堆栈内存溢出
  简体   繁体   English

SpringBoot JWT安全性如何

[英]SpringBoot JWT security how to

 原文  2017-08-21 22:15:17       java/ spring-boot/ spring-security/ jwt

问题描述

I am trying to implement simple JWT security with token refresh in my web app. 我正在尝试在Web应用程序中使用令牌刷新来实现简单的JWT安全性。 Probably, the question has been asked numerous times and I am digging for an answer but can't seem to find it after a month of searching. 可能这个问题已经被问过无数次了,我正在寻找答案,但是经过一个月的搜索后似乎找不到。

I have two models for the user in the database and they should have different role type ADMIN and USER. 我在数据库中为用户提供了两种模型,它们应该具有不同的角色类型ADMIN和USER。 ADMIN type needs to access his url endpoints and USER his own upon successful email and password login. 成功登录电子邮件和密码后,ADMIN类型需要访问其url端点,而USER必须具有自己的访问权限。 I am trying to avoid oauth because I do not need enterprise like implementation. 我正在尝试避免使用oauth,因为我不需要像企业这样的实现。 Could anyone refer me to a good guide that explains how stuff works or just explain by himself with a code sample? 谁能推荐我一个很好的指南来解释东西是如何工作的,或者只用代码示例自己解释? You would help me alot! 你会帮我很多! Thanks. 谢谢。

1 个解决方案

解决方案1
 2 已采纳  2017-08-22 02:21:03

You may want to try JJWT if you're looking for a simple to use JWT library for Java. 如果您正在寻找一种简单易用的Java JWT库,则可能需要尝试JJWT。 It's well documented and easy to integrate into Spring Boot apps. 它有据可查,易于集成到Spring Boot应用程序中。

At the very least, you'll need to write your own service for generating tokens (using JJWT), a filter for pre-processing the request and generating an Authentication, and an AuthenticationProvider for performing the actual processing/validation of the token content (again with JJWT) and to populate roles/authorities or any other information that might be required by your Authentication implementation. 至少,您需要编写自己的服务来生成令牌(使用JJWT),用于预处理请求并生成Authentication的过滤器以及用于执行令牌内容的实际处理/验证的AuthenticationProvider(再次使用JJWT)并填充角色/权限或身份验证实现可能需要的任何其他信息。

This method of implementing JWT based authentication does not require any components from Spring's OAuth2 implementation. 这种基于JWT的身份验证方法不需要Spring的OAuth2实现中的任何组件。

https://github.com/jwtk/jjwt https://github.com/jwtk/jjwt

https://stormpath.com/blog/jjwt-how-it-works-why https://stormpath.com/blog/jjwt-how-it-works-why

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 SpringBoot 登录 Spring 安全性 JWT 用于 REST ZDB974238714CA8DE634A7CE1D083A1 - SpringBoot login with Spring Security with JWT for REST API 如何在单元测试 SpringBoot 中解析 JWT 令牌 - How to parse JWT token in unit tests SpringBoot 注销springboot jwt - Logout springboot jwt 如何在springboot中使用html模板使用JWT认证? - How to use html template in springboot using JWT Authentication? Springboot Security hasRole被忽略 - Springboot Security hasRole ignored SpringBoot @WebMvcTest安全问题 - SpringBoot @WebMvcTest security issue SpringBoot + Spring安全性 - SpringBoot + Spring Security GraphQL SpringBoot安全异常 - GraphQL SpringBoot Security Exception SpringBoot和Spring Security无法验证 - SpringBoot and Spring Security not authenticate 如何使用SpringBoot Security禁用OPTIONS的基本HTTP身份验证 - How to disable basic http auth for OPTIONS with SpringBoot Security
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM