當登錄成功的時候,返回以個authentication 的請求頭,用戶下次請求的時候,只需要附上這個請求頭,就可以直接進行資源的訪問了.

pom.xml

<dependency>
    <groupId>io.jsonwebtoken</groupId>
    <artifactId>jjwt</artifactId>
    <version>0.7.0</version>
</dependency>

編寫一個過濾器

@Component
@Slf4j
public class JwtAuthenticationTokenFilter extends
 
 OncePerRequestFilter {

    private static final String APPLICATION_JSON = "application/json;charset=utf-8";

    @Autowired
    private UserDetailsService userDetailsService;

    @Autowired
    private JwtTokenUtil jwtTokenUtil;

    @Autowired
    private JwtProperties jwtProperties;

    @Override
    
 
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws ServletException, IOException {
        String authToken = request.getHeader(jwtProperties.getHeader());
        if (!StringUtils.isEmpty(authToken)) {
            JwtToken jwtToken;
            
 
try {
                jwtToken = jwtTokenUtil.getJwtToken(authToken);
                String username = jwtToken.getUsername();
                if (username != null && SecurityContextHolder.getContext().getAuthentication() == null) {
                    UserDetails userDetails = userDetailsService.loadUserByUsername(username);
                    if (jwtTokenUtil.validateToken(authToken, userDetails)) {
                        UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
                        authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
                        SecurityContextHolder.getContext().setAuthentication(authentication);
                        log.info("認證通過:{}", username);
                    }
                }
            } catch (InvalidJwtTokenException invalidJwtTokenException) {
                response.setContentType(APPLICATION_JSON);
                log.error(InvalidJwtTokenException.INVALID_JWT_TOKEN_EXCEPTION);
                ResultVO<String> resultVO = new ResultVO<>();
                resultVO.setSuccess(false);
                resultVO.setMsg(InvalidJwtTokenException.INVALID_JWT_TOKEN_EXCEPTION);
                PrintWriter writer = response.getWriter();
                writer.write(JSON.toJSONString(resultVO));
                writer.close();
                return;
            }
        }
        chain.doFilter(request, response);
    }
}

然後在配置類裏面添加

@Override
protected void configure(HttpSecurity http) throws Exception {
　　http.addFilterBefore(jwtAuthenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);
}

Spring Security JWT