龙空技术网

实战:十分钟实现基于JWT前后端分离的权限框架

小智观影记 140

前言:

现时我们对“postman设置左右排版”大体比较看重,我们都想要知道一些“postman设置左右排版”的相关知识。那么小编也在网摘上汇集了一些对于“postman设置左右排版””的相关文章,希望同学们能喜欢,小伙伴们快快来学习一下吧!

前言

面试过很多Java开发,能把权限这块说的清楚的实在是不多,很多人因为公司项目职责问题,很难学到这类相关的流程和技术,本文梳理一个简单的场景,实现一个基于jwt前后端分离的权限框架。

简易流程登录获取票据和缓存信息

image-20200709160301317

鉴权流程

image-20200709160427929

技术栈和功能规划

本文技术选型为SpringBoot+JWT+Redis, 实现上图的登录流程和鉴权流程,并提供完整项目代码。

「本项目已实现如下功能」:

跨域配置jwt集成redis集成BaseController封装,方便取出用户信息拦截器和白名单全局异常jwt工具类封装redis工具类封装redis枚举Key封装Redis安装和启动

使用Docker一行命令构建启动Redis,命令如下

 docker run -itd --name redis-test -p 6379:6379 redis --requirepass "123456redis"

指定端口:6379

指定密码:123456redis

客户端连接测试,问题不大~

创建SpringBoot项目并引入JWT依赖

<dependency>  <groupId>io.jsonwebtoken</groupId>  <artifactId>jjwt</artifactId>  <version>0.9.1</version></dependency>

其实主要是引了这个包,其他的就不贴出来了。主要有redis以及json相关的,完整代码都在项目可以自己看

写一个登陆方法

UserController

  @PostMapping("/login")    public UserVO login(@RequestBody LoginDTO loginDTO)  {        return userService.login(loginDTO);    }

UserService

用户信息就模拟的了,都看的懂。登录成功后根据uid生产jwt,然后缓存到redis,封装结果给到前端

package com.lzp.auth.service;@Servicepublic class UserService {    @Value("${server.session.timeout:3000}")    private Long timeout;    @Autowired    private RedisUtils redisUtils;    final static String USER_NAME = "admin";    //密码 演示用就不做加密处理了    final static String PWD = "admin";    public UserVO login(LoginDTO loginDTO){        User user = getByName(loginDTO.getUserName());        //用户信息校验和查询        if (user == null){            throw new ServiceException(ResultCodeEnum.LOGIN_FAIL);        }        //密码校验        if(!PWD.equals(loginDTO.getPwd())){            throw new ServiceException(ResultCodeEnum.LOGIN_FAIL);        }        //缓存用户信息并设置过期时间        UserVO userVO = new UserVO();        userVO.setName(user.getName());        userVO.setUid(user.getUid());        userVO.setToken(JWTUtils.generate(user.getUid()));        //信息入库redis        redisUtils.set(RedisKeyEnum.OAUTH_APP_TOKEN.keyBuilder(userVO.getUid()), JSONObject.toJSONString(userVO), timeout);        return userVO;    }    /**     * 通过用户名获取用户     * @param name     * @return     */    public User getByName(String name){        User user = null;        if(USER_NAME.equals(name)){            user =  new User("1","张三","Aa123456");        }        return user;    }}
定义登录拦截器

LoginInterceptor

package com.lzp.auth.config;import com.lzp.auth.exception.ServiceException;import com.lzp.auth.utils.JWTUtils;import com.lzp.auth.utils.ResultCodeEnum;import com.lzp.auth.utils.SessionContext;import io.jsonwebtoken.Claims;import lombok.extern.slf4j.Slf4j;import org.springframework.beans.factory.annotation.Autowired;import org.springframework.data.redis.core.StringRedisTemplate;import org.springframework.util.StringUtils;import org.springframework.web.servlet.ModelAndView;import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;@Slf4jpublic class LoginInterceptor extends HandlerInterceptorAdapter {    @Autowired    StringRedisTemplate redisTemplate;    @Override    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {        String token = request.getHeader("token");        String requestURI = request.getRequestURI().replaceAll("/+", "/");        log.info("requestURI:{}",requestURI);        if (StringUtils.isEmpty(token)) {            throw new ServiceException(ResultCodeEnum.AUTH_FAIL);        }        Claims claim = JWTUtils.getClaim(token);        if(claim == null){            throw new ServiceException(ResultCodeEnum.AUTH_FAIL);        }        String uid = null;        try {            uid = JWTUtils.getOpenId(token);        } catch (Exception e) {            throw new ServiceException(ResultCodeEnum.AUTH_FAIL);        }        //用户id放到上下文 可以当前请求进行传递        request.setAttribute(SessionContext.USER_ID_KEY, uid);        return true;    }    @Override    public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {    }    @Override    public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {    }}
配置跨域、资源、定义拦截器、加白名单
package com.lzp.auth.config;import org.springframework.beans.BeansException;import org.springframework.context.ApplicationContext;import org.springframework.context.ApplicationContextAware;import org.springframework.context.annotation.Bean;import org.springframework.context.annotation.Configuration;import org.springframework.web.cors.CorsConfiguration;import org.springframework.web.cors.reactive.CorsWebFilter;import org.springframework.web.cors.reactive.UrlBasedCorsConfigurationSource;import org.springframework.web.servlet.config.annotation.InterceptorRegistry;import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;import org.springframework.web.util.pattern.PathPatternParser;@Configurationpublic class WebMvcConfig extends WebMvcConfigurerAdapter implements ApplicationContextAware {    private ApplicationContext applicationContext;    public WebMvcConfig() {        super();    }    @Override    public void addResourceHandlers(ResourceHandlerRegistry registry) {        super.addResourceHandlers(registry);    }    @Override    public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {        this.applicationContext = applicationContext;    }    @Bean    public CorsWebFilter corsFilter() {        CorsConfiguration config = new CorsConfiguration();        config.addAllowedMethod("*");        config.addAllowedOrigin("*");        config.addAllowedHeader("*");        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(new PathPatternParser());        source.registerCorsConfiguration("/**", config);        return new CorsWebFilter(source);    }    @Bean    LoginInterceptor loginInterceptor() {        return new LoginInterceptor();    }    @Override    public void addInterceptors(InterceptorRegistry registry) {        //拦截规则:除了login,其他都拦截判断        registry.addInterceptor(loginInterceptor())                .addPathPatterns("/**")                .excludePathPatterns("/user/login");        super.addInterceptors(registry);    }}

「postMan调试」

模拟成功和失败场景

成功如上图,返回用户信息和Token

失败如上图

测试非白名单接口

「使用token再来访问当前接口」

完美~

至此本项目就完美结束了哦

项目代码

本文使用 mdnice 排版

标签: #postman设置左右排版