1. 首页
  2. IT资讯

Java基于JWT的token认证

“u003Cdivu003Eu003Cpu003E一、背景引入u003Cu002Fpu003Eu003Cpu003E由于Http协议本身是无状态的,那么服务器是怎么识别两次请求是不是来自同一个客户端呢,传统用户识别是基于seeion和cookie实现的。大致流程如下:u003Cu002Fpu003Eu003Cdiv class=”pgc-img”u003Eu003Cimg src=”http:u002Fu002Fp3.pstatp.comu002Flargeu002Fpgc-imageu002Fdb34edee764e4a35aea9e588955e16d4″ img_width=”720″ img_height=”315″ alt=”Java基于JWT的token认证” inline=”0″u003Eu003Cp class=”pgc-img-caption”u003Eu003Cu002Fpu003Eu003Cu002Fdivu003Eu003Colu003Eu003Cliu003E用户向服务器发送用户名和密码请求用户进行校验,校验通过后创建session绘画,并将用户相关信息保存到session中服务器将sessionId回写到用户浏览器cookie中用户以后的请求,都会鞋带cookie发送到服务器服务器得到cookie中的sessionId,从session集合中找到该用户的session回话,识别用户u003Cu002Fliu003Eu003Cu002Folu003Eu003Cpu003E这种模式有很多缺点,对于分布式架构的支持以及扩展性不是很好。而且session是保存在内存中,单台服务器部署如果登陆用户过多占用服务器资源也多,做集群必须得实现session共享的话,集群数量又不易太多,否则服务器之间频繁同步session也会非常耗性能。当然也可以引入持久层,将session保存在数据库或者redis中,保存数据库的话效率不高,存redis效率高,但是对redis依赖太重,如果redis挂了,影响整个应用。还有一种办法就是不存服务器,而是把用户标识数据存在浏览器,浏览器每次请求都携带该数据,服务器做校验,这也是JWT的思想。u003Cu002Fpu003Eu003Cpu003E二、JWT介绍u003Cu002Fpu003Eu003Cpu003E2.1 概念介绍u003Cu002Fpu003Eu003Cpu003EJson Web Token(JWT)是目前比较流行的跨域认证解决方案,是一种基于JSON的开发标准,由于数据是可以经过签名加密的,比较安全可靠,一般用于前端和服务器之间传递信息,也可以用在移动端和后台传递认证信息。u003Cu002Fpu003Eu003Cpu003E2.2 组成结构u003Cu002Fpu003Eu003Cpu003EJWT就是一段字符串,格式如下:u003Cu002Fpu003Eu003Cpreu003EeyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhdWQiOiIxIn0.qfd0GelhE1aGr15LrnYlIZ_3UToaOM5HeMcXrmDGu003Cbru003Eu003Cu002Fpreu003Eu003Cpu003E由于三部分组成,之间用”.”接。第一部分是头信息Header,中间部分是载荷Payload,最后部分是签名信息Signature。u003Cu002Fpu003Eu003Cpu003E头信息Header:描述JWT基本信息,typ表示采用JWT令牌,alg(algorithm)表示采用什么算法进行签名,常见算法有HmacSHA256(HS256)、HmacSHA384(HS384)、HmacSHA512(HS512)、SHA256withECDSA(ES256)、SHA256withRSA(RS256)、SHA512withRSA(RS512)等。如果采用HS256则头信息结构为:u003Cu002Fpu003Eu003Cpreu003E{u003Cbru003E “typ”: “JWT”,u003Cbru003E “alg”: “HS256u003Cbru003E}u003Cbru003Eu003Cu002Fpreu003Eu003Cpu003E载荷Payload:载荷(也可以叫载体)是具体的传输内容,包括一些标准属性,iss: 该JWT的签发者,exp: 过期时间戳,iat: 签发时间戳,jti: JWTID等等。也可以添加其他需要传递的内容数据。结构为:u003Cu002Fpu003Eu003Cpreu003E{u003Cbru003E “iss”: “kkk”,u003Cbru003E “iat”: 1548818203,u003Cbru003E “exp”: 1548818212,u003Cbru003E “sub”: “test.comu003Cbru003E}u003Cbru003Eu003Cu002Fpreu003Eu003Cpu003E签名Signature:对头信息和载荷进行签名,保证传输过程中信息不被篡改,比如:将头信息和载荷分别进行base64加密得到字符串a和b,将字符串a和b以点相连并签名得到字符串c,将字符串a、b、c以点相连得到最终token。u003Cu002Fpu003Eu003Cpu003E2.3 验证流程u003Cu002Fpu003Eu003Cpu003E使用JWT的验证流程为:u003Cu002Fpu003Eu003Colu003Eu003Cliu003E用户提交用户名,密码到服务器后台后台验证通过,服务器端生成Token字符串,返回到客户端客户端保存Token,下一次请求资源时,附带上Token信息服务器端验证Token是否由服务器签发的(一般在拦截器中验证),若Token验证通过,则返回需要的资源u003Cu002Fliu003Eu003Cu002Folu003Eu003Cpu003E验证流程和基于session大体相同,只不过不是基于session,而是采用拦截器在代码中实验验证,返回给客户端的也不是sessionid,而是经过一定算法得出来的token字符串。u003Cu002Fpu003Eu003Cpu003E2.4 源码分析u003Cu002Fpu003Eu003Cpu003EJava中有封装好的开源哭JWT可以直接使用,下面就分析下关键代码验证以下内容。u003Cu002Fpu003Eu003Cpu003EHeader头信息结构分析关键源码如下:u003Cu002Fpu003Eu003Cpreu003Eu002Fu002Ftoken生成方法u003Cbru003Epublic static void main(String[] args) {u003Cbru003E String token= JWT.create().withAudience(“audience”)u003Cbru003E .withIssuedAt(new Date())u003Cbru003E .withSubject(“subject”)u003Cbru003E .withExpiresAt(new Date()).withJWTId(“jtiid”)u003Cbru003E .sign(Algorithm.HMAC256(user.getPassword()));u003Cbru003E}u003Cbru003Epublic abstract class Algorithm {u003Cbru003E private final String name;u003Cbru003E private final String description;u003Cbru003E u002Fu002F…其他方法省略…u003Cbru003E public static Algorithm HMAC256(String secret) throws IllegalArgumentException {u003Cbru003E return new HMACAlgorithm(“HS256”, “HmacSHA256”, secret);u003Cbru003E }u003Cbru003E u002Fu002F…其他方法省略…u003Cbru003E}u003Cbru003Eclass HMACAlgorithm extends Algorithm {u003Cbru003E private final CryptoHelper crypto;u003Cbru003E private final byte[] secret;u003Cbru003E u002Fu002F…其他方法省略…u003Cbru003EHMACAlgorithm(String id, String algorithm, byte[] secretBytes)u003Cbru003Ethrows IllegalArgumentException {u003Cbru003Ethis(new CryptoHelper(), id, algorithm, secretBytes);u003Cbru003E}u003Cbru003Eu002Fu002F…其他方法省略..u003Cbru003E}u003Cbru003Epublic String sign(Algorithm algorithm) throws IllegalArgumentException,u003Cbru003EJWTCreationException {u003Cbru003E if (algorithm == null) {u003Cbru003E throw new IllegalArgumentException(“The Algorithm cannot be null.”);u003Cbru003E} else {u003Cbru003E this.headerClaims.put(“alg”, algorithm.getName());u003Cbru003E this.headerClaims.put(“typ”, “JWT”);u003Cbru003E String signingKeyId = algorithm.getSigningKeyId();u003Cbru003E if (signingKeyId != null) {u003Cbru003E this.withKeyId(signingKeyId);u003Cbru003E}u003Cbru003Epublic final class JWTCreator {u003Cbru003E private final Algorithm algorithm;u003Cbru003E private final String headerJson;u003Cbru003E private final String payloadJson;u003Cbru003E private JWTCreator(Algorithm algorithm,u003Cbru003E Map<String, Object> headerClaims,u003Cbru003E Map<String, Object> payloadClaims) throws JWTCreationException {u003Cbru003E this.algorithm = algorithm;u003Cbru003E try {u003Cbru003E ObjectMapper mapper = new ObjectMapper();u003Cbru003E SimpleModule module = new SimpleModule();u003Cbru003E module.addSerializer(ClaimsHolder.class, new PayloadSerializer());u003Cbru003E mapper.registerModule(module);u003Cbru003E mapper.configure(MapperFeature.SORT_PROPERTIES_ALPHABETICALLY, true);u003Cbru003E this.headerJson = mapper.writeValueAsString(headerClaims);u003Cbru003E this.payloadJson =u003Cbru003E mapper.writeValueAsString(new ClaimsHolder(payloadClaims));u003Cbru003E } catch (JsonProcessingException var6) {u003Cbru003E throw new JWTCreationException(u003Cbru003E “Some of the Claims couldn’t be converted to a valid JSON format.”,u003Cbru003E var6);u003Cbru003E }u003Cbru003E}u003Cbru003Eu002Fu002F…其他方法省略…u003Cbru003Eu003Cu002Fpreu003Eu003Cpu003EheaderClaims是一个Map,包括两个属性typ和alg,typ值固定JWT,alg传过来的签名算法这里使用的u003Cu002Fpu003Eu003Cpu003EHmacSHA256简称HS256。typ和alg组成Header头信息。u003Cu002Fpu003Eu003Cpu003EPayload载荷结构分析关键源码如下:u003Cu002Fpu003Eu003Cpreu003Epublic abstract class JWT {u003Cbru003E public JWT() {u003Cbru003E }u003Cbru003E public static DecodedJWT decode(String token) throws JWTDecodeException {u003Cbru003E return new JWTDecoder(token);u003Cbru003E }u003Cbru003E public static Verification require(Algorithm algorithm) {u003Cbru003E return JWTVerifier.init(algorithm);u003Cbru003E }u003Cbru003E public static Builder create() {u003Cbru003E return JWTCreator.init();u003Cbru003E }u003Cbru003E}u003Cbru003Epublic static class Builder {u003Cbru003E private final Map<String, Object> payloadClaims = new HashMap();u003Cbru003E private Map<String, Object> headerClaims = new HashMap();u003Cbru003E Builder() {u003Cbru003E }u003Cbru003E public JWTCreator.Builder withHeader(Map<String, Object> headerClaims) {u003Cbru003E this.headerClaims = new HashMap(headerClaims);u003Cbru003E return this;u003Cbru003E }u003Cbru003E public JWTCreator.Builder withKeyId(String keyId) {u003Cbru003E this.headerClaims.put(“kid”, keyId);u003Cbru003E return this;u003Cbru003E }u003Cbru003E public JWTCreator.Builder withIssuer(String issuer) {u003Cbru003E this.addClaim(“iss”, issuer);u002Fu002F签发人u003Cbru003E return this;u003Cbru003E }u003Cbru003E public JWTCreator.Builder withSubject(String subject) {u003Cbru003E this.addClaim(“sub”, subject);u002Fu002F主题u003Cbru003E return this;u003Cbru003E }u003Cbru003E public JWTCreator.Builder withAudience(String… audience) {u003Cbru003E this.addClaim(“aud”, audience);u002Fu002F接受一方u003Cbru003E return this;u003Cbru003E }u003Cbru003E public JWTCreator.Builder withExpiresAt(Date expiresAt) {u003Cbru003E this.addClaim(“exp”, expiresAt);u002Fu002F过期时间u003Cbru003E return this;u003Cbru003E }u003Cbru003E public JWTCreator.Builder withNotBefore(Date notBefore) {u003Cbru003E this.addClaim(“nbf”, notBefore);u002Fu002F生效时间u003Cbru003E return this;u003Cbru003E }u003Cbru003E public JWTCreator.Builder withIssuedAt(Date issuedAt) {u003Cbru003E this.addClaim(“iat”, issuedAt);u002Fu002F签发时间u003Cbru003E return this;u003Cbru003E }u003Cbru003E public JWTCreator.Builder withJWTId(String jwtId) {u003Cbru003E this.addClaim(“jti”, jwtId);u002Fu002F编号u003Cbru003E return this;u003Cbru003E }u003Cbru003E public JWTCreator.Builder withClaim(String name, Boolean value)u003Cbru003E throws IllegalArgumentException {u003Cbru003E this.assertNonNull(name);u003Cbru003E this.addClaim(name, value);u003Cbru003E return this;u003Cbru003E }u003Cbru003E public JWTCreator.Builder withClaim(String name, Integer value)u003Cbru003E throws IllegalArgumentException {u003Cbru003E this.assertNonNull(name);u003Cbru003E this.addClaim(name, value);u003Cbru003E return this;u003Cbru003E }u003Cbru003E u002Fu002F…其他方法省略…u003Cbru003E}u003Cbru003Eu003Cu002Fpreu003Eu003Cpu003EPayload是一个json对象,存放需要传递的数据,JTW默认规定了几个属性,如果需要添加其他属性可以调用其重载方法witchClaim()添加。u003Cu002Fpu003Eu003Cpu003ESignature签名部分源码如下:u003Cu002Fpu003Eu003Cpreu003Eprivate String sign() throws SignatureGenerationException {u003Cbru003E String header = Base64.encodeBase64URLSafeString(u003Cbru003E this.headerJson.getBytes(StandardCharsets.UTF_8));u003Cbru003E String payload = Base64.encodeBase64URLSafeString(u003Cbru003E this.payloadJson.getBytes(StandardCharsets.UTF_8));u003Cbru003E String content = String.format(“%s.%s”, header, payload);u003Cbru003E byte[] signatureBytes = this.algorithm.sign(u003Cbru003E content.getBytes(StandardCharsets.UTF_8));u003Cbru003E String signature = Base64.encodeBase64URLSafeString(signatureBytes);u003Cbru003E return String.format(“%s.%s”, content, signature);u003Cbru003E}u003Cbru003Eu003Cu002Fpreu003Eu003Cpu003E从这里可以看出,所谓token就是分别对header和payload的json字符串做Base64加密得到a和b,并将结果拼接一起,在进行签名得到c,最终把a、b、c三部分内容以点拼接起来形成token,返回客户端保存,客户端以后每次请求都在header中加入token,服务器采用拦截器方式获取header中的token做校验,识别用户。u003Cu002Fpu003Eu003Cpu003E三、示例u003Cu002Fpu003Eu003Cpu003E3.1 数据准备u003Cu002Fpu003Eu003Cpu003E创建用户表u003Cu002Fpu003Eu003Cdiv class=”pgc-img”u003Eu003Cimg src=”http:u002Fu002Fp1.pstatp.comu002Flargeu002Fpgc-imageu002F8dc3be2a9d884bb9875d9ac58da30057″ img_width=”604″ img_height=”174″ alt=”Java基于JWT的token认证” inline=”0″u003Eu003Cp class=”pgc-img-caption”u003Eu003Cu002Fpu003Eu003Cu002Fdivu003Eu003Cpu003E3.2 搭建springboot工程u003Cu002Fpu003Eu003Cdiv class=”pgc-img”u003Eu003Cimg src=”http:u002Fu002Fp9.pstatp.comu002Flargeu002Fpgc-imageu002F15f660d1bc5e4250b136b6dd7b75c916″ img_width=”603″ img_height=”398″ alt=”Java基于JWT的token认证” inline=”0″u003Eu003Cp class=”pgc-img-caption”u003Eu003Cu002Fpu003Eu003Cu002Fdivu003Eu003Cpu003E设置工程Group、Artifact、Version、Name等信息u003Cu002Fpu003Eu003Cdiv class=”pgc-img”u003Eu003Cimg src=”http:u002Fu002Fp3.pstatp.comu002Flargeu002Fpgc-imageu002F86dc604bbbf64152bad25563808db84f” img_width=”606″ img_height=”400″ alt=”Java基于JWT的token认证” inline=”0″u003Eu003Cp class=”pgc-img-caption”u003Eu003Cu002Fpu003Eu003Cu002Fdivu003Eu003Cpu003ESpring Boot的版本选择2.0.8,选择导入web的起步器u003Cu002Fpu003Eu003Cdiv class=”pgc-img”u003Eu003Cimg src=”http:u002Fu002Fp1.pstatp.comu002Flargeu002Fpgc-imageu002Fbbfd9f91fbcc46deafd059239eb45285″ img_width=”607″ img_height=”401″ alt=”Java基于JWT的token认证” inline=”0″u003Eu003Cp class=”pgc-img-caption”u003Eu003Cu002Fpu003Eu003Cu002Fdivu003Eu003Cpu003E创建工程成功之后,将各个包创建出来,工程目录结构如下:u003Cu002Fpu003Eu003Cdiv class=”pgc-img”u003Eu003Cimg src=”http:u002Fu002Fp1.pstatp.comu002Flargeu002Fpgc-imageu002F1a51e4b5257c4b9080faaf80d7c0c3cf” img_width=”556″ img_height=”818″ alt=”Java基于JWT的token认证” inline=”0″u003Eu003Cp class=”pgc-img-caption”u003Eu003Cu002Fpu003Eu003Cu002Fdivu003Eu003Cpu003E3.3 引入pom依赖u003Cu002Fpu003Eu003Cdiv class=”pgc-img”u003Eu003Cimg src=”http:u002Fu002Fp1.pstatp.comu002Flargeu002Fpgc-imageu002F1968fbf261cc4d34bed9bd1be9a264ff” img_width=”587″ img_height=”817″ alt=”Java基于JWT的token认证” inline=”0″u003Eu003Cp class=”pgc-img-caption”u003Eu003Cu002Fpu003Eu003Cu002Fdivu003Eu003Cdiv class=”pgc-img”u003Eu003Cimg src=”http:u002Fu002Fp3.pstatp.comu002Flargeu002Fpgc-imageu002Fbe47c8b73cb644c69efdfed346de7275″ img_width=”579″ img_height=”25″ alt=”Java基于JWT的token认证” inline=”0″u003Eu003Cp class=”pgc-img-caption”u003Eu003Cu002Fpu003Eu003Cu002Fdivu003Eu003Cpu003E3.4 编写application.yml配置文件u003Cu002Fpu003Eu003Cdiv class=”pgc-img”u003Eu003Cimg src=”http:u002Fu002Fp3.pstatp.comu002Flargeu002Fpgc-imageu002Fea3e67b56f8449679cc649830a361656″ img_width=”595″ img_height=”178″ alt=”Java基于JWT的token认证” inline=”0″u003Eu003Cp class=”pgc-img-caption”u003Eu003Cu002Fpu003Eu003Cu002Fdivu003Eu003Cpu003E3.5 编写User实体类u003Cu002Fpu003Eu003Cdiv class=”pgc-img”u003Eu003Cimg src=”http:u002Fu002Fp3.pstatp.comu002Flargeu002Fpgc-imageu002F5d331354511240c19fefc427efb33192″ img_width=”590″ img_height=”552″ alt=”Java基于JWT的token认证” inline=”0″u003Eu003Cp class=”pgc-img-caption”u003Eu003Cu002Fpu003Eu003Cu002Fdivu003Eu003Cpu003EResult类:用于统一返回消息的封装u003Cu002Fpu003Eu003Cdiv class=”pgc-img”u003Eu003Cimg src=”http:u002Fu002Fp1.pstatp.comu002Flargeu002Fpgc-imageu002Fd2548a3b728445dcaeef2e41aada3856″ img_width=”611″ img_height=”648″ alt=”Java基于JWT的token认证” inline=”0″u003Eu003Cp class=”pgc-img-caption”u003Eu003Cu002Fpu003Eu003Cu002Fdivu003Eu003Cpu003ETokenUtil类,用于生成tokenu003Cu002Fpu003Eu003Cdiv class=”pgc-img”u003Eu003Cimg src=”http:u002Fu002Fp1.pstatp.comu002Flargeu002Fpgc-imageu002Fe54b6ea6264949228cc1c05941528a5a” img_width=”605″ img_height=”156″ alt=”Java基于JWT的token认证” inline=”0″u003Eu003Cp class=”pgc-img-caption”u003Eu003Cu002Fpu003Eu003Cu002Fdivu003Eu003Cdiv class=”pgc-img”u003Eu003Cimg src=”http:u002Fu002Fp1.pstatp.comu002Flargeu002Fpgc-imageu002F938f814e0ec344b68c273777c36c5b0e” img_width=”603″ img_height=”138″ alt=”Java基于JWT的token认证” inline=”0″u003Eu003Cp class=”pgc-img-caption”u003Eu003Cu002Fpu003Eu003Cu002Fdivu003Eu003Cpu003EVerifyToken注解类:加到controller方法上表示该方法需要验证token。u003Cu002Fpu003Eu003Cdiv class=”pgc-img”u003Eu003Cimg src=”http:u002Fu002Fp1.pstatp.comu002Flargeu002Fpgc-imageu002F441289180b524bacab5766e34fcb6702″ img_width=”606″ img_height=”237″ alt=”Java基于JWT的token认证” inline=”0″u003Eu003Cp class=”pgc-img-caption”u003Eu003Cu002Fpu003Eu003Cu002Fdivu003Eu003Cpu003E3.6 编写mapper接口和service层u003Cu002Fpu003Eu003Cpu003Emapper类:u003Cu002Fpu003Eu003Cdiv class=”pgc-img”u003Eu003Cimg src=”http:u002Fu002Fp1.pstatp.comu002Flargeu002Fpgc-imageu002Fac71e5d247fc425aa352f8798802c818″ img_width=”604″ img_height=”283″ alt=”Java基于JWT的token认证” inline=”0″u003Eu003Cp class=”pgc-img-caption”u003Eu003Cu002Fpu003Eu003Cu002Fdivu003Eu003Cpu003EUserService接口:u003Cu002Fpu003Eu003Cdiv class=”pgc-img”u003Eu003Cimg src=”http:u002Fu002Fp1.pstatp.comu002Flargeu002Fpgc-imageu002F0446a05cdb2c4049bccb5e46611e4702″ img_width=”589″ img_height=”146″ alt=”Java基于JWT的token认证” inline=”0″u003Eu003Cp class=”pgc-img-caption”u003Eu003Cu002Fpu003Eu003Cu002Fdivu003Eu003Cpu003EUserServiceImpl实现类:u003Cu002Fpu003Eu003Cdiv class=”pgc-img”u003Eu003Cimg src=”http:u002Fu002Fp1.pstatp.comu002Flargeu002Fpgc-imageu002F57c2e30843514524999fb0127053ac55″ img_width=”597″ img_height=”341″ alt=”Java基于JWT的token认证” inline=”0″u003Eu003Cp class=”pgc-img-caption”u003Eu003Cu002Fpu003Eu003Cu002Fdivu003Eu003Cpu003E3.7 编写拦截器和全局异常处理器u003Cu002Fpu003Eu003Cpu003EAuthInterceptor拦截器类:用于token验证。u003Cu002Fpu003Eu003Cdiv class=”pgc-img”u003Eu003Cimg src=”http:u002Fu002Fp1.pstatp.comu002Flargeu002Fpgc-imageu002Feaf4e9065aa44eb785e7984aac65c078″ img_width=”605″ img_height=”282″ alt=”Java基于JWT的token认证” inline=”0″u003Eu003Cp class=”pgc-img-caption”u003Eu003Cu002Fpu003Eu003Cu002Fdivu003Eu003Cdiv class=”pgc-img”u003Eu003Cimg src=”http:u002Fu002Fp9.pstatp.comu002Flargeu002Fpgc-imageu002F3d7ac6340c11494e8b2e0c36be2e31ef” img_width=”593″ img_height=”846″ alt=”Java基于JWT的token认证” inline=”0″u003Eu003Cp class=”pgc-img-caption”u003Eu003Cu002Fpu003Eu003Cu002Fdivu003Eu003Cdiv class=”pgc-img”u003Eu003Cimg src=”http:u002Fu002Fp9.pstatp.comu002Flargeu002Fpgc-imageu002F6fa216fc8a5c4bb79d1274984826b7af” img_width=”595″ img_height=”172″ alt=”Java基于JWT的token认证” inline=”0″u003Eu003Cp class=”pgc-img-caption”u003Eu003Cu002Fpu003Eu003Cu002Fdivu003Eu003Cpu003E全局异常处理器GloabllExceptionHandler:用于异常的捕获。u003Cu002Fpu003Eu003Cdiv class=”pgc-img”u003Eu003Cimg src=”http:u002Fu002Fp1.pstatp.comu002Flargeu002Fpgc-imageu002F5f77f94b87484d6bbf68bada2c0e0306″ img_width=”595″ img_height=”297″ alt=”Java基于JWT的token认证” inline=”0″u003Eu003Cp class=”pgc-img-caption”u003Eu003Cu002Fpu003Eu003Cu002Fdivu003Eu003Cpu003E3.8 编写配置类及controlleru003Cu002Fpu003Eu003Cpu003E拦截器配置类InterceptorConfig:配置拦截所有请求u003Cu002Fpu003Eu003Cdiv class=”pgc-img”u003Eu003Cimg src=”http:u002Fu002Fp1.pstatp.comu002Flargeu002Fpgc-imageu002F3e14bd10578445d7aa1ee5ec10e02e00″ img_width=”600″ img_height=”308″ alt=”Java基于JWT的token认证” inline=”0″u003Eu003Cp class=”pgc-img-caption”u003Eu003Cu002Fpu003Eu003Cu002Fdivu003Eu003Cdiv class=”pgc-img”u003Eu003Cimg src=”http:u002Fu002Fp1.pstatp.comu002Flargeu002Fpgc-imageu002F55d0849295344d21af662092ce9ea489″ img_width=”594″ img_height=”77″ alt=”Java基于JWT的token认证” inline=”0″u003Eu003Cp class=”pgc-img-caption”u003Eu003Cu002Fpu003Eu003Cu002Fdivu003Eu003Cpu003EUserController类:u003Cu002Fpu003Eu003Cdiv class=”pgc-img”u003Eu003Cimg src=”http:u002Fu002Fp9.pstatp.comu002Flargeu002Fpgc-imageu002F2347577db92e46c4bb58efb8491fc4dc” img_width=”600″ img_height=”609″ alt=”Java基于JWT的token认证” inline=”0″u003Eu003Cp class=”pgc-img-caption”u003Eu003Cu002Fpu003Eu003Cu002Fdivu003Eu003Cpu003E3.9 测试u003Cu002Fpu003Eu003Cpu003E测试1:使用postman发送get请求http:u002Fu002Flocalhost:8088u002Fuseru002FgetUser?id=1u003Cu002Fpu003Eu003Cdiv class=”pgc-img”u003Eu003Cimg src=”http:u002Fu002Fp1.pstatp.comu002Flargeu002Fpgc-imageu002Fd2b6b274f6af40f8a07977144dc38cc6″ img_width=”584″ img_height=”320″ alt=”Java基于JWT的token认证” inline=”0″u003Eu003Cp class=”pgc-img-caption”u003Eu003Cu002Fpu003Eu003Cu002Fdivu003Eu003Cpu003E测试2:发送post请求http:u002Fu002Flocalhost:8088u002Fuseru002Flogin 密码故意输错u003Cu002Fpu003Eu003Cdiv class=”pgc-img”u003Eu003Cimg src=”http:u002Fu002Fp3.pstatp.comu002Flargeu002Fpgc-imageu002F5bdf9f4ae610440eb9b0efa5d89db30d” img_width=”591″ img_height=”323″ alt=”Java基于JWT的token认证” inline=”0″u003Eu003Cp class=”pgc-img-caption”u003Eu003Cu002Fpu003Eu003Cu002Fdivu003Eu003Cpu003E测试3:发送post请求http:u002Fu002Flocalhost:8088u002Fuseru002Flogin 填正确的用户名密码u003Cu002Fpu003Eu003Cu002Fdivu003E”

原文始发于:Java基于JWT的token认证

主题测试文章,只做测试使用。发布者:程序员,转转请注明出处:http://www.cxybcw.com/26734.html

联系我们

13687733322

在线咨询:点击这里给我发消息

邮件:1877088071@qq.com

工作时间:周一至周五,9:30-18:30,节假日休息

QR code