zoukankan      html  css  js  c++  java
  • spring jwt token 认证

    maven 里的包

    <dependency>
      <groupId>io.jsonwebtoken</groupId>
      <artifactId>jjwt</artifactId>
      <version>0.7.0</version> </dependency>

     客户端返回的签名验证

    package com.stylefeng.guns.rest.modular.auth.converter;
    
    import com.alibaba.fastjson.JSON;
    import com.alibaba.fastjson.support.spring.FastJsonHttpMessageConverter;
    import com.stylefeng.guns.core.exception.GunsException;
    import com.stylefeng.guns.core.support.HttpKit;
    import com.stylefeng.guns.core.util.MD5Util;
    import com.stylefeng.guns.rest.common.exception.BizExceptionEnum;
    import com.stylefeng.guns.rest.config.properties.JwtProperties;
    import com.stylefeng.guns.rest.modular.auth.security.DataSecurityAction;
    import com.stylefeng.guns.rest.modular.auth.util.JwtTokenUtil;
    import org.springframework.beans.factory.annotation.Autowired;
    import org.springframework.http.HttpInputMessage;
    import org.springframework.http.converter.HttpMessageNotReadableException;
    
    import java.io.IOException;
    import java.io.InputStream;
    import java.lang.reflect.Type;
    
    /**
     * 带签名的http信息转化器
     *
     * @author 
     * @date 
     */
    public class WithSignMessageConverter extends FastJsonHttpMessageConverter {
    
        @Autowired
        JwtProperties jwtProperties;
    
        @Autowired
        JwtTokenUtil jwtTokenUtil;
    
        @Autowired
        DataSecurityAction dataSecurityAction;
    
        @Override
        public Object read(Type type, Class<?> contextClass, HttpInputMessage inputMessage) throws IOException, HttpMessageNotReadableException {
    
            InputStream in = inputMessage.getBody();
            Object o = JSON.parseObject(in, super.getFastJsonConfig().getCharset(), BaseTransferEntity.class, super.getFastJsonConfig().getFeatures());
    
            //先转化成原始的对象
            BaseTransferEntity baseTransferEntity = (BaseTransferEntity) o;
    
            //校验签名
            String token = HttpKit.getRequest().getHeader(jwtProperties.getHeader()).substring(7);
            String md5KeyFromToken = jwtTokenUtil.getMd5KeyFromToken(token);
    
            String object = baseTransferEntity.getObject();
            String json = dataSecurityAction.unlock(object);
            String encrypt = MD5Util.encrypt(object + md5KeyFromToken);
    
            if (encrypt.equals(baseTransferEntity.getSign())) {
                System.out.println("签名校验成功!");
            } else {
                System.out.println("签名校验失败,数据被改动过!");
                throw new GunsException(BizExceptionEnum.SIGN_ERROR);
            }
    
            //校验签名后再转化成应该的对象
            return JSON.parseObject(json, type);
        }
    }
    

      

     

  • 相关阅读:
    Flexcell 导出Excel 打不开,提示Excel在“XXXX.xls” 中发现不可读取的内容。是否要回复此工作薄的内容?如果信任此工作薄的来源,请点击“是”。
    文件上传
    ssrf
    信息收集
    xss
    SQL注入
    Apache Flink CVE-2020-17519漏洞复现
    activemq
    centos6使用yum快速搭建LAMP
    Fastjson<=1.2.47反序列化漏洞复现
  • 原文地址:https://www.cnblogs.com/qin-up/p/10143602.html
Copyright © 2011-2022 走看看