添加代码示例springboot-jwt

Author: yidao620c

springboot-jwt/.gitignore

@@ -0,0 +1,17 @@
+# 此为注释– 将被Git 忽略
+# /结尾表示是目录，忽略目录和目录下的所有件
+# /开头表示根目录，否则是.gitignore的相对目录
+# !开头表示反选
+.idea/
+target/
+*.iml
+*.ipr
+*.iws
+*.log
+.svn/
+.project
+rebel.xml
+.rebel-remote.xml.*
+swagger.json
+swagger.adoc
+

springboot-jwt/LICENSE

@@ -0,0 +1,20 @@
+The MIT License (MIT)
+
+Copyright (c) 2018 Xiong Neng
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+the Software, and to permit persons to whom the Software is furnished to do so,
+subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

springboot-jwt/README.md

@@ -0,0 +1,20 @@
+
+## 简介
+
+一般来讲，对于RESTful API都会有认证(Authentication)和授权(Authorization)过程，保证API的安全性。
+
+采用TOKEN认证，这种方式也是再HTTP头中，使用Authorization: Bearer <token>，使用最广泛的TOKEN是JWT，通过签名过的TOKEN。
+
+基于Shiro+JWT可实现Token认证方式
+
+## 测试
+
+启动应用后，先访问登录接口，使用参数用户名=admin/密码=12345678，拿到token后再访问其他接口。
+
+## 许可证
+
+Copyright (c) 2018 Xiong Neng
+
+基于 MIT 协议发布: <http://www.opensource.org/licenses/MIT>
+
+

springboot-jwt/pom.xml

@@ -0,0 +1,136 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+
+    <groupId>com.xncoding</groupId>
+    <artifactId>springboot-jwt</artifactId>
+    <version>1.0.0-SNAPSHOT</version>
+    <packaging>jar</packaging>
+
+    <name>springboot-jwt</name>
+    <description>集成JWT实现接口权限认证</description>
+
+    <parent>
+        <groupId>org.springframework.boot</groupId>
+        <artifactId>spring-boot-starter-parent</artifactId>
+        <version>1.5.9.RELEASE</version>
+        <relativePath/>
+    </parent>
+
+    <properties>
+        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+        <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
+        <java.version>1.8</java.version>
+    </properties>
+
+    <dependencies>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-web</artifactId>
+            <exclusions>
+                <exclusion>
+                    <groupId>org.springframework.boot</groupId>
+                    <artifactId>spring-boot-starter-tomcat</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-jetty</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>com.auth0</groupId>
+            <artifactId>java-jwt</artifactId>
+            <version>3.3.0</version>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-test</artifactId>
+            <scope>test</scope>
+            <exclusions>
+                <exclusion>
+                    <groupId>com.vaadin.external.google</groupId>
+                    <artifactId>android-json</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <!-- shiro 权限控制 -->
+        <dependency>
+            <groupId>org.apache.shiro</groupId>
+            <artifactId>shiro-spring</artifactId>
+            <version>1.4.0</version>
+            <exclusions>
+                <exclusion>
+                    <artifactId>slf4j-api</artifactId>
+                    <groupId>org.slf4j</groupId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <!-- shiro ehcache (shiro缓存)-->
+        <dependency>
+            <groupId>org.apache.shiro</groupId>
+            <artifactId>shiro-ehcache</artifactId>
+            <version>1.4.0</version>
+            <exclusions>
+                <exclusion>
+                    <artifactId>slf4j-api</artifactId>
+                    <groupId>org.slf4j</groupId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+
+        <dependency>
+            <groupId>org.apache.commons</groupId>
+            <artifactId>commons-lang3</artifactId>
+            <version>3.7</version>
+        </dependency>
+    </dependencies>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-compiler-plugin</artifactId>
+                <version>3.6.1</version>
+                <configuration>
+                    <!--<proc>none</proc>-->
+                    <source>1.8</source>
+                    <target>1.8</target>
+                </configuration>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-surefire-plugin</artifactId>
+                <version>2.20</version>
+                <configuration>
+                    <systemPropertyVariables>
+                        <swaggerOutputDir>${project.basedir}/src/main/resources/swagger</swaggerOutputDir>
+                        <asciiDocOutputDir>${project.basedir}/src/main/resources/swagger/swagger</asciiDocOutputDir>
+                    </systemPropertyVariables>
+                    <skip>true</skip>
+                </configuration>
+            </plugin>
+            <plugin>
+                <groupId>org.springframework.boot</groupId>
+                <artifactId>spring-boot-maven-plugin</artifactId>
+                <executions>
+                </executions>
+            </plugin>
+        </plugins>
+
+        <resources>
+            <resource>
+                <directory>src/main/resources</directory>
+            </resource>
+            <resource>
+                <directory>src/main/java</directory>
+                <includes>
+                    <include>**/*.xml</include>
+                </includes>
+            </resource>
+        </resources>
+    </build>
+
+</project>

springboot-jwt/run.sh

@@ -0,0 +1,72 @@
+#!/bin/bash
+# 项目自动更新脚本
+# 先clone相应的分支下来：
+# git clone ssh://[email protected]:7999/xxx.git
+# 远程调试启动：
+# nohup java -agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=5005 -Xms512m -Xmx1024m -jar -Dspring.profiles.active=${profile} ${jarfile} >/dev/null 2>&1 &
+
+function start {
+    profile="$1"
+    echo "启动环境profile=${profile}"
+    jarfile=$(ls target/*.jar)
+    if [[ "$?" == "0" ]]; then
+        stop $profile $jarfile
+    fi
+    branch=$(git branch |awk '{print $2}')
+    git pull origin ${branch}
+    echo "更新完代码开始重新打包"
+    mvn clean && mvn clean && mvn package -DskipTests=true
+    if [[ "$?" != "0" ]]; then
+        echo "编译出错，退出！"
+        exit 1
+    fi
+    echo "nohup java -Xms512m -Xmx1024m -jar -Dspring.profiles.active=${profile} ${jarfile} >/dev/null 2>&1 &"
+    nohup java -Xms512m -Xmx1024m -jar -Dspring.profiles.active=${profile} ${jarfile} >/dev/null 2>&1 &
+    echo "启动应用中，请查看日志文件..."
+}
+
+function stop {
+    profile="$1"
+    jarfile="$2"
+    ps aux | grep "${jarfile}" | grep "spring.profiles.active=${profile}" | grep -v grep > /dev/null
+    if [[ "$?" == "0" ]]; then
+        echo "该应用还在跑，我先停了它"
+        pid=$(ps aux | grep "${jarfile}" | grep "spring.profiles.active=${profile}" | grep -v grep |awk '{print $2}')
+        if [[ "$pid" != "" ]]; then
+            kill -9 $pid
+        fi
+        echo "停止应用成功..."
+    fi
+}
+
+if [[ "$1" == "start" ]]; then
+    if [[ "$#" < 2 ]]; then
+        echo "请输入正确参数：./epay.sh start {profile}"
+        exit 1
+    fi
+    profile="$2"
+    if [[ "$profile" != "dev" && "$profile" != "test" && "$profile" != "show" && "$profile" != "production" ]]; then
+        echo "参数错误，请输入正确的profile参数，使用方法："
+        echo "./epay.sh start {profile}    ==> 启动应用，{profile}取值：dev|test|show|production"
+        exit 1
+    fi
+    start "${profile}"
+elif [[ "$1" == "stop" ]]; then
+    if [[ "$#" < 2 ]]; then
+        echo "请输入正确参数：./epay.sh stop  {profile}"
+        exit 1
+    fi
+    profile="$2"
+    if [[ "$profile" != "dev" && "$profile" != "test" && "$profile" != "show" && "$profile" != "production" ]]; then
+        echo "参数错误，请输入正确的profile参数，使用方法："
+        echo "./epay.sh stop {profile}     ==> 停止应用，{profile}取值：dev|test|show|production"
+        exit 1
+    fi
+    jarfile=$(ls target/*.jar)
+    stop $profile $jarfile
+else
+    echo "参数错误，使用方法：{}参数是必填的，[]参数可选"
+    echo "./epay.sh start {profile}    ==> 启动应用，{profile}取值：dev|test|show|production"
+    echo "./epay.sh stop  {profile}    ==> 停止应用，{profile}取值：dev|test|show|production"
+    exit 1
+fi

springboot-jwt/src/main/java/com/xncoding/jwt/Application.java

@@ -0,0 +1,12 @@
+package com.xncoding.jwt;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+
+@SpringBootApplication
+public class Application {
+    public static void main(String[] args) {
+        SpringApplication.run(Application.class, args);
+    }
+
+}

springboot-jwt/src/main/java/com/xncoding/jwt/api/ExceptionController.java

@@ -0,0 +1,48 @@
+package com.xncoding.jwt.api;
+
+import com.xncoding.jwt.api.model.BaseResponse;
+import org.apache.shiro.ShiroException;
+import org.apache.shiro.authz.UnauthorizedException;
+import org.springframework.http.HttpStatus;
+import org.springframework.web.bind.annotation.ExceptionHandler;
+import org.springframework.web.bind.annotation.ResponseStatus;
+import org.springframework.web.bind.annotation.RestControllerAdvice;
+
+import javax.servlet.http.HttpServletRequest;
+
+/**
+ * 注意这个统一异常处理器只对认证过的用户调用接口中的异常有作用，对AuthenticationException没有用
+ */
+@RestControllerAdvice
+public class ExceptionController {
+
+    // 捕捉shiro的异常
+    @ResponseStatus(HttpStatus.UNAUTHORIZED)
+    @ExceptionHandler(ShiroException.class)
+    public BaseResponse handle401(ShiroException e) {
+        return new BaseResponse(false, "shiro的异常", null);
+    }
+
+    // 捕捉UnauthorizedException
+    @ResponseStatus(HttpStatus.UNAUTHORIZED)
+    @ExceptionHandler(UnauthorizedException.class)
+    public BaseResponse handle401() {
+        return new BaseResponse(false, "UnauthorizedException", null);
+    }
+
+    // 捕捉其他所有异常
+    @ExceptionHandler(Exception.class)
+    @ResponseStatus(HttpStatus.BAD_REQUEST)
+    public BaseResponse globalException(HttpServletRequest request, Throwable ex) {
+        return new BaseResponse(false, "其他异常", null);
+    }
+
+    private HttpStatus getStatus(HttpServletRequest request) {
+        Integer statusCode = (Integer) request.getAttribute("javax.servlet.error.status_code");
+        if (statusCode == null) {
+            return HttpStatus.INTERNAL_SERVER_ERROR;
+        }
+        return HttpStatus.valueOf(statusCode);
+    }
+}
+