The JWT token permission authentication technology based on Springboot is simply implemented
JWT profile
Json Web Token (JWT) : Json network Token, an open standard based on Json ((RFC 7519) for passing declarations between network application environments. JWT is a lightweight, secure, cross-platform transport format that defines a compact, self-contained way to communicate between two parties using JSON objects to securely transfer information. This information is reliable because of the digital signature.
Implementation steps:
Environmental spring boot
1. Add JWT dependency
<dependency>
<groupId>com.auth0</groupId>
<artifactId>java-jwt</artifactId>
<version>3.8.1</version>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt</artifactId>
<version>0.9.1</version>
</dependency>
2. Create annotation package </h6 b> under SRC
New custom annotation class JwtToken
package com.qf.tyleryue_one.annotation;
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
@Target({ElementType.METHOD,ElementType.TYPE})
@Retention(RetentionPolicy.RUNTIME)
public @interface JwtToken {
}
3. Create utils package </h6 b> under SRC
Create a new custom JwtUtils utility class
package com.qf.tyleryue_one.utils;
import com.auth0.jwt.JWT;
import com.auth0.jwt.JWTCreator;
import com.auth0.jwt.JWTVerifier;
import com.auth0.jwt.algorithms.Algorithm;
import jdk.internal.org.objectweb.asm.TypeReference;
import java.util.Date;
public class JwtUtils {
private final static long EXPIRE_TIME=5*60*1000;
private final static String SECRECT="Tyler_Yue_key";
public static String sign(String userId){
Date exipre_date = new Date(System.currentTimeMillis() + EXPIRE_TIME);
JWTCreator.Builder builder = JWT.create();
builder.withAudience(userId);
builder.withExpiresAt(exipre_date);
Algorithm algorithm = Algorithm.HMAC256(SECRECT);
String sign = builder.sign(algorithm);
return sign;
}
public static boolean verifyToken(String token){
try {
Algorithm algorithm = Algorithm.HMAC256(SECRECT);
JWTVerifier build = JWT.require(algorithm).build();
return true;
} catch (Exception e) {
throw new RuntimeException("Out of date");
}
}
}
4. Create new vo package under SRC
Encapsulates an object that returns the user’s token
package com.qf.tyleryue_one.vo;
import com.alibaba.druid.filter.AutoLoad;
import lombok.AllArgsConstructor;
import lombok.Data;
import lombok.NoArgsConstructor;
@Data
@AllArgsConstructor
@NoArgsConstructor
public class TokenVo {
private String usernaem;
private String token;
}
5. Example of controller layer user login business login with token </h6 b>
package com.qf.tyleryue_one.controller;
import com.qf.tyleryue_one.entity.VueUser;
import com.qf.tyleryue_one.service.VueUserService;
import com.qf.tyleryue_one.utils.JwtUtils;
import com.qf.tyleryue_one.vo.Msg;
import com.qf.tyleryue_one.vo.TokenVo;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.*;
import java.util.UUID;
@Controller
public class VueUserController {
@Autowired
private VueUserService vueUserService;
@RequestMapping(value = "/dealLogin",method = RequestMethod.POST)
@CrossOrigin
@ResponseBody
public Msg login(@RequestBody VueUser vueUser){
VueUser vueUser1 = vueUserService.selectByUsername(vueUser.getUsername());
if (vueUser1!=null){
if (vueUser1.getPassword().equals(vueUser.getPassword())){
String userid = UUID.randomUUID().toString();
String token = JwtUtils.sign(userid);
TokenVo tokenVo = new TokenVo(vueUser.getUsername(), token);
return new Msg(200,"Logined",tokenVo);
}else {
return new Msg(403,"password wrong",null);
}
}else {
return new Msg(403,"not exsit",null);
}
}
}
</ div>