SpringCloud + JWT实现基于Token的登录认证

一枕清风
384 阅读2分钟 
月落乌啼霜满天,江枫渔火对愁眠。
姑苏城外寒山寺,夜半钟声到客船。
《枫桥夜泊》——张继

系统架构

系统说明

源码地址:gitee.com/Mr-LuXiaoHu…
micro-gateway(网关)

  1. 端口:8080

  2. 基于SpringCloud-Gateway实现,application.yml配置如下

spring:
  cloud:
    gateway:
      routes:
        - id: micro-auth-application
          uri: lb://micro-auth-application
          predicates:
            - Path=/micro-auth-application/**
          filters:
            - StripPrefix=1
        - id: micro-tmall-application
          uri: lb://micro-tmall-application
          predicates:
            - Path=/micro-tmall-application/**
          filters:
            - StripPrefix=1
  1. 拦截器
  • 放行获取token接口(登录接口):/micro-auth-application/authorize/get-token
  • 拦截其他所有接口
micro-auth-application(授权应用)
  1. 根据用户名和密码获取token(登录),并将token存于redis中
  2. 验证token
  3. 删除token(退出登录)
micro-tmall-application(天猫应用)
  1. 该应用的接口需要登录才能访问

如何运行项目

  1. 安装Nacos,在各个服务或应用的bootstrap.properties文件或bootstrap.yml文件中配置Nacos服务注册和配置的地址,如:
spring:
  cloud:
    nacos:
      config:
        file-extension: yml
        server-addr: 127.0.0.1:8848
      discovery:
        server-addr: 127.0.0.1:8848
  application:
    name: micro-gateway
  1. 修改micro-user-service的数据库连接地址,建表语句如下:
CREATE TABLE `user` (
  `id` bigint(20) unsigned NOT NULL AUTO_INCREMENT COMMENT '主键',
  `username` varchar(64) NOT NULL COMMENT '用户名',
  `password` varchar(255) NOT NULL COMMENT '密码',
  `state` tinyint(4) DEFAULT '1' COMMENT '状态:0-禁用;1-启用',
  `create_time` datetime DEFAULT CURRENT_TIMESTAMP COMMENT '创建时间',
  `update_time` timestamp NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE  CURRENT_TIMESTAMP COMMENT '更新时间',
  PRIMARY KEY (`id`),
  UNIQUE KEY `uk_username` (`username`)
) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=utf8mb4;

INSERT INTO `user`.`user`(`username`, `password`, `state` ) VALUES ('chuliuxiang', '123456', 1);
  1. 启动服务
  • micro-gateway 端口:8080
  • micro-auth-application 端口:8081
  • micro-user-service 端口:8082
  • micro-tmall-application 端口:8083
  1. 登录(获取访问token)
POST请求
http://localhost:8080/micro-auth-application/authorize/get-token
{
    "username":"chuliuxiang",
    "password":"123456"
}

响应:
{
    "code": 0,
    "message": "SUCCESS",
    "data": {
        "accessToken": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJNSUNSTyIsImV4cCI6MTYwMjA3MjQ2NywiaWF0IjoxNjAyMDcxODY3LCJ1c2VybmFtZSI6ImNodWxpdXhpYW5nIn0.9tndaHwX3o_dPhzaqqhmI60XDj5f8aBQZUd7xEzMnwc",
        "accessTokenExpireTime": 1602072467008,
        "refreshToken": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJNSUNSTyIsImV4cCI6MTYwMjY3NjY2NywiaWF0IjoxNjAyMDcxODY3LCJ1c2VybmFtZSI6ImNodWxpdXhpYW5nIn0.04EIm8GwIihrSW3pR9413HfdqkhU9D5dNvviqXpWyLU",
        "refreshTokenExpireTime": 1602676667008
    }
}
  1. 访问受保护的资源
  • 在请求头Header中设置 Access-Token,值为登录获取到accessToken
  • 访问需要登录的接口:
http://localhost:8080/micro-tmall-application/test/getByUsername?username=chuliuxiang
  1. 前端根据响应的code判断token是否有效,做响应提示或跳去登录页
{
    "code": 4003,
    "message": "Token is not exist or expire.",
    "data": {}
}
avatar
文章
阅读
粉丝