1. 修改pom文件加入JWT鉴权
<!--jwt依赖-->
<dependency>
<groupId>commons-beanutils</groupId>
<artifactId>commons-beanutils</artifactId>
<version>1.9.3</version>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt</artifactId>
<version>0.9.0</version>
</dependency>
<dependency>
<groupId>joda-time</groupId>
<artifactId>joda-time</artifactId>
<version>2.9.7</version>
</dependency>
2. 导入工具类
保证本地有RAS文件( 详情看:生产RAS文件)
3. 项目整合JWT
1 .分析
2. 实现
- 步骤一:登录时生产token,并返回
- 步骤二:前端登录成功后,将token保存到sessionStorage
- 步骤三:每一次请求中,需要追加请求头
axios.interceptors.request.use(request => {
let token = sessionStorage.getItem('token')
if(token){
request.headers.authorization = token
}
return request
}, error => {
})
- 步骤四:在网关中,编写网关过滤器,对请求进行校验
- 如果是登录,不执行 run()方法,要求shouldFilter()返回false
- 如果不是登录,需要执行run()方法,要求shouldFilter()返回true
package com.czxy.filter;
import com.czxy.domain.User;
import com.czxy.utils.JwtUtils;
import com.czxy.utils.RasUtils;
import com.netflix.zuul.ZuulFilter;
import com.netflix.zuul.context.RequestContext;
import com.netflix.zuul.exception.ZuulException;
import org.springframework.stereotype.Component;
import javax.servlet.http.HttpServletRequest;
@Component
public class LoginFilter extends ZuulFilter {
private static final String pubKeyPath = "D:\\ras\\ras.pub";
@Override
public String filterType() {
return "pre";
}
@Override
public int filterOrder() {
return 1;
}
@Override
public boolean shouldFilter() {
RequestContext requestContext = RequestContext.getCurrentContext();
HttpServletRequest request = requestContext.getRequest();
String requestURI = request.getRequestURI();
if ("/api/examcustomer/user/login".equals(requestURI)){
return false;
}
return true;
}
@Override
public Object run() throws ZuulException {
RequestContext requestContext = RequestContext.getCurrentContext();
HttpServletRequest request = requestContext.getRequest();
String token = request.getHeader("authorization");
try {
JwtUtils.getObjectFromToken(token, RasUtils.getPublicKey(pubKeyPath), User.class);
} catch (Exception e) {
e.printStackTrace();
requestContext.setResponseStatusCode(403);
requestContext.setSendZuulResponse(false);
}
return null;
}
}
测试效果(postman)
报错演示
成功展示