{"id":46998,"date":"2025-07-30T05:18:27","date_gmt":"2025-07-29T21:18:27","guid":{"rendered":"https:\/\/www.wsisp.com\/helps\/46998.html"},"modified":"2025-07-30T05:18:27","modified_gmt":"2025-07-29T21:18:27","slug":"%e6%b7%b1%e5%85%a5spring-boot-2%ef%bc%9a%e6%9e%84%e5%bb%ba%e8%87%aa%e5%ae%9a%e4%b9%89oauth2-jwt%e8%b5%84%e6%ba%90%e6%9c%8d%e5%8a%a1%e5%99%a8","status":"publish","type":"post","link":"https:\/\/www.wsisp.com\/helps\/46998.html","title":{"rendered":"\u6df1\u5165Spring Boot 2\uff1a\u6784\u5efa\u81ea\u5b9a\u4e49OAuth2 JWT\u8d44\u6e90\u670d\u52a1\u5668"},"content":{"rendered":"

\u672c\u6587\u8fd8\u6709\u914d\u5957\u7684\u7cbe\u54c1\u8d44\u6e90,\u70b9\u51fb\u83b7\u53d6 \"menu-r.4af5f7ec.gif\" <\/p>\n

\u7b80\u4ecb:\u672c\u6587\u8be6\u7ec6\u4ecb\u7ecd\u4e86\u5982\u4f55\u4f7f\u7528Spring Boot 2\u6846\u67b6\u5b9e\u73b0\u4e00\u4e2aOAuth2 JWT\u8d44\u6e90\u670d\u52a1\u5668,\u901a\u8fc7\u81ea\u5b9a\u4e49\u4ee4\u724c\u548c\u4e3b\u4f53\u4fe1\u606f\u6765\u589e\u5f3a\u7cfb\u7edf\u7684\u5b89\u5168\u6027\u548c\u7075\u6d3b\u6027\u3002\u6587\u7ae0\u9610\u8ff0\u4e86OAuth2\u548cJWT\u7684\u539f\u7406,\u4ee5\u53ca\u5982\u4f55\u96c6\u6210\u8fd9\u4e9b\u6280\u672f\u6765\u5904\u7406\u5b89\u5168\u8ba4\u8bc1\u548c\u6388\u6743\u3002\u4ecb\u7ecd\u4e86\u914d\u7f6e\u8d44\u6e90\u670d\u52a1\u5668\u548c\u6388\u6743\u670d\u52a1\u5668\u7684\u5173\u952e\u6b65\u9aa4,\u5e76\u5c55\u793a\u4e86\u5982\u4f55\u901a\u8fc7JWT\u81ea\u5b9a\u4e49\u4fe1\u606f\u6765\u5b9e\u73b0\u7ec6\u81f4\u7684\u6743\u9650\u63a7\u5236\u3002\u540c\u65f6,\u6587\u7ae0\u4e5f\u8bb2\u89e3\u4e86\u5728\u5ba2\u6237\u7aef\u8bf7\u6c42\u65f6\u8d44\u6e90\u670d\u52a1\u5668\u5982\u4f55\u9a8c\u8bc1JWT\u4ee4\u724c,\u4ee5\u53ca\u5982\u4f55\u5904\u7406\u5237\u65b0\u4ee4\u724c\u548c\u5f02\u5e38\u60c5\u51b5,\u4e3a\u5f00\u53d1\u8005\u63d0\u4f9b\u4e86\u4e00\u5957\u5b8c\u6574\u4e14\u5b9e\u7528\u7684\u8d44\u6e90\u670d\u52a1\u5668\u5b9e\u73b0\u65b9\u6848\u3002 \"spring-boot-2-oauth2-resource-jwt:Spring <\/p>\n

1. Spring Boot 2\u4e0eOAuth2\u548cJWT\u96c6\u6210 <\/h2>\n

\u5728\u73b0\u4ee3\u7684Web\u5f00\u53d1\u4e2d,\u5b89\u5168\u6027\u548c\u8eab\u4efd\u9a8c\u8bc1\u662f\u81f3\u5173\u91cd\u8981\u7684\u73af\u8282\u3002OAuth2\u548cJWT(JSON Web Tokens)\u4e3a\u6211\u4eec\u5728\u6784\u5efa\u5206\u5e03\u5f0f\u5e94\u7528\u65f6\u63d0\u4f9b\u4e86\u5f3a\u5927\u7684\u8eab\u4efd\u9a8c\u8bc1\u548c\u6388\u6743\u673a\u5236\u3002\u7b2c\u4e00\u7ae0\u5c06\u4e3a\u6211\u4eec\u642d\u5efa\u8d77Spring Boot 2\u4e0eOAuth2\u548cJWT\u96c6\u6210\u7684\u57fa\u7840\u6846\u67b6,\u4e0d\u4ec5\u4e3a\u521d\u5b66\u8005\u63d0\u4f9b\u5f15\u5bfc,\u4e5f\u7ed9\u7ecf\u9a8c\u4e30\u5bcc\u7684\u5f00\u53d1\u8005\u5e26\u6765\u6df1\u5165\u7684\u89c1\u89e3\u548c\u6700\u4f73\u5b9e\u8df5\u3002 <\/p>\n

1.1 OAuth2\u548cJWT\u7684\u6838\u5fc3\u6982\u5ff5 <\/h3>\n

OAuth2\u662f\u4e00\u4e2a\u5f00\u653e\u6807\u51c6,\u5b83\u5141\u8bb8\u7528\u6237\u6388\u6743\u7b2c\u4e09\u65b9\u5e94\u7528\u8bbf\u95ee\u4ed6\u4eec\u5b58\u50a8\u5728\u5176\u4ed6\u670d\u52a1\u63d0\u4f9b\u8005\u4e0a\u7684\u4fe1\u606f,\u800c\u65e0\u9700\u5c06\u7528\u6237\u540d\u548c\u5bc6\u7801\u63d0\u4f9b\u7ed9\u7b2c\u4e09\u65b9\u5e94\u7528\u3002OAuth2\u5b9a\u4e49\u4e86\u56db\u79cd\u6388\u6743\u6a21\u5f0f:\u6388\u6743\u7801\u6a21\u5f0f\u3001\u7b80\u5316\u6a21\u5f0f\u3001\u5bc6\u7801\u6a21\u5f0f\u548c\u5ba2\u6237\u7aef\u6a21\u5f0f,\u800cJWT\u901a\u5e38\u7528\u4f5c\u4ee4\u724c\u673a\u5236,\u7528\u4e8e\u5728\u5ba2\u6237\u7aef\u548c\u670d\u52a1\u5668\u4e4b\u95f4\u5b89\u5168\u5730\u4f20\u8f93\u4fe1\u606f\u3002 <\/p>\n

1.2 Spring Boot\u7684\u96c6\u6210\u4f18\u52bf <\/h3>\n

Spring Boot\u4ee5\u5176\u5feb\u901f\u3001\u7b80\u4fbf\u7684\u5f00\u53d1\u7279\u6027\u800c\u95fb\u540d,\u5b83\u7b80\u5316\u4e86OAuth2\u548cJWT\u7684\u96c6\u6210\u8fc7\u7a0b\u3002\u5229\u7528Spring Security OAuth\u9879\u76ee,\u6211\u4eec\u53ef\u4ee5\u8f7b\u677e\u5730\u5c06OAuth2\u4fdd\u62a4\u5e94\u7528\u4e8e\u6211\u4eec\u7684RESTful\u670d\u52a1,\u5e76\u4f7f\u7528JWT\u6765\u5b9e\u73b0\u65e0\u72b6\u6001\u7684\u8ba4\u8bc1\u673a\u5236\u3002Spring Boot\u63d0\u4f9b\u4e86\u81ea\u52a8\u914d\u7f6e\u3001Starter POMs\u548c\u914d\u7f6e\u5c5e\u6027,\u5e2e\u52a9\u6211\u4eec\u66f4\u4e13\u6ce8\u4e8e\u4e1a\u52a1\u903b\u8f91\u7684\u5b9e\u73b0\u3002 <\/p>\n

\u5728\u672c\u7ae0\u7ed3\u675f\u65f6,\u6211\u4eec\u5c06\u901a\u8fc7\u4e00\u4e2a\u7b80\u5355\u7684\u793a\u4f8b\u9879\u76ee\u6765\u5c55\u793a\u5982\u4f55\u5feb\u901f\u5f00\u59cb\u4f7f\u7528Spring Boot\u96c6\u6210OAuth2\u548cJWT\u3002\u8fd9\u4e2a\u9879\u76ee\u5c06\u4e3a\u6211\u4eec\u540e\u7eed\u7ae0\u8282\u7684\u6df1\u5165\u63a2\u8ba8\u5960\u5b9a\u57fa\u7840\u3002 <\/p>\n

2. OAuth2\u8d44\u6e90\u670d\u52a1\u5668\u914d\u7f6e <\/h2>\n

2.1 OAuth2\u8d44\u6e90\u670d\u52a1\u5668\u7684\u57fa\u672c\u914d\u7f6e <\/h3>\n

2.1.1 \u521b\u5efaSpring Boot\u9879\u76ee\u548c\u914d\u7f6e\u6587\u4ef6 <\/h4>\n

\u5728\u5f00\u59cb\u914d\u7f6eOAuth2\u8d44\u6e90\u670d\u52a1\u5668\u4e4b\u524d,\u6211\u4eec\u9700\u8981\u521b\u5efa\u4e00\u4e2aSpring Boot\u9879\u76ee\u3002\u8fd9\u4e2a\u9879\u76ee\u5c06\u4f1a\u4f7f\u7528Spring Initializr(https:\/\/start.spring.io\/)\u6765\u7b80\u5316\u521b\u5efa\u8fc7\u7a0b\u3002\u9009\u62e9\u9700\u8981\u7684\u4f9d\u8d56,\u6bd4\u5982 spring-boot-starter-web \u7528\u4e8e\u6784\u5efaweb\u5e94\u7528, spring-boot-starter-security \u7528\u4e8e\u5b89\u5168\u63a7\u5236,\u4ee5\u53ca spring-boot-starter-oauth2-resource-server \u7528\u4e8e\u96c6\u6210OAuth2\u8d44\u6e90\u670d\u52a1\u5668\u3002 <\/p>\n

\u751f\u6210\u9879\u76ee\u540e,\u6211\u4eec\u5c06\u5f97\u5230\u4e00\u4e2a\u6807\u51c6\u7684Spring Boot\u9879\u76ee\u7ed3\u6784,\u5305\u62ec src\/main\/java \u548c src\/main\/resources \u76ee\u5f55\u3002\u5728 src\/main\/resources \u76ee\u5f55\u4e0b,\u6211\u4eec\u9700\u8981\u521b\u5efa\u4e00\u4e2a\u914d\u7f6e\u6587\u4ef6 application.yml ,\u5728\u8fd9\u4e2a\u6587\u4ef6\u4e2d\u914d\u7f6e\u670d\u52a1\u5668\u7684\u7aef\u53e3\u548c\u5176\u4ed6\u76f8\u5173\u8bbe\u7f6e: <\/p>\n

server:
\n port: 8080<\/p>\n

2.1.2 \u914d\u7f6esecurity\u548coauth2\u8d44\u6e90\u670d\u52a1\u5668 <\/h4>\n

\u63a5\u4e0b\u6765,\u6211\u4eec\u9700\u8981\u5728Spring Boot\u9879\u76ee\u4e2d\u914d\u7f6esecurity\u548coauth2\u8d44\u6e90\u670d\u52a1\u5668\u3002\u521b\u5efa\u4e00\u4e2a\u914d\u7f6e\u7c7b,\u7ee7\u627f WebSecurityConfigurerAdapter ,\u5e76\u5b9e\u73b0\u5fc5\u8981\u7684\u914d\u7f6e\u65b9\u6cd5: <\/p>\n

import org.springframework.context.annotation.Configuration;
\nimport org.springframework.security.config.annotation.web.builders.HttpSecurity;
\nimport org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
\nimport org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;<\/p>\n

@Configuration
\n@EnableWebSecurity
\npublic class SecurityConfig extends WebSecurityConfigurerAdapter {<\/p>\n

@Override
\n protected void configure(HttpSecurity http) throws Exception {
\n http
\n .authorizeRequests(authorizeRequests ->
\n authorizeRequests
\n .anyRequest().authenticated()
\n )
\n .oauth2ResourceServer(oauth2ResourceServer ->
\n oauth2ResourceServer
\n .jwt()
\n );
\n }
\n}<\/p>\n

\u5728\u4e0a\u9762\u7684\u4ee3\u7801\u4e2d,\u6211\u4eec\u914d\u7f6e\u4e86\u6240\u6709\u8bf7\u6c42\u90fd\u9700\u8981\u8ba4\u8bc1,\u5e76\u4e14\u6307\u5b9a\u4e86OAuth2\u8d44\u6e90\u670d\u52a1\u5668\u4f7f\u7528JWT\u4ee4\u724c\u8fdb\u884c\u8ba4\u8bc1\u3002 <\/p>\n

2.2 OAuth2\u8d44\u6e90\u670d\u52a1\u5668\u7684\u5b89\u5168\u914d\u7f6e <\/h3>\n

2.2.1 \u8bbe\u7f6e\u8bbf\u95ee\u8d44\u6e90\u7684\u5b89\u5168\u7b56\u7565 <\/h4>\n

\u4e3a\u4e86\u786e\u4fdd\u8d44\u6e90\u7684\u5b89\u5168\u8bbf\u95ee,\u6211\u4eec\u901a\u5e38\u9700\u8981\u8bbe\u7f6e\u8bbf\u95ee\u7b56\u7565,\u6765\u9650\u5236\u54ea\u4e9b\u7528\u6237\u6216\u8005\u5ba2\u6237\u7aef\u53ef\u4ee5\u8bbf\u95ee\u7279\u5b9a\u7684\u8d44\u6e90\u3002\u8fd9\u53ef\u4ee5\u901a\u8fc7\u914d\u7f6eHttpSecurity\u7684 authorizeRequests() \u65b9\u6cd5\u6765\u5b9e\u73b0\u3002\u4e0b\u9762\u662f\u4e00\u4e2a\u914d\u7f6e\u793a\u4f8b: <\/p>\n

@Override
\nprotected void configure(HttpSecurity http) throws Exception {
\n http
\n .authorizeRequests(authorizeRequests ->
\n authorizeRequests
\n .antMatchers("\/public\/**").permitAll()
\n .anyRequest().authenticated()
\n )
\n .oauth2ResourceServer(oauth2ResourceServer ->
\n oauth2ResourceServer
\n .jwt()
\n );
\n}<\/p>\n

\u5728\u8fd9\u4e2a\u914d\u7f6e\u4e2d,\u6211\u4eec\u5141\u8bb8\u6240\u6709\u7528\u6237\u8bbf\u95ee\u4ee5 \/public\/** \u4e3a\u524d\u7f00\u7684\u8d44\u6e90,\u800c\u5176\u4ed6\u6240\u6709\u8bf7\u6c42\u90fd\u9700\u8981\u8fdb\u884c\u8ba4\u8bc1\u3002 <\/p>\n

2.2.2 \u81ea\u5b9a\u4e49\u8d44\u6e90\u670d\u52a1\u5668\u5f02\u5e38\u5904\u7406 <\/h4>\n

\u5728\u5904\u7406\u8bf7\u6c42\u65f6,\u53ef\u80fd\u4f1a\u9047\u5230\u5404\u79cd\u5f02\u5e38\u60c5\u51b5,\u6bd4\u5982\u4ee4\u724c\u4e0d\u5408\u6cd5\u3001\u6743\u9650\u4e0d\u8db3\u7b49\u3002\u4e3a\u4e86\u7ed9\u7528\u6237\u63d0\u4f9b\u66f4\u53cb\u597d\u7684\u53cd\u9988,\u6211\u4eec\u53ef\u4ee5\u81ea\u5b9a\u4e49\u5f02\u5e38\u5904\u7406\u5668\u3002\u4e0b\u9762\u662f\u4e00\u4e2a\u5f02\u5e38\u5904\u7406\u5668\u7684\u5b9e\u73b0\u793a\u4f8b: <\/p>\n

import org.springframework.security.access.AccessDeniedException;
\nimport org.springframework.security.web.access.AccessDeniedHandler;<\/p>\n

import javax.servlet.http.HttpServletRequest;
\nimport javax.servlet.http.HttpServletResponse;
\nimport java.io.IOException;
\nimport java.util.Collections;<\/p>\n

public class CustomAccessDeniedHandler implements AccessDeniedHandler {<\/p>\n

@Override
\n public void handle(HttpServletRequest request,
\n HttpServletResponse response,
\n AccessDeniedException accessDeniedException) throws IOException {
\n response.setStatus(HttpServletResponse.SC_FORBIDDEN);
\n response.setContentType("application\/json;charset=UTF-8");
\n response.getWriter().write("{\\\\"error\\\\":\\\\"Access Denied: " + accessDeniedException.getMessage() + "\\\\"}");
\n }
\n}<\/p>\n

\u7136\u540e\u6211\u4eec\u9700\u8981\u5c06\u8fd9\u4e2a\u81ea\u5b9a\u4e49\u7684\u5f02\u5e38\u5904\u7406\u5668\u6dfb\u52a0\u5230\u6211\u4eec\u7684\u5b89\u5168\u914d\u7f6e\u4e2d: <\/p>\n

@Override
\nprotected void configure(HttpSecurity http) throws Exception {
\n http
\n \/\/ … \u5176\u4ed6\u914d\u7f6e
\n .exceptionHandling()
\n .accessDeniedHandler(new CustomAccessDeniedHandler());
\n}<\/p>\n

\u81f3\u6b64,\u6211\u4eec\u5b8c\u6210\u4e86OAuth2\u8d44\u6e90\u670d\u52a1\u5668\u7684\u57fa\u672c\u914d\u7f6e\u548c\u5b89\u5168\u7b56\u7565\u7684\u8bbe\u7f6e\u3002\u5728\u63a5\u4e0b\u6765\u7684\u7ae0\u8282\u4e2d,\u6211\u4eec\u5c06\u6df1\u5165\u63a2\u8ba8\u5982\u4f55\u81ea\u5b9a\u4e49JWT\u4ee4\u724c,\u4ee5\u53ca\u5982\u4f55\u5229\u7528JWT\u4ee4\u724c\u548c\u81ea\u5b9a\u4e49\u4e3b\u4f53\u4fe1\u606f\u6765\u5b9e\u73b0\u66f4\u7cbe\u7ec6\u7684\u6743\u9650\u63a7\u5236\u3002 <\/p>\n

3. \u81ea\u5b9a\u4e49JWT\u4ee4\u724c\u7ec6\u8282 <\/h2>\n

3.1 JWT\u4ee4\u724c\u7ed3\u6784\u6df1\u5165\u89e3\u6790 <\/h3>\n

3.1.1 JWT\u4ee4\u724c\u7684\u7ec4\u6210\u548c\u5de5\u4f5c\u539f\u7406 <\/h4>\n

JSON Web Token (JWT) \u662f\u4e00\u79cd\u5f00\u653e\u6807\u51c6 (RFC 7519),\u7528\u4e8e\u5728\u7f51\u7edc\u5e94\u7528\u73af\u5883\u95f4\u4f20\u9012\u58f0\u660e\u3002\u8fd9\u4e9b\u58f0\u660e\u5728\u5404\u65b9\u95f4\u4f20\u9012\u65f6\u88ab\u7f16\u7801\u6210\u4e00\u4e2aJSON\u5bf9\u8c61,\u901a\u8fc7\u6570\u5b57\u7b7e\u540d\u786e\u4fdd\u5b8c\u6574\u6027\u3002 <\/p>\n

JWT\u4ee4\u724c\u4e3b\u8981\u7531\u4e09\u90e8\u5206\u7ec4\u6210:Header(\u5934\u90e8),Payload(\u8d1f\u8f7d)\u548cSignature(\u7b7e\u540d)\u3002\u5934\u90e8\u548c\u8d1f\u8f7d\u4f7f\u7528Base64Url\u8fdb\u884c\u7f16\u7801,\u7b7e\u540d\u4f7f\u7528Header\u4e2d\u6307\u5b9a\u7684\u7b97\u6cd5\u8fdb\u884c\u52a0\u5bc6\u3002 <\/p>\n

\u5934\u90e8(Header)\u901a\u5e38\u662f\u4e24\u90e8\u5206:\u4ee4\u724c\u7684\u7c7b\u578b,\u5373JWT,\u4ee5\u53ca\u6240\u4f7f\u7528\u7684\u7b7e\u540d\u7b97\u6cd5,\u5982HMAC SHA256\u6216RSA\u3002 <\/p>\n

{
\n "alg": "HS256",
\n "typ": "JWT"
\n}<\/p>\n

\u8d1f\u8f7d(Payload)\u662f\u5b9e\u9645\u4f20\u9012\u7684\u6570\u636e,\u8fd9\u4e9b\u6570\u636e\u5305\u62ec\u6807\u51c6\u5b57\u6bb5\u548c\u81ea\u5b9a\u4e49\u5b57\u6bb5\u3002\u6807\u51c6\u5b57\u6bb5\u5b9a\u4e49\u4e86\u4e00\u7cfb\u5217\u5173\u4e8e\u4ee4\u724c\u7684\u5143\u6570\u636e\u3002 <\/p>\n

{
\n "sub": "1234567890",
\n "name": "John Doe",
\n "iat": 1516239022
\n}<\/p>\n

\u7b7e\u540d(Signature)\u662f\u4e3a\u4e86\u786e\u4fddJWT\u7684\u5b89\u5168\u6027,\u4f7f\u7528\u5934\u90e8\u6307\u5b9a\u7684\u7b97\u6cd5,\u7ed3\u5408\u7f16\u7801\u540e\u7684\u5934\u90e8,\u7f16\u7801\u540e\u7684\u8d1f\u8f7d\u548c\u4e00\u4e2a\u5bc6\u94a5,\u751f\u6210\u7b7e\u540d\u3002 <\/p>\n

String signature = HMACSHA256(
\n base64UrlEncode(header) + "." +
\n base64UrlEncode(payload),
\n secret);<\/p>\n

3.1.2 \u5982\u4f55\u5728JWT\u4ee4\u724c\u4e2d\u81ea\u5b9a\u4e49\u4fe1\u606f <\/h4>\n

JWT\u4ee4\u724c\u63d0\u4f9b\u4e86\u4e30\u5bcc\u7684\u6807\u51c6\u5b57\u6bb5,\u540c\u65f6\u4e5f\u652f\u6301\u81ea\u5b9a\u4e49\u5b57\u6bb5,\u7528\u6237\u53ef\u4ee5\u5728\u8d1f\u8f7d\u90e8\u5206\u6dfb\u52a0\u4efb\u4f55\u81ea\u5b9a\u4e49\u7684\u58f0\u660e\u3002\u8fd9\u4f7f\u5f97\u4ee4\u724c\u53ef\u4ee5\u643a\u5e26\u7528\u6237\u76f8\u5173\u7684\u5c5e\u6027,\u4f8b\u5982\u7528\u6237\u7684\u6743\u9650\u4fe1\u606f\u3001\u7528\u6237ID\u3001\u7528\u6237\u7684\u7535\u5b50\u90ae\u4ef6\u7b49\u3002 <\/p>\n

JWTClaimsSet claimsSet = new JWTClaimsSet.Builder()
\n .subject("1234567890")
\n .issuer("https:\/\/example.com")
\n .expirationTime(new Date(System.currentTimeMillis() + (1000 * 60 * 60 * 24)))
\n .claim("customClaim", "customValue")
\n .build();<\/p>\n

\u81ea\u5b9a\u4e49\u4fe1\u606f\u65f6,\u9700\u8981\u6ce8\u610f\u4e0d\u8981\u5b58\u653e\u654f\u611f\u4fe1\u606f,\u56e0\u4e3a\u8d1f\u8f7d\u90e8\u5206\u5728\u672a\u7b7e\u540d\u7684\u60c5\u51b5\u4e0b\u662f\u53ef\u4ee5\u88ab\u5ba2\u6237\u7aef\u8bfb\u53d6\u7684\u3002 <\/p>\n

3.2 \u5728Spring Boot\u4e2d\u5904\u7406JWT\u4ee4\u724c <\/h3>\n

3.2.1 JWT\u7684\u751f\u6210\u4e0e\u89e3\u6790\u673a\u5236 <\/h4>\n

\u5728Spring Boot\u5e94\u7528\u4e2d,\u53ef\u4ee5\u4f7f\u7528\u4f8b\u5982 java-jwt \u5e93\u6765\u7b80\u5316JWT\u7684\u751f\u6210\u4e0e\u89e3\u6790\u5de5\u4f5c\u3002 <\/p>\n

JWT\u751f\u6210 <\/h5>\n

String secretKey = "SecretKey";
\nlong expireTime = 60 * 60; \/\/ expire time in seconds<\/p>\n

\/\/ \u521b\u5efaJWT
\nJWT jwt = JWT.create()
\n .withSubject("1234567890") \/\/ \u7528\u6237ID\u6216\u5176\u4ed6\u552f\u4e00\u6807\u8bc6
\n .withExpiresAt(new Date(System.currentTimeMillis() + expireTime * 1000))
\n .withClaim("name", "John Doe")
\n .sign(Algorithm.HMAC256(secretKey));<\/p>\n

\u5728\u751f\u6210JWT\u65f6,\u4f7f\u7528\u4e86\u4e00\u4e2a\u5bc6\u94a5\u8fdb\u884c\u52a0\u5bc6,\u8fd9\u4e2a\u5bc6\u94a5\u5bf9\u4e8e\u751f\u6210\u548c\u9a8c\u8bc1\u5bc6\u94a5\u662f\u76f8\u540c\u7684\u3002 <\/p>\n

JWT\u89e3\u6790 <\/h5>\n

\/\/ \u89e3\u6790JWT
\nDecodedJWT jwt = JWT.decode("your_jwt_token_here");<\/p>\n

\u89e3\u6790\u65f6,\u901a\u5e38\u4f1a\u9a8c\u8bc1\u7b7e\u540d\u662f\u5426\u5339\u914d\u3002\u5982\u679c\u5728\u89e3\u6790\u8fc7\u7a0b\u4e2d\u53d1\u73b0\u4ee4\u724c\u8fc7\u671f\u6216\u7b7e\u540d\u4e0d\u6b63\u786e,\u4f1a\u629b\u51fa\u5f02\u5e38\u3002 <\/p>\n

3.2.2 \u96c6\u6210JWT\u5230Spring Security\u4e2d <\/h4>\n

Spring Security \u4e3aJWT\u63d0\u4f9b\u4e86\u826f\u597d\u7684\u652f\u6301,\u53ef\u4ee5\u4f7f\u7528 spring-security-jwt \u6a21\u5757\u5c06JWT\u4e0eSpring Security\u96c6\u6210\u3002 <\/p>\n

@Configuration
\n@EnableWebSecurity
\npublic class WebSecurityConfig extends WebSecurityConfigurerAdapter {
\n @Autowired
\n private JwtTokenProvider jwtTokenProvider;<\/p>\n

@Override
\n protected void configure(HttpSecurity http) throws Exception {
\n http
\n .httpBasic().disable()
\n .csrf().disable()
\n .authorizeRequests()
\n .antMatchers("\/api\/auth\/**").permitAll()
\n .anyRequest().authenticated()
\n .and()
\n .apply(new JwtConfigurer(jwtTokenProvider));
\n }
\n}<\/p>\n

\u8fd9\u91cc\u5b9a\u4e49\u4e86 JwtConfigurer ,\u8be5\u914d\u7f6e\u7c7b\u8d1f\u8d23\u5904\u7406JWT\u9a8c\u8bc1\u903b\u8f91,\u5e76\u786e\u4fdd\u6240\u6709\u53d7\u4fdd\u62a4\u7684\u7aef\u70b9\u90fd\u9700\u8981\u6709\u6548\u7684\u4ee4\u724c\u3002 <\/p>\n

public class JwtConfigurer extends SecurityConfigurerAdapter<DefaultSecurityFilterChain, HttpSecurity> {<\/p>\n

private JwtTokenProvider jwtTokenProvider;<\/p>\n

public JwtConfigurer(JwtTokenProvider jwtTokenProvider) {
\n this.jwtTokenProvider = jwtTokenProvider;
\n }<\/p>\n

@Override
\n public void configure(HttpSecurity http) throws Exception {
\n JwtTokenFilter customFilter = new JwtTokenFilter(jwtTokenProvider);
\n http.addFilterBefore(customFilter, UsernamePasswordAuthenticationFilter.class);
\n }
\n}<\/p>\n

\u5728 JwtTokenFilter \u4e2d,\u6211\u4eec\u4ece\u6bcf\u4e2aHTTP\u8bf7\u6c42\u4e2d\u63d0\u53d6JWT\u4ee4\u724c,\u9a8c\u8bc1\u5176\u6709\u6548\u6027,\u5e76\u4e3a\u6709\u6548\u7684\u4ee4\u724c\u521b\u5efa\u4e00\u4e2aSpring Security\u8ba4\u8bc1\u5bf9\u8c61\u3002 <\/p>\n

\u4ee5\u4e0a\u7ae0\u8282\u8be6\u5c3d\u4ecb\u7ecd\u4e86JWT\u4ee4\u724c\u7684\u6df1\u5165\u89e3\u6790\u548c\u5728Spring Boot\u4e2d\u7684\u5904\u7406\u65b9\u6cd5\u3002\u901a\u8fc7\u7406\u89e3JWT\u4ee4\u724c\u7ed3\u6784\u548c\u5982\u4f55\u5728Spring Boot\u4e2d\u751f\u6210\u3001\u89e3\u6790\u548c\u96c6\u6210JWT,\u5f00\u53d1\u8005\u53ef\u4ee5\u66f4\u9ad8\u6548\u5730\u5b9e\u73b0\u5b89\u5168\u7684\u8ba4\u8bc1\u548c\u6388\u6743\u673a\u5236\u3002 <\/p>\n

4. \u81ea\u5b9a\u4e49\u4e3b\u4f53\u4fe1\u606f\u5b9e\u73b0\u6743\u9650\u63a7\u5236 <\/h2>\n

\u5728\u5f53\u4eca\u7684\u5e94\u7528\u7a0b\u5e8f\u4e2d,\u5b89\u5168\u6027\u548c\u6743\u9650\u63a7\u5236\u662f\u4e0d\u53ef\u6216\u7f3a\u7684\u7ec4\u6210\u90e8\u5206\u3002\u7406\u89e3\u548c\u5b9e\u73b0\u5b89\u5168\u4e0a\u4e0b\u6587\u4e2d\u7684\u4e3b\u4f53\u4fe1\u606f\u662f\u6784\u5efa\u5f3a\u5927\u3001\u53ef\u6269\u5c55\u5b89\u5168\u7cfb\u7edf\u7684\u57fa\u77f3\u3002\u672c\u7ae0\u5c06\u6df1\u5165\u63a2\u8ba8\u4e3b\u4f53\u4fe1\u606f\u7684\u91cd\u8981\u6027\u4ee5\u53ca\u5982\u4f55\u5728Spring Boot\u5e94\u7528\u7a0b\u5e8f\u4e2d\u5b9e\u73b0\u81ea\u5b9a\u4e49\u4e3b\u4f53\u4fe1\u606f\u6765\u63a7\u5236\u6743\u9650\u3002 <\/p>\n

4.1 \u4e3b\u4f53\u4fe1\u606f\u5728\u5b89\u5168\u4e0a\u4e0b\u6587\u4e2d\u7684\u89d2\u8272 <\/h3>\n

4.1.1 \u4e86\u89e3\u4e3b\u4f53\u4fe1\u606f\u4e0e\u5b89\u5168\u4e0a\u4e0b\u6587\u7684\u5173\u7cfb <\/h4>\n

\u4e3b\u4f53\u4fe1\u606f,\u4e5f\u79f0\u4e3a\u8ba4\u8bc1\u4fe1\u606f,\u4ee3\u8868\u4e86\u5f53\u524d\u6b63\u5728\u8bf7\u6c42\u7684\u7528\u6237\u7684\u8be6\u7ec6\u4fe1\u606f\u3002\u5728Spring Security\u4e2d,\u5b83\u901a\u5e38\u5305\u62ec\u7528\u6237\u7684\u8eab\u4efd\u6807\u8bc6(\u901a\u5e38\u662f\u7528\u6237\u540d)\u3001\u51ed\u8bc1(\u5bc6\u7801)\u4ee5\u53ca\u989d\u5916\u7684\u7528\u6237\u5c5e\u6027(\u5982\u89d2\u8272\u3001\u6743\u9650\u7b49)\u3002\u5b89\u5168\u4e0a\u4e0b\u6587\u662f\u4e00\u4e2a\u5b58\u50a8\u5f53\u524d\u5df2\u8ba4\u8bc1\u7528\u6237\u7684\u7ebf\u7a0b\u5b89\u5168\u533a\u57df,\u5728\u5e94\u7528\u7a0b\u5e8f\u7684\u4efb\u4f55\u5730\u65b9,\u6211\u4eec\u90fd\u53ef\u4ee5\u901a\u8fc7\u5b89\u5168\u4e0a\u4e0b\u6587\u83b7\u53d6\u5f53\u524d\u7684\u4e3b\u4f53\u4fe1\u606f\u3002 <\/p>\n

\u5728Spring Security\u6846\u67b6\u4e2d,\u4e00\u65e6\u7528\u6237\u901a\u8fc7\u8ba4\u8bc1,\u76f8\u5173\u7684\u4e3b\u4f53\u4fe1\u606f\u4f1a\u88ab\u5b58\u50a8\u5728\u5b89\u5168\u4e0a\u4e0b\u6587\u4e2d,\u5e76\u4e14\u5728\u6bcf\u4e2a\u8bf7\u6c42\u5904\u7406\u65f6\u90fd\u4f1a\u88ab\u8bbf\u95ee\u3002\u4e3b\u4f53\u4fe1\u606f\u7684\u91cd\u8981\u6027\u5728\u4e8e,\u5b83\u63d0\u4f9b\u4e86\u6267\u884c\u8bbf\u95ee\u63a7\u5236\u51b3\u7b56\u6240\u9700\u7684\u4fe1\u606f\u3002\u4f8b\u5982,\u6211\u4eec\u53ef\u4ee5\u6839\u636e\u7528\u6237\u7684\u89d2\u8272\u51b3\u5b9a\u7528\u6237\u662f\u5426\u53ef\u4ee5\u8bbf\u95ee\u7279\u5b9a\u7684\u8d44\u6e90\u6216\u8005\u6267\u884c\u7279\u5b9a\u7684\u64cd\u4f5c\u3002 <\/p>\n

4.1.2 \u5b9e\u73b0\u81ea\u5b9a\u4e49\u4e3b\u4f53\u4fe1\u606f\u7684\u63d0\u53d6\u548c\u914d\u7f6e <\/h4>\n

\u8981\u5b9e\u73b0\u81ea\u5b9a\u4e49\u4e3b\u4f53\u4fe1\u606f\u7684\u63d0\u53d6\u548c\u914d\u7f6e,\u6211\u4eec\u9700\u8981\u6269\u5c55Spring Security\u7684\u8ba4\u8bc1\u673a\u5236\u3002\u4ee5\u4e0b\u6b65\u9aa4\u5c55\u793a\u4e86\u5982\u4f55\u5b9e\u73b0\u8fd9\u4e00\u76ee\u6807: <\/p>\n

  • \n

    \u521b\u5efa\u81ea\u5b9a\u4e49\u7684UserDetailsService\u5b9e\u73b0 : UserDetailsService\u662fSpring Security\u4e2d\u7528\u4e8e\u4ece\u6570\u636e\u6e90\u83b7\u53d6\u7528\u6237\u8be6\u7ec6\u4fe1\u606f\u7684\u6838\u5fc3\u63a5\u53e3\u3002\u901a\u8fc7\u5b9e\u73b0\u8fd9\u4e2a\u63a5\u53e3,\u6211\u4eec\u5b9a\u4e49\u4e86\u5982\u4f55\u52a0\u8f7d\u7528\u6237\u4fe1\u606f\u3002 <\/p>\n<\/li>\n

  • \n

    \u81ea\u5b9a\u4e49UserDetails\u5b9e\u73b0 : UserDetails\u63a5\u53e3\u9700\u8981\u88ab\u5b9e\u73b0\u4ee5\u521b\u5efa\u4e00\u4e2a\u5305\u542b\u7528\u6237\u8ba4\u8bc1\u4fe1\u606f\u7684\u7c7b\u3002\u8fd9\u4e2a\u7c7b\u53ef\u4ee5\u5305\u542b\u7528\u6237\u7684\u89d2\u8272\u3001\u6743\u9650\u3001\u8d26\u6237\u72b6\u6001\u7b49\u4fe1\u606f\u3002 <\/p>\n<\/li>\n

  • \n

    \u914d\u7f6e\u8ba4\u8bc1\u6d41\u7a0b : \u4f7f\u7528AuthenticationManagerBuilder\u914d\u7f6e\u8ba4\u8bc1\u6d41\u7a0b,\u5c06\u81ea\u5b9a\u4e49\u7684UserDetailsService\u96c6\u6210\u5230Spring Security\u4e2d\u3002 <\/p>\n<\/li>\n

    \u4ee5\u4e0b\u662f\u4e00\u4e2a\u7b80\u5355\u7684\u4ee3\u7801\u793a\u4f8b,\u5c55\u793a\u5982\u4f55\u521b\u5efa\u81ea\u5b9a\u4e49\u7684UserDetailsService\u548cUserDetails\u5b9e\u73b0: <\/p>\n

    @Service
    \npublic class CustomUserDetailsService implements UserDetailsService {<\/p>\n

    @Autowired
    \n private UserRepository userRepository;<\/p>\n

    @Override
    \n @Transactional
    \n public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
    \n User user = userRepository.findByUsername(username)
    \n .orElseThrow(() -> new UsernameNotFoundException("User Not Found with username: " + username));<\/p>\n

    return new org.springframework.security.core.userdetails.User(user.getUsername(), user.getPassword(), mapRolesToAuthorities(user.getRoles()));
    \n }<\/p>\n

    private Collection<? extends GrantedAuthority> mapRolesToAuthorities(Set<Role> roles) {
    \n return roles.stream().map(role -> new SimpleGrantedAuthority(role.getName())).collect(Collectors.toList());
    \n }
    \n}<\/p>\n

    \u5728\u8fd9\u4e2a\u4f8b\u5b50\u4e2d,CustomUserDetailsService\u4f1a\u6839\u636e\u7528\u6237\u540d\u52a0\u8f7d\u7528\u6237\u4fe1\u606f,\u5e76\u5c06\u7528\u6237\u7684\u89d2\u8272\u6620\u5c04\u4e3aSpring Security\u7684GrantedAuthority\u5bf9\u8c61\u3002 <\/p>\n

    4.2 \u5229\u7528\u4e3b\u4f53\u4fe1\u606f\u5b9e\u73b0\u7ec6\u7c92\u5ea6\u6743\u9650\u63a7\u5236 <\/h3>\n

    \u4e3b\u4f53\u4fe1\u606f\u7684\u63d0\u53d6\u53ea\u662f\u7b2c\u4e00\u6b65,\u63a5\u4e0b\u6765\u662f\u5229\u7528\u8fd9\u4e9b\u4fe1\u606f\u5b9e\u73b0\u7ec6\u7c92\u5ea6\u7684\u6743\u9650\u63a7\u5236\u3002 <\/p>\n

    4.2.1 \u914d\u7f6e\u6743\u9650\u63a7\u5236\u7b56\u7565 <\/h4>\n

    \u5728Spring Security\u4e2d,\u53ef\u4ee5\u901a\u8fc7\u914d\u7f6eHttpSecurity\u5bf9\u8c61\u6765\u8bbe\u7f6e\u57fa\u4e8e\u89d2\u8272\u548c\u6743\u9650\u7684\u8bbf\u95ee\u63a7\u5236\u7b56\u7565\u3002 <\/p>\n

    @EnableWebSecurity
    \npublic class WebSecurityConfig extends WebSecurityConfigurerAdapter {<\/p>\n

    @Autowired
    \n private CustomUserDetailsService customUserDetailsService;<\/p>\n

    @Override
    \n protected void configure(HttpSecurity http) throws Exception {
    \n http
    \n .authorizeRequests()
    \n .antMatchers("\/admin\/**").hasRole("ADMIN")
    \n .antMatchers("\/user\/**").hasAnyRole("USER", "ADMIN")
    \n .antMatchers("\/public\/**").permitAll()
    \n .anyRequest().authenticated()
    \n .and()
    \n .formLogin()
    \n .and()
    \n .httpBasic();
    \n }<\/p>\n

    @Override
    \n protected void configure(AuthenticationManagerBuilder auth) throws Exception {
    \n auth.userDetailsService(customUserDetailsService).passwordEncoder(passwordEncoder());
    \n }<\/p>\n

    @Bean
    \n PasswordEncoder passwordEncoder() {
    \n return new BCryptPasswordEncoder();
    \n }
    \n}<\/p>\n

    4.2.2 \u5b9e\u73b0\u57fa\u4e8e\u89d2\u8272\u548c\u6743\u9650\u7684\u8bbf\u95ee\u63a7\u5236 <\/h4>\n

    Spring Security\u63d0\u4f9b\u4e86\u4e00\u4e2a\u7b80\u5355\u7684\u65b9\u6cd5\u6765\u5b9e\u73b0\u57fa\u4e8e\u89d2\u8272\u548c\u6743\u9650\u7684\u8bbf\u95ee\u63a7\u5236\u3002@PreAuthorize\u6ce8\u89e3\u53ef\u4ee5\u7528\u4e8e\u65b9\u6cd5\u7ea7\u522b\u6765\u4fdd\u62a4\u670d\u52a1\u5c42\u7684\u64cd\u4f5c\u3002 <\/p>\n

    @Service
    \npublic class SomeService {<\/p>\n

    @PreAuthorize("hasRole('ROLE_USER')")
    \n public void someUserLevelService() {
    \n \/\/ User level service logic
    \n }<\/p>\n

    @PreAuthorize("hasAuthority('read:data')")
    \n public void readData() {
    \n \/\/ Read data logic
    \n }<\/p>\n

    \/\/ Other service methods…
    \n}<\/p>\n

    \u5728\u8fd9\u4e2a\u4f8b\u5b50\u4e2d,someUserLevelService\u65b9\u6cd5\u53ea\u6709\u5177\u6709ROLE_USER\u89d2\u8272\u7684\u7528\u6237\u53ef\u4ee5\u8c03\u7528,\u800creadData\u65b9\u6cd5\u53ea\u6709\u5177\u6709read:data\u6743\u9650\u7684\u7528\u6237\u53ef\u4ee5\u6267\u884c\u3002 <\/p>\n

    \u901a\u8fc7\u8fd9\u4e9b\u7b56\u7565,\u6211\u4eec\u53ef\u4ee5\u4e3a\u5e94\u7528\u7a0b\u5e8f\u7684\u6bcf\u4e2a\u90e8\u5206\u63d0\u4f9b\u7ec6\u7c92\u5ea6\u7684\u8bbf\u95ee\u63a7\u5236,\u786e\u4fdd\u53ea\u6709\u88ab\u6388\u6743\u7684\u7528\u6237\u624d\u80fd\u6267\u884c\u4ed6\u4eec\u88ab\u5141\u8bb8\u7684\u64cd\u4f5c\u3002\u8fd9\u6837\u65e2\u4fdd\u8bc1\u4e86\u5b89\u5168\u6027,\u53c8\u63d0\u4f9b\u4e86\u7075\u6d3b\u6027,\u8ba9\u7cfb\u7edf\u66f4\u5bb9\u6613\u9002\u5e94\u4e0d\u65ad\u53d8\u5316\u7684\u4e1a\u52a1\u9700\u6c42\u3002 <\/p>\n

    5. JWT\u4ee4\u724c\u751f\u6210\u4e0e\u9a8c\u8bc1 <\/h2>\n

    5.1 JWT\u4ee4\u724c\u751f\u6210\u7b56\u7565 <\/h3>\n

    5.1.1 \u751f\u6210JWT\u4ee4\u724c\u7684\u6d41\u7a0b\u548c\u539f\u7406 <\/h4>\n

    JWT(JSON Web Tokens)\u662f\u4e00\u79cd\u5728\u4e92\u8054\u7f51\u4e2d\u5f00\u653e\u4e14\u7d27\u51d1\u7684\u65b9\u6cd5,\u7528\u4e8e\u5728\u5404\u65b9\u4e4b\u95f4\u4ee5JSON\u5bf9\u8c61\u7684\u5f62\u5f0f\u5b89\u5168\u4f20\u8f93\u4fe1\u606f\u3002\u8fd9\u79cd\u4fe1\u606f\u53ef\u4ee5\u88ab\u9a8c\u8bc1\u548c\u4fe1\u4efb,\u56e0\u4e3a\u5b83\u662f\u6570\u5b57\u7b7e\u540d\u7684\u3002JWT\u4ee4\u724c\u7684\u751f\u6210\u6d89\u53ca\u5230\u4e09\u4e2a\u90e8\u5206:Header(\u5934\u90e8)\u3001Payload(\u6709\u6548\u8f7d\u8377)\u548cSignature(\u7b7e\u540d)\u3002\u5934\u90e8\u901a\u5e38\u7528\u4e8e\u5b58\u50a8\u4ee4\u724c\u7c7b\u578b(\u5373JWT)\u548c\u6240\u4f7f\u7528\u7684\u7b7e\u540d\u7b97\u6cd5(\u5982HMAC SHA256\u6216RSA)\u3002\u6709\u6548\u8f7d\u8377\u5219\u5305\u542b\u4e86\u58f0\u660e(claims),\u8fd9\u4e9b\u58f0\u660e\u662f\u5173\u4e8e\u5b9e\u4f53(\u901a\u5e38\u662f\u7528\u6237)\u548c\u5176\u4ed6\u6570\u636e\u7684\u58f0\u660e,\u58f0\u660e\u5728\u4e0d\u540c\u7684\u5e94\u7528\u548c\u73af\u5883\u4e2d\u4f1a\u6709\u4e0d\u540c\u7684\u542b\u4e49\u3002\u7b7e\u540d\u90e8\u5206\u662f\u901a\u8fc7\u5934\u90e8\u548c\u6709\u6548\u8f7d\u8377\u7684\u7f16\u7801\u5b57\u7b26\u4e32,\u5e76\u4f7f\u7528\u4e00\u4e2a\u5bc6\u94a5\u8fdb\u884c\u7b7e\u540d\u3002 <\/p>\n

    \u751f\u6210JWT\u4ee4\u724c\u7684\u6d41\u7a0b\u5305\u62ec\u5982\u4e0b\u6b65\u9aa4: <\/p>\n

  • \u521b\u5efa\u5934\u90e8(Header),\u901a\u5e38\u5305\u62ec\u4ee4\u724c\u7684\u7c7b\u578b(\u5373\u201cJWT\u201d)\u548c\u4f7f\u7528\u7684\u7b97\u6cd5(\u4f8b\u5982\u201cHS256\u201d\u6216\u201cRS256\u201d)\u3002 <\/li>\n
  • \u521b\u5efa\u6709\u6548\u8f7d\u8377(Payload),\u5305\u542b\u4ee4\u724c\u9700\u8981\u4f20\u8fbe\u7684\u4fe1\u606f,\u4f8b\u5982\u58f0\u660e(claims),\u53ef\u4ee5\u5305\u542b\u5982\u7528\u6237\u540d\u3001\u7528\u6237\u89d2\u8272\u3001\u4ee4\u724c\u8fc7\u671f\u65f6\u95f4\u7b49\u4fe1\u606f\u3002 <\/li>\n
  • \u4f7f\u7528Base64URL\u7b97\u6cd5\u5bf9\u5934\u90e8\u548c\u6709\u6548\u8f7d\u8377\u8fdb\u884c\u7f16\u7801,\u5f62\u6210JWT\u4ee4\u724c\u7684\u524d\u4e24\u90e8\u5206\u3002 <\/li>\n
  • \u9009\u62e9\u4e00\u4e2a\u5bc6\u94a5(\u5bf9\u4e8e\u5bf9\u79f0\u7b97\u6cd5)\u6216\u79c1\u94a5(\u5bf9\u4e8e\u975e\u5bf9\u79f0\u7b97\u6cd5),\u5e76\u4f7f\u7528\u5b83\u6765\u5bf9\u524d\u4e24\u90e8\u5206\u8fdb\u884c\u7b7e\u540d,\u751f\u6210\u7b2c\u4e09\u90e8\u5206,\u5373\u7b7e\u540d\u3002 <\/li>\n
  • \u5c06\u8fd9\u4e09\u90e8\u5206\u62fc\u63a5\u8d77\u6765,\u5f62\u6210\u4e00\u4e2a\u5b8c\u6574\u7684JWT\u4ee4\u724c,\u901a\u5e38\u901a\u8fc7\u70b9(.)\u5206\u9694\u3002 <\/li>\n

    5.1.2 \u5728Spring Boot\u4e2d\u751f\u6210JWT\u4ee4\u724c <\/h4>\n

    \u5728Spring Boot\u4e2d\u751f\u6210JWT\u4ee4\u724c\u901a\u5e38\u6d89\u53ca\u4f7f\u7528\u4e13\u95e8\u7684\u5e93,\u5982 java-jwt \u6216 jjwt \u3002\u4e0b\u9762\u7684\u4ee3\u7801\u5c55\u793a\u4e86\u5982\u4f55\u4f7f\u7528 jjwt \u5e93\u751f\u6210\u4e00\u4e2a\u7b80\u5355\u7684JWT\u4ee4\u724c: <\/p>\n

    import io.jsonwebtoken.Jwts;
    \nimport io.jsonwebtoken.SignatureAlgorithm;
    \nimport java.util.Date;<\/p>\n

    public class JwtUtil {
    \n private static final long EXPIRATION_TIME = 86400000; \/\/ \u4ee4\u724c\u6709\u6548\u671f\u4e3a1\u5929
    \n private static final String SECRET = "ThisIsASecret"; \/\/ \u7b7e\u540d\u5bc6\u94a5<\/p>\n

    public static String generateToken(String username) {
    \n return Jwts.builder()
    \n .setSubject(username)
    \n .setExpiration(new Date(System.currentTimeMillis() + EXPIRATION_TIME))
    \n .signWith(SignatureAlgorithm.HS512, SECRET)
    \n .compact();
    \n }
    \n}<\/p>\n

    \u5728\u8fd9\u4e2a\u793a\u4f8b\u4e2d,\u6211\u4eec\u9996\u5148\u521b\u5efa\u4e86\u4e00\u4e2a JwtUtil \u7c7b,\u8be5\u7c7b\u63d0\u4f9b\u4e86\u751f\u6210JWT\u4ee4\u724c\u7684\u9759\u6001\u65b9\u6cd5\u3002 generateToken \u65b9\u6cd5\u63a5\u6536\u4e00\u4e2a\u7528\u6237\u540d\u4f5c\u4e3a\u53c2\u6570,\u7136\u540e\u8bbe\u7f6e\u4ee4\u724c\u7684\u4e3b\u9898(\u5373\u58f0\u660e\u7684\u7528\u6237),\u8bbe\u7f6e\u4e86\u4ee4\u724c\u7684\u8fc7\u671f\u65f6\u95f4,\u5e76\u4f7f\u7528HS512\u7b7e\u540d\u7b97\u6cd5\u548c\u4e00\u4e2a\u79d8\u5bc6\u5bc6\u94a5\u8fdb\u884c\u7b7e\u540d\u3002\u6700\u540e,\u4f7f\u7528 .compact() \u65b9\u6cd5\u751f\u6210\u4e00\u4e2a\u7d27\u51d1\u7684JWT\u5b57\u7b26\u4e32\u3002 <\/p>\n

    \u9700\u8981\u6ce8\u610f\u7684\u662f,\u5728\u5b9e\u9645\u5e94\u7528\u4e2d,\u5bc6\u94a5(SECRET)\u5e94\u8be5\u4fdd\u5b58\u5728\u4e00\u4e2a\u5b89\u5168\u7684\u5730\u65b9,\u5e76\u4e14\u8981\u8db3\u591f\u590d\u6742,\u4ee5\u9632\u6b62\u88ab\u8f7b\u6613\u731c\u6d4b\u3002\u5bf9\u4e8e\u751f\u4ea7\u73af\u5883,\u8fd8\u53ef\u4ee5\u8003\u8651\u4f7f\u7528\u52a0\u5bc6\u5e93\u6765\u751f\u6210\u548c\u7ba1\u7406\u5bc6\u94a5\u3002 <\/p>\n

    5.2 JWT\u4ee4\u724c\u9a8c\u8bc1\u673a\u5236 <\/h3>\n

    5.2.1 \u9a8c\u8bc1JWT\u4ee4\u724c\u7684\u6709\u6548\u6027 <\/h4>\n

    JWT\u4ee4\u724c\u7684\u9a8c\u8bc1\u662f\u4e00\u4e2a\u5173\u952e\u73af\u8282,\u4ee5\u786e\u4fdd\u4ee4\u724c\u662f\u53ef\u4fe1\u7684,\u5e76\u4e14\u53ef\u4ee5\u7528\u4e8e\u6388\u6743\u3002\u9a8c\u8bc1\u4e00\u4e2aJWT\u4ee4\u724c\u901a\u5e38\u6d89\u53ca\u4ee5\u4e0b\u6b65\u9aa4: <\/p>\n

  • \u4f7f\u7528\u4e0e\u751f\u6210\u4ee4\u724c\u65f6\u76f8\u540c\u7684\u5bc6\u94a5\u5bf9\u7b7e\u540d\u8fdb\u884c\u9a8c\u8bc1\u3002 <\/li>\n
  • \u68c0\u67e5\u4ee4\u724c\u7684\u7b7e\u540d\u662f\u5426\u6709\u6548,\u5982\u679c\u65e0\u6548,\u5219\u4ee4\u724c\u4e0d\u53ef\u4fe1\u3002 <\/li>\n
  • \u68c0\u67e5\u4ee4\u724c\u7684\u8fc7\u671f\u65f6\u95f4(exp claim),\u5982\u679c\u4ee4\u724c\u5df2\u8fc7\u671f,\u5219\u8ba4\u4e3a\u662f\u65e0\u6548\u7684\u3002 <\/li>\n
  • \u53ef\u4ee5\u9009\u62e9\u6027\u5730\u68c0\u67e5\u5176\u4ed6\u58f0\u660e,\u4f8b\u5982aud(\u53d7\u4f17)\u3001iss(\u53d1\u884c\u8005)\u3001nbf(\u4e0d\u65e9\u4e8e)\u7b49\u3002 <\/li>\n

    \u4e0b\u9762\u7684\u4ee3\u7801\u6f14\u793a\u4e86\u5982\u4f55\u9a8c\u8bc1JWT\u4ee4\u724c\u7684\u6709\u6548\u6027: <\/p>\n

    import io.jsonwebtoken.Claims;
    \nimport io.jsonwebtoken.Jwts;
    \nimport io.jsonwebtoken.SignatureException;<\/p>\n

    public class JwtUtil {
    \n \/\/ …(\u4e4b\u524d\u7684\u4ee3\u7801\u4fdd\u6301\u4e0d\u53d8)<\/p>\n

    public static boolean validateToken(String token) {
    \n try {
    \n Jwts.parser().setSigningKey(SECRET).parseClaimsJws(token).getBody();
    \n return true;
    \n } catch (SignatureException e) {
    \n \/\/ \u7b7e\u540d\u4e0d\u5339\u914d
    \n } catch (IllegalArgumentException e) {
    \n \/\/ token\u4e3a\u7a7a\u6216\u683c\u5f0f\u4e0d\u6b63\u786e
    \n }
    \n return false;
    \n }
    \n}<\/p>\n

    \u5728\u8fd9\u6bb5\u4ee3\u7801\u4e2d, validateToken \u65b9\u6cd5\u63a5\u6536\u4e00\u4e2aJWT\u4ee4\u724c,\u7136\u540e\u4f7f\u7528\u76f8\u540c\u7684\u5bc6\u94a5\u5bf9\u5176\u7b7e\u540d\u8fdb\u884c\u9a8c\u8bc1\u3002\u5982\u679c\u4ee4\u724c\u7684\u7b7e\u540d\u4e0d\u5339\u914d\u3001\u4ee4\u724c\u4e3a\u7a7a\u6216\u683c\u5f0f\u4e0d\u6b63\u786e,\u5c06\u629b\u51fa\u5f02\u5e38,\u65b9\u6cd5\u8fd4\u56de false \u8868\u793a\u4ee4\u724c\u65e0\u6548\u3002\u5982\u679c\u4e00\u5207\u9a8c\u8bc1\u987a\u5229,\u65b9\u6cd5\u8fd4\u56de true \u8868\u793a\u4ee4\u724c\u6709\u6548\u3002 <\/p>\n

    5.2.2 \u5b9e\u73b0\u4ee4\u724c\u5237\u65b0\u548c\u5931\u6548\u673a\u5236 <\/h4>\n

    JWT\u4ee4\u724c\u662f\u4e0d\u80fd\u88ab\u64a4\u9500\u7684,\u4e00\u65e6\u7b7e\u53d1,\u4ee4\u724c\u5c31\u662f\u6709\u6548\u7684,\u76f4\u5230\u8fc7\u671f\u3002\u56e0\u6b64,\u4e3a\u4e86\u589e\u52a0\u5b89\u5168\u6027,\u901a\u5e38\u4f1a\u5b9e\u73b0\u4e00\u79cd\u673a\u5236\u5141\u8bb8\u4ee4\u724c\u5237\u65b0,\u5373\u4f7f\u4ee4\u724c\u5728\u7528\u6237\u4f7f\u7528\u671f\u95f4\u5931\u6548\u3002 <\/p>\n

    \u5728OAuth2\u4e2d,\u901a\u5e38\u4f1a\u4f7f\u7528\u4e00\u4e2a\u5237\u65b0\u4ee4\u724c(Refresh Token)\u6765\u83b7\u53d6\u65b0\u7684\u8bbf\u95ee\u4ee4\u724c(Access Token)\u3002\u5f53\u8bbf\u95ee\u4ee4\u724c\u8fc7\u671f\u65f6,\u53ef\u4ee5\u901a\u8fc7\u5237\u65b0\u4ee4\u724c\u6765\u83b7\u53d6\u65b0\u7684\u8bbf\u95ee\u4ee4\u724c,\u800c\u4e0d\u9700\u8981\u7528\u6237\u91cd\u65b0\u767b\u5f55\u3002 <\/p>\n

    \u5728Spring Boot\u4e2d,\u53ef\u4ee5\u901a\u8fc7\u521b\u5efa\u4e00\u4e2a\u4e13\u95e8\u7684\u7aef\u70b9\u6765\u5904\u7406\u4ee4\u724c\u7684\u5237\u65b0\u3002\u4e0b\u9762\u662f\u4e00\u4e2a\u7b80\u5316\u7684\u5b9e\u73b0\u793a\u4f8b: <\/p>\n

    @RestController
    \npublic class TokenController {<\/p>\n

    @PostMapping("\/refresh")
    \n public ResponseEntity<?> refreshToken(@RequestBody String refreshToken) {
    \n \/\/ \u9a8c\u8bc1\u5237\u65b0\u4ee4\u724c\u7684\u6709\u6548\u6027
    \n \/\/ …
    \n \/\/ \u751f\u6210\u65b0\u7684\u8bbf\u95ee\u4ee4\u724c
    \n String newAccessToken = JwtUtil.generateToken("newUser");
    \n return ResponseEntity.ok(newAccessToken);
    \n }
    \n}<\/p>\n

    \u5728\u8fd9\u4e2a\u793a\u4f8b\u4e2d,\u6211\u4eec\u521b\u5efa\u4e86\u4e00\u4e2a TokenController \u63a7\u5236\u5668,\u5b83\u5305\u542b\u4e00\u4e2a refreshToken \u65b9\u6cd5\u3002\u8fd9\u4e2a\u65b9\u6cd5\u63a5\u6536\u4e00\u4e2a\u5237\u65b0\u4ee4\u724c\u4f5c\u4e3a\u8bf7\u6c42\u4f53,\u5e76\u5728\u9a8c\u8bc1\u5176\u6709\u6548\u6027\u540e\u751f\u6210\u4e00\u4e2a\u65b0\u7684\u8bbf\u95ee\u4ee4\u724c\u8fd4\u56de\u7ed9\u5ba2\u6237\u7aef\u3002\u8fd9\u79cd\u65b9\u5f0f\u63d0\u9ad8\u4e86\u7528\u6237\u4f53\u9a8c,\u5e76\u589e\u5f3a\u4e86\u7cfb\u7edf\u7684\u5b89\u5168\u6027\u3002 <\/p>\n

    \u901a\u8fc7\u4ee5\u4e0a\u5185\u5bb9,\u6211\u4eec\u8be6\u7ec6\u63a2\u8ba8\u4e86JWT\u4ee4\u724c\u7684\u751f\u6210\u548c\u9a8c\u8bc1\u673a\u5236,\u5e76\u63d0\u4f9b\u4e86\u5728Spring Boot\u5e94\u7528\u4e2d\u5b9e\u73b0\u8fd9\u4e9b\u529f\u80fd\u7684\u4ee3\u7801\u793a\u4f8b\u3002\u8fd9\u4e9b\u673a\u5236\u5bf9\u4e8e\u5efa\u7acb\u4e00\u4e2a\u5b89\u5168\u7684\u8ba4\u8bc1\u548c\u6388\u6743\u7cfb\u7edf\u81f3\u5173\u91cd\u8981\u3002 <\/p>\n

    6. \u5237\u65b0\u4ee4\u724c\u5904\u7406\u4e0e\u5f02\u5e38\u60c5\u51b5\u7b56\u7565 <\/h2>\n

    6.1 \u5237\u65b0\u4ee4\u724c\u673a\u5236\u7684\u8bbe\u8ba1\u4e0e\u5b9e\u73b0 <\/h3>\n

    \u5728OAuth2\u548cJWT\u7684\u96c6\u6210\u5e94\u7528\u4e2d,\u4ee4\u724c\u7684\u5237\u65b0\u673a\u5236\u662f\u4fdd\u8bc1\u7528\u6237\u957f\u671f\u5b89\u5168\u8bbf\u95ee\u7684\u5173\u952e\u3002\u5237\u65b0\u4ee4\u724c(Refresh Token)\u5141\u8bb8\u7528\u6237\u5728\u8bbf\u95ee\u4ee4\u724c(Access Token)\u8fc7\u671f\u540e\u91cd\u65b0\u83b7\u53d6\u65b0\u7684\u8bbf\u95ee\u4ee4\u724c,\u800c\u65e0\u9700\u91cd\u65b0\u8fdb\u884c\u8eab\u4efd\u8ba4\u8bc1\u3002 <\/p>\n

    6.1.1 \u5237\u65b0\u4ee4\u724c\u7684\u539f\u7406\u548c\u6d41\u7a0b <\/h4>\n

    \u5237\u65b0\u4ee4\u724c\u7684\u5de5\u4f5c\u539f\u7406\u5728\u4e8e,\u5f53\u7528\u6237\u9996\u6b21\u901a\u8fc7\u8ba4\u8bc1\u670d\u52a1\u5668\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u5e76\u83b7\u5f97\u8bbf\u95ee\u4ee4\u724c\u548c\u5237\u65b0\u4ee4\u724c\u540e,\u540e\u8005\u901a\u5e38\u6709\u8f83\u957f\u7684\u6709\u6548\u671f\u3002\u5982\u679c\u8bbf\u95ee\u4ee4\u724c\u8fc7\u671f,\u5ba2\u6237\u7aef\u53ef\u4ee5\u4f7f\u7528\u5b58\u50a8\u7684\u5237\u65b0\u4ee4\u724c\u8bf7\u6c42\u65b0\u7684\u8bbf\u95ee\u4ee4\u724c,\u800c\u65e0\u9700\u7528\u6237\u91cd\u65b0\u8f93\u5165\u51ed\u8bc1\u3002 <\/p>\n

    \u6d41\u7a0b\u5982\u4e0b: <\/p>\n

  • \u7528\u6237\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1,\u5e76\u63a5\u6536\u8bbf\u95ee\u4ee4\u724c\u548c\u5237\u65b0\u4ee4\u724c\u3002 <\/li>\n
  • \u5ba2\u6237\u7aef\u5e94\u7528\u7a0b\u5e8f\u5b58\u50a8\u5237\u65b0\u4ee4\u724c\u3002 <\/li>\n
  • \u5f53\u8bbf\u95ee\u4ee4\u724c\u8fc7\u671f\u65f6,\u5ba2\u6237\u7aef\u4f7f\u7528\u5237\u65b0\u4ee4\u724c\u8bf7\u6c42\u65b0\u7684\u8bbf\u95ee\u4ee4\u724c\u3002 <\/li>\n
  • \u8ba4\u8bc1\u670d\u52a1\u5668\u9a8c\u8bc1\u5237\u65b0\u4ee4\u724c\u7684\u6709\u6548\u6027,\u5e76\u53d1\u51fa\u65b0\u7684\u8bbf\u95ee\u4ee4\u724c\u3002 <\/li>\n

    \u5237\u65b0\u4ee4\u724c\u901a\u5e38\u4e0d\u88ab\u7f13\u5b58\u6216\u5b58\u50a8\u5728\u672c\u5730,\u800c\u662f\u4fdd\u5b58\u5728\u5b89\u5168\u7684\u540e\u7aef\u7cfb\u7edf\u4e2d,\u4ee5\u9632\u6b62\u6cc4\u9732\u98ce\u9669\u3002 <\/p>\n

    6.1.2 \u5728\u8d44\u6e90\u670d\u52a1\u5668\u4e2d\u5904\u7406\u5237\u65b0\u4ee4\u724c <\/h4>\n

    \u8d44\u6e90\u670d\u52a1\u5668\u5fc5\u987b\u80fd\u591f\u5904\u7406\u5237\u65b0\u4ee4\u724c\u8bf7\u6c42,\u5e76\u4e0e\u8ba4\u8bc1\u670d\u52a1\u5668\u914d\u5408,\u4ee5\u5b9e\u73b0\u4ee4\u724c\u7684\u5237\u65b0\u3002\u8fd9\u901a\u5e38\u6d89\u53ca\u4ee5\u4e0b\u6b65\u9aa4: <\/p>\n

      \n
    • \u9a8c\u8bc1\u4f20\u5165\u7684\u5237\u65b0\u4ee4\u724c\u3002 <\/li>\n
    • \u5411\u8ba4\u8bc1\u670d\u52a1\u5668\u8bf7\u6c42\u65b0\u7684\u8bbf\u95ee\u4ee4\u724c,\u53ef\u80fd\u9700\u8981\u643a\u5e26\u5fc5\u8981\u7684\u5b89\u5168\u51ed\u8bc1\u6216\u5bc6\u94a5\u3002 <\/li>\n
    • \u5c06\u65b0\u7684\u8bbf\u95ee\u4ee4\u724c\u8fd4\u56de\u7ed9\u5ba2\u6237\u7aef\u3002 <\/li>\n<\/ul>\n

      \u5728Spring Security\u4e2d,\u8fd9\u53ef\u4ee5\u901a\u8fc7\u81ea\u5b9a\u4e49\u7684\u8fc7\u6ee4\u5668\u6765\u5b9e\u73b0,\u6216\u8005\u4f7f\u7528\u73b0\u6709\u7684OAuth2\u8ba4\u8bc1\u5e93\u63d0\u4f9b\u7684\u529f\u80fd\u3002 <\/p>\n

      6.2 \u5f02\u5e38\u60c5\u51b5\u7684\u5904\u7406\u7b56\u7565 <\/h3>\n

      \u5728\u4f7f\u7528OAuth2\u548cJWT\u7684\u7cfb\u7edf\u4e2d,\u603b\u4f1a\u9047\u5230\u5404\u79cd\u5f02\u5e38\u60c5\u51b5\u3002\u6709\u6548\u5730\u5904\u7406\u8fd9\u4e9b\u5f02\u5e38\u5bf9\u4e8e\u7cfb\u7edf\u7a33\u5b9a\u6027\u548c\u7528\u6237\u4f53\u9a8c\u81f3\u5173\u91cd\u8981\u3002 <\/p>\n

      6.2.1 \u5e38\u89c1\u7684OAuth2\u548cJWT\u5f02\u5e38\u7c7b\u578b <\/h4>\n

      \u5728\u8bbe\u8ba1\u5904\u7406\u7b56\u7565\u4e4b\u524d,\u9700\u8981\u4e86\u89e3\u4ee5\u4e0b\u51e0\u79cd\u5e38\u89c1\u7684\u5f02\u5e38\u7c7b\u578b: <\/p>\n

        \n
      • InvalidRequestException :\u8bf7\u6c42\u53c2\u6570\u4e0d\u5b8c\u6574\u6216\u683c\u5f0f\u9519\u8bef\u3002 <\/li>\n
      • InvalidClientException :\u5ba2\u6237\u7aef\u9a8c\u8bc1\u5931\u8d25\u3002 <\/li>\n
      • InvalidGrantException :\u6388\u6743\u7801\u65e0\u6548\u3001\u4e0d\u6b63\u786e\u6216\u5df2\u8fc7\u671f\u3002 <\/li>\n
      • InvalidScopeException :\u8bf7\u6c42\u7684\u6743\u9650\u8303\u56f4\u65e0\u6548\u3002 <\/li>\n
      • InvalidTokenException :\u4ee4\u724c\u65e0\u6548\u3001\u8fc7\u671f\u6216\u88ab\u64a4\u9500\u3002 <\/li>\n
      • InsufficientScopeException :\u4ee4\u724c\u6743\u9650\u4e0d\u8db3\u3002 <\/li>\n<\/ul>\n

        6.2.2 \u8bbe\u8ba1\u5f02\u5e38\u5904\u7406\u6d41\u7a0b\u548c\u7b56\u7565 <\/h4>\n

        \u5904\u7406\u8fd9\u4e9b\u5f02\u5e38\u7684\u57fa\u672c\u539f\u5219\u662f\u786e\u4fdd\u5b83\u4eec\u80fd\u591f\u88ab\u6e05\u6670\u5730\u8bc6\u522b,\u5e76\u4e14\u7cfb\u7edf\u80fd\u591f\u63d0\u4f9b\u6709\u610f\u4e49\u7684\u54cd\u5e94\u7ed9\u5ba2\u6237\u7aef\u3002\u5177\u4f53\u5904\u7406\u7b56\u7565\u53ef\u80fd\u5305\u62ec: <\/p>\n

          \n
        • \u8bb0\u5f55\u8be6\u7ec6\u9519\u8bef\u4fe1\u606f :\u5bf9\u4e8e\u5f00\u53d1\u548c\u8c03\u8bd5\u6765\u8bf4,\u8bb0\u5f55\u5f02\u5e38\u7684\u8be6\u7ec6\u5806\u6808\u8ddf\u8e2a\u662f\u5f88\u6709\u5e2e\u52a9\u7684\u3002\u4f46\u662f,\u5728\u751f\u4ea7\u73af\u5883\u4e2d,\u53ef\u80fd\u9700\u8981\u5bf9\u654f\u611f\u4fe1\u606f\u8fdb\u884c\u8fc7\u6ee4\u3002 <\/li>\n
        • \u8fd4\u56de\u9002\u5f53\u7684HTTP\u72b6\u6001\u7801 :\u6839\u636e\u4e0d\u540c\u7684\u9519\u8bef\u7c7b\u578b\u8fd4\u56de\u76f8\u5e94\u7684HTTP\u72b6\u6001\u7801,\u6bd4\u5982400\u8868\u793a\u5ba2\u6237\u7aef\u8bf7\u6c42\u9519\u8bef,401\u8868\u793a\u672a\u6388\u6743,500\u8868\u793a\u670d\u52a1\u5668\u5185\u90e8\u9519\u8bef\u7b49\u3002 <\/li>\n
        • \u63d0\u4f9b\u9519\u8bef\u63cf\u8ff0\u4fe1\u606f :\u4e3a\u5ba2\u6237\u7aef\u63d0\u4f9b\u6e05\u6670\u3001\u6613\u61c2\u7684\u9519\u8bef\u63cf\u8ff0\u4fe1\u606f,\u6709\u52a9\u4e8e\u5feb\u901f\u5b9a\u4f4d\u95ee\u9898\u3002 <\/li>\n<\/ul>\n

          \u4ee3\u7801\u793a\u4f8b: <\/p>\n

          @RestControllerAdvice
          \npublic class GlobalExceptionHandler {<\/p>\n

          @ExceptionHandler(InvalidRequestException.class)
          \n public ResponseEntity<Object> handleInvalidRequest(InvalidRequestException ex) {
          \n \/\/ \u65e5\u5fd7\u8bb0\u5f55
          \n log.error("Invalid request exception", ex);
          \n return ResponseEntity.status(HttpStatus.BAD_REQUEST)
          \n .body("Invalid request: " + ex.getMessage());
          \n }
          \n \/\/ \u5176\u4ed6\u5f02\u5e38\u5904\u7406\u65b9\u6cd5\u7c7b\u4f3c…
          \n}<\/p>\n

          \u4ee5\u4e0a\u5f02\u5e38\u5904\u7406\u7b56\u7565\u5e94\u8be5\u6839\u636e\u5b9e\u9645\u5e94\u7528\u573a\u666f\u8c03\u6574,\u4ee5\u9002\u5e94\u4e0d\u540c\u7684\u5b89\u5168\u548c\u7528\u6237\u4f53\u9a8c\u9700\u6c42\u3002 <\/p>\n

          \u672c\u6587\u8fd8\u6709\u914d\u5957\u7684\u7cbe\u54c1\u8d44\u6e90,\u70b9\u51fb\u83b7\u53d6 \"menu-r.4af5f7ec.gif\" <\/p>\n

          \u7b80\u4ecb:\u672c\u6587\u8be6\u7ec6\u4ecb\u7ecd\u4e86\u5982\u4f55\u4f7f\u7528Spring Boot 2\u6846\u67b6\u5b9e\u73b0\u4e00\u4e2aOAuth2 JWT\u8d44\u6e90\u670d\u52a1\u5668,\u901a\u8fc7\u81ea\u5b9a\u4e49\u4ee4\u724c\u548c\u4e3b\u4f53\u4fe1\u606f\u6765\u589e\u5f3a\u7cfb\u7edf\u7684\u5b89\u5168\u6027\u548c\u7075\u6d3b\u6027\u3002\u6587\u7ae0\u9610\u8ff0\u4e86OAuth2\u548cJWT\u7684\u539f\u7406,\u4ee5\u53ca\u5982\u4f55\u96c6\u6210\u8fd9\u4e9b\u6280\u672f\u6765\u5904\u7406\u5b89\u5168\u8ba4\u8bc1\u548c\u6388\u6743\u3002\u4ecb\u7ecd\u4e86\u914d\u7f6e\u8d44\u6e90\u670d\u52a1\u5668\u548c\u6388\u6743\u670d\u52a1\u5668\u7684\u5173\u952e\u6b65\u9aa4,\u5e76\u5c55\u793a\u4e86\u5982\u4f55\u901a\u8fc7JWT\u81ea\u5b9a\u4e49\u4fe1\u606f\u6765\u5b9e\u73b0\u7ec6\u81f4\u7684\u6743\u9650\u63a7\u5236\u3002\u540c\u65f6,\u6587\u7ae0\u4e5f\u8bb2\u89e3\u4e86\u5728\u5ba2\u6237\u7aef\u8bf7\u6c42\u65f6\u8d44\u6e90\u670d\u52a1\u5668\u5982\u4f55\u9a8c\u8bc1JWT\u4ee4\u724c,\u4ee5\u53ca\u5982\u4f55\u5904\u7406\u5237\u65b0\u4ee4\u724c\u548c\u5f02\u5e38\u60c5\u51b5,\u4e3a\u5f00\u53d1\u8005\u63d0\u4f9b\u4e86\u4e00\u5957\u5b8c\u6574\u4e14\u5b9e\u7528\u7684\u8d44\u6e90\u670d\u52a1\u5668\u5b9e\u73b0\u65b9\u6848\u3002 <\/p>\n

          \u672c\u6587\u8fd8\u6709\u914d\u5957\u7684\u7cbe\u54c1\u8d44\u6e90,\u70b9\u51fb\u83b7\u53d6 \"menu-r.4af5f7ec.gif\" <\/p><\/p>\n","protected":false},"excerpt":{"rendered":"

          \u6587\u7ae0\u6d4f\u89c8\u9605\u8bfb779\u6b21\uff0c\u70b9\u8d5e22\u6b21\uff0c\u6536\u85cf24\u6b21\u3002\u5728\u5904\u7406\u8bf7\u6c42\u65f6\uff0c\u53ef\u80fd\u4f1a\u9047\u5230\u5404\u79cd\u5f02\u5e38\u60c5\u51b5\uff0c\u6bd4\u5982\u4ee4\u724c\u4e0d\u5408\u6cd5\u3001\u6743\u9650\u4e0d\u8db3\u7b49\u3002\u4e3a\u4e86\u7ed9\u7528\u6237\u63d0\u4f9b\u66f4\u53cb\u597d\u7684\u53cd\u9988\uff0c\u6211\u4eec\u53ef\u4ee5\u81ea\u5b9a\u4e49\u5f02\u5e38\u5904\u7406\u5668\u3002\u4e0b\u9762\u662f\u4e00\u4e2a\u5f02\u5e38\u5904\u7406\u5668\u7684\u5b9e\u73b0\u793a\u4f8b\uff1a@Override\u7136\u540e\u6211\u4eec\u9700\u8981\u5c06\u8fd9\u4e2a\u81ea\u5b9a\u4e49\u7684\u5f02\u5e38\u5904\u7406\u5668\u6dfb\u52a0\u5230\u6211\u4eec\u7684\u5b89\u5168\u914d\u7f6e\u4e2d\uff1a@Overridehttp\/\/ … \u5176\u4ed6\u914d\u7f6e\u81f3\u6b64\uff0c\u6211\u4eec\u5b8c\u6210\u4e86OAuth2\u8d44\u6e90\u670d\u52a1\u5668\u7684\u57fa\u672c\u914d\u7f6e\u548c\u5b89\u5168\u7b56\u7565\u7684\u8bbe\u7f6e\u3002\u5728\u63a5\u4e0b\u6765\u7684\u7ae0\u8282\u4e2d\uff0c\u6211\u4eec\u5c06\u6df1\u5165\u63a2\u8ba8\u5982\u4f55\u81ea\u5b9a\u4e49JWT\u4ee4\u724c\uff0c\u4ee5\u53ca\u5982\u4f55\u5229\u7528JWT\u4ee4\u724c\u548c\u81ea\u5b9a\u4e49\u4e3b\u4f53\u4fe1\u606f\u6765\u5b9e\u73b0\u66f4\u7cbe\u7ec6\u7684\u6743\u9650\u63a7\u5236\u3002_spring boot oauth \u670d\u52a1\u5668\u642d\u5efa<\/p>\n","protected":false},"author":2,"featured_media":46996,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"topic":[],"class_list":["post-46998","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-server"],"yoast_head":"\n\u6df1\u5165Spring Boot 2\uff1a\u6784\u5efa\u81ea\u5b9a\u4e49OAuth2 JWT\u8d44\u6e90\u670d\u52a1\u5668 - \u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.wsisp.com\/helps\/46998.html\" \/>\n<meta property=\"og:locale\" content=\"zh_CN\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\u6df1\u5165Spring Boot 2\uff1a\u6784\u5efa\u81ea\u5b9a\u4e49OAuth2 JWT\u8d44\u6e90\u670d\u52a1\u5668 - \u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3\" \/>\n<meta property=\"og:description\" content=\"\u6587\u7ae0\u6d4f\u89c8\u9605\u8bfb779\u6b21\uff0c\u70b9\u8d5e22\u6b21\uff0c\u6536\u85cf24\u6b21\u3002\u5728\u5904\u7406\u8bf7\u6c42\u65f6\uff0c\u53ef\u80fd\u4f1a\u9047\u5230\u5404\u79cd\u5f02\u5e38\u60c5\u51b5\uff0c\u6bd4\u5982\u4ee4\u724c\u4e0d\u5408\u6cd5\u3001\u6743\u9650\u4e0d\u8db3\u7b49\u3002\u4e3a\u4e86\u7ed9\u7528\u6237\u63d0\u4f9b\u66f4\u53cb\u597d\u7684\u53cd\u9988\uff0c\u6211\u4eec\u53ef\u4ee5\u81ea\u5b9a\u4e49\u5f02\u5e38\u5904\u7406\u5668\u3002\u4e0b\u9762\u662f\u4e00\u4e2a\u5f02\u5e38\u5904\u7406\u5668\u7684\u5b9e\u73b0\u793a\u4f8b\uff1a@Override\u7136\u540e\u6211\u4eec\u9700\u8981\u5c06\u8fd9\u4e2a\u81ea\u5b9a\u4e49\u7684\u5f02\u5e38\u5904\u7406\u5668\u6dfb\u52a0\u5230\u6211\u4eec\u7684\u5b89\u5168\u914d\u7f6e\u4e2d\uff1a@Overridehttp\/\/ ... \u5176\u4ed6\u914d\u7f6e\u81f3\u6b64\uff0c\u6211\u4eec\u5b8c\u6210\u4e86OAuth2\u8d44\u6e90\u670d\u52a1\u5668\u7684\u57fa\u672c\u914d\u7f6e\u548c\u5b89\u5168\u7b56\u7565\u7684\u8bbe\u7f6e\u3002\u5728\u63a5\u4e0b\u6765\u7684\u7ae0\u8282\u4e2d\uff0c\u6211\u4eec\u5c06\u6df1\u5165\u63a2\u8ba8\u5982\u4f55\u81ea\u5b9a\u4e49JWT\u4ee4\u724c\uff0c\u4ee5\u53ca\u5982\u4f55\u5229\u7528JWT\u4ee4\u724c\u548c\u81ea\u5b9a\u4e49\u4e3b\u4f53\u4fe1\u606f\u6765\u5b9e\u73b0\u66f4\u7cbe\u7ec6\u7684\u6743\u9650\u63a7\u5236\u3002_spring boot oauth \u670d\u52a1\u5668\u642d\u5efa\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.wsisp.com\/helps\/46998.html\" \/>\n<meta property=\"og:site_name\" content=\"\u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3\" \/>\n<meta property=\"article:published_time\" content=\"2025-07-29T21:18:27+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2025\/07\/20250729211826-68893aa28d041.gif\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u4f5c\u8005\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"\u9884\u8ba1\u9605\u8bfb\u65f6\u95f4\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 \u5206\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.wsisp.com\/helps\/46998.html\",\"url\":\"https:\/\/www.wsisp.com\/helps\/46998.html\",\"name\":\"\u6df1\u5165Spring Boot 2\uff1a\u6784\u5efa\u81ea\u5b9a\u4e49OAuth2 JWT\u8d44\u6e90\u670d\u52a1\u5668 - \u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3\",\"isPartOf\":{\"@id\":\"https:\/\/www.wsisp.com\/helps\/#website\"},\"datePublished\":\"2025-07-29T21:18:27+00:00\",\"dateModified\":\"2025-07-29T21:18:27+00:00\",\"author\":{\"@id\":\"https:\/\/www.wsisp.com\/helps\/#\/schema\/person\/358e386c577a3ab51c4493330a20ad41\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.wsisp.com\/helps\/46998.html#breadcrumb\"},\"inLanguage\":\"zh-Hans\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.wsisp.com\/helps\/46998.html\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.wsisp.com\/helps\/46998.html#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\u9996\u9875\",\"item\":\"https:\/\/www.wsisp.com\/helps\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\u6df1\u5165Spring Boot 2\uff1a\u6784\u5efa\u81ea\u5b9a\u4e49OAuth2 JWT\u8d44\u6e90\u670d\u52a1\u5668\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.wsisp.com\/helps\/#website\",\"url\":\"https:\/\/www.wsisp.com\/helps\/\",\"name\":\"\u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3\",\"description\":\"\u9999\u6e2f\u670d\u52a1\u5668_\u9999\u6e2f\u4e91\u670d\u52a1\u5668\u8d44\u8baf_\u670d\u52a1\u5668\u5e2e\u52a9\u6587\u6863_\u670d\u52a1\u5668\u6559\u7a0b\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.wsisp.com\/helps\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"zh-Hans\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.wsisp.com\/helps\/#\/schema\/person\/358e386c577a3ab51c4493330a20ad41\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-Hans\",\"@id\":\"https:\/\/www.wsisp.com\/helps\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/gravatar.wp-china-yes.net\/avatar\/?s=96&d=mystery\",\"contentUrl\":\"https:\/\/gravatar.wp-china-yes.net\/avatar\/?s=96&d=mystery\",\"caption\":\"admin\"},\"sameAs\":[\"http:\/\/wp.wsisp.com\"],\"url\":\"https:\/\/www.wsisp.com\/helps\/author\/admin\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"\u6df1\u5165Spring Boot 2\uff1a\u6784\u5efa\u81ea\u5b9a\u4e49OAuth2 JWT\u8d44\u6e90\u670d\u52a1\u5668 - \u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.wsisp.com\/helps\/46998.html","og_locale":"zh_CN","og_type":"article","og_title":"\u6df1\u5165Spring Boot 2\uff1a\u6784\u5efa\u81ea\u5b9a\u4e49OAuth2 JWT\u8d44\u6e90\u670d\u52a1\u5668 - \u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3","og_description":"\u6587\u7ae0\u6d4f\u89c8\u9605\u8bfb779\u6b21\uff0c\u70b9\u8d5e22\u6b21\uff0c\u6536\u85cf24\u6b21\u3002\u5728\u5904\u7406\u8bf7\u6c42\u65f6\uff0c\u53ef\u80fd\u4f1a\u9047\u5230\u5404\u79cd\u5f02\u5e38\u60c5\u51b5\uff0c\u6bd4\u5982\u4ee4\u724c\u4e0d\u5408\u6cd5\u3001\u6743\u9650\u4e0d\u8db3\u7b49\u3002\u4e3a\u4e86\u7ed9\u7528\u6237\u63d0\u4f9b\u66f4\u53cb\u597d\u7684\u53cd\u9988\uff0c\u6211\u4eec\u53ef\u4ee5\u81ea\u5b9a\u4e49\u5f02\u5e38\u5904\u7406\u5668\u3002\u4e0b\u9762\u662f\u4e00\u4e2a\u5f02\u5e38\u5904\u7406\u5668\u7684\u5b9e\u73b0\u793a\u4f8b\uff1a@Override\u7136\u540e\u6211\u4eec\u9700\u8981\u5c06\u8fd9\u4e2a\u81ea\u5b9a\u4e49\u7684\u5f02\u5e38\u5904\u7406\u5668\u6dfb\u52a0\u5230\u6211\u4eec\u7684\u5b89\u5168\u914d\u7f6e\u4e2d\uff1a@Overridehttp\/\/ ... \u5176\u4ed6\u914d\u7f6e\u81f3\u6b64\uff0c\u6211\u4eec\u5b8c\u6210\u4e86OAuth2\u8d44\u6e90\u670d\u52a1\u5668\u7684\u57fa\u672c\u914d\u7f6e\u548c\u5b89\u5168\u7b56\u7565\u7684\u8bbe\u7f6e\u3002\u5728\u63a5\u4e0b\u6765\u7684\u7ae0\u8282\u4e2d\uff0c\u6211\u4eec\u5c06\u6df1\u5165\u63a2\u8ba8\u5982\u4f55\u81ea\u5b9a\u4e49JWT\u4ee4\u724c\uff0c\u4ee5\u53ca\u5982\u4f55\u5229\u7528JWT\u4ee4\u724c\u548c\u81ea\u5b9a\u4e49\u4e3b\u4f53\u4fe1\u606f\u6765\u5b9e\u73b0\u66f4\u7cbe\u7ec6\u7684\u6743\u9650\u63a7\u5236\u3002_spring boot oauth \u670d\u52a1\u5668\u642d\u5efa","og_url":"https:\/\/www.wsisp.com\/helps\/46998.html","og_site_name":"\u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3","article_published_time":"2025-07-29T21:18:27+00:00","og_image":[{"url":"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2025\/07\/20250729211826-68893aa28d041.gif"}],"author":"admin","twitter_card":"summary_large_image","twitter_misc":{"\u4f5c\u8005":"admin","\u9884\u8ba1\u9605\u8bfb\u65f6\u95f4":"7 \u5206"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.wsisp.com\/helps\/46998.html","url":"https:\/\/www.wsisp.com\/helps\/46998.html","name":"\u6df1\u5165Spring Boot 2\uff1a\u6784\u5efa\u81ea\u5b9a\u4e49OAuth2 JWT\u8d44\u6e90\u670d\u52a1\u5668 - \u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3","isPartOf":{"@id":"https:\/\/www.wsisp.com\/helps\/#website"},"datePublished":"2025-07-29T21:18:27+00:00","dateModified":"2025-07-29T21:18:27+00:00","author":{"@id":"https:\/\/www.wsisp.com\/helps\/#\/schema\/person\/358e386c577a3ab51c4493330a20ad41"},"breadcrumb":{"@id":"https:\/\/www.wsisp.com\/helps\/46998.html#breadcrumb"},"inLanguage":"zh-Hans","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.wsisp.com\/helps\/46998.html"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.wsisp.com\/helps\/46998.html#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\u9996\u9875","item":"https:\/\/www.wsisp.com\/helps"},{"@type":"ListItem","position":2,"name":"\u6df1\u5165Spring Boot 2\uff1a\u6784\u5efa\u81ea\u5b9a\u4e49OAuth2 JWT\u8d44\u6e90\u670d\u52a1\u5668"}]},{"@type":"WebSite","@id":"https:\/\/www.wsisp.com\/helps\/#website","url":"https:\/\/www.wsisp.com\/helps\/","name":"\u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3","description":"\u9999\u6e2f\u670d\u52a1\u5668_\u9999\u6e2f\u4e91\u670d\u52a1\u5668\u8d44\u8baf_\u670d\u52a1\u5668\u5e2e\u52a9\u6587\u6863_\u670d\u52a1\u5668\u6559\u7a0b","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.wsisp.com\/helps\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"zh-Hans"},{"@type":"Person","@id":"https:\/\/www.wsisp.com\/helps\/#\/schema\/person\/358e386c577a3ab51c4493330a20ad41","name":"admin","image":{"@type":"ImageObject","inLanguage":"zh-Hans","@id":"https:\/\/www.wsisp.com\/helps\/#\/schema\/person\/image\/","url":"https:\/\/gravatar.wp-china-yes.net\/avatar\/?s=96&d=mystery","contentUrl":"https:\/\/gravatar.wp-china-yes.net\/avatar\/?s=96&d=mystery","caption":"admin"},"sameAs":["http:\/\/wp.wsisp.com"],"url":"https:\/\/www.wsisp.com\/helps\/author\/admin"}]}},"_links":{"self":[{"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/posts\/46998","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/comments?post=46998"}],"version-history":[{"count":0,"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/posts\/46998\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/media\/46996"}],"wp:attachment":[{"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/media?parent=46998"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/categories?post=46998"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/tags?post=46998"},{"taxonomy":"topic","embeddable":true,"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/topic?post=46998"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}