Sign in now has been very common, just what will have to use App micro letter logged in, login using your phone number, or use the PayPal login and other functions ...
Here we have to use micro letter logged in, do a simple process analysis
Appetizer: JWT know
In the certification process Oauth2 above, we can see some of the transmission of the disease to:
When we took the token information to call the user's user information systems,
In fact, the system requests the user information to the authorization server, the legitimacy of the authentication token l
So each certification requires authorization to call a server to do the legality verification token, it is inefficient.
JWT token thinking
JWT scene token use
Before returning after the token is a normal token, the use of JWT, the token seems to get a little mean up
After the user via the authorization server will obtain a token JWT;
The token contains information already associated with the user;
The client only needs to carry the JWT token server can access resources;
The server resources in accordance with the agreed algorithm automatically verify the token, which would not have to request the authorization server
I believe that the process we have read, and here we come to that text, explain JWT
JWT brief
Json Web Token: JWT data contains a total of three parts, three parts by dividing the data string splicing, such as:. Xxx.yyy.zzz
1.Header: [JSON] head, usually head has two parts information, we can head to get information base64 encryption and decryption header information
Declared type, which is a JWT
Disclaimer encryption algorithms: Customizing (HMAC / RSA / ...)
Look as follows,
{
"typ": "JWT",
"alg": "HS256"
}2.payload [JSON]: load, what we want to register data typically contains information about
User identity information (using bases encryption, decryption, is not recommended to store sensitive information too)
Registration Statement: As the token issuance time, the expiration time (exp), issuer (iss) and other information
Look as shown below:
{
"name": "456",
"admin": true
}3.Signature: signature, authentication information is the whole data,
Coupled with the general key encryption algorithm on the server generated based on the first two data for verification of data integrity and reliability of the entire
Look as shown below:
HMACSHA256(
base64UrlEncode(header) + "." +
base64UrlEncode(payload),
secret)Head portion token: base64UrlEncode (header)
base64UrlEncode (payload): token load
secret: the key used to sign the
See here, a mind now, is not it can achieve single sign-oh? Save it with a unique user id load, and other services would mean that users can get the information?
Spring Security + JWT的Demo
Project Introduction
-
Here you will perhaps have doubts? Why we said above the Oauth2, here it is not a small test chopper?
-
Because Oauth2 general use for distributed projects, the need for a separate authentication service from a service to do, and I did not want the idea to build a SpringCloud
-
So here's a little information through the Internet, the code is also the imitation of others, I absorb it and do the next study notes the way out Sharing
pom file specifies its dependencies
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.2.0.RELEASE</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<groupId>com.ninja.study</groupId>
<artifactId>security_demo</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>Ninja-Security</name>
<description>鞋破露脚尖儿</description>
<properties>
<java.version>1.8</java.version>
</properties>
<dependencies>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>8.0.17</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-jpa</artifactId>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-api</artifactId>
<version>0.10.7</version>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-impl</artifactId>
<version>0.10.7</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId></jjwt-JacksonartifactId>
<version>0.10.7</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
<exclusions>
<exclusion>
<groupId>org.junit.vintage</groupId>
<artifactId>junit-vintage-engine</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-test</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>
application.yml Configuration
Correct what's behind the driver class mysql replacement for: com.mysql.cj.jdbc.Driver hope known!
Code: GitHub see
The code line by line to break out of his own, local difficult to understand made a special explanation, we can learn to download to:
On the whole do a simple explanation as to facilitate the formation of a logic circuit in my mind
More tomorrow