From f9e3d80dd10e70e9299571a3c04ad354a6260e27 Mon Sep 17 00:00:00 2001
From: cxuan <“616784649@qq.com”>
Date: Fri, 14 Jul 2023 19:56:14 +0800
Subject: [PATCH] security config
---
pom.xml | 24 +++++++
.../filter/JwtAuthenticationTokenFilter.java | 36 +++++++++++
.../security/config/SecurityConfig.java | 12 ++++
.../wuyiqi/netstateproc/utils/JwtUtil.java | 63 +++++++++++++++++++
4 files changed, 135 insertions(+)
create mode 100644 src/main/java/com/wuyiqi/netstateproc/filter/JwtAuthenticationTokenFilter.java
create mode 100644 src/main/java/com/wuyiqi/netstateproc/security/config/SecurityConfig.java
create mode 100644 src/main/java/com/wuyiqi/netstateproc/utils/JwtUtil.java
diff --git a/pom.xml b/pom.xml
index 8d935c7..cbec98d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -25,6 +25,10 @@
org.springframework.boot
spring-boot-starter-web
+
+ org.springframework.boot
+ spring-boot-starter-security
+
com.mysql
@@ -41,6 +45,26 @@
spring-boot-starter-test
test
+
+ org.mapstruct
+ mapstruct
+ 1.5.3.Final
+
+
+ io.jsonwebtoken
+ jjwt-api
+ 0.11.5
+
+
+ io.jsonwebtoken
+ jjwt-impl
+ 0.11.5
+
+
+ io.jsonwebtoken
+ jjwt-jackson
+ 0.11.5
+
diff --git a/src/main/java/com/wuyiqi/netstateproc/filter/JwtAuthenticationTokenFilter.java b/src/main/java/com/wuyiqi/netstateproc/filter/JwtAuthenticationTokenFilter.java
new file mode 100644
index 0000000..39a0ae9
--- /dev/null
+++ b/src/main/java/com/wuyiqi/netstateproc/filter/JwtAuthenticationTokenFilter.java
@@ -0,0 +1,36 @@
+package com.wuyiqi.netstateproc.filter;
+
+import com.wuyiqi.netstateproc.utils.JwtUtil;
+import io.jsonwebtoken.Claims;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import org.springframework.util.StringUtils;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+import java.io.IOException;
+
+public class JwtAuthenticationTokenFilter extends OncePerRequestFilter {
+
+
+ @Override
+ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
+ String token = request.getHeader("Authorization");
+
+ if(!StringUtils.hasText(token) || !token.startsWith("Bearer")) {
+ filterChain.doFilter(request, response);
+ return;
+ }
+
+ token = token.substring(7);
+
+ String userid;
+ try{
+ Claims claims = JwtUtil.parseJWT(token);
+ userid = claims.getSubject();
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+}
diff --git a/src/main/java/com/wuyiqi/netstateproc/security/config/SecurityConfig.java b/src/main/java/com/wuyiqi/netstateproc/security/config/SecurityConfig.java
new file mode 100644
index 0000000..08e8ce1
--- /dev/null
+++ b/src/main/java/com/wuyiqi/netstateproc/security/config/SecurityConfig.java
@@ -0,0 +1,12 @@
+package com.wuyiqi.netstateproc.security.config;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+
+@Configuration
+@EnableWebSecurity
+public class SecurityConfig {
+// @Autowired
+// private JwtAuthenticationTokenFilter jwtAuthenticationTokenFilter;
+}
diff --git a/src/main/java/com/wuyiqi/netstateproc/utils/JwtUtil.java b/src/main/java/com/wuyiqi/netstateproc/utils/JwtUtil.java
new file mode 100644
index 0000000..d5ba340
--- /dev/null
+++ b/src/main/java/com/wuyiqi/netstateproc/utils/JwtUtil.java
@@ -0,0 +1,63 @@
+package com.wuyiqi.netstateproc.utils;
+
+import io.jsonwebtoken.Claims;
+import io.jsonwebtoken.JwtBuilder;
+import io.jsonwebtoken.Jwts;
+import io.jsonwebtoken.SignatureAlgorithm;
+import org.springframework.stereotype.Component;
+
+import javax.crypto.SecretKey;
+import javax.crypto.spec.SecretKeySpec;
+import java.util.Base64;
+import java.util.Date;
+import java.util.UUID;
+
+@Component
+public class JwtUtil {
+ public static final long JWT_TTL = 60 * 60 * 1000L * 24 * 2;
+
+ public static final String JWT_KEY = "ChengXuanWangZhaoLongWUYIQI666";
+
+ public static String getUUID() {
+ return UUID.randomUUID().toString().replaceAll("-", "");
+ }
+
+ public static String createJWT(String subject) {
+ JwtBuilder builder = getJwtBuilder(subject, null, getUUID());
+ return builder.compact();
+ }
+
+ private static JwtBuilder getJwtBuilder(String subject, Long ttlMillis, String uuid) {
+ SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.HS256;
+ SecretKey secretKey = generalKey();
+ long nowMillis = System.currentTimeMillis();
+ Date now = new Date(nowMillis);
+ if (ttlMillis == null) {
+ ttlMillis = JwtUtil.JWT_TTL;
+ }
+
+ long expMillis = nowMillis + ttlMillis;
+ Date expDate = new Date(expMillis);
+ return Jwts.builder()
+ .setId(uuid)
+ .setSubject(subject)
+ .setIssuer("sg")
+ .setIssuedAt(now)
+ .signWith(secretKey, signatureAlgorithm)
+ .setExpiration(expDate);
+ }
+
+ public static SecretKey generalKey() {
+ byte[] encodeKey = Base64.getDecoder().decode(JwtUtil.JWT_KEY);
+ return new SecretKeySpec(encodeKey, 0, encodeKey.length, "HmacSHA256");
+ }
+
+ public static Claims parseJWT(String jwt) throws Exception {
+ SecretKey secretKey = generalKey();
+ return Jwts.parserBuilder()
+ .setSigningKey(secretKey)
+ .build()
+ .parseClaimsJwt(jwt)
+ .getBody();
+ }
+}