterceptor;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
@Configuration
public class WebConfig implements WebMvcConfigurer {
    @Override
    public void addInterceptors(InterceptorRegistry registry) {
        registry.addInterceptor(new JwtInterceptor())
                .addPathPatterns("/**")
                // 排除的請求路徑
                .excludePathPatterns("/user/login");
    }
}

啟動項目，使用ApiPost進行接口測試。首先在未登錄狀態(tài)下，訪問/user/list接口