Spring项目使用JWT进行后端鉴权

Spring项目使用JWT进行后端鉴权添加需要使用的新依赖项dependencygroupIdcom.auth0/groupIdartifactIdjava-jwt/artifactIdversion3.10.3/version/dependencydependencygroupIdcn.hutool/groupIdartifactIdhutool-all/artifactIdversion5.8.24/version/dependency添加访问路径前缀配置importorg.springframework.context.annotation.Configuration;importorg.springframework.web.bind.annotation.RestController;importorg.springframework.web.servlet.config.annotation.PathMatchConfigurer;importorg.springframework.web.servlet.config.annotation.WebMvcConfigurer;ConfigurationpublicclassWebConfigimplementsWebMvcConfigurer{OverridepublicvoidconfigurePathMatch(PathMatchConfigurerconfigurer){configurer.addPathPrefix(/api,clazz-clazz.isAnnotationPresent(RestController.class));}}将原来Controller类中的Controller注解替换为RestController去掉原来的CrossOrigin(origins “*”)注解。JWT鉴权原理如下https://blog.51cto.com/u_9806927/12294431在项目中添加JWT工具importcn.hutool.core.date.DateUtil;importcom.auth0.jwt.JWT;importcom.auth0.jwt.algorithms.Algorithm;importcom.example.demo.service.UserService;importjakarta.annotation.PostConstruct;importjakarta.annotation.Resource;importorg.springframework.stereotype.Component;importjava.util.Date;ComponentpublicclassJwtTokenUtils{privatestaticUserServicestaticUserService;ResourceprivateUserServiceuserService;PostConstructpublicvoidsetUserService(){userServicestaticUserService;}publicstaticStringgenToken(Stringaccount,Stringpassword){returnJWT.create().withAudience(account)//将account保存在载荷中.withExpiresAt(DateUtil.offsetHour(newDate(),2))//设置token有效时间.sign(Algorithm.HMAC256(password));//以password为密钥进行加密}}重构User类重写登录接口当用户登录成功后将token一起返回给前端在项目中添加拦截器用于校验JWTtoken的正确性importcn.hutool.core.util.StrUtil;importcom.auth0.jwt.JWT;importcom.auth0.jwt.JWTVerifier;importcom.auth0.jwt.algorithms.Algorithm;importcom.auth0.jwt.exceptions.JWTVerificationException;importcom.example.demo.entity.User;importcom.example.demo.service.UserService;importjakarta.annotation.Resource;importjakarta.servlet.http.HttpServletRequest;importjakarta.servlet.http.HttpServletResponse;importorg.slf4j.Logger;importorg.slf4j.LoggerFactory;importorg.springframework.stereotype.Component;importorg.springframework.web.servlet.HandlerInterceptor;ComponentpublicclassJwtInterceptorimplementsHandlerInterceptor{privatestaticfinalLoggerlogLoggerFactory.getLogger(JwtInterceptor.class);ResourceprivateUserServiceuserService;OverridepublicbooleanpreHandle(HttpServletRequestrequest,HttpServletResponseresponse,Objecthandler)throwsException{if(OPTIONS.equalsIgnoreCase(request.getMethod())){returntrue;}Stringtokenrequest.getHeader(token);if(StrUtil.isBlank(token)){tokenrequest.getParameter(token);}if(StrUtil.isBlank(token)){thrownewException(登录状态异常请重新登录);}Stringaccount;Userusernull;try{accountJWT.decode(token).getAudience().get(0);useruserService.findUserByAccount(account);}catch(Exceptione){log.error(无效tonkentoken:token);}if(usernull){thrownewException(用户不存在请重新登录);}try{JWTVerifierjwtVerifierJWT.require(Algorithm.HMAC256(user.getPassword())).build();jwtVerifier.verify(token);}catch(JWTVerificationExceptione){thrownewException(token验证失败请重新登录);}returntrue;}}在拦截器配置到对应的接口上面importjakarta.annotation.Resource;importorg.springframework.context.annotation.Configuration;importorg.springframework.web.bind.annotation.RestController;importorg.springframework.web.servlet.config.annotation.CorsRegistry;importorg.springframework.web.servlet.config.annotation.InterceptorRegistry;importorg.springframework.web.servlet.config.annotation.PathMatchConfigurer;importorg.springframework.web.servlet.config.annotation.WebMvcConfigurer;ConfigurationpublicclassWebConfigimplementsWebMvcConfigurer{ResourceprivateJwtInterceptorjwtInterceptor;OverridepublicvoidconfigurePathMatch(PathMatchConfigurerconfigurer){configurer.addPathPrefix(/api,clazz-clazz.isAnnotationPresent(RestController.class));}OverridepublicvoidaddCorsMappings(CorsRegistryregistry){registry.addMapping(/**).allowCredentials(true).allowedOriginPatterns(*).allowedHeaders(*).allowedMethods(GET,POST,PUT,DELETE,OPTIONS).maxAge(3600);}OverridepublicvoidaddInterceptors(InterceptorRegistryregistry){registry.addInterceptor(jwtInterceptor).addPathPatterns(/api/**).excludePathPatterns(/api/user/login).excludePathPatterns(/api/user/register);}}