import spring securiety

2 years ago · ba0e93892a
17 changed files with 651 additions and 3 deletions
--- a/pom.xml
+++ b/pom.xml
@ -50,6 +50,11 @@
            <artifactId>mybatis-plus-boot-starter</artifactId>
            <version>3.5.3</version>
        </dependency>
+        <!--spring security权限依赖-->
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-security</artifactId>
+        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
--- a/src/main/java/com/iflytop/nuclear/NuclearApplication.java
+++ b/src/main/java/com/iflytop/nuclear/NuclearApplication.java
@ -1,15 +1,22 @@
 package com.iflytop.nuclear;

 import org.mybatis.spring.annotation.MapperScan;
+import org.springframework.boot.Banner;
+import org.springframework.boot.ResourceBanner;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.boot.builder.SpringApplicationBuilder;
+import org.springframework.core.io.ClassPathResource;

@SpringBootApplication
-@MapperScan("com.iflytop.boditech.mapper")
+@MapperScan("com.iflytop.nuclear.mapper")
 public class NuclearApplication {

    public static void main(String[] args) {
-        SpringApplication.run(NuclearApplication.class, args);
+        SpringApplicationBuilder builder = new SpringApplicationBuilder(NuclearApplication.class);
+        builder.bannerMode(Banner.Mode.CONSOLE);
+        builder.banner(new ResourceBanner(new ClassPathResource("banner.txt")));
+        builder.run(args);
    }

 }
--- a/src/main/java/com/iflytop/nuclear/config/SecurityConfig.java
+++ b/src/main/java/com/iflytop/nuclear/config/SecurityConfig.java
@ -0,0 +1,68 @@
+package com.iflytop.nuclear.config;
+
+import com.iflytop.nuclear.exception.JWTAccessDeniedHandler;
+import com.iflytop.nuclear.exception.JWTAuthenticationEntryPoint;
+import com.iflytop.nuclear.filter.JWTAuthenticationFilter;
+import com.iflytop.nuclear.filter.JWTAuthorizationFilter;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.context.annotation.Bean;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.CorsConfigurationSource;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
+
+/**
+ * @author cool
+ * @desc spring-security 配置类
+ */
+@EnableWebSecurity
+@EnableGlobalMethodSecurity(prePostEnabled = true)
+public class SecurityConfig extends WebSecurityConfigurerAdapter {
+
+    @Autowired
+    @Qualifier("userDetailsServiceImpl")
+    private UserDetailsService userDetailsService;
+
+    @Bean
+    public BCryptPasswordEncoder bCryptPasswordEncoder() {
+        return new BCryptPasswordEncoder();
+    }
+
+    @Override
+    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+        auth.userDetailsService(userDetailsService).passwordEncoder(bCryptPasswordEncoder());
+    }
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        http.cors().and().csrf().disable()
+                .authorizeRequests()
+                // 注册接口，需要ADMIN用户才能访问
+                .antMatchers("/account/register").hasRole("ADMIN")
+                // 其他都放行了
+                .anyRequest().permitAll()
+                .and()
+                .addFilter(new JWTAuthenticationFilter(authenticationManager()))
+                .addFilter(new JWTAuthorizationFilter(authenticationManager()))
+                // 不需要session
+                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
+                .and()
+                .exceptionHandling().authenticationEntryPoint(new JWTAuthenticationEntryPoint())
+                .accessDeniedHandler(new JWTAccessDeniedHandler());      //添加无权限时的处理
+    }
+
+    @Bean
+    CorsConfigurationSource corsConfigurationSource() {
+        final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+        source.registerCorsConfiguration("/**", new CorsConfiguration().applyPermitDefaultValues());
+        return source;
+    }
+}
--- a/src/main/java/com/iflytop/nuclear/controller/AccountController.java
+++ b/src/main/java/com/iflytop/nuclear/controller/AccountController.java
@ -0,0 +1,56 @@
+package com.iflytop.nuclear.controller;
+
+import com.iflytop.nuclear.model.Account;
+import com.iflytop.nuclear.service.AccountService;
+import com.iflytop.nuclear.utils.ResponseData;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.web.bind.annotation.*;
+
+import java.util.List;
+import java.util.Map;
+
+/**
+ * @author cool
+ * @desc 用户接口
+ */
+@Slf4j
+@RestController
+@RequestMapping("/account")
+public class AccountController {
+
+    @Autowired
+    AccountService accountService;
+
+    /**
+     * 查询用户列表
+     * @return
+     */
+    @GetMapping("/list")
+    public ResponseData getAccountList() {
+        log.info("-----------------查询账户列表开始-----------------");
+        // 筛除password
+        // TODO
+        List<Account> accounts = accountService.list();
+        log.info("-----------------查询账户列表结束-----------------");
+        return ResponseData.success(accounts);
+    }
+
+    /**
+     * 注册接口，需要有ADMIN权限
+     * @param registerUser
+     * @return
+     */
+    @PostMapping("/register")
+    @PreAuthorize("hasRole('ADMIN')")
+    public ResponseData registerAccount(@RequestBody Map<String,String> registerUser) {
+        log.info("-----------------注册账户开始-----------------");
+        boolean register = accountService.register(registerUser.get("username"), registerUser.get("password"));
+        if (register) {
+            log.info("-----------------注册账户成功-----------------");
+            return ResponseData.success();
+        }
+        return ResponseData.fail("注册失败");
+    }
+}
--- a/src/main/java/com/iflytop/nuclear/entity/JwtUser.java
+++ b/src/main/java/com/iflytop/nuclear/entity/JwtUser.java
@ -0,0 +1,80 @@
+package com.iflytop.nuclear.entity;
+
+import com.iflytop.nuclear.model.Account;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.userdetails.UserDetails;
+
+import java.util.Collection;
+import java.util.Collections;
+
+/**
+ * @author cool
+ * @desc 自定义实现UserDetails
+ */
+public class JwtUser implements UserDetails {
+
+    private Long id;
+    private String username;
+    private String password;
+    private Collection<? extends GrantedAuthority> authorities;
+
+    public JwtUser() {
+    }
+
+    // 写一个能直接使用user创建jwtUser的构造器
+    public JwtUser(Account user) {
+        id = user.getId();
+        username = user.getUsername();
+        password = user.getPassword();
+        authorities = Collections.singleton(new SimpleGrantedAuthority(user.getRole()));
+    }
+
+    @Override
+    public Collection<? extends GrantedAuthority> getAuthorities() {
+        return authorities;
+    }
+
+    @Override
+    public String getPassword() {
+        return password;
+    }
+
+    @Override
+    public String getUsername() {
+        return username;
+    }
+
+    // 账号是否未过期
+    @Override
+    public boolean isAccountNonExpired() {
+        return true;
+    }
+
+    // 账号是否未锁定
+    @Override
+    public boolean isAccountNonLocked() {
+        return true;
+    }
+
+    // 账号凭证是否未过期
+    @Override
+    public boolean isCredentialsNonExpired() {
+        return true;
+    }
+
+    @Override
+    public boolean isEnabled() {
+        return true;
+    }
+
+    @Override
+    public String toString() {
+        return "JwtUser{" +
+                "id=" + id +
+                ", username='" + username + '\'' +
+                ", password='" + password + '\'' +
+                ", authorities=" + authorities +
+                '}';
+    }
+}
--- a/src/main/java/com/iflytop/nuclear/exception/JWTAccessDeniedHandler.java
+++ b/src/main/java/com/iflytop/nuclear/exception/JWTAccessDeniedHandler.java
@ -0,0 +1,25 @@
+package com.iflytop.nuclear.exception;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import org.springframework.security.access.AccessDeniedException;
+import org.springframework.security.web.access.AccessDeniedHandler;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+/**
+ * @author cool
+ * @description: 没有访问权限
+ */
+public class JWTAccessDeniedHandler implements AccessDeniedHandler {
+    @Override
+    public void handle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AccessDeniedException e) throws IOException, ServletException {
+        httpServletResponse.setCharacterEncoding("UTF-8");
+        httpServletResponse.setContentType("application/json; charset=utf-8");
+        httpServletResponse.setStatus(HttpServletResponse.SC_FORBIDDEN);
+        String reason = "统一处理，原因：" + e.getMessage();
+        httpServletResponse.getWriter().write(new ObjectMapper().writeValueAsString(reason));
+    }
+}
--- a/src/main/java/com/iflytop/nuclear/exception/JWTAuthenticationEntryPoint.java
+++ b/src/main/java/com/iflytop/nuclear/exception/JWTAuthenticationEntryPoint.java
@ -0,0 +1,28 @@
+package com.iflytop.nuclear.exception;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.AuthenticationEntryPoint;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+/**
+ * @author cool
+ * @description: 没有携带token或者token无效
+ */
+public class JWTAuthenticationEntryPoint implements AuthenticationEntryPoint {
+    @Override
+    public void commence(HttpServletRequest request,
+                         HttpServletResponse response,
+                         AuthenticationException authException) throws IOException, ServletException {
+
+        response.setCharacterEncoding("UTF-8");
+        response.setContentType("application/json; charset=utf-8");
+        response.setStatus(HttpServletResponse.SC_FORBIDDEN);
+        String reason = "统一处理，原因：" + authException.getMessage();
+        response.getWriter().write(new ObjectMapper().writeValueAsString(reason));
+    }
+}
--- a/src/main/java/com/iflytop/nuclear/exception/TokenIsExpiredException.java
+++ b/src/main/java/com/iflytop/nuclear/exception/TokenIsExpiredException.java
@ -0,0 +1,27 @@
+package com.iflytop.nuclear.exception;
+
+/**
+ * @author cool
+ * @description: 自定义异常
+ */
+public class TokenIsExpiredException extends Exception {
+
+    public TokenIsExpiredException() {
+    }
+
+    public TokenIsExpiredException(String message) {
+        super(message);
+    }
+
+    public TokenIsExpiredException(String message, Throwable cause) {
+        super(message, cause);
+    }
+
+    public TokenIsExpiredException(Throwable cause) {
+        super(cause);
+    }
+
+    public TokenIsExpiredException(String message, Throwable cause, boolean enableSuppression, boolean writableStackTrace) {
+        super(message, cause, enableSuppression, writableStackTrace);
+    }
+}
--- a/src/main/java/com/iflytop/nuclear/filter/JWTAuthenticationFilter.java
+++ b/src/main/java/com/iflytop/nuclear/filter/JWTAuthenticationFilter.java
@ -0,0 +1,77 @@
+package com.iflytop.nuclear.filter;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.iflytop.nuclear.entity.JwtUser;
+import com.iflytop.nuclear.model.Account;
+import com.iflytop.nuclear.utils.JwtTokenUtils;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.Collection;
+
+/**
+ * @author cool
+ * @desc 该过滤器用于获取用户登录的信息
+ */
+public class JWTAuthenticationFilter extends UsernamePasswordAuthenticationFilter {
+
+    private AuthenticationManager authenticationManager;
+
+    public JWTAuthenticationFilter(AuthenticationManager authenticationManager) {
+        this.authenticationManager = authenticationManager;
+        super.setFilterProcessesUrl("/account/login");
+    }
+
+    @Override
+    public Authentication attemptAuthentication(HttpServletRequest request,
+                                                HttpServletResponse response) throws AuthenticationException {
+
+        // 从输入流中获取到登录的信息
+        try {
+            Account loginUser = new ObjectMapper().readValue(request.getInputStream(), Account.class);
+            return authenticationManager.authenticate(
+                    new UsernamePasswordAuthenticationToken(loginUser.getUsername(), loginUser.getPassword(), new ArrayList<>())
+            );
+        } catch (IOException e) {
+            e.printStackTrace();
+            return null;
+        }
+    }
+
+    // 成功验证后调用的方法
+    // 如果验证成功，就生成token并返回
+    @Override
+    protected void successfulAuthentication(HttpServletRequest request,
+                                            HttpServletResponse response,
+                                            FilterChain chain,
+                                            Authentication authResult) throws IOException, ServletException {
+
+        JwtUser jwtUser = (JwtUser) authResult.getPrincipal();
+        System.out.println("jwtUser:" + jwtUser.toString());
+        String role = "";
+        Collection<? extends GrantedAuthority> authorities = jwtUser.getAuthorities();
+        for (GrantedAuthority authority : authorities){
+            role = authority.getAuthority();
+        }
+        String token = JwtTokenUtils.createToken(jwtUser.getUsername(), role);
+        // 返回创建成功的token
+        // 但是这里创建的token只是单纯的token
+        // 按照jwt的规定，最后请求的时候应该是 `Bearer token`
+        response.setHeader("token", JwtTokenUtils.TOKEN_PREFIX + token);
+    }
+
+    @Override
+    protected void unsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response, AuthenticationException failed) throws IOException, ServletException {
+        response.getWriter().write("authentication failed, reason: " + failed.getMessage());
+    }
+}
--- a/src/main/java/com/iflytop/nuclear/filter/JWTAuthorizationFilter.java
+++ b/src/main/java/com/iflytop/nuclear/filter/JWTAuthorizationFilter.java
@ -0,0 +1,73 @@
+package com.iflytop.nuclear.filter;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.iflytop.nuclear.exception.TokenIsExpiredException;
+import com.iflytop.nuclear.utils.JwtTokenUtils;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
+
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.util.Collections;
+
+/**
+ * @author cool
+ * @desc 鉴权
+ */
+public class JWTAuthorizationFilter extends BasicAuthenticationFilter {
+
+    public JWTAuthorizationFilter(AuthenticationManager authenticationManager) {
+        super(authenticationManager);
+    }
+
+    @Override
+    protected void doFilterInternal(HttpServletRequest request,
+                                    HttpServletResponse response,
+                                    FilterChain chain) throws IOException, ServletException {
+
+        String tokenHeader = request.getHeader(JwtTokenUtils.TOKEN_HEADER);
+        // 如果请求头中没有Authorization信息则直接放行了
+        if (tokenHeader == null || !tokenHeader.startsWith(JwtTokenUtils.TOKEN_PREFIX)) {
+            chain.doFilter(request, response);
+            return;
+        }
+        // 如果请求头中有token，则进行解析，并且设置认证信息
+        try {
+            SecurityContextHolder.getContext().setAuthentication(getAuthentication(tokenHeader));
+        } catch (TokenIsExpiredException e) {
+            //返回json形式的错误信息
+            response.setCharacterEncoding("UTF-8");
+            response.setContentType("application/json; charset=utf-8");
+            response.setStatus(HttpServletResponse.SC_FORBIDDEN);
+            String reason = "统一处理，原因：" + e.getMessage();
+            response.getWriter().write(new ObjectMapper().writeValueAsString(reason));
+            response.getWriter().flush();
+            return;
+        }
+        super.doFilterInternal(request, response, chain);
+    }
+
+    // 这里从token中获取用户信息并新建一个token
+    private UsernamePasswordAuthenticationToken getAuthentication(String tokenHeader) throws TokenIsExpiredException {
+        String token = tokenHeader.replace(JwtTokenUtils.TOKEN_PREFIX, "");
+        boolean expiration = JwtTokenUtils.isExpiration(token);
+        if (expiration) {
+            throw new TokenIsExpiredException("token超时了");
+        } else {
+            String username = JwtTokenUtils.getUsername(token);
+            String role = JwtTokenUtils.getUserRole(token);
+            if (username != null) {
+                return new UsernamePasswordAuthenticationToken(username, null,
+                        Collections.singleton(new SimpleGrantedAuthority(role))
+                );
+            }
+        }
+        return null;
+    }
+}
--- a/src/main/java/com/iflytop/nuclear/mapper/AccountMapper.java
+++ b/src/main/java/com/iflytop/nuclear/mapper/AccountMapper.java
@ -0,0 +1,13 @@
+package com.iflytop.nuclear.mapper;
+
+import com.baomidou.mybatisplus.core.mapper.BaseMapper;
+import com.iflytop.nuclear.model.Account;
+import org.apache.ibatis.annotations.Mapper;
+
+/**
+ * @author cool
+ */
+@Mapper
+public interface AccountMapper extends BaseMapper<Account> {
+
+}
--- a/src/main/java/com/iflytop/nuclear/model/Account.java
+++ b/src/main/java/com/iflytop/nuclear/model/Account.java
@ -0,0 +1,26 @@
+package com.iflytop.nuclear.model;
+
+import com.baomidou.mybatisplus.annotation.TableId;
+import com.baomidou.mybatisplus.annotation.TableName;
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+/**
+ * @author cool
+ * @desc 账户model
+ */
+@Data
+@TableName("account")
+@Builder
+@NoArgsConstructor
+@AllArgsConstructor
+public class Account {
+    @TableId
+    private Long id;
+    private String username;
+    private String password;
+    private String role;
+    private String nickname;
+}
--- a/src/main/java/com/iflytop/nuclear/service/AccountService.java
+++ b/src/main/java/com/iflytop/nuclear/service/AccountService.java
@ -0,0 +1,16 @@
+package com.iflytop.nuclear.service;
+
+import com.baomidou.mybatisplus.extension.service.IService;
+import com.iflytop.nuclear.model.Account;
+import org.springframework.transaction.annotation.Transactional;
+
+/**
+ * @author cool
+ */
+@Transactional
+public interface AccountService extends IService<Account> {
+
+    boolean register(String username, String password);
+
+    Account findByUsername(String username);
+}
--- a/src/main/java/com/iflytop/nuclear/service/UserDetailsServiceImpl.java
+++ b/src/main/java/com/iflytop/nuclear/service/UserDetailsServiceImpl.java
@ -0,0 +1,28 @@
+package com.iflytop.nuclear.service;
+
+import com.iflytop.nuclear.entity.JwtUser;
+import com.iflytop.nuclear.model.Account;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Lazy;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.stereotype.Service;
+
+/**
+ * @author cool
+ * @desc 使用springSecurity需要实现UserDetailsService接口供权限框架调用
+ */
+@Service
+public class UserDetailsServiceImpl implements UserDetailsService {
+
+    @Autowired
+    @Lazy
+    AccountService accountService;
+
+    @Override
+    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
+        Account user = accountService.findByUsername(username);
+        return new JwtUser(user);
+    }
+}
--- a/src/main/java/com/iflytop/nuclear/service/impl/AccountServiceImpl.java
+++ b/src/main/java/com/iflytop/nuclear/service/impl/AccountServiceImpl.java
@ -0,0 +1,51 @@
+package com.iflytop.nuclear.service.impl;
+
+import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
+import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
+import com.iflytop.nuclear.mapper.AccountMapper;
+import com.iflytop.nuclear.model.Account;
+import com.iflytop.nuclear.service.AccountService;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Lazy;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.stereotype.Service;
+
+/**
+ * @author cool
+ */
+@Service
+public class AccountServiceImpl extends ServiceImpl<AccountMapper, Account> implements AccountService {
+
+    @Autowired
+    @Lazy
+    private BCryptPasswordEncoder bCryptPasswordEncoder;
+
+    /**
+     * 注册用户
+     * @param username
+     * @param password
+     * @return
+     */
+    @Override
+    public boolean register(String username, String password) {
+        Account account = Account.builder()
+                .username(username)
+                .password(bCryptPasswordEncoder.encode(password))
+                .role("ROLE_USER")
+                .build();
+        return this.save(account);
+    }
+
+    /**
+     * 根据用户名查找用户
+     * @param username
+     * @return
+     */
+    @Override
+    public Account findByUsername(String username) {
+        QueryWrapper<Account> accountQueryWrapper = new QueryWrapper<>();
+        accountQueryWrapper.eq("username", username);
+        Account account = this.getOne(accountQueryWrapper);
+        return account;
+    }
+}
--- a/src/main/java/com/iflytop/nuclear/utils/JwtTokenUtils.java
+++ b/src/main/java/com/iflytop/nuclear/utils/JwtTokenUtils.java
@ -0,0 +1,68 @@
+package com.iflytop.nuclear.utils;
+
+import io.jsonwebtoken.Claims;
+import io.jsonwebtoken.ExpiredJwtException;
+import io.jsonwebtoken.Jwts;
+import io.jsonwebtoken.SignatureAlgorithm;
+
+import java.util.Date;
+import java.util.HashMap;
+
+/**
+ * @author cool
+ * @desc 操作jwt token 的工具类
+ */
+public class JwtTokenUtils {
+
+    public static final String TOKEN_HEADER = "Authorization";
+    public static final String TOKEN_PREFIX = "Bearer ";
+
+    private static final String SECRET = "eyJhbGciOiJIUzUxMiJ9.eyJleHAiOjE2NDg5ODg1MjAsInN1YiI6ImFkbWluIiwiY3JlYXR";
+    private static final String ISS = "iflytop";
+
+    // 角色的key
+    private static final String ROLE_CLAIMS = "rol";
+
+    // 过期时间是3600秒，既是1个小时
+    private static final long EXPIRATION = 3600L;
+
+    // 创建token
+    public static String createToken(String username, String role) {
+        HashMap<String, Object> map = new HashMap<>();
+        map.put(ROLE_CLAIMS, role);
+        return Jwts.builder()
+                .signWith(SignatureAlgorithm.HS512, SECRET)
+                .setClaims(map)
+                .setIssuer(ISS)
+                .setSubject(username)
+                .setIssuedAt(new Date())
+                .setExpiration(new Date(System.currentTimeMillis() + EXPIRATION * 1000))
+                .compact();
+    }
+
+    // 从token中获取用户名
+    public static String getUsername(String token){
+        return getTokenBody(token).getSubject();
+    }
+
+    // 获取用户角色
+    public static String getUserRole(String token){
+        return (String) getTokenBody(token).get(ROLE_CLAIMS);
+    }
+
+    // 是否已过期
+    public static boolean isExpiration(String token) {
+        try {
+            return getTokenBody(token).getExpiration().before(new Date());
+        } catch (ExpiredJwtException e) {
+            return true;
+        }
+    }
+
+    private static Claims getTokenBody(String token){
+        return Jwts.parser()
+                .setSigningKey(SECRET)
+                .parseClaimsJws(token)
+                .getBody();
+    }
+}
--- a/src/main/resources/application-dev.yml
+++ b/src/main/resources/application-dev.yml
@ -1,7 +1,7 @@

 spring:
  datasource:
-    url: jdbc:mysql://127.0.0.1:3306/boditech?useSSL=false&useUnicode=true&characterEncoding=utf-8&serverTimezone=Asia/Shanghai
+    url: jdbc:mysql://127.0.0.1:3306/nuclear?useSSL=false&useUnicode=true&characterEncoding=utf-8&serverTimezone=Asia/Shanghai
    username: root
    password: root
    driverClassName: com.mysql.cj.jdbc.Driver