├── src ├── main │ ├── resources │ │ ├── application.properties │ │ └── application.yml │ └── java │ │ └── com │ │ └── iss │ │ └── users │ │ ├── model │ │ ├── Role.java │ │ ├── RespResult.java │ │ ├── ReqPerson.java │ │ ├── Person.java │ │ └── JwtFilter.java │ │ ├── controller │ │ ├── SecureController.java │ │ └── PersonController.java │ │ ├── service │ │ ├── PersonService.java │ │ └── impl │ │ │ └── PersonServiceImpl.java │ │ ├── dao │ │ └── PersonRepository.java │ │ ├── config │ │ ├── JwtCfg.java │ │ └── IgniteCfg.java │ │ └── UsersApplication.java └── test │ └── java │ └── com │ └── iss │ └── users │ └── UsersApplicationTests.java ├── .mvn └── wrapper │ ├── maven-wrapper.jar │ └── maven-wrapper.properties ├── .gitignore ├── LICENSE ├── pom.xml ├── mvnw.cmd ├── mvnw └── README.md /src/main/resources/application.properties: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /src/main/resources/application.yml: -------------------------------------------------------------------------------- 1 | secret: 2 | key: 3 | "secret" -------------------------------------------------------------------------------- /.mvn/wrapper/maven-wrapper.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ltlayx/SpringBoot-Ignite/HEAD/.mvn/wrapper/maven-wrapper.jar -------------------------------------------------------------------------------- /.mvn/wrapper/maven-wrapper.properties: -------------------------------------------------------------------------------- 1 | distributionUrl=https://repo1.maven.org/maven2/org/apache/maven/apache-maven/3.5.2/apache-maven-3.5.2-bin.zip 2 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | target/ 2 | !.mvn/wrapper/maven-wrapper.jar 3 | 4 | ### STS ### 5 | .apt_generated 6 | .classpath 7 | .factorypath 8 | .project 9 | .settings 10 | .springBeans 11 | 12 | ### IntelliJ IDEA ### 13 | .idea 14 | *.iws 15 | *.iml 16 | *.ipr 17 | 18 | ### NetBeans ### 19 | nbproject/private/ 20 | build/ 21 | nbbuild/ 22 | dist/ 23 | nbdist/ 24 | .nb-gradle/ -------------------------------------------------------------------------------- /src/test/java/com/iss/users/UsersApplicationTests.java: -------------------------------------------------------------------------------- 1 | package com.iss.users; 2 | 3 | import org.junit.Test; 4 | import org.junit.runner.RunWith; 5 | import org.springframework.boot.test.context.SpringBootTest; 6 | import org.springframework.test.context.junit4.SpringRunner; 7 | 8 | @RunWith(SpringRunner.class) 9 | @SpringBootTest 10 | public class UsersApplicationTests { 11 | 12 | @Test 13 | public void contextLoads() { 14 | } 15 | 16 | } 17 | -------------------------------------------------------------------------------- /src/main/java/com/iss/users/model/Role.java: -------------------------------------------------------------------------------- 1 | package com.iss.users.model; 2 | 3 | /** 4 | * @program: users 5 | * @author: 李泰郎 6 | * @create: 2018-03-02 10:44 7 | * Roles: 8 | * ADMIN & MEMBER 9 | **/ 10 | public enum Role { 11 | ADMIN, MEMBER; 12 | 13 | public String authority(){ 14 | return "ROLE_" + this.name(); 15 | } 16 | 17 | @Override 18 | public String toString(){ 19 | return this.name(); 20 | } 21 | } 22 | -------------------------------------------------------------------------------- /src/main/java/com/iss/users/controller/SecureController.java: -------------------------------------------------------------------------------- 1 | package com.iss.users.controller; 2 | 3 | import com.iss.users.service.PersonService; 4 | import org.springframework.beans.factory.annotation.Autowired; 5 | import org.springframework.web.bind.annotation.*; 6 | 7 | /** 8 | * Test the jwt, if the token is valid then return "Login Successful" 9 | * If is not valid, the request will be intercepted by JwtFilter 10 | * @program: users 11 | * @author: 李泰郎 12 | * @create: 2018-03-01 11:05 13 | **/ 14 | @RestController 15 | @RequestMapping("/secure") 16 | public class SecureController { 17 | 18 | @RequestMapping("/users/user") 19 | public String loginSuccess() { 20 | return "Login Successful!"; 21 | } 22 | 23 | } -------------------------------------------------------------------------------- /src/main/java/com/iss/users/service/PersonService.java: -------------------------------------------------------------------------------- 1 | package com.iss.users.service; 2 | 3 | import com.iss.users.model.Person; 4 | import org.springframework.stereotype.Repository; 5 | 6 | import java.util.List; 7 | 8 | /** 9 | * Interface for handling SQL operator in PersonCache 10 | * @program: users 11 | * @author: 李泰郎 12 | * @create: 2018-02-27 19:18 13 | **/ 14 | 15 | public interface PersonService { 16 | /** 17 | * 18 | * @param person Person Object 19 | * @return The Person object saved in Ignite DB. 20 | */ 21 | Person save(Person person); 22 | 23 | /** 24 | * Find a Person from Ignite DB with given name. 25 | * @param name Person name. 26 | * @return The person found in Ignite DB 27 | */ 28 | Person findPersonByUsername(String name); 29 | } 30 | -------------------------------------------------------------------------------- /src/main/java/com/iss/users/dao/PersonRepository.java: -------------------------------------------------------------------------------- 1 | package com.iss.users.dao; 2 | 3 | import com.iss.users.model.Person; 4 | import org.apache.ignite.springdata.repository.IgniteRepository; 5 | import org.apache.ignite.springdata.repository.config.RepositoryConfig; 6 | 7 | 8 | /** 9 | * Apache Ignite Spring Data repository backed by Ignite Person's cache. 10 | * @program: users 11 | * @author: 李泰郎 12 | * @create: 2018-02-27 18:50 13 | **/ 14 | 15 | @RepositoryConfig(cacheName = "PersonCache") 16 | public interface PersonRepository extends IgniteRepository{ 17 | 18 | /** 19 | * Find a person with given name in Ignite DB. 20 | * @param name Person name. 21 | * @return The person whose name is the given name. 22 | */ 23 | Person findByUsername(String name); 24 | 25 | } 26 | -------------------------------------------------------------------------------- /src/main/java/com/iss/users/config/JwtCfg.java: -------------------------------------------------------------------------------- 1 | package com.iss.users.config; 2 | 3 | import com.iss.users.model.JwtFilter; 4 | import org.springframework.boot.web.servlet.FilterRegistrationBean; 5 | import org.springframework.context.annotation.Bean; 6 | import org.springframework.context.annotation.Configuration; 7 | 8 | /** 9 | * This is Jwt configuration which set the url "/secure/*" for filtering 10 | * @program: users 11 | * @author: 李泰郎 12 | * @create: 2018-03-03 21:18 13 | **/ 14 | @Configuration 15 | public class JwtCfg { 16 | 17 | @Bean 18 | public FilterRegistrationBean jwtFilter() { 19 | final FilterRegistrationBean registrationBean = new FilterRegistrationBean(); 20 | registrationBean.setFilter(new JwtFilter()); 21 | registrationBean.addUrlPatterns("/secure/*"); 22 | 23 | return registrationBean; 24 | } 25 | 26 | } 27 | -------------------------------------------------------------------------------- /src/main/java/com/iss/users/model/RespResult.java: -------------------------------------------------------------------------------- 1 | package com.iss.users.model; 2 | 3 | public class RespResult { 4 | 5 | private String statuscode; 6 | 7 | private String message; 8 | 9 | private T data; 10 | 11 | public RespResult() { 12 | } 13 | 14 | public RespResult(String statuscode, String message, T data) { 15 | this.statuscode = statuscode; 16 | this.message = message; 17 | this.data = data; 18 | } 19 | 20 | public String getStatuscode() { 21 | return statuscode; 22 | } 23 | 24 | public void setStatuscode(String statuscode) { 25 | this.statuscode = statuscode; 26 | } 27 | 28 | public String getMessage() { 29 | return message; 30 | } 31 | 32 | public void setMessage(String message) { 33 | this.message = message; 34 | } 35 | 36 | public T getData() { 37 | return data; 38 | } 39 | 40 | public void setData(T data) { 41 | this.data = data; 42 | } 43 | } 44 | -------------------------------------------------------------------------------- /src/main/java/com/iss/users/model/ReqPerson.java: -------------------------------------------------------------------------------- 1 | package com.iss.users.model; 2 | 3 | /** 4 | * Used for getting request for login and register 5 | * Because the request only has username and password info 6 | * @program: users 7 | * @author: 李泰郎 8 | * @create: 2018-03-01 09:44 9 | **/ 10 | public class ReqPerson { 11 | /** Request username */ 12 | private String username; 13 | 14 | /** Request password */ 15 | private String password; 16 | 17 | public ReqPerson() { 18 | } 19 | 20 | public ReqPerson(String username, String password) { 21 | this.username = username; 22 | this.password = password; 23 | } 24 | 25 | public String getUsername() { 26 | return username; 27 | } 28 | 29 | public void setUsername(String username) { 30 | this.username = username; 31 | } 32 | 33 | public String getPassword() { 34 | return password; 35 | } 36 | 37 | public void setPassword(String password) { 38 | this.password = password; 39 | } 40 | } 41 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2018 Li Tailang 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /src/main/java/com/iss/users/UsersApplication.java: -------------------------------------------------------------------------------- 1 | package com.iss.users; 2 | 3 | import org.apache.ignite.springdata.repository.config.EnableIgniteRepositories; 4 | import org.springframework.boot.SpringApplication; 5 | import org.springframework.boot.autoconfigure.SpringBootApplication; 6 | 7 | /** 8 | * @program: users 9 | * @author: 李泰郎 10 | * @create: 2018-02-27 19:28 11 | * 12 | * 该项目是用于将Ignite部署到SpringBoot上的一个测试性的项目 13 | * 目前的功能包含: 14 | * 1. 启动并使用一个ignite节点 15 | * 2. 提供api接口实现RESTful的设计,能够通过api添加与查询Cache中的相关内容 16 | **/ 17 | 18 | /** 19 | * It's a test project for deploying Ignite on SpringBoot 20 | * Function: 21 | * 1.Start an ignite node 22 | * 2.provide RESTful api to create or retrieve information in Ignite Cache 23 | * Here are the apis: 24 | * /person?name=XXX&phone=XXX get, store the person in Ignite and return a json of the person 25 | * /persons?name=xxx get, return a json of the person 26 | */ 27 | 28 | /** 29 | * 项目启动入口,配置@EnableIgniteRepositories注解以支持ignite的@RepositoryConfig 30 | */ 31 | @SpringBootApplication 32 | @EnableIgniteRepositories 33 | public class UsersApplication { 34 | public static void main(String[] args) { 35 | SpringApplication.run(UsersApplication.class, args); 36 | } 37 | } -------------------------------------------------------------------------------- /src/main/java/com/iss/users/service/impl/PersonServiceImpl.java: -------------------------------------------------------------------------------- 1 | package com.iss.users.service.impl; 2 | 3 | import com.iss.users.dao.PersonRepository; 4 | import com.iss.users.model.Person; 5 | import com.iss.users.service.PersonService; 6 | import org.apache.ignite.springdata.repository.config.EnableIgniteRepositories; 7 | import org.springframework.beans.factory.annotation.Autowired; 8 | import org.springframework.stereotype.Service; 9 | 10 | import java.util.List; 11 | 12 | /** 13 | * Implements interface PersonService 14 | * @program: users 15 | * @author: 李泰郎 16 | * @create: 2018-02-27 19:20 17 | **/ 18 | 19 | @Service 20 | public class PersonServiceImpl implements PersonService{ 21 | 22 | @Autowired 23 | private PersonRepository personRepository; 24 | 25 | /** 26 | * Save Person to Ignite DB 27 | * @param person Person object. 28 | * @return The Person object saved in Ignite DB. 29 | */ 30 | public Person save(Person person) { 31 | // If this username is not used then return null, if is used then return this Person 32 | return personRepository.save(person.getId(), person); 33 | } 34 | 35 | /** 36 | * Find a Person from Ignite DB with given name. 37 | * @param name Person name. 38 | * @return The person found in Ignite DB 39 | */ 40 | public Person findPersonByUsername(String name){ 41 | return personRepository.findByUsername(name); 42 | } 43 | 44 | } 45 | -------------------------------------------------------------------------------- /pom.xml: -------------------------------------------------------------------------------- 1 | 2 | 4 | 4.0.0 5 | 6 | com.iss 7 | users 8 | 0.0.1-SNAPSHOT 9 | jar 10 | 11 | users 12 | Demo project for Spring Boot 13 | 14 | 15 | org.springframework.boot 16 | spring-boot-starter-parent 17 | 1.5.10.RELEASE 18 | 19 | 20 | 21 | 22 | UTF-8 23 | UTF-8 24 | 1.8 25 | 26 | 27 | 28 | 29 | org.springframework.boot 30 | spring-boot-starter-web 31 | 32 | 33 | 34 | org.springframework.boot 35 | spring-boot-starter-test 36 | test 37 | 38 | 39 | 40 | org.apache.ignite 41 | ignite-spring-data 42 | 2.3.0 43 | 44 | 45 | 46 | io.jsonwebtoken 47 | jjwt 48 | 0.6.0 49 | 50 | 51 | 52 | org.springframework.boot 53 | spring-boot-configuration-processor 54 | true 55 | 56 | 57 | 58 | 59 | 60 | 61 | org.springframework.boot 62 | spring-boot-maven-plugin 63 | 64 | 65 | 66 | 67 | 68 | 69 | -------------------------------------------------------------------------------- /src/main/java/com/iss/users/config/IgniteCfg.java: -------------------------------------------------------------------------------- 1 | package com.iss.users.config; 2 | 3 | import com.iss.users.model.Person; 4 | import com.iss.users.model.Role; 5 | import com.iss.users.service.PersonService; 6 | import org.apache.ignite.Ignite; 7 | import org.apache.ignite.Ignition; 8 | import org.apache.ignite.configuration.CacheConfiguration; 9 | import org.apache.ignite.configuration.IgniteConfiguration; 10 | import org.springframework.beans.factory.annotation.Autowired; 11 | import org.springframework.context.annotation.Bean; 12 | import org.springframework.context.annotation.Configuration; 13 | 14 | import java.util.ArrayList; 15 | import java.util.List; 16 | 17 | /** 18 | * @program: users 19 | * @author: 李泰郎 20 | * @create: 2018-02-27 19:08 21 | **/ 22 | 23 | @Configuration 24 | public class IgniteCfg { 25 | 26 | /** 27 | * 初始化ignite节点信息 28 | * @return Ignite 29 | */ 30 | @Bean 31 | public Ignite igniteInstance(){ 32 | // 配置一个节点的Configuration 33 | IgniteConfiguration cfg = new IgniteConfiguration(); 34 | 35 | // 设置该节点名称 36 | cfg.setIgniteInstanceName("springDataNode"); 37 | 38 | // 启用Peer类加载器 39 | cfg.setPeerClassLoadingEnabled(true); 40 | 41 | // 创建一个Cache的配置,名称为PersonCache 42 | CacheConfiguration ccfg = new CacheConfiguration("PersonCache"); 43 | 44 | // 设置这个Cache的键值对模型 45 | ccfg.setIndexedTypes(Long.class, Person.class); 46 | 47 | // 把这个Cache放入springDataNode这个Node中 48 | cfg.setCacheConfiguration(ccfg); 49 | 50 | // 启动这个节点 51 | return Ignition.start(cfg); 52 | } 53 | 54 | 55 | @Autowired 56 | PersonService personService; 57 | /** 58 | * Add few people in ignite for testing easily 59 | */ 60 | @Bean 61 | public int addPerson(){ 62 | // Give a default role : MEMBER 63 | List roles = new ArrayList(); 64 | roles.add(Role.MEMBER); 65 | 66 | // add data 67 | personService.save(new Person("test1", "test1", roles)); 68 | personService.save(new Person("test2", "test2", roles)); 69 | personService.save(new Person("test3", "test3", roles)); 70 | 71 | return 0; 72 | } 73 | } 74 | -------------------------------------------------------------------------------- /src/main/java/com/iss/users/model/Person.java: -------------------------------------------------------------------------------- 1 | package com.iss.users.model; 2 | 3 | import org.apache.ignite.cache.query.annotations.QuerySqlField; 4 | 5 | import java.util.List; 6 | import java.util.concurrent.atomic.AtomicLong; 7 | 8 | /** 9 | * @program: users 10 | * @author: 李泰郎 11 | * @create: 2018-02-27 18:50 12 | **/ 13 | 14 | public class Person { 15 | 16 | private static final AtomicLong ID_GEN = new AtomicLong(); 17 | 18 | /** Person ID (indexed) */ 19 | @QuerySqlField(index = true) 20 | private long id; 21 | 22 | /** Person name(indexed) */ 23 | @QuerySqlField(index = true) 24 | private String username; 25 | 26 | /** Person phone(not-indexed) */ 27 | @QuerySqlField 28 | private String password; 29 | 30 | /** Person roles(not-indexed) */ 31 | @QuerySqlField 32 | private List roles; 33 | 34 | public Person() { 35 | } 36 | 37 | public Person(long id, String name, String password, List roles) { 38 | this.id = id; 39 | this.username = name; 40 | this.password = password; 41 | this.roles = roles; 42 | } 43 | 44 | public Person(String name, String password, List roles) { 45 | this.id = ID_GEN.incrementAndGet(); 46 | this.username = name; 47 | this.password = password; 48 | this.roles = roles; 49 | } 50 | 51 | public long getId() { 52 | return id; 53 | } 54 | 55 | public void setId(long id) { 56 | this.id = id; 57 | } 58 | 59 | public String getUsername() { 60 | return username; 61 | } 62 | 63 | public void setUsername(String username) { 64 | this.username = username; 65 | } 66 | 67 | public String getPassword() { 68 | return password; 69 | } 70 | 71 | public void setPassword(String password) { 72 | this.password = password; 73 | } 74 | 75 | public List getRoles() { 76 | return roles; 77 | } 78 | 79 | public void setRoles(List roles) { 80 | this.roles = roles; 81 | } 82 | 83 | @Override 84 | public String toString(){ 85 | return "Person [id=" + id + 86 | ", username=" + username + 87 | ", password=" + password + 88 | ", roles=" + roles.toString() + "]"; 89 | } 90 | } 91 | -------------------------------------------------------------------------------- /src/main/java/com/iss/users/model/JwtFilter.java: -------------------------------------------------------------------------------- 1 | package com.iss.users.model; 2 | 3 | import io.jsonwebtoken.Claims; 4 | import io.jsonwebtoken.Jwts; 5 | import io.jsonwebtoken.SignatureException; 6 | import org.springframework.web.filter.GenericFilterBean; 7 | 8 | import javax.servlet.FilterChain; 9 | import javax.servlet.ServletException; 10 | import javax.servlet.ServletRequest; 11 | import javax.servlet.ServletResponse; 12 | import javax.servlet.http.HttpServletRequest; 13 | import javax.servlet.http.HttpServletResponse; 14 | import java.io.IOException; 15 | 16 | /** 17 | * Check the jwt token from front end if is invalid 18 | * @program: users 19 | * @author: 李泰郎 20 | * @create: 2018-03-01 11:03 21 | **/ 22 | public class JwtFilter extends GenericFilterBean { 23 | 24 | public void doFilter(final ServletRequest req, final ServletResponse res, final FilterChain chain) 25 | throws IOException, ServletException { 26 | 27 | // Change the req and res to HttpServletRequest and HttpServletResponse 28 | final HttpServletRequest request = (HttpServletRequest) req; 29 | final HttpServletResponse response = (HttpServletResponse) res; 30 | 31 | // Get authorization from Http request 32 | final String authHeader = request.getHeader("authorization"); 33 | 34 | // If the Http request is OPTIONS then just return the status code 200 35 | // which is HttpServletResponse.SC_OK in this code 36 | if ("OPTIONS".equals(request.getMethod())) { 37 | response.setStatus(HttpServletResponse.SC_OK); 38 | 39 | chain.doFilter(req, res); 40 | } 41 | // Except OPTIONS, other request should be checked by JWT 42 | else { 43 | 44 | // Check the authorization, check if the token is started by "Bearer " 45 | if (authHeader == null || !authHeader.startsWith("Bearer ")) { 46 | throw new ServletException("Missing or invalid Authorization header"); 47 | } 48 | 49 | // Then get the JWT token from authorization 50 | final String token = authHeader.substring(7); 51 | 52 | try { 53 | // Use JWT parser to check if the signature is valid with the Key "secretkey" 54 | final Claims claims = Jwts.parser().setSigningKey("secretkey").parseClaimsJws(token).getBody(); 55 | 56 | // Add the claim to request header 57 | request.setAttribute("claims", claims); 58 | } catch (final SignatureException e) { 59 | throw new ServletException("Invalid token"); 60 | } 61 | 62 | chain.doFilter(req, res); 63 | } 64 | } 65 | } -------------------------------------------------------------------------------- /mvnw.cmd: -------------------------------------------------------------------------------- 1 | @REM ---------------------------------------------------------------------------- 2 | @REM Licensed to the Apache Software Foundation (ASF) under one 3 | @REM or more contributor license agreements. See the NOTICE file 4 | @REM distributed with this work for additional information 5 | @REM regarding copyright ownership. The ASF licenses this file 6 | @REM to you under the Apache License, Version 2.0 (the 7 | @REM "License"); you may not use this file except in compliance 8 | @REM with the License. You may obtain a copy of the License at 9 | @REM 10 | @REM http://www.apache.org/licenses/LICENSE-2.0 11 | @REM 12 | @REM Unless required by applicable law or agreed to in writing, 13 | @REM software distributed under the License is distributed on an 14 | @REM "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | @REM KIND, either express or implied. See the License for the 16 | @REM specific language governing permissions and limitations 17 | @REM under the License. 18 | @REM ---------------------------------------------------------------------------- 19 | 20 | @REM ---------------------------------------------------------------------------- 21 | @REM Maven2 Start Up Batch script 22 | @REM 23 | @REM Required ENV vars: 24 | @REM JAVA_HOME - location of a JDK home dir 25 | @REM 26 | @REM Optional ENV vars 27 | @REM M2_HOME - location of maven2's installed home dir 28 | @REM MAVEN_BATCH_ECHO - set to 'on' to enable the echoing of the batch commands 29 | @REM MAVEN_BATCH_PAUSE - set to 'on' to wait for a key stroke before ending 30 | @REM MAVEN_OPTS - parameters passed to the Java VM when running Maven 31 | @REM e.g. to debug Maven itself, use 32 | @REM set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000 33 | @REM MAVEN_SKIP_RC - flag to disable loading of mavenrc files 34 | @REM ---------------------------------------------------------------------------- 35 | 36 | @REM Begin all REM lines with '@' in case MAVEN_BATCH_ECHO is 'on' 37 | @echo off 38 | @REM enable echoing my setting MAVEN_BATCH_ECHO to 'on' 39 | @if "%MAVEN_BATCH_ECHO%" == "on" echo %MAVEN_BATCH_ECHO% 40 | 41 | @REM set %HOME% to equivalent of $HOME 42 | if "%HOME%" == "" (set "HOME=%HOMEDRIVE%%HOMEPATH%") 43 | 44 | @REM Execute a user defined script before this one 45 | if not "%MAVEN_SKIP_RC%" == "" goto skipRcPre 46 | @REM check for pre script, once with legacy .bat ending and once with .cmd ending 47 | if exist "%HOME%\mavenrc_pre.bat" call "%HOME%\mavenrc_pre.bat" 48 | if exist "%HOME%\mavenrc_pre.cmd" call "%HOME%\mavenrc_pre.cmd" 49 | :skipRcPre 50 | 51 | @setlocal 52 | 53 | set ERROR_CODE=0 54 | 55 | @REM To isolate internal variables from possible post scripts, we use another setlocal 56 | @setlocal 57 | 58 | @REM ==== START VALIDATION ==== 59 | if not "%JAVA_HOME%" == "" goto OkJHome 60 | 61 | echo. 62 | echo Error: JAVA_HOME not found in your environment. >&2 63 | echo Please set the JAVA_HOME variable in your environment to match the >&2 64 | echo location of your Java installation. >&2 65 | echo. 66 | goto error 67 | 68 | :OkJHome 69 | if exist "%JAVA_HOME%\bin\java.exe" goto init 70 | 71 | echo. 72 | echo Error: JAVA_HOME is set to an invalid directory. >&2 73 | echo JAVA_HOME = "%JAVA_HOME%" >&2 74 | echo Please set the JAVA_HOME variable in your environment to match the >&2 75 | echo location of your Java installation. >&2 76 | echo. 77 | goto error 78 | 79 | @REM ==== END VALIDATION ==== 80 | 81 | :init 82 | 83 | @REM Find the project base dir, i.e. the directory that contains the folder ".mvn". 84 | @REM Fallback to current working directory if not found. 85 | 86 | set MAVEN_PROJECTBASEDIR=%MAVEN_BASEDIR% 87 | IF NOT "%MAVEN_PROJECTBASEDIR%"=="" goto endDetectBaseDir 88 | 89 | set EXEC_DIR=%CD% 90 | set WDIR=%EXEC_DIR% 91 | :findBaseDir 92 | IF EXIST "%WDIR%"\.mvn goto baseDirFound 93 | cd .. 94 | IF "%WDIR%"=="%CD%" goto baseDirNotFound 95 | set WDIR=%CD% 96 | goto findBaseDir 97 | 98 | :baseDirFound 99 | set MAVEN_PROJECTBASEDIR=%WDIR% 100 | cd "%EXEC_DIR%" 101 | goto endDetectBaseDir 102 | 103 | :baseDirNotFound 104 | set MAVEN_PROJECTBASEDIR=%EXEC_DIR% 105 | cd "%EXEC_DIR%" 106 | 107 | :endDetectBaseDir 108 | 109 | IF NOT EXIST "%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config" goto endReadAdditionalConfig 110 | 111 | @setlocal EnableExtensions EnableDelayedExpansion 112 | for /F "usebackq delims=" %%a in ("%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config") do set JVM_CONFIG_MAVEN_PROPS=!JVM_CONFIG_MAVEN_PROPS! %%a 113 | @endlocal & set JVM_CONFIG_MAVEN_PROPS=%JVM_CONFIG_MAVEN_PROPS% 114 | 115 | :endReadAdditionalConfig 116 | 117 | SET MAVEN_JAVA_EXE="%JAVA_HOME%\bin\java.exe" 118 | 119 | set WRAPPER_JAR="%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.jar" 120 | set WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain 121 | 122 | %MAVEN_JAVA_EXE% %JVM_CONFIG_MAVEN_PROPS% %MAVEN_OPTS% %MAVEN_DEBUG_OPTS% -classpath %WRAPPER_JAR% "-Dmaven.multiModuleProjectDirectory=%MAVEN_PROJECTBASEDIR%" %WRAPPER_LAUNCHER% %MAVEN_CONFIG% %* 123 | if ERRORLEVEL 1 goto error 124 | goto end 125 | 126 | :error 127 | set ERROR_CODE=1 128 | 129 | :end 130 | @endlocal & set ERROR_CODE=%ERROR_CODE% 131 | 132 | if not "%MAVEN_SKIP_RC%" == "" goto skipRcPost 133 | @REM check for post script, once with legacy .bat ending and once with .cmd ending 134 | if exist "%HOME%\mavenrc_post.bat" call "%HOME%\mavenrc_post.bat" 135 | if exist "%HOME%\mavenrc_post.cmd" call "%HOME%\mavenrc_post.cmd" 136 | :skipRcPost 137 | 138 | @REM pause the script if MAVEN_BATCH_PAUSE is set to 'on' 139 | if "%MAVEN_BATCH_PAUSE%" == "on" pause 140 | 141 | if "%MAVEN_TERMINATE_CMD%" == "on" exit %ERROR_CODE% 142 | 143 | exit /B %ERROR_CODE% 144 | -------------------------------------------------------------------------------- /src/main/java/com/iss/users/controller/PersonController.java: -------------------------------------------------------------------------------- 1 | package com.iss.users.controller; 2 | 3 | import com.iss.users.model.Person; 4 | import com.iss.users.model.ReqPerson; 5 | import com.iss.users.model.RespResult; 6 | import com.iss.users.model.Role; 7 | import com.iss.users.service.PersonService; 8 | import io.jsonwebtoken.Jwts; 9 | import io.jsonwebtoken.SignatureAlgorithm; 10 | import org.jetbrains.annotations.NotNull; 11 | import org.springframework.beans.factory.annotation.Autowired; 12 | import org.springframework.web.bind.annotation.*; 13 | 14 | import javax.servlet.ServletException; 15 | import javax.servlet.http.HttpServletRequest; 16 | import java.net.InetAddress; 17 | import java.net.UnknownHostException; 18 | import java.util.*; 19 | 20 | /** 21 | * @program: users 22 | * @author: 李泰郎 23 | * @create: 2018-02-27 19:28 24 | **/ 25 | @RestController 26 | public class PersonController { 27 | 28 | @Autowired 29 | private PersonService personService; 30 | 31 | @RequestMapping(value = "/test", method = RequestMethod.GET) 32 | public String test(HttpServletRequest request) throws UnknownHostException { 33 | System.out.println(request.getRemoteAddr()); 34 | System.out.println(request.getRemoteHost()); 35 | System.out.println(InetAddress.getLocalHost().getHostAddress()); 36 | // String ip = null; 37 | // 38 | // //X-Forwarded-For:Squid 服务代理 39 | // String ipAddresses = request.getHeader("X-Forwarded-For"); 40 | // 41 | // if (ipAddresses == null || ipAddresses.length() == 0 || "unknown".equalsIgnoreCase(ipAddresses)) { 42 | // //Proxy-Client-IP:apache 服务代理 43 | // ipAddresses = request.getHeader("Proxy-Client-IP"); 44 | // } 45 | // 46 | // if (ipAddresses == null || ipAddresses.length() == 0 || "unknown".equalsIgnoreCase(ipAddresses)) { 47 | // //WL-Proxy-Client-IP:weblogic 服务代理 48 | // ipAddresses = request.getHeader("WL-Proxy-Client-IP"); 49 | // } 50 | // 51 | // if (ipAddresses == null || ipAddresses.length() == 0 || "unknown".equalsIgnoreCase(ipAddresses)) { 52 | // //HTTP_CLIENT_IP:有些代理服务器 53 | // ipAddresses = request.getHeader("HTTP_CLIENT_IP"); 54 | // } 55 | // 56 | // if (ipAddresses == null || ipAddresses.length() == 0 || "unknown".equalsIgnoreCase(ipAddresses)) { 57 | // //X-Real-IP:nginx服务代理 58 | // ipAddresses = request.getHeader("X-Real-IP"); 59 | // } 60 | // 61 | // //有些网络通过多层代理,那么获取到的ip就会有多个,一般都是通过逗号(,)分割开来,并且第一个ip为客户端的真实IP 62 | // if (ipAddresses != null && ipAddresses.length() != 0) { 63 | // ip = ipAddresses.split(",")[0]; 64 | // } 65 | // 66 | // //还是不能获取到,最后再通过request.getRemoteAddr();获取 67 | // if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ipAddresses)) { 68 | // ip = request.getRemoteAddr(); 69 | // } 70 | return ""; 71 | } 72 | 73 | 74 | /** 75 | * User register with whose username and password 76 | * @param reqPerson 77 | * @return Success message 78 | * @throws ServletException 79 | */ 80 | @RequestMapping(value = "/register", method = RequestMethod.POST) 81 | public RespResult register(@RequestBody() ReqPerson reqPerson) throws ServletException { 82 | // Check if username and password is null 83 | if (reqPerson.getUsername() == "" || reqPerson.getUsername() == null 84 | || reqPerson.getPassword() == "" || reqPerson.getPassword() == null) 85 | throw new ServletException("Username or Password invalid!"); 86 | 87 | // Check if the username is used 88 | if(personService.findPersonByUsername(reqPerson.getUsername()) != null) 89 | throw new ServletException("Username is used!"); 90 | 91 | // Give a default role : MEMBER 92 | List roles = new ArrayList(); 93 | roles.add(Role.MEMBER); 94 | 95 | // Create a person in ignite 96 | personService.save(new Person(reqPerson.getUsername(), reqPerson.getPassword(), roles)); 97 | 98 | RespResult result = new RespResult(); 99 | result.setStatuscode("201 CREATED"); 100 | result.setMessage("register success"); 101 | result.setData(""); 102 | return result; 103 | } 104 | 105 | /** 106 | * Check user`s login info, then create a jwt token returned to front end 107 | * @param reqPerson 108 | * @return jwt token 109 | * @throws ServletException 110 | */ 111 | @PostMapping 112 | public RespResult login(@RequestBody() ReqPerson reqPerson) throws ServletException { 113 | // Check if username and password is null 114 | if (reqPerson.getUsername() == "" || reqPerson.getUsername() == null 115 | || reqPerson.getPassword() == "" || reqPerson.getPassword() == null) 116 | throw new ServletException("Please fill in username and password"); 117 | 118 | // Check if the username is used 119 | if(personService.findPersonByUsername(reqPerson.getUsername()) == null 120 | || !reqPerson.getPassword().equals(personService.findPersonByUsername(reqPerson.getUsername()).getPassword())){ 121 | throw new ServletException("Please fill in username and password"); 122 | } 123 | 124 | // Create Twt token 125 | String jwtToken = Jwts.builder().setSubject(reqPerson.getUsername()).claim("roles", "member").setIssuedAt(new Date()) 126 | .signWith(SignatureAlgorithm.HS256, "secretkey").compact(); 127 | 128 | RespResult result = new RespResult(); 129 | result.setStatuscode("200 OK"); 130 | result.setMessage("login success"); 131 | result.setData(jwtToken); 132 | return result; 133 | } 134 | } 135 | -------------------------------------------------------------------------------- /mvnw: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # ---------------------------------------------------------------------------- 3 | # Licensed to the Apache Software Foundation (ASF) under one 4 | # or more contributor license agreements. See the NOTICE file 5 | # distributed with this work for additional information 6 | # regarding copyright ownership. The ASF licenses this file 7 | # to you under the Apache License, Version 2.0 (the 8 | # "License"); you may not use this file except in compliance 9 | # with the License. You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, 14 | # software distributed under the License is distributed on an 15 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 16 | # KIND, either express or implied. See the License for the 17 | # specific language governing permissions and limitations 18 | # under the License. 19 | # ---------------------------------------------------------------------------- 20 | 21 | # ---------------------------------------------------------------------------- 22 | # Maven2 Start Up Batch script 23 | # 24 | # Required ENV vars: 25 | # ------------------ 26 | # JAVA_HOME - location of a JDK home dir 27 | # 28 | # Optional ENV vars 29 | # ----------------- 30 | # M2_HOME - location of maven2's installed home dir 31 | # MAVEN_OPTS - parameters passed to the Java VM when running Maven 32 | # e.g. to debug Maven itself, use 33 | # set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000 34 | # MAVEN_SKIP_RC - flag to disable loading of mavenrc files 35 | # ---------------------------------------------------------------------------- 36 | 37 | if [ -z "$MAVEN_SKIP_RC" ] ; then 38 | 39 | if [ -f /etc/mavenrc ] ; then 40 | . /etc/mavenrc 41 | fi 42 | 43 | if [ -f "$HOME/.mavenrc" ] ; then 44 | . "$HOME/.mavenrc" 45 | fi 46 | 47 | fi 48 | 49 | # OS specific support. $var _must_ be set to either true or false. 50 | cygwin=false; 51 | darwin=false; 52 | mingw=false 53 | case "`uname`" in 54 | CYGWIN*) cygwin=true ;; 55 | MINGW*) mingw=true;; 56 | Darwin*) darwin=true 57 | # Use /usr/libexec/java_home if available, otherwise fall back to /Library/Java/Home 58 | # See https://developer.apple.com/library/mac/qa/qa1170/_index.html 59 | if [ -z "$JAVA_HOME" ]; then 60 | if [ -x "/usr/libexec/java_home" ]; then 61 | export JAVA_HOME="`/usr/libexec/java_home`" 62 | else 63 | export JAVA_HOME="/Library/Java/Home" 64 | fi 65 | fi 66 | ;; 67 | esac 68 | 69 | if [ -z "$JAVA_HOME" ] ; then 70 | if [ -r /etc/gentoo-release ] ; then 71 | JAVA_HOME=`java-config --jre-home` 72 | fi 73 | fi 74 | 75 | if [ -z "$M2_HOME" ] ; then 76 | ## resolve links - $0 may be a link to maven's home 77 | PRG="$0" 78 | 79 | # need this for relative symlinks 80 | while [ -h "$PRG" ] ; do 81 | ls=`ls -ld "$PRG"` 82 | link=`expr "$ls" : '.*-> \(.*\)$'` 83 | if expr "$link" : '/.*' > /dev/null; then 84 | PRG="$link" 85 | else 86 | PRG="`dirname "$PRG"`/$link" 87 | fi 88 | done 89 | 90 | saveddir=`pwd` 91 | 92 | M2_HOME=`dirname "$PRG"`/.. 93 | 94 | # make it fully qualified 95 | M2_HOME=`cd "$M2_HOME" && pwd` 96 | 97 | cd "$saveddir" 98 | # echo Using m2 at $M2_HOME 99 | fi 100 | 101 | # For Cygwin, ensure paths are in UNIX format before anything is touched 102 | if $cygwin ; then 103 | [ -n "$M2_HOME" ] && 104 | M2_HOME=`cygpath --unix "$M2_HOME"` 105 | [ -n "$JAVA_HOME" ] && 106 | JAVA_HOME=`cygpath --unix "$JAVA_HOME"` 107 | [ -n "$CLASSPATH" ] && 108 | CLASSPATH=`cygpath --path --unix "$CLASSPATH"` 109 | fi 110 | 111 | # For Migwn, ensure paths are in UNIX format before anything is touched 112 | if $mingw ; then 113 | [ -n "$M2_HOME" ] && 114 | M2_HOME="`(cd "$M2_HOME"; pwd)`" 115 | [ -n "$JAVA_HOME" ] && 116 | JAVA_HOME="`(cd "$JAVA_HOME"; pwd)`" 117 | # TODO classpath? 118 | fi 119 | 120 | if [ -z "$JAVA_HOME" ]; then 121 | javaExecutable="`which javac`" 122 | if [ -n "$javaExecutable" ] && ! [ "`expr \"$javaExecutable\" : '\([^ ]*\)'`" = "no" ]; then 123 | # readlink(1) is not available as standard on Solaris 10. 124 | readLink=`which readlink` 125 | if [ ! `expr "$readLink" : '\([^ ]*\)'` = "no" ]; then 126 | if $darwin ; then 127 | javaHome="`dirname \"$javaExecutable\"`" 128 | javaExecutable="`cd \"$javaHome\" && pwd -P`/javac" 129 | else 130 | javaExecutable="`readlink -f \"$javaExecutable\"`" 131 | fi 132 | javaHome="`dirname \"$javaExecutable\"`" 133 | javaHome=`expr "$javaHome" : '\(.*\)/bin'` 134 | JAVA_HOME="$javaHome" 135 | export JAVA_HOME 136 | fi 137 | fi 138 | fi 139 | 140 | if [ -z "$JAVACMD" ] ; then 141 | if [ -n "$JAVA_HOME" ] ; then 142 | if [ -x "$JAVA_HOME/jre/sh/java" ] ; then 143 | # IBM's JDK on AIX uses strange locations for the executables 144 | JAVACMD="$JAVA_HOME/jre/sh/java" 145 | else 146 | JAVACMD="$JAVA_HOME/bin/java" 147 | fi 148 | else 149 | JAVACMD="`which java`" 150 | fi 151 | fi 152 | 153 | if [ ! -x "$JAVACMD" ] ; then 154 | echo "Error: JAVA_HOME is not defined correctly." >&2 155 | echo " We cannot execute $JAVACMD" >&2 156 | exit 1 157 | fi 158 | 159 | if [ -z "$JAVA_HOME" ] ; then 160 | echo "Warning: JAVA_HOME environment variable is not set." 161 | fi 162 | 163 | CLASSWORLDS_LAUNCHER=org.codehaus.plexus.classworlds.launcher.Launcher 164 | 165 | # traverses directory structure from process work directory to filesystem root 166 | # first directory with .mvn subdirectory is considered project base directory 167 | find_maven_basedir() { 168 | 169 | if [ -z "$1" ] 170 | then 171 | echo "Path not specified to find_maven_basedir" 172 | return 1 173 | fi 174 | 175 | basedir="$1" 176 | wdir="$1" 177 | while [ "$wdir" != '/' ] ; do 178 | if [ -d "$wdir"/.mvn ] ; then 179 | basedir=$wdir 180 | break 181 | fi 182 | # workaround for JBEAP-8937 (on Solaris 10/Sparc) 183 | if [ -d "${wdir}" ]; then 184 | wdir=`cd "$wdir/.."; pwd` 185 | fi 186 | # end of workaround 187 | done 188 | echo "${basedir}" 189 | } 190 | 191 | # concatenates all lines of a file 192 | concat_lines() { 193 | if [ -f "$1" ]; then 194 | echo "$(tr -s '\n' ' ' < "$1")" 195 | fi 196 | } 197 | 198 | BASE_DIR=`find_maven_basedir "$(pwd)"` 199 | if [ -z "$BASE_DIR" ]; then 200 | exit 1; 201 | fi 202 | 203 | export MAVEN_PROJECTBASEDIR=${MAVEN_BASEDIR:-"$BASE_DIR"} 204 | echo $MAVEN_PROJECTBASEDIR 205 | MAVEN_OPTS="$(concat_lines "$MAVEN_PROJECTBASEDIR/.mvn/jvm.config") $MAVEN_OPTS" 206 | 207 | # For Cygwin, switch paths to Windows format before running java 208 | if $cygwin; then 209 | [ -n "$M2_HOME" ] && 210 | M2_HOME=`cygpath --path --windows "$M2_HOME"` 211 | [ -n "$JAVA_HOME" ] && 212 | JAVA_HOME=`cygpath --path --windows "$JAVA_HOME"` 213 | [ -n "$CLASSPATH" ] && 214 | CLASSPATH=`cygpath --path --windows "$CLASSPATH"` 215 | [ -n "$MAVEN_PROJECTBASEDIR" ] && 216 | MAVEN_PROJECTBASEDIR=`cygpath --path --windows "$MAVEN_PROJECTBASEDIR"` 217 | fi 218 | 219 | WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain 220 | 221 | exec "$JAVACMD" \ 222 | $MAVEN_OPTS \ 223 | -classpath "$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.jar" \ 224 | "-Dmaven.home=${M2_HOME}" "-Dmaven.multiModuleProjectDirectory=${MAVEN_PROJECTBASEDIR}" \ 225 | ${WRAPPER_LAUNCHER} $MAVEN_CONFIG "$@" 226 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Spring Boot整合JWT实现用户认证 2 | 3 | 之前初学了一下Spring Boot和JWT的内容,写了几篇小文章,但是杂乱无章,就重新整理了一下自己学习的东西,尽量写的足够详细,给像我一样刚刚接触这个内容的新手一个参考。这里附上代码的[Github源码地址](https://github.com/ltlayx/SpringBoot-Ignite) ,参考的文献也附在这里[^footnote1][^footnote2] 4 | 5 | ## 初探JWT 6 | 1. 什么是JWT 7 | JWT(Json Web Token),是一种工具,格式为` XXXX.XXXX.XXXX `的字符串,JWT以一种安全的方式在用户和服务器之间传递存放在JWT中的不敏感信息。 8 | 2. 为什么要用JWT 9 | 设想这样一个场景,在我们登录一个网站之后,再把网页或者浏览器关闭,下一次打开网页的时候可能显示的还是登录的状态,不需要再次进行登录操作,通过JWT就可以实现这样一个用户认证的功能。当然使用Session可以实现这个功能,但是使用Session的同时也会增加服务器的存储压力,而JWT是将存储的压力分布到各个客户端机器上,从而减轻服务器的压力。 10 | 3. JWT长什么样 11 | JWT由3个子字符串组成,分别为Header,Payload以及Signature,结合JWT的格式即:` Header.Payload.Signature `。(Claim是描述Json的信息的一个Json,将Claim转码之后生成Payload)。 12 | - Header 13 | Header是由以下这个格式的Json通过Base64编码(编码不是加密,是可以通过反编码的方式获取到这个原来的Json,所以JWT中存放的一般是不敏感的信息)生成的字符串,Header中存放的内容是说明编码对象是一个JWT以及使用“SHA-256”的算法进行加密(加密用于生成Signature) 14 | ``` 15 | { 16 | "typ":"JWT", 17 | "alg":"HS256" 18 | } 19 | ``` 20 | - Claim 21 | Claim是一个Json,Claim中存放的内容是JWT自身的标准属性,所有的标准属性都是可选的,可以自行添加,比如:JWT的签发者、JWT的接收者、JWT的持续时间等;同时Claim中也可以存放一些自定义的属性,这个自定义的属性就是在用户认证中用于标明用户身份的一个属性,比如用户存放在数据库中的id,为了安全起见,一般不会将用户名及密码这类敏感的信息存放在Claim中。将Claim通过Base64转码之后生成的一串字符串称作Payload。 22 | ``` 23 | { 24 | "iss":"Issuer —— 用于说明该JWT是由谁签发的", 25 | "sub":"Subject —— 用于说明该JWT面向的对象", 26 | "aud":"Audience —— 用于说明该JWT发送给的用户", 27 | "exp":"Expiration Time —— 数字类型,说明该JWT过期的时间", 28 | "nbf":"Not Before —— 数字类型,说明在该时间之前JWT不能被接受与处理", 29 | "iat":"Issued At —— 数字类型,说明该JWT何时被签发", 30 | "jti":"JWT ID —— 说明标明JWT的唯一ID", 31 | "user-definde1":"自定义属性举例", 32 | "user-definde2":"自定义属性举例" 33 | } 34 | ``` 35 | - Signature 36 | Signature是由Header和Payload组合而成,将Header和Claim这两个Json分别使用Base64方式进行编码,生成字符串Header和Payload,然后将Header和Payload以` Header.Payload `的格式组合在一起形成一个字符串,然后使用上面定义好的加密算法和一个密匙(这个密匙存放在服务器上,用于进行验证)对这个字符串进行加密,形成一个新的字符串,这个字符串就是Signature。 37 | - 总结 38 | ![这里写图片描述](http://img.blog.csdn.net/20180310163806888?watermark/2/text/aHR0cDovL2Jsb2cuY3Nkbi5uZXQvbHRsMTEyMzU4/font/5a6L5L2T/fontsize/400/fill/I0JBQkFCMA==/dissolve/70) 39 | 4. JWT实现认证的原理 40 | 服务器在生成一个JWT之后会将这个JWT会以` Authorization : Bearer JWT ` 键值对的形式存放在cookies里面发送到客户端机器,在客户端再次访问收到JWT保护的资源URL链接的时候,服务器会获取到cookies中存放的JWT信息,首先将Header进行反编码获取到加密的算法,在通过存放在服务器上的密匙对` Header.Payload ` 这个字符串进行加密,比对JWT中的Signature和实际加密出来的结果是否一致,如果一致那么说明该JWT是合法有效的,认证成功,否则认证失败。 41 | 42 | ## JWT实现用户认证的流程图 43 | ![这里写图片描述](http://img.blog.csdn.net/20180310125157455?watermark/2/text/aHR0cDovL2Jsb2cuY3Nkbi5uZXQvbHRsMTEyMzU4/font/5a6L5L2T/fontsize/400/fill/I0JBQkFCMA==/dissolve/70) 44 | 45 | ## JWT的代码实现 46 | 这里的代码实现使用的是Spring Boot(版本号:1.5.10)框架,以及Apache Ignite(版本号:2.3.0)数据库(有关Ignite和Spring Boot的整合可以查看之前写过的一篇文章 [在Spring Boot上部署ignite数据库的小例子](http://blog.csdn.net/ltl112358/article/details/79399026)) 47 | 48 | - 代码说明: 49 | 代码中与JWT有关的内容如下 50 | config包中` JwtCfg `类配置生成一个JWT并配置了JWT拦截的URL 51 | controller包中` PersonController ` 用于处理用户的登录注册时生成JWT,` SecureController ` 用于测试JWT 52 | model包中` JwtFilter ` 用于处理与验证JWT的正确性 53 | 其余的是属于Ignite数据库访问的相关内容 54 | 55 | ![这里写图片描述](http://img.blog.csdn.net/2018031013062318?watermark/2/text/aHR0cDovL2Jsb2cuY3Nkbi5uZXQvbHRsMTEyMzU4/font/5a6L5L2T/fontsize/400/fill/I0JBQkFCMA==/dissolve/70) 56 | - ` JwtCfg ` 类 57 | 这个类中声明了一个` @Bean ` ,用于生成一个过滤器类,对` /secure` 链接下的所有资源访问进行JWT的验证 58 | ``` 59 | /** 60 | * This is Jwt configuration which set the url "/secure/*" for filtering 61 | * @program: users 62 | * @author: 李泰郎 63 | * @create: 2018-03-03 21:18 64 | **/ 65 | @Configuration 66 | public class JwtCfg { 67 | 68 | @Bean 69 | public FilterRegistrationBean jwtFilter() { 70 | final FilterRegistrationBean registrationBean = new FilterRegistrationBean(); 71 | registrationBean.setFilter(new JwtFilter()); 72 | registrationBean.addUrlPatterns("/secure/*"); 73 | 74 | return registrationBean; 75 | } 76 | 77 | } 78 | ``` 79 | - ` JwtFilter` 类 80 | 这个类声明了一个JWT过滤器类,从Http请求中提取JWT的信息,并使用了"secretkey"这个密匙对JWT进行验证 81 | ``` 82 | /** 83 | * Check the jwt token from front end if is invalid 84 | * @program: users 85 | * @author: 李泰郎 86 | * @create: 2018-03-01 11:03 87 | **/ 88 | public class JwtFilter extends GenericFilterBean { 89 | 90 | public void doFilter(final ServletRequest req, final ServletResponse res, final FilterChain chain) 91 | throws IOException, ServletException { 92 | 93 | // Change the req and res to HttpServletRequest and HttpServletResponse 94 | final HttpServletRequest request = (HttpServletRequest) req; 95 | final HttpServletResponse response = (HttpServletResponse) res; 96 | 97 | // Get authorization from Http request 98 | final String authHeader = request.getHeader("authorization"); 99 | 100 | // If the Http request is OPTIONS then just return the status code 200 101 | // which is HttpServletResponse.SC_OK in this code 102 | if ("OPTIONS".equals(request.getMethod())) { 103 | response.setStatus(HttpServletResponse.SC_OK); 104 | 105 | chain.doFilter(req, res); 106 | } 107 | // Except OPTIONS, other request should be checked by JWT 108 | else { 109 | 110 | // Check the authorization, check if the token is started by "Bearer " 111 | if (authHeader == null || !authHeader.startsWith("Bearer ")) { 112 | throw new ServletException("Missing or invalid Authorization header"); 113 | } 114 | 115 | // Then get the JWT token from authorization 116 | final String token = authHeader.substring(7); 117 | 118 | try { 119 | // Use JWT parser to check if the signature is valid with the Key "secretkey" 120 | final Claims claims = Jwts.parser().setSigningKey("secretkey").parseClaimsJws(token).getBody(); 121 | 122 | // Add the claim to request header 123 | request.setAttribute("claims", claims); 124 | } catch (final SignatureException e) { 125 | throw new ServletException("Invalid token"); 126 | } 127 | 128 | chain.doFilter(req, res); 129 | } 130 | } 131 | } 132 | ``` 133 | - ` PersonController` 类 134 | 这个类中在用户进行登录操作成功之后,将生成一个JWT作为返回 135 | ``` 136 | /** 137 | * @program: users 138 | * @author: 李泰郎 139 | * @create: 2018-02-27 19:28 140 | **/ 141 | @RestController 142 | public class PersonController { 143 | 144 | @Autowired 145 | private PersonService personService; 146 | 147 | 148 | /** 149 | * User register with whose username and password 150 | * @param reqPerson 151 | * @return Success message 152 | * @throws ServletException 153 | */ 154 | @RequestMapping(value = "/register", method = RequestMethod.POST) 155 | public String register(@RequestBody() ReqPerson reqPerson) throws ServletException { 156 | // Check if username and password is null 157 | if (reqPerson.getUsername() == "" || reqPerson.getUsername() == null 158 | || reqPerson.getPassword() == "" || reqPerson.getPassword() == null) 159 | throw new ServletException("Username or Password invalid!"); 160 | 161 | // Check if the username is used 162 | if(personService.findPersonByUsername(reqPerson.getUsername()) != null) 163 | throw new ServletException("Username is used!"); 164 | 165 | // Give a default role : MEMBER 166 | List roles = new ArrayList(); 167 | roles.add(Role.MEMBER); 168 | 169 | // Create a person in ignite 170 | personService.save(new Person(reqPerson.getUsername(), reqPerson.getPassword(), roles)); 171 | return "Register Success!"; 172 | } 173 | 174 | /** 175 | * Check user`s login info, then create a jwt token returned to front end 176 | * @param reqPerson 177 | * @return jwt token 178 | * @throws ServletException 179 | */ 180 | @PostMapping 181 | public String login(@RequestBody() ReqPerson reqPerson) throws ServletException { 182 | // Check if username and password is null 183 | if (reqPerson.getUsername() == "" || reqPerson.getUsername() == null 184 | || reqPerson.getPassword() == "" || reqPerson.getPassword() == null) 185 | throw new ServletException("Please fill in username and password"); 186 | 187 | // Check if the username is used 188 | if(personService.findPersonByUsername(reqPerson.getUsername()) == null 189 | || !reqPerson.getPassword().equals(personService.findPersonByUsername(reqPerson.getUsername()).getPassword())){ 190 | throw new ServletException("Please fill in username and password"); 191 | } 192 | 193 | // Create Twt token 194 | String jwtToken = Jwts.builder().setSubject(reqPerson.getUsername()).claim("roles", "member").setIssuedAt(new Date()) 195 | .signWith(SignatureAlgorithm.HS256, "secretkey").compact(); 196 | 197 | return jwtToken; 198 | } 199 | } 200 | ``` 201 | - ` SecureController` 类 202 | 这个类中只是用于测试JWT功能,当用户认证成功之后,` /secure` 下的资源才可以被访问 203 | ``` 204 | /** 205 | * Test the jwt, if the token is valid then return "Login Successful" 206 | * If is not valid, the request will be intercepted by JwtFilter 207 | * @program: users 208 | * @author: 李泰郎 209 | * @create: 2018-03-01 11:05 210 | **/ 211 | @RestController 212 | @RequestMapping("/secure") 213 | public class SecureController { 214 | 215 | @RequestMapping("/users/user") 216 | public String loginSuccess() { 217 | return "Login Successful!"; 218 | } 219 | 220 | } 221 | ``` 222 | 223 | ## 代码功能测试 224 | 本例使用Postman对代码进行测试,这里并没有考虑到安全性传递的明文密码,实际上应该用SSL进行加密 225 | 1. 首先进行一个新的测试用户的注册,可以看到注册成功的提示返回 226 | ![这里写图片描述](http://img.blog.csdn.net/20180310132536199?watermark/2/text/aHR0cDovL2Jsb2cuY3Nkbi5uZXQvbHRsMTEyMzU4/font/5a6L5L2T/fontsize/400/fill/I0JBQkFCMA==/dissolve/70) 227 | 2. 再让该用户进行登录,可以看到登录成功之后返回的JWT字符串 228 | ![这里写图片描述](http://img.blog.csdn.net/20180310132824675?watermark/2/text/aHR0cDovL2Jsb2cuY3Nkbi5uZXQvbHRsMTEyMzU4/font/5a6L5L2T/fontsize/400/fill/I0JBQkFCMA==/dissolve/70) 229 | 3. 直接申请访问` /secure/users/user` ,这时候肯定是无法访问的,服务器返回500错误 230 | ![这里写图片描述](http://img.blog.csdn.net/20180310132926995?watermark/2/text/aHR0cDovL2Jsb2cuY3Nkbi5uZXQvbHRsMTEyMzU4/font/5a6L5L2T/fontsize/400/fill/I0JBQkFCMA==/dissolve/70) 231 | 4. 将获取到的JWT作为Authorization属性提交,申请访问` /secure/users/user` ,可以访问成功 232 | ![这里写图片描述](http://img.blog.csdn.net/20180310133041807?watermark/2/text/aHR0cDovL2Jsb2cuY3Nkbi5uZXQvbHRsMTEyMzU4/font/5a6L5L2T/fontsize/400/fill/I0JBQkFCMA==/dissolve/70) 233 | 234 | --- 235 | [^footnote1]: John Wu: JSON Web Token-在Web应用间安全地传递信息[EB/OL].[2018-03-02].http://blog.leapoahead.com/2015/09/06/understanding-jwt/ 236 | 237 | [^footnote2]: Aboullaite Mohammed: Spring Boot token authentication using JWT[EB/OL]. [2018-03-02].https://aboullaite.me/spring-boot-token-authentication-using-jwt/ ↩ 238 | --------------------------------------------------------------------------------