# spring-security-jwt

**Repository Path**: AVC_HC/spring-security-jwt

## Basic Information

- **Project Name**: spring-security-jwt
- **Description**: No description available
- **Primary Language**: Java
- **License**: Not specified
- **Default Branch**: master
- **Homepage**: None
- **GVP Project**: No

## Statistics

- **Stars**: 0
- **Forks**: 0
- **Created**: 2017-09-23
- **Last Updated**: 2020-12-19

## Categories & Tags

**Categories**: Uncategorized

**Tags**: None

## README

# JWT保护SpringBoot微服务

> 项目为Gradle项目



项目启动输入后：

一、用curl模拟用户登录：

```Sh
curl -H "Content-Type: application/json" -X POST -d '{"username":"admin","password":"123456"}' http://127.0.0.1:8080/login
```

获得的json串:

```json
{"result":"eyJhbGciOiJIUzUxMiJ9.eyJhdXRob3JpdGllcyI6IkFVVEhfV1JJVEUiLCJzdWIiOiJhZG1pbiIsImV4cCI6MTUwNjU3NzYzOH0.cqg7J1pP20bxxr_ZKsjfHsIyr1anbk6tx9CIeKBGwD_wKaxu-EG4Mjvzt5utZ1LodIhogqtd4XkHW9H71nA-MA","message":"","status":0}
```



二、用获得的串去访问业务接口：

```Shell
curl -H "Content-Type: application/json" -H "Authorization: Bearer eyJhbGciOiJIUzUxMiJ9.eyJhdXRob3JpdGllcyI6IkFVVEhfV1JJVEUiLCJzdWIiOiJhZG1pbiIsImV4cCI6MTUwNjU3NzYzOH0.cqg7J1pP20bxxr_ZKsjfHsIyr1anbk6tx9CIeKBGwD_wKaxu-EG4Mjvzt5utZ1LodIhogqtd4XkHW9H71nA-MA" http://127.0.0.1:8080/hello
```

可以访问hello：

```Json
{"result":["hello"],"message":"","status":0}
```

不能访问world：

```Json
{"timestamp":1506145788627,"status":403,"error":"Forbidden","message":"Access is denied","path":"/world"}
```

----

1、在WebSecurityConfig中配置了AUTH_WRITE可以访问/hello,ADMIN可以访问world。

2、在CustomAuthenticationProvider中配置了指定用户的权限。可自己替换为自己的数据库权限。此demo用户只有AUTH_WRITE权限，故不可以访问world接口。