{"id":2009,"date":"2017-05-15T09:41:37","date_gmt":"2017-05-15T09:41:37","guid":{"rendered":"http:\/\/blog.zhukunqian.com\/?p=2009"},"modified":"2017-05-25T09:16:17","modified_gmt":"2017-05-25T09:16:17","slug":"json-web-token-jwt-%e7%9b%b8%e5%85%b3%e4%bb%8b%e7%bb%8d","status":"publish","type":"post","link":"https:\/\/blog.zhukunqian.com\/?p=2009","title":{"rendered":"Json web token (JWT) \u76f8\u5173\u4ecb\u7ecd"},"content":{"rendered":"

\u6700\u8fd1\u770b\u4e86vuejs\uff0c\u770b\u5230\u4e86vue-auth\u4e2d\u4e00\u4e2ajwt-auth\uff0c\u53d1\u73b0\u51e0\u5e74\u4e0d\u5173\u6ce8\uff0c\u524d\u7aef\u5b8c\u5168\u662f\u5168\u65b0\u7684\u9886\u57df\u4e86\u3002<\/p>\n

\u8fd9\u91cc\u5217\u4e0bjwt\u76f8\u5173\u7684\u8d44\u6e90\uff0c\u4f9b\u5feb\u901f\u4e86\u89e3jwt.<\/p>\n

https:\/\/jwt.io\/introduction\/<\/p>\n

https:\/\/github.com\/szerhusenBC\/jwt-spring-security-demo<\/p>\n

https:\/\/www.toptal.com\/java\/rest-security-with-jwt-spring-security-and-java<\/p>\n

spring boot security\u5982\u4f55\u96c6\u6210JWT.<\/p>\n

java\u76f8\u5173\u7684jwt\u5e93\u592a\u591a\u4e86\u3002<\/p>\n

apache\u6709oltu<\/p>\n

spring\u6709spring-security-jwt<\/p>\n

\u8fd8\u6709\u5176\u5b83\u4e00\u4e9b\u7b2c\u4e09\u65b9\u5f00\u6e90\u5e93<\/p>\n

1\u3001\u670d\u52a1\u5668\u7aef\u6dfb\u52a0 jwt \u652f\u6301\uff1a<\/p>\n

\u914d\u7f6espring security<\/p>\n

package com.elex.gm.spring;\r\n\r\nimport java.security.SecureRandom;\r\n\r\nimport org.springframework.beans.factory.annotation.Autowired;\r\nimport org.springframework.context.annotation.Bean;\r\nimport org.springframework.context.annotation.Configuration;\r\nimport org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;\r\nimport org.springframework.security.config.annotation.web.builders.HttpSecurity;\r\nimport org.springframework.security.config.annotation.web.builders.WebSecurity;\r\nimport org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;\r\nimport org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;\r\nimport org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;\r\nimport org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;\r\n\r\nimport com.elex.gm.service.UserManager;\r\nimport com.elex.gm.spring.jwt.JWTAuthenticationFilter;\r\nimport com.elex.gm.spring.jwt.JWTLoginFilter;\r\n\r\n@Configuration\r\n@EnableWebSecurity\r\npublic class SecurityConfig extends WebSecurityConfigurerAdapter {\r\n\r\n    @Bean\r\n    public BCryptPasswordEncoder passwordEncoder() throws Exception {\r\n        return passwordEncoder;\r\n    }\r\n\r\n    public void configure(WebSecurity web) throws Exception {\r\n        web.ignoring().antMatchers("\/static\/**").antMatchers("\/hello\/**").antMatchers("\/api\/open\/**");\r\n    };\r\n\r\n    @Override\r\n    protected void configure(HttpSecurity http) throws Exception {\r\n        http\r\n\r\n                .authorizeRequests()\r\n\r\n                .antMatchers("\/api\/gm\/**").hasAnyRole("ADMIN", "USER")\r\n\r\n                .antMatchers("\/api\/user\/**").hasAnyRole("USER")\r\n\r\n                .and()\r\n\r\n                .formLogin()\r\n\r\n                .loginProcessingUrl("\/api\/user\/login")\r\n\r\n                .permitAll()\r\n\r\n                .and()\r\n\r\n                .logout()\r\n\r\n                \/\/ .logoutUrl("\/api\/open\/logout")\r\n\r\n                .and()\r\n\r\n                .httpBasic()\r\n\r\n                .and()\r\n\r\n                .addFilterBefore(new JWTLoginFilter("\/api\/user\/login", authenticationManager()),\r\n                        UsernamePasswordAuthenticationFilter.class)\r\n\r\n                .addFilterBefore(new JWTAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);\r\n\r\n        http.csrf().disable();\r\n        http.headers().frameOptions().disable();\r\n    }\r\n\r\n    @Override\r\n    protected void configure(AuthenticationManagerBuilder auth) throws Exception {\r\n        auth.userDetailsService(userManager).passwordEncoder(passwordEncoder);\r\n    }\r\n\r\n    @Autowired\r\n    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {\r\n    }\r\n\r\n    @Autowired\r\n    private UserManager userManager;\r\n\r\n    private BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder(16,\r\n            new SecureRandom("j^E1)y*)HL2gT,es+ODa!0+j^L1I3+6I".getBytes()));\r\n}<\/pre>\n
 <\/p>\n
JWTLoginFilter:<\/p>\n
package com.elex.gm.spring.jwt;\r\n\r\nimport java.io.IOException;\r\nimport java.util.Map;\r\n\r\nimport javax.servlet.FilterChain;\r\nimport javax.servlet.ServletException;\r\nimport javax.servlet.http.HttpServletRequest;\r\nimport javax.servlet.http.HttpServletResponse;\r\n\r\nimport org.springframework.http.HttpStatus;\r\nimport org.springframework.security.authentication.AuthenticationManager;\r\nimport org.springframework.security.authentication.UsernamePasswordAuthenticationToken;\r\nimport org.springframework.security.core.Authentication;\r\nimport org.springframework.security.core.AuthenticationException;\r\nimport org.springframework.security.jwt.Jwt;\r\nimport org.springframework.security.jwt.JwtHelper;\r\nimport org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;\r\n\r\nimport com.alibaba.fastjson.JSON;\r\nimport com.elex.gm.model.User;\r\nimport com.google.common.collect.Lists;\r\nimport com.google.common.collect.Maps;\r\n\r\npublic class JWTLoginFilter extends AbstractAuthenticationProcessingFilter {\r\n\r\n    public JWTLoginFilter(String defaultFilterProcessesUrl, AuthenticationManager authenticationManager) {\r\n        super(defaultFilterProcessesUrl);\r\n        setAuthenticationManager(authenticationManager);\r\n    }\r\n\r\n    @Override\r\n    public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)\r\n            throws AuthenticationException, IOException, ServletException {\r\n\r\n        String username = request.getParameter("username");\r\n        String password = request.getParameter("password");\r\n\r\n        if (username == null) {\r\n            username = "";\r\n        } else {\r\n            username = username.trim();\r\n        }\r\n        if (password == null) {\r\n            password = "";\r\n        } else {\r\n            password = password.trim();\r\n        }\r\n        return getAuthenticationManager()\r\n                .authenticate(new UsernamePasswordAuthenticationToken(username, password, Lists.newArrayList()));\r\n    }\r\n\r\n    @Override\r\n    protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain chain,\r\n            Authentication authResult) throws IOException, ServletException {\r\n        User user = (User) authResult.getPrincipal();\r\n\r\n        Map<String, Object> tokenMap = Maps.newHashMap();\r\n        tokenMap.put("id", user.getId());\r\n        tokenMap.put("name", user.getUsername());\r\n        tokenMap.put("roles", user.getRoles());\r\n        Jwt jwt = JwtHelper.encode(JSON.toJSONString(tokenMap), JWTKey.hmac);\r\n\r\n        String token = jwt.getEncoded();\r\n        response.setHeader("Authorization", token);\r\n    }\r\n\r\n    @Override\r\n    protected void unsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response,\r\n            AuthenticationException failed) throws IOException, ServletException {\r\n        response.setStatus(HttpStatus.UNAUTHORIZED.value());\r\n    }\r\n\r\n}<\/pre>\n
JWTAuthentication:<\/p>\n
package com.elex.gm.spring.jwt;\r\n\r\nimport java.io.IOException;\r\nimport java.util.List;\r\n\r\nimport javax.servlet.FilterChain;\r\nimport javax.servlet.ServletException;\r\nimport javax.servlet.ServletRequest;\r\nimport javax.servlet.ServletResponse;\r\nimport javax.servlet.http.HttpServletRequest;\r\n\r\nimport org.apache.commons.lang3.StringUtils;\r\nimport org.springframework.security.authentication.UsernamePasswordAuthenticationToken;\r\nimport org.springframework.security.core.Authentication;\r\nimport org.springframework.security.core.authority.SimpleGrantedAuthority;\r\nimport org.springframework.security.core.context.SecurityContextHolder;\r\nimport org.springframework.security.jwt.Jwt;\r\nimport org.springframework.security.jwt.JwtHelper;\r\nimport org.springframework.web.filter.GenericFilterBean;\r\n\r\nimport com.alibaba.fastjson.JSON;\r\nimport com.alibaba.fastjson.JSONObject;\r\nimport com.google.common.collect.Lists;\r\n\r\npublic class JWTAuthenticationFilter extends GenericFilterBean {\r\n    private static final String JWT_HEADER = "Authorization";\r\n\r\n    @Override\r\n    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)\r\n            throws IOException, ServletException {\r\n        try {\r\n            String token = ((HttpServletRequest) request).getHeader(JWT_HEADER);\r\n            Jwt jwt = JwtHelper.decodeAndVerify(token, JWTKey.hmac);\r\n            JSONObject json = JSON.parseObject(jwt.getClaims());\r\n\r\n            String username = json.getString("name");\r\n            String roles = json.getString("roles");\r\n            List<SimpleGrantedAuthority> list = Lists.newArrayList();\r\n            if (!StringUtils.isEmpty(roles)) {\r\n                for (String role : roles.split(",")) {\r\n                    if (!StringUtils.isEmpty(role)) {\r\n                        list.add(new SimpleGrantedAuthority("ROLE_" + role));\r\n                    }\r\n                }\r\n            }\r\n            Authentication authentication = new UsernamePasswordAuthenticationToken(username, null, list);\r\n            SecurityContextHolder.getContext().setAuthentication(authentication);\r\n        } catch (Exception e) {\r\n            \/\/ e.printStackTrace();\r\n        }\r\n        chain.doFilter(request, response);\r\n    }\r\n}<\/pre>\n","protected":false},"excerpt":{"rendered":"
\u6700\u8fd1\u770b\u4e86vuejs\uff0c\u770b\u5230\u4e86vue-auth\u4e2d\u4e00\u4e2ajwt-auth\uff0c\u53d1\u73b0\u51e0\u5e74\u4e0d\u5173\u6ce8 …<\/p>\n
\u7ee7\u7eed\u9605\u8bfb »<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[24],"tags":[],"_links":{"self":[{"href":"https:\/\/blog.zhukunqian.com\/index.php?rest_route=\/wp\/v2\/posts\/2009"}],"collection":[{"href":"https:\/\/blog.zhukunqian.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.zhukunqian.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.zhukunqian.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.zhukunqian.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2009"}],"version-history":[{"count":5,"href":"https:\/\/blog.zhukunqian.com\/index.php?rest_route=\/wp\/v2\/posts\/2009\/revisions"}],"predecessor-version":[{"id":2017,"href":"https:\/\/blog.zhukunqian.com\/index.php?rest_route=\/wp\/v2\/posts\/2009\/revisions\/2017"}],"wp:attachment":[{"href":"https:\/\/blog.zhukunqian.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2009"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.zhukunqian.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2009"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.zhukunqian.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2009"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}