STS創建Spring Boot項目實戰(Rest接口、數據庫、用戶認證、分佈式Token JWT、Redis操作、日誌和統一異常處理)

1.項目創建

1、新建工程

2、選擇打包方式，這邊可以選擇爲打包爲Jar包，或者傳統的打包爲War包

3、選擇開發過程中使用到的技術，這邊我選擇的是Rest Repositories

4、新建測試用Controller

    文件內容如下

package com.xiaofangtech.example;

import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
public class HelloController {
    @RequestMapping("/greeting")
    public String hello()
    {
        return "Hello world";
    }
}

5、以Srping Boot App 方式運行

正常運行後控制檯如下

6、測試運行

至此，一個最簡單的hello world的工程創建運行完成

7、打包部署

   7.1 打包爲可運行jar包

   使用mvn package 進行打包

   

 然後run ,運行成功後如下生成jar包

 7.2 打包爲傳統的war包 

       當第2步中選擇的打包方式爲war時，執行7.1中mvn package時，生成的包就是war包

     

運行war包跟運行jar包一樣，找到war包所在目錄，註解運行war包

D:\new_tech\spring-suite-tool\workspace\workspace1\demo1\target>java -jar demo1-0.0.1-SNAPSHOT.war

訪問服務接口： localhost:8080/greeting

2.代碼實現連接數據實現Rest接口和Basic 基礎認證

0.引入pom依賴

1. <dependency>
2. <groupId>org.projectlombok</groupId>
3. <artifactId>lombok</artifactId>
4. </dependency>
6. <!-- 使用MySQL數據庫，並用Spring Data JPA來作爲數據庫訪問 -->
7. <dependency>
8. <groupId>org.springframework.boot</groupId>
9. <artifactId>spring-boot-starter-data-jpa</artifactId>
10. </dependency>
11. <dependency>
12. <groupId>mysql</groupId>
13. <artifactId>mysql-connector-java</artifactId>
14. </dependency>

1.代碼整體結構

2.註冊Filter過濾器的兩種方式：

        1.在自定義的Filter上使用註解：

           

1. /*
2. * Filter實現簡單的Http Basic 認證
3. */
4. @Component
5. @WebFilter(filterName = "httpBasicAuthorizedFilter", urlPatterns="/user/*")
6. public class HttpBasicAuthorizeFilter implements Filter {

       2.在配置類中定義Filter

1. @Bean
2. public FilterRegistrationBean filterRegistrationBean() {
3. FilterRegistrationBean registrationBean = new FilterRegistrationBean();
4. HttpBasicAuthorizeFilter httpBasicFilter = new HttpBasicAuthorizeFilter();
5. registrationBean.setFilter(httpBasicFilter);
6. List<String> urlPatterns = new ArrayList<String>();
7. urlPatterns.add("/user/*");
8. registrationBean.setUrlPatterns(urlPatterns);
9. return registrationBean;
10. }

3.數據庫和Rest接口操作效果展示：

4.過濾器效果展示

  

代碼中固定用戶名密碼都爲test，所以對接口進行請求時，需要添加以下認證頭信息

Authorization: Basic dGVzdDp0ZXN0

dGVzdDp0ZXN0 爲 test:test 經過base64編碼後的結果

如果未添加認證信息或者認證信息錯誤，返回沒有權限的錯誤信息

當認證信息正確，返回請求結果

3.自定義Properties解析類和分佈式Token JWT用戶校驗

    1.自定義Properties解析類的使用規則

                  1.定義Properties配置文件   ---- jwt.properties

                      

1. jwt.info.clientId=098f6bcd4621d373cade4e832627b4f6
2. jwt.info.base64Secret=MDk4ZjZiY2Q0NjIxZDM3M2NhZGU0ZTgzMjYyN2I0ZjY=
3. jwt.info.name=restapiuser
4. jwt.info.expiresSecond=172800

                  2.自定義解析類                      ---- JwtInfo.java  指定配置文件地址和配置前綴，屬性是前綴之後的名稱

1. package com.jay.properties;
3. import org.springframework.boot.context.properties.ConfigurationProperties;
4. /*
5. * 自定義配置文件的解析類
6. */
7. @ConfigurationProperties(prefix = "jwt.info", locations = "classpath:/config/jwt.properties")
8. public class JwtInfo {
9. private String clientId;
10. private String base64Secret;
11. private String name;
12. private int expiresSecond;
13. public String getClientId() {
14. return clientId;
15. }
16. public void setClientId(String clientId) {
17. this.clientId = clientId;
18. }
19. public String getBase64Secret() {
20. return base64Secret;
21. }
22. public void setBase64Secret(String base64Secret) {
23. this.base64Secret = base64Secret;
24. }
25. public String getName() {
26. return name;
27. }
28. public void setName(String name) {
29. this.name = name;
30. }
31. public int getExpiresSecond() {
32. return expiresSecond;
33. }
34. public void setExpiresSecond(int expiresSecond) {
35. this.expiresSecond = expiresSecond;
36. }
38. }

                  3.啓動類或配置類中，指定自定義Properties解析類

1. package com.jay;
3. import org.springframework.boot.SpringApplication;
4. import org.springframework.boot.autoconfigure.SpringBootApplication;
5. import org.springframework.boot.autoconfigure.security.oauth2.resource.ResourceServerProperties.Jwt;
6. import org.springframework.boot.context.properties.EnableConfigurationProperties;
7. import org.springframework.boot.web.servlet.ServletComponentScan;
9. import com.jay.properties.JwtInfo;
11. @SpringBootApplication
12. @EnableConfigurationProperties(JwtInfo.class) //加載自定義的properties解析類
13. public class Demo1Application {
15. public static void main(String[] args) {
16. SpringApplication.run(Demo1Application.class, args);
17. }
18. }

               4.輸出配置文件信息         ---- JwtInfoController.java

1. package com.jay.controller;
3. import org.springframework.beans.factory.annotation.Autowired;
4. import org.springframework.web.bind.annotation.RequestMapping;
5. import org.springframework.web.bind.annotation.RequestMethod;
6. import org.springframework.web.bind.annotation.RestController;
8. import com.jay.properties.JwtInfo;
9. import com.jay.vo.ResultMsg;
10. import com.jay.vo.ResultStatusCode;
12. @RestController
13. @RequestMapping("/jwt")
14. public class JwtInfoController {
16. @Autowired
17. private JwtInfo jwtInfo;
19. @RequestMapping(value = "/info", method = RequestMethod.GET)
20. public Object getJwtInfo() {
21. return new ResultMsg<JwtInfo>(true, ResultStatusCode.OK.getErrorCode(), ResultStatusCode.OK.getErrorMsg(), jwtInfo);
22. }
23. }

               5.效果展示

              

          2.使用分佈式token  JWT進行用戶認證

              

jwt(json web token)

用戶發送按照約定，向服務端發送 Header、Payload 和 Signature，幷包含認證信息（密碼），驗證通過後服務端返回一個token,之後用戶使用該token作爲登錄憑證，適合於移動端和api

jwt使用流程

              1.添加 JWT依賴

1. <!-- JWT Json Web Token 依賴 -->
2. <dependency>
3. <groupId>io.jsonwebtoken</groupId>
4. <artifactId>jjwt</artifactId>
5. <version>0.7.0</version>
6. </dependency>

             2.編寫Jwt解析類和Jwt過濾器

             

1. package com.jay.util.jwt;
3. import java.security.Key;
4. import java.util.Date;
6. import javax.crypto.spec.SecretKeySpec;
7. import javax.xml.bind.DatatypeConverter;
9. import io.jsonwebtoken.Claims;
10. import io.jsonwebtoken.JwtBuilder;
11. import io.jsonwebtoken.Jwts;
12. import io.jsonwebtoken.SignatureAlgorithm;
14. /*
15. * 構造及解析jwt的工具類
16. */
17. public class JwtHelper {
18. public static Claims parseJWT(String jsonWebToken, String base64Security){
19. try
20. {
21. Claims claims = Jwts.parser()
22. .setSigningKey(DatatypeConverter.parseBase64Binary(base64Security))
23. .parseClaimsJws(jsonWebToken).getBody();
24. return claims;
25. }
26. catch(Exception ex)
27. {
28. return null;
29. }
30. }
32. /**
33. * 生成token
34. *
35. * @author hetiewei
36. * @date 2016年10月18日 下午2:51:38
37. * @param name keyId
38. * @param userId
39. * @param role
40. * @param audience 接收者
41. * @param issuer 發行者
42. * @param TTLMillis 過期時間(毫秒)
43. * @param base64Security
44. * @return
45. */
46. public static String createJWT(String name, String userId, String role,
47. String audience, String issuer, long TTLMillis, String base64Security)
48. {
49. SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.HS256;
51. long nowMillis = System.currentTimeMillis();
52. Date now = new Date(nowMillis);
54. //生成簽名密鑰
55. byte[] apiKeySecretBytes = DatatypeConverter.parseBase64Binary(base64Security);
56. Key signingKey = new SecretKeySpec(apiKeySecretBytes, signatureAlgorithm.getJcaName());
58. //添加構成JWT的參數
59. JwtBuilder builder = Jwts.builder().setHeaderParam("typ", "JWT")
60. .claim("role", role)
61. .claim("unique_name", name)
62. .claim("userid", userId)
63. .setIssuer(issuer)
64. .setAudience(audience)
65. .signWith(signatureAlgorithm, signingKey);
66. //添加Token過期時間
67. if (TTLMillis >= 0) {
68. long expMillis = nowMillis + TTLMillis;
69. Date exp = new Date(expMillis);
70. builder.setExpiration(exp).setNotBefore(now);
71. }
73. //生成JWT
74. return builder.compact();
75. }
76. }

1. package com.jay.filter;
3. import java.io.IOException;
5. import javax.servlet.Filter;
6. import javax.servlet.FilterChain;
7. import javax.servlet.FilterConfig;
8. import javax.servlet.ServletException;
9. import javax.servlet.ServletRequest;
10. import javax.servlet.ServletResponse;
11. import javax.servlet.http.HttpServletRequest;
12. import javax.servlet.http.HttpServletResponse;
14. import org.springframework.beans.factory.annotation.Autowired;
15. import org.springframework.web.context.support.SpringBeanAutowiringSupport;
17. import com.fasterxml.jackson.databind.ObjectMapper;
18. import com.jay.properties.JwtInfo;
19. import com.jay.util.jwt.JwtHelper;
20. import com.jay.vo.ResultMsg;
21. import com.jay.vo.ResultStatusCode;
23. /*
24. * 用於JWT認證的過濾器
25. */
26. public class JwtAuthorizeFilter implements Filter{
28. /*
29. * 注入配置文件類
30. */
31. @Autowired
32. private JwtInfo jwtInfo;
34. @Override
35. public void destroy() {
37. }
39. @Override
40. public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
41. throws IOException, ServletException {
42. ResultMsg<Object> resultMsg;
43. HttpServletRequest httpRequest = (HttpServletRequest)request;
44. String auth = httpRequest.getHeader("Authorization");
45. if ((auth != null) && (auth.length() > 7))
46. {
47. String HeadStr = auth.substring(0, 6).toLowerCase();
48. if (HeadStr.compareTo("bearer") == 0)
49. {
51. auth = auth.substring(7, auth.length());
52. if (JwtHelper.parseJWT(auth, jwtInfo.getBase64Secret()) != null)
53. {
54. chain.doFilter(request, response);
55. return;
56. }
57. }
58. }
60. //驗證不通過
61. HttpServletResponse httpResponse = (HttpServletResponse) response;
62. httpResponse.setCharacterEncoding("UTF-8");
63. httpResponse.setContentType("application/json; charset=utf-8");
64. httpResponse.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
66. //將驗證不通過的錯誤返回
67. ObjectMapper mapper = new ObjectMapper();
69. resultMsg = new ResultMsg<Object>(true, ResultStatusCode.INVALID_TOKEN.getErrorCode(), ResultStatusCode.INVALID_TOKEN.getErrorMsg(), null);
70. httpResponse.getWriter().write(mapper.writeValueAsString(resultMsg));
71. return;
72. }
74. @Override
75. public void init(FilterConfig filterConfig) throws ServletException {
76. SpringBeanAutowiringSupport.processInjectionBasedOnServletContext(this, filterConfig.getServletContext());
77. }
79. }

            3.在Jwt配置類中，添加過濾器

             

1. package com.jay.config;
3. import java.util.ArrayList;
4. import java.util.List;
6. import org.springframework.boot.context.embedded.FilterRegistrationBean;
7. import org.springframework.context.annotation.Bean;
8. import org.springframework.context.annotation.Configuration;
10. import com.jay.filter.JwtAuthorizeFilter;
13. /*
14. * 註冊jwt認證過濾器
15. */
16. @Configuration
17. public class JwtConfig {
19. /*
20. * 註冊過濾器類和過濾的url
21. */
22. @Bean
23. public FilterRegistrationBean basicFilterRegistrationBean(){
24. FilterRegistrationBean registrationBean = new FilterRegistrationBean();
25. JwtAuthorizeFilter filter = new JwtAuthorizeFilter();
26. registrationBean.setFilter(filter);
28. List<String> urlPatterns = new ArrayList<>();
29. urlPatterns.add("/user/*");
31. registrationBean.setUrlPatterns(urlPatterns);
32. return registrationBean;
33. }
34. }

 

            

            4.效果展示：

                       1. 獲取token，傳入用戶認證信息

                    2.使用上面獲取的token進行接口調用，     未使用token，獲取token錯誤，或者token過期時

               3.使用正確的token時

                   

                    

特別注意：

              JWT使用時，可以通過Cookie機制，自動的傳遞！！！

4.Redis + Cookie 機制，進行驗證碼的校驗

1.添加redis和captcha庫依賴

1. <!-- 整合redis -->
2. <dependency>
3. <groupId>org.springframework.boot</groupId>
4. <artifactId>spring-boot-starter-redis</artifactId>
5. </dependency>
6. <!-- 第三方驗證碼庫 -->
7. <dependency>
8. <groupId>cn.apiclub.tool</groupId>
9. <artifactId>simplecaptcha</artifactId>
10. <version>1.2.2</version>
11. </dependency>

2.redis配置

1. ##Redis配置
2. spring.redis.database=1
3. spring.redis.host=localhost
4. #spring.redis.password=password
5. spring.redis.port=6379
6. spring.redis.timeout=2000
7. spring.redis.pool.max-idle=8
8. spring.redis.pool.min-idle=0
9. spring.redis.pool.max-active=8
10. spring.redis.pool.max-wait=-1

3.Redis配置類，實例化Redis模板

1. package com.jay.config;
3. import org.springframework.context.annotation.Bean;
4. import org.springframework.context.annotation.Configuration;
5. import org.springframework.data.redis.connection.RedisConnectionFactory;
6. import org.springframework.data.redis.core.RedisTemplate;
7. import org.springframework.data.redis.core.StringRedisTemplate;
8. import org.springframework.data.redis.serializer.Jackson2JsonRedisSerializer;
10. import com.fasterxml.jackson.annotation.JsonAutoDetect;
11. import com.fasterxml.jackson.annotation.PropertyAccessor;
12. import com.fasterxml.jackson.databind.ObjectMapper;
14. @Configuration
15. public class RedisConfig {
17. // 定義Redis模板
18. @Bean
19. public RedisTemplate<String, String> redisTemplate(RedisConnectionFactory factory) {
20. StringRedisTemplate template = new StringRedisTemplate(factory);
21. // 設置序列化工具， 這樣緩存的Bean就不需要再試下Serializable接口
22. setSerrializer(template);
23. template.afterPropertiesSet();
24. return template;
25. }
27. // 設置序列化
28. private void setSerrializer(StringRedisTemplate template) {
29. Jackson2JsonRedisSerializer jackson2JsonRedisSerializer = new Jackson2JsonRedisSerializer(Object.class);
30. ObjectMapper om = new ObjectMapper();
31. om.setVisibility(PropertyAccessor.ALL, JsonAutoDetect.Visibility.ANY);
32. om.enableDefaultTyping(ObjectMapper.DefaultTyping.NON_FINAL);
33. jackson2JsonRedisSerializer.setObjectMapper(om);
34. template.setValueSerializer(jackson2JsonRedisSerializer);
35. }
36. }

4.Controller層操作代碼

1. package com.jay.controller;
3. import java.io.ByteArrayOutputStream;
4. import java.io.IOException;
5. import java.util.UUID;
6. import java.util.concurrent.TimeUnit;
8. import javax.imageio.ImageIO;
9. import javax.servlet.http.Cookie;
10. import javax.servlet.http.HttpServletRequest;
11. import javax.servlet.http.HttpServletResponse;
13. import org.springframework.beans.factory.annotation.Autowired;
14. import org.springframework.data.redis.core.RedisTemplate;
15. import org.springframework.http.HttpRequest;
16. import org.springframework.http.MediaType;
17. import org.springframework.stereotype.Controller;
18. import org.springframework.web.bind.annotation.PathVariable;
19. import org.springframework.web.bind.annotation.RequestMapping;
20. import org.springframework.web.bind.annotation.RequestMethod;
21. import org.springframework.web.bind.annotation.ResponseBody;
23. import com.jay.util.CookieUtils;
24. import com.jay.vo.ResultMsg;
25. import com.jay.vo.ResultStatusCode;
27. import cn.apiclub.captcha.Captcha;
28. import cn.apiclub.captcha.backgrounds.GradiatedBackgroundProducer;
29. import cn.apiclub.captcha.gimpy.FishEyeGimpyRenderer;
30. import io.swagger.annotations.ApiOperation;
32. @Controller
33. @RequestMapping("/redis")
34. public class RedisCaptchaController {
36. @Autowired
37. private RedisTemplate<String, String> redisTemplate;
39. private static int captchaExpires = 3 * 60; // 超時時間3min,驗證碼超時，自動衝redis中刪除
40. private static int captchaW = 200;
41. private static int captchaH = 60;
42. private static String cookieName = "CaptchaCode";
44. @RequestMapping(value = "getcaptcha", method = RequestMethod.GET, produces = MediaType.IMAGE_PNG_VALUE)
45. public @ResponseBody byte[] getCaptcha(HttpServletResponse response) {
46. // 生成驗證碼
47. String uuid = UUID.randomUUID().toString();
48. Captcha captcha = new Captcha.Builder(captchaW, captchaH).addText()
49. .addBackground(new GradiatedBackgroundProducer()).gimp(new FishEyeGimpyRenderer()).build();
51. // 將驗證碼以<key,value>形式緩存到redis
52. redisTemplate.opsForValue().set(uuid, captcha.getAnswer(), captchaExpires, TimeUnit.SECONDS);
54. // 將驗證碼key，及驗證碼的圖片返回
55. Cookie cookie = new Cookie(cookieName, uuid);
56. response.addCookie(cookie);
57. ByteArrayOutputStream bao = new ByteArrayOutputStream();
58. try {
59. ImageIO.write(captcha.getImage(), "png", bao);
60. return bao.toByteArray();
61. } catch (IOException e) {
62. return null;
63. }
64. }
66. /*
67. * 說明：
68. * 1.captchaCode來自客戶端的Cookie，在訪問時，通過服務端設置
69. * 2.captcha是用戶填寫的驗證碼，將用戶填寫的驗證碼和通過captchaCode從redis中獲取的驗證碼進行對比即可
70. *
71. */
72. @ApiOperation(value = "驗證碼校驗")
73. @RequestMapping(value = "/captcha/check/{captcha}")
74. @ResponseBody
75. public ResultMsg<Object> checkCaptcha(@PathVariable("captcha") String captcha, HttpServletRequest request){
77. String captchaCode = CookieUtils.getCookie(request, cookieName);
79. ResultMsg<Object> result;
81. try{
82. if (captcha == null)
83. {
84. throw new Exception();
85. }
87. //redis中查詢驗證碼
88. String captchaValue = redisTemplate.opsForValue().get(captchaCode);
90. if (captchaValue == null) {
91. throw new Exception();
92. }
94. if (captchaValue.compareToIgnoreCase(captcha) != 0) {
95. throw new Exception();
96. }
98. //驗證碼匹配成功，redis則刪除對應的驗證碼
99. redisTemplate.delete(captchaCode);
101. return new ResultMsg<Object>(true, ResultStatusCode.OK.getErrorCode(), ResultStatusCode.OK.getErrorMsg(), null);
103. }catch (Exception e) {
104. result = new ResultMsg<Object>(false, ResultStatusCode.INVALID_CAPTCHA.getErrorCode(), ResultStatusCode.INVALID_CAPTCHA.getErrorMsg(), null);
105. }
106. return result;
107. }
110. }

5.效果展示

1.訪問生成驗證碼

2.驗證驗證碼

項目源碼下載：下載地址