SpringBoot actual electricity supplier item mall (20k + star) Address: github.com/macrozheng/...
Summary
Spring Cloud Security is SpringBoot build secure applications provide a range of solutions, combined with Oauth2 can also implement more features, such as the use of JWT token to store information, token refresh function, this article will be described in detail in conjunction with JWT for its use.
About JWT
JWT is JSON WEB TOKEN acronym, which is based on JSON subject an RFC 7519 standard definitions can be safely transferred due to the use of digital signatures, it is trusted and secure.
JWT composition
- JWT token format: header.payload.signature;
- header signature generation algorithm for storing;
{
"alg": "HS256",
"typ": "JWT"
}
复制代码- payload for storing data, such as expiration date, user name, user has permissions;
{
"exp": 1572682831,
"user_name": "macro",
"authorities": [
"admin"
],
"jti": "c1a0645a-28b5-4468-b4c7-9623131853af",
"client_id": "admin",
"scope": [
"all"
]
}
复制代码- for the header and payload signature to the generated signature, and once the payload header is tampered with, the verification will fail.
JWT examples
- This is a JWT string:
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE1NzI2ODI4MzEsInVzZXJfbmFtZSI6Im1hY3JvIiwiYXV0aG9yaXRpZXMiOlsiYWRtaW4iXSwianRpIjoiYzFhMDY0NWEtMjhiNS00NDY4LWI0YzctOTYyMzEzMTg1M2FmIiwiY2xpZW50X2lkIjoiYWRtaW4iLCJzY29wZSI6WyJhbGwiXX0.x4i6sRN49R6JSjd5hd1Fr2DdEMBsYdC4KB6Uw1huXPg
复制代码- Analytical results are available on the website: jwt.io/
Creating oauth2-jwt-server module
The module is just an extension of oauth2-server module directly copied down to the next expansion.
oauth2 token stored in a manner
In the previous section we are the token is stored in memory, so if you deploy more than one service, it will not lead to the use of tokens. Spring Cloud Security tokens stored in two ways can be used to solve this problem, one is used to store Redis, the other is used to store JWT.
Use Redis storage token
- Add Redis its dependencies in pom.xml:
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-redis</artifactId>
</dependency>
复制代码- Add redis configuration in application.yml in:
spring:
redis: #redis相关配置
password: 123456 #有密码时设置
复制代码- Adding tokens stored Redis configuration:
/**
* 使用redis存储token的配置
* Created by macro on 2019/10/8.
*/
@Configuration
public class RedisTokenStoreConfig {
@Autowired
private RedisConnectionFactory redisConnectionFactory;
@Bean
public TokenStore redisTokenStore (){
return new RedisTokenStore(redisConnectionFactory);
}
}
复制代码- Specifies the authentication token is stored in the policy server configuration as Redis:
/**
* 认证服务器配置
* Created by macro on 2019/9/30.
*/
@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
@Autowired
private PasswordEncoder passwordEncoder;
@Autowired
private AuthenticationManager authenticationManager;
@Autowired
private UserService userService;
@Autowired
@Qualifier("redisTokenStore")
private TokenStore tokenStore;
/**
* 使用密码模式需要配置
*/
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) {
endpoints.authenticationManager(authenticationManager)
.userDetailsService(userService)
.tokenStore(tokenStore);//配置令牌存储策略
}
//省略代码...
}
复制代码- Run the project using the password mode to get a token, go to the following address: HTTP: // localhost: 9401 / oauth / token
- Operation for acquiring the token, the token can be found to have been stored in Redis.
Use JWT storage token
- Adding a configuration JWT stored tokens:
/**
* 使用Jwt存储token的配置
* Created by macro on 2019/10/8.
*/
@Configuration
public class JwtTokenStoreConfig {
@Bean
public TokenStore jwtTokenStore() {
return new JwtTokenStore(jwtAccessTokenConverter());
}
@Bean
public JwtAccessTokenConverter jwtAccessTokenConverter() {
JwtAccessTokenConverter accessTokenConverter = new JwtAccessTokenConverter();
accessTokenConverter.setSigningKey("test_key");//配置JWT使用的秘钥
return accessTokenConverter;
}
}
复制代码- Specifies the authentication token is stored in the policy server is configured for JWT:
/**
* 认证服务器配置
* Created by macro on 2019/9/30.
*/
@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
@Autowired
private PasswordEncoder passwordEncoder;
@Autowired
private AuthenticationManager authenticationManager;
@Autowired
private UserService userService;
@Autowired
@Qualifier("jwtTokenStore")
private TokenStore tokenStore;
@Autowired
private JwtAccessTokenConverter jwtAccessTokenConverter;
@Autowired
private JwtTokenEnhancer jwtTokenEnhancer;
/**
* 使用密码模式需要配置
*/
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) {
endpoints.authenticationManager(authenticationManager)
.userDetailsService(userService)
.tokenStore(tokenStore) //配置令牌存储策略
.accessTokenConverter(jwtAccessTokenConverter);
}
//省略代码...
}
复制代码- Run the project using the password mode to get a token, go to the following address: HTTP: // localhost: 9401 / oauth / token
- It found that the acquired token has become JWT token, the access_token get https://jwt.io/ web site to resolve the case in which the content can be obtained.
{
"exp": 1572682831,
"user_name": "macro",
"authorities": [
"admin"
],
"jti": "c1a0645a-28b5-4468-b4c7-9623131853af",
"client_id": "admin",
"scope": [
"all"
]
}
复制代码Extended content stored JWT
Sometimes we need to expand the content stored in JWT, here we extend a key is in the JWT
enhance, value for theenhance infodata.
- JWT inheritance TokenEnhancer implement a content enhancer:
/**
* Jwt内容增强器
* Created by macro on 2019/10/8.
*/
public class JwtTokenEnhancer implements TokenEnhancer {
@Override
public OAuth2AccessToken enhance(OAuth2AccessToken accessToken, OAuth2Authentication authentication) {
Map<String, Object> info = new HashMap<>();
info.put("enhance", "enhance info");
((DefaultOAuth2AccessToken) accessToken).setAdditionalInformation(info);
return accessToken;
}
}
复制代码- Create a JwtTokenEnhancer instance:
/**
* 使用Jwt存储token的配置
* Created by macro on 2019/10/8.
*/
@Configuration
public class JwtTokenStoreConfig {
//省略代码...
@Bean
public JwtTokenEnhancer jwtTokenEnhancer() {
return new JwtTokenEnhancer();
}
}
复制代码- JWT configuration content in the authentication server configuration booster:
/**
* 认证服务器配置
* Created by macro on 2019/9/30.
*/
@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
@Autowired
private PasswordEncoder passwordEncoder;
@Autowired
private AuthenticationManager authenticationManager;
@Autowired
private UserService userService;
@Autowired
@Qualifier("jwtTokenStore")
private TokenStore tokenStore;
@Autowired
private JwtAccessTokenConverter jwtAccessTokenConverter;
@Autowired
private JwtTokenEnhancer jwtTokenEnhancer;
/**
* 使用密码模式需要配置
*/
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) {
TokenEnhancerChain enhancerChain = new TokenEnhancerChain();
List<TokenEnhancer> delegates = new ArrayList<>();
delegates.add(jwtTokenEnhancer); //配置JWT的内容增强器
delegates.add(jwtAccessTokenConverter);
enhancerChain.setTokenEnhancers(delegates);
endpoints.authenticationManager(authenticationManager)
.userDetailsService(userService)
.tokenStore(tokenStore) //配置令牌存储策略
.accessTokenConverter(jwtAccessTokenConverter)
.tokenEnhancer(enhancerChain);
}
//省略代码...
}
复制代码- Run the project using the password mode to get the token after token parsed content has been found to contain extended.
{
"user_name": "macro",
"scope": [
"all"
],
"exp": 1572683821,
"authorities": [
"admin"
],
"jti": "1ed1b0d8-f4ea-45a7-8375-211001a51a9e",
"client_id": "admin",
"enhance": "enhance info"
}
复制代码Java parsing the content of JWT
If we need to get information JWT in, you can use a tool called jjwt package.
- Add its dependencies in pom.xml:
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt</artifactId>
<version>0.9.0</version>
</dependency>
复制代码- UserController class modification, use tools to parse jjwt JWT content stored in the Authorization header.
/**
* Created by macro on 2019/9/30.
*/
@RestController
@RequestMapping("/user")
public class UserController {
@GetMapping("/getCurrentUser")
public Object getCurrentUser(Authentication authentication, HttpServletRequest request) {
String header = request.getHeader("Authorization");
String token = StrUtil.subAfter(header, "bearer ", false);
return Jwts.parser()
.setSigningKey("test_key".getBytes(StandardCharsets.UTF_8))
.parseClaimsJws(token)
.getBody();
}
}
复制代码- The token in the
Authorizationheader, the address acquisition information to access the following: HTTP: // localhost: 9401 / User / getCurrentUser
Refresh token
When using oauth2 in Spring Cloud Security, if the token fails, you can use the refresh token acquired through licensing model refresh_token access_token again.
- Just modify the configuration of the authentication server, add the licensing model refresh_token can be.
/**
* 认证服务器配置
* Created by macro on 2019/9/30.
*/
@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory()
.withClient("admin")
.secret(passwordEncoder.encode("admin123456"))
.accessTokenValiditySeconds(3600)
.refreshTokenValiditySeconds(864000)
.redirectUris("http://www.baidu.com")
.autoApprove(true) //自动授权配置
.scopes("all")
.authorizedGrantTypes("authorization_code","password","refresh_token"); //添加授权模式
}
}
复制代码- Use the refresh token to obtain a new token mode, access the following address: HTTP: // localhost: 9401 / oauth / token
To use the module
springcloud-learning
└── oauth2-jwt-server -- 使用jwt的oauth2认证测试服务
复制代码Project Source Address
No public
mall project a full tutorial serialized in public concern number the first time to obtain.