一玛迄、前言
一個(gè)基于 Spring Boot 的包括登錄由境、注冊(cè)、用戶認(rèn)證完整的項(xiàng)目蓖议,我們可以學(xué)到以下內(nèi)容:
- 實(shí)現(xiàn)基于 Spring Boot 的 Web 應(yīng)用虏杰,包括定義接口、請(qǐng)求參數(shù)的處理勒虾、返回結(jié)果的封裝等纺阔。
- 實(shí)現(xiàn)基于 Mybatis-Plus 的數(shù)據(jù)庫操作,包括定義實(shí)體類修然、定義 Mapper 接口笛钝、配置 Mapper 掃描等质况。
- 實(shí)現(xiàn)基于spring-security-crypto 對(duì)用戶密碼非對(duì)稱加密保存和驗(yàn)證密碼是否正確。
- 實(shí)現(xiàn)基于 JJWT 的 Token 發(fā)放和解析玻靡,包括定義 Token 的生成和解析規(guī)則结榄、定義 Token 的存儲(chǔ)和獲取方式等。
- 實(shí)現(xiàn)基于 ThreadLocal 的上下文對(duì)象啃奴,包括定義上下文對(duì)象的封裝和保存方式潭陪、定義上下文對(duì)象容器的實(shí)現(xiàn)方式等。
二最蕾、目錄結(jié)構(gòu)
image.png
三依溯、Maven依賴包
在pom.xml dependencies添加下面依賴
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt</artifactId>
<version>0.9.1</version>
</dependency>
<dependency>
<groupId>cn.hutool</groupId>
<artifactId>hutool-all</artifactId>
<version>5.6.5</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-crypto</artifactId>
<version>5.3.3.RELEASE</version>
</dependency>
- jjwt Java Json Web Token
- hutool-all 封裝了很多好用的Java工具類,強(qiáng)烈推薦瘟则,非常好用黎炉,官網(wǎng)地址:https://www.hutool.cn/
- spring-security-crypto 密碼加密和解碼工具
四、封裝統(tǒng)一返回結(jié)果
CommonResult 類
package com.llh.springbootdemo.config;
public class CommonResult<T> {
private Integer code;
private String msg;
private T data;
public CommonResult(int code, String msg) {
this.code = code;
this.msg = msg;
}
public CommonResult(int code, String msg, T data) {
this.code = code;
this.msg = msg;
this.data = data;
}
public static <T> CommonResult<T> success(T t) {
return new CommonResult<T>(200, "操作成功", t);
}
public static <T> CommonResult<T> error(T t) {
return new CommonResult<T>(300, "操作失敗", t);
}
public Integer getCode() {
return code;
}
public void setCode(Integer code) {
this.code = code;
}
public String getMsg() {
return msg;
}
public void setMsg(String msg) {
this.msg = msg;
}
public T getData() {
return data;
}
public void setData(T data) {
this.data = data;
}
@Override
public String toString() {
return "CommonResult{" +
"code=" + code +
", msg='" + msg + '\'' +
", data=" + data +
'}';
}
}
- 使用
@PostMapping("/register")
public CommonResult<Boolean> register(@RequestBody UserInfo userInfo) {
return CommonResult.success(userInfoService.register(userInfo));
}
@PostMapping("/login")
public CommonResult<String> login(@RequestBody UserInfo userInfo) {
return CommonResult.success(userInfoService.login(userInfo));
}
返回結(jié)果如下:
{
"code": 200,
"msg": "操作成功",
"data": true
}
五醋拧、統(tǒng)一異常攔截
GlobalExceptionHandler 類
package com.llh.springbootdemo.config;
import org.springframework.web.bind.annotation.ExceptionHandler;
import org.springframework.web.bind.annotation.RestControllerAdvice;
@RestControllerAdvice
public class GlobalExceptionHandler {
@ExceptionHandler(Exception.class)
public CommonResult<String> exceptionHandler(Exception e) {
return CommonResult.error(e.getMessage());
}
}
- 這里只是做了Exception的處理慷嗜,您可以加上自定義的異常處理。
六丹壕、注冊(cè)功能
PasswordEncoder#encode對(duì)密碼進(jìn)行加密庆械,加密是非對(duì)稱加密,就是相同的密碼加密后的字符串都不一樣菌赖。
@Override
public Boolean register(UserInfo userInfo) {
List<UserInfo> selectedList = list(new LambdaQueryWrapper<UserInfo>()
.eq(UserInfo::getUsername, userInfo.getUsername()));
if (!selectedList.isEmpty()) {
throw new RuntimeException("注冊(cè)失敗缭乘,該用戶名已存在");
}
// 密碼加密
PasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
String encodedPassword = passwordEncoder.encode(userInfo.getPassword());
userInfo.setPassword(encodedPassword);
return save(userInfo);
}
七、登錄功能
PasswordEncoder#matches驗(yàn)證密碼
@Override
public String login(UserInfo userInfo) {
List<UserInfo> selectedList = list(new LambdaQueryWrapper<UserInfo>()
.eq(UserInfo::getUsername, userInfo.getUsername()));
if (selectedList.isEmpty()) {
throw new RuntimeException("登錄失敗琉用,賬號(hào)不存在");
}
UserInfo selected = selectedList.get(0);
String encodedPassword = selected.getPassword();
// 判斷密碼是否正確
PasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
boolean result = passwordEncoder.matches(userInfo.getPassword(), encodedPassword);
if (!result) {
throw new RuntimeException("登錄失敗堕绩,用戶密碼錯(cuò)誤");
}
// 生成令牌
HashMap<String, Object> map = new HashMap<>(2);
map.put("userId", selected.getId());
String token = JwtUtil.generateToken(map);
return token;
}
八、JWT的生成與驗(yàn)證工具類
JwtUtil 類
package com.llh.springbootdemo.utils;
import cn.hutool.core.date.DateUtil;
import io.jsonwebtoken.ExpiredJwtException;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import java.util.Date;
import java.util.Map;
public class JwtUtil {
/**
* 令牌密碼 不少于32位
*/
private static final String SECRET = "token_secret";
/**
* 令牌前綴
*/
private static final String TOKEN_PREFIX = "Bearer";
/**
* 令牌過期時(shí)間
*/
private static final Integer EXPIRE_SECONDS = 60 * 60 * 24 * 7;
/**
* 生成令牌
*/
public static String generateToken(Map<String, Object> map) {
String jwt = Jwts.builder()
.setSubject("user info").setClaims(map)
.signWith(SignatureAlgorithm.HS512, SECRET)
.setExpiration(DateUtil.offsetSecond(new Date(), EXPIRE_SECONDS))
.compact();
return TOKEN_PREFIX + "_" + jwt;
}
/**
* 驗(yàn)證令牌
*/
public static Map<String, Object> resolveToken(String token) {
if (token == null) {
throw new RuntimeException("令牌為空");
}
try {
return Jwts.parser()
.setSigningKey(SECRET)
.parseClaimsJws(token.replaceFirst(TOKEN_PREFIX + "_", ""))
.getBody();
} catch (ExpiredJwtException e) {
throw new RuntimeException("令牌已過期");
} catch (Exception e) {
throw new RuntimeException("令牌解析異常");
}
}
}
九邑时、統(tǒng)一請(qǐng)求攔截
攔截所有的請(qǐng)求進(jìn)入攔截器奴紧,從請(qǐng)求頭獲取令牌,解析令牌晶丘,并保存用戶ID到上下文對(duì)象中
TokenInterceptor 類 令牌攔截器
package com.llh.springbootdemo.config;
import com.llh.springbootdemo.utils.JwtUtil;
import org.springframework.web.servlet.HandlerInterceptor;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
public class TokenInterceptor implements HandlerInterceptor {
/**
* 請(qǐng)求頭
*/
private static final String HEADER_AUTH = "Authorization";
/**
* 安全的url黍氮,不需要令牌
*/
private static final List<String> SAFE_URL_LIST = Arrays.asList("/userInfo/login", "/userInfo/register");
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {
response.setContentType("application/json; charset=utf-8");
String url = request.getRequestURI().substring(request.getContextPath().length());
System.out.println(url);
// 登錄和注冊(cè)等請(qǐng)求不需要令牌
if (SAFE_URL_LIST.contains(url)) {
return true;
}
// 從請(qǐng)求頭里面讀取token
String token = request.getHeader(HEADER_AUTH);
if (token == null) {
throw new RuntimeException("請(qǐng)求失敗,令牌為空");
}
// 解析令牌
Map<String, Object> map = JwtUtil.resolveToken(token);
Long userId = Long.parseLong(map.get("userId").toString());
ContextHolder.setUserId(userId);
return true;
}
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) {
ContextHolder.shutdown();
}
}
- 所有的請(qǐng)求都通過
preHandle方法 -
ContextHolder.setUserId(userId);請(qǐng)求開始將解析的用戶id放入上下文對(duì)象浅浮。 -
ContextHolder.shutdown();請(qǐng)求結(jié)束從上下文對(duì)象中剔除用戶id滤钱。
WebMvcConfiguration 類 添加攔截器到MVC配置中
package com.llh.springbootdemo.config;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurationSupport;
@Configuration
public class WebMvcConfiguration extends WebMvcConfigurationSupport {
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(new TokenInterceptor());
}
}
ContextHolder 類 上下文對(duì)象類
package com.llh.springbootdemo.config;
/**
* @author llh
*/
public class ContextHolder {
public static ThreadLocal<Long> context = new ThreadLocal<>();
public static void setUserId(Long userId) {
context.set(userId);
}
public static Long getUserId() {
return context.get();
}
public static void shutdown() {
context.remove();
}
}
- 主要用到了ThreadLocal,就是在一個(gè)請(qǐng)求線程中都可以獲取到上下文對(duì)象脑题。
- 如修改密碼
Long userId = ContextHolder.getUserId();獲取用戶id件缸。 - 修改密碼根據(jù)用戶id去更新數(shù)據(jù),用戶id直接從上下文對(duì)象中拿叔遂,這樣就不用從前端傳過來他炊,如果從前端傳過來争剿,相當(dāng)于任何人都能修改其它人的密碼了,非常不安全痊末。
- 從上下文中拿蚕苇,也就是從令牌中拿,對(duì)接口就行了保護(hù)凿叠,只能自己操作自己的數(shù)據(jù)涩笤。
@Override
public Boolean changePassword(UserInfo userInfo) {
// 密碼加密
PasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
String encodedPassword = passwordEncoder.encode(userInfo.getPassword());
UserInfo updateUserInfo = new UserInfo();
updateUserInfo.setPassword(encodedPassword);
// 從上下文對(duì)象里面獲取用戶id,而不是用戶傳過來的
Long userId = ContextHolder.getUserId();
updateUserInfo.setId(userId);
return updateById(updateUserInfo);
}
十盒件、完整的代碼
UserInfoService
package com.llh.springbootdemo.service;
import com.baomidou.mybatisplus.extension.service.IService;
import com.llh.springbootdemo.entity.UserInfo;
public interface UserInfoService extends IService<UserInfo> {
/**
* 注冊(cè)
*
* @param userInfo 注冊(cè)信息
* @return 是否成功
*/
Boolean register(UserInfo userInfo);
/**
* 登錄
*
* @param userInfo 登錄信息
* @return 令牌
*/
String login(UserInfo userInfo);
/**
* 更改密碼
*
* @param userInfo 用戶信息
* @return 是否成功
*/
Boolean changePassword(UserInfo userInfo);
}
UserInfoServiceImpl
package com.llh.springbootdemo.service.impl;
import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
import com.llh.springbootdemo.config.ContextHolder;
import com.llh.springbootdemo.entity.UserInfo;
import com.llh.springbootdemo.mapper.UserInfoMapper;
import com.llh.springbootdemo.service.UserInfoService;
import com.llh.springbootdemo.utils.JwtUtil;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Service;
import java.util.HashMap;
import java.util.List;
@Service
public class UserInfoServiceImpl extends ServiceImpl<UserInfoMapper, UserInfo> implements UserInfoService {
@Override
public Boolean register(UserInfo userInfo) {
List<UserInfo> selectedList = list(new LambdaQueryWrapper<UserInfo>()
.eq(UserInfo::getUsername, userInfo.getUsername()));
if (!selectedList.isEmpty()) {
throw new RuntimeException("注冊(cè)失敗蹬碧,該用戶名已存在");
}
// 密碼加密
PasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
String encodedPassword = passwordEncoder.encode(userInfo.getPassword());
userInfo.setPassword(encodedPassword);
return save(userInfo);
}
@Override
public String login(UserInfo userInfo) {
List<UserInfo> selectedList = list(new LambdaQueryWrapper<UserInfo>()
.eq(UserInfo::getUsername, userInfo.getUsername()));
if (selectedList.isEmpty()) {
throw new RuntimeException("登錄失敗,賬號(hào)不存在");
}
UserInfo selected = selectedList.get(0);
String encodedPassword = selected.getPassword();
// 判斷密碼是否正確
PasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
boolean result = passwordEncoder.matches(userInfo.getPassword(), encodedPassword);
if (!result) {
throw new RuntimeException("登錄失敗炒刁,用戶密碼錯(cuò)誤");
}
// 生成令牌
HashMap<String, Object> map = new HashMap<>(2);
map.put("userId", selected.getId());
String token = JwtUtil.generateToken(map);
return token;
}
@Override
public Boolean changePassword(UserInfo userInfo) {
// 密碼加密
PasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
String encodedPassword = passwordEncoder.encode(userInfo.getPassword());
UserInfo updateUserInfo = new UserInfo();
updateUserInfo.setPassword(encodedPassword);
// 從上下文對(duì)象里面獲取用戶id恩沽,而不是用戶傳過來的
Long userId = ContextHolder.getUserId();
updateUserInfo.setId(userId);
return updateById(updateUserInfo);
}
}
UserInfoController
package com.llh.springbootdemo.controller;
import com.llh.springbootdemo.config.CommonResult;
import com.llh.springbootdemo.entity.UserInfo;
import com.llh.springbootdemo.service.UserInfoService;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import javax.annotation.Resource;
@RestController
@RequestMapping("/userInfo")
public class UserInfoController {
@Resource
private UserInfoService userInfoService;
@PostMapping("/register")
public CommonResult<Boolean> register(@RequestBody UserInfo userInfo) {
return CommonResult.success(userInfoService.register(userInfo));
}
@PostMapping("/login")
public CommonResult<String> login(@RequestBody UserInfo userInfo) {
return CommonResult.success(userInfoService.login(userInfo));
}
@PostMapping("/changePassword")
public CommonResult<Boolean> changePassword(@RequestBody UserInfo userInfo) {
return CommonResult.success(userInfoService.changePassword(userInfo));
}
}
pom.xml
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.3.2.RELEASE</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<modelVersion>4.0.0</modelVersion>
<groupId>com.llh</groupId>
<artifactId>spring-boot-demo</artifactId>
<version>1.0.0</version>
<name>spring-boot-demo</name>
<description>springboot project description</description>
<properties>
<mybatis-spring-boot.version>2.1.4</mybatis-spring-boot.version>
<mybatis-plus.version>3.4.2</mybatis-plus.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
</dependency>
<dependency>
<groupId>org.mybatis.spring.boot</groupId>
<artifactId>mybatis-spring-boot-starter</artifactId>
<version>${mybatis-spring-boot.version}</version>
</dependency>
<dependency>
<groupId>com.baomidou</groupId>
<artifactId>mybatis-plus-boot-starter</artifactId>
<version>${mybatis-plus.version}</version>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt</artifactId>
<version>0.9.1</version>
</dependency>
<dependency>
<groupId>cn.hutool</groupId>
<artifactId>hutool-all</artifactId>
<version>5.6.5</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-crypto</artifactId>
<version>5.3.3.RELEASE</version>
</dependency>
</dependencies>
</project>
十一、測試
11.1 注冊(cè)
image.png
查看數(shù)據(jù)庫 密碼是加密后的
image.png
11.2 登錄
登錄成功返回令牌
image.png
11.3 修改密碼
需要在請(qǐng)求頭Authorization加上令牌
image.png
密碼修改由123456->12345678
image.png
十二翔始、結(jié)語
通過以上內(nèi)容的學(xué)習(xí)和實(shí)踐罗心,我們可以掌握基于 Spring Boot 實(shí)現(xiàn)用戶注冊(cè)、登錄和認(rèn)證的方法和技巧城瞎。同時(shí)渤闷,我們也可以了解到如何使用 Spring Boot 配置 Web 應(yīng)用、使用 Mybatis-Plus 操作數(shù)據(jù)庫脖镀、使用 Spring Security 實(shí)現(xiàn)認(rèn)證和授權(quán)等肤晓,這些內(nèi)容可以對(duì)我們?cè)谌粘i_發(fā)中有很大的幫助。
