LCGYL Hub

主题

Security JWT Plugin

对应模块: io.gitee.lcgyl:lcgyl-security-jwt-plugin

基于 JSON Web Token (JWT) 的无状态认证实现,适用于前后端分离架构。

✨ 特性

  • 标准实现 - 符合 RFC 7519 标准
  • Token 管理 - 提供生成、解析、验证的全套 API
  • 自动续期 - 支持 Refresh Token 机制
  • 安全增强 - 支持 Token 黑名单(主动登出)
  • 灵活载荷 - 支持自定义 Claims 数据

🚀 快速开始

依赖引入

gradle
implementation 'io.gitee.lcgyl:lcgyl-security-jwt-plugin:2.2.0'

配置示例

yaml
lcgyl:
  security:
    jwt:
      enabled: true
      secret: your-256-bit-secret-key-must-be-at-least-256-bits
      access-token-validity: 3600     # 1小时
      refresh-token-validity: 604800  # 7天
      issuer: my-application

登录签发 Token

java
@RestController
@RequestMapping("/auth")
public class AuthController {
    
    @Inject
    private JwtTokenProvider tokenProvider;
    
    @Inject
    private AuthenticationService authService;
    
    @PostMapping("/login")
    public TokenResponse login(@RequestBody LoginRequest request) {
        // 验证用户凭证
        User user = authService.authenticate(request.getUsername(), request.getPassword());
        
        // 生成双 Token
        String accessToken = tokenProvider.createAccessToken(user.getId(), user.getRoles());
        String refreshToken = tokenProvider.createRefreshToken(user.getId());
        
        return new TokenResponse(accessToken, refreshToken, 3600);
    }
    
    @PostMapping("/refresh")
    public TokenResponse refresh(@RequestBody RefreshRequest request) {
        // 验证 Refresh Token 并签发新的 Access Token
        String newAccessToken = tokenProvider.refreshAccessToken(request.getRefreshToken());
        return new TokenResponse(newAccessToken, request.getRefreshToken(), 3600);
    }
    
    @PostMapping("/logout")
    public void logout(@RequestHeader("Authorization") String token) {
        // 将 Token 加入黑名单,实现主动登出
        tokenProvider.invalidate(token.replace("Bearer ", ""));
    }
}

解析和验证 Token

java
@Service
public class TokenService {
    
    @Inject
    private JwtTokenProvider tokenProvider;
    
    public UserInfo parseToken(String token) {
        Claims claims = tokenProvider.parseToken(token);
        
        return UserInfo.builder()
            .userId(claims.getSubject())
            .roles((List<String>) claims.get("roles"))
            .expireAt(claims.getExpiration())
            .build();
    }
    
    public boolean isValid(String token) {
        try {
            return tokenProvider.validateToken(token);
        } catch (TokenExpiredException e) {
            log.warn("Token 已过期");
            return false;
        } catch (InvalidTokenException e) {
            log.warn("Token 无效");
            return false;
        }
    }
}

自定义 Claims

java
@Service
public class CustomTokenService {
    
    @Inject
    private JwtTokenProvider tokenProvider;
    
    public String createTokenWithCustomClaims(User user) {
        Map<String, Object> claims = new HashMap<>();
        claims.put("roles", user.getRoles());
        claims.put("permissions", user.getPermissions());
        claims.put("department", user.getDepartment());
        
        return tokenProvider.createToken(user.getId(), claims, Duration.ofHours(2));
    }
}

Released under the Apache License 2.0

Copyright © 2025 LCGYL Framework