当前位置: 首页 > 工具软件 > oauth2-shiro > 使用案例 >

SpringBoot 微服务采用oauth2和shiro+JWT实现鉴权

梁丘璞瑜
2023-12-01

代码地址

代码地址:  https://github.com/BoYiZhang/oauth2-shiro-jwt
数据库脚本:  oauth2-shiro-jwt/src/main/resources/dbscript/

接口说明,支持两种方式,两套接口

1.使用JWT生成Token,使用shiro实现鉴权
2.使用oauth2生成token,spring security实现鉴权

使用JWT生成Token,使用shiro实现鉴权

UMS返回参数说明

名称类型说明
typeint请求状态(0:失败;1:成功)
messageCodeint详情请移步错误码page
messageString提示信息
resultObject结果集

获取token

POST /shiro/auth/token
输入参数必须类型中文描述
applicationKeyyesString需要登录的项目key
userNameyesString用户名
passwordyesString密码
返回Result类型中文描述
tokenString使用JWT生成的Token

请求示例

curl -X POST "http://localhost:8030/auth/token" -H "accept: */*" -H "Content-Type: application/json" -d "{ \"applicationKey\": \"urule\", \"password\": \"123456\", \"userName\": \"askerlve\"}"

返回示例

{
  "type": 1,
  "messageCode": 200,
  "message": "操作成功!",
  "result": {
    "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhcHBsaWNhdGlvbktleSI6InVydWxlIiwiaXNzIjoiY21zIiwidXNlck5hbWUiOiJhc2tlcmx2ZSIsImV4cCI6MTUyNDYyNjQzMSwiaWF0IjoxNTI0NjI2MTMxfQ.q7HP26HAUVw7X7MF2Kjgqu49ky5DWJJAPR4xHAfuZ2Q"
  }
}

获取权限列表

GET /shiro/auth/list/permission
输入参数必须类型中文描述
AuthorizationyesString认证Token
返回Result类型中文描述
idint资源id
parentIdint父节点id
applicationIdint所属系统id
nameString资源名称
codeString资源code
urlString资源地址
descriptionString资源描述
typeint资源类型(0:系统;1:菜单;2:API)
iconString图标
orderint排序
statusint状态(0:禁用 1:启用 -3:垃圾桶 -4:删除)
createTimeDate创建时间
createUserIdint创建人id
updateTimeDate更新时间
updateUserIdint更新者id

请求示例

curl -X GET "http://localhost:8030/auth/list/permission" -H "accept: */*" -H "Authorization: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhcHBsaWNhdGlvbktleSI6InVydWxlIiwiaXNzIjoiY21zIiwidXNlck5hbWUiOiJhc2tlcmx2ZSIsImV4cCI6MTUyNDYyNjQzMSwiaWF0IjoxNTI0NjI2MTMxfQ.q7HP26HAUVw7X7MF2Kjgqu49ky5DWJJAPR4xHAfuZ2Q"

返回示例

{
  "type": 1,
  "messageCode": 200,
  "message": "操作成功!",
  "result": [
    {
      "id": 1,
      "parentId": null,
      "applicationId": 1,
      "name": "决策系统",
      "code": "DSQ",
      "url": "/urule",
      "description": "决策系统",
      "type": 0,
      "icon": null,
      "order": 2,
      "status": null,
      "createTime": "2018-04-20 17:14:34",
      "createUserId": 1,
      "updateTime": "2018-04-20 17:14:34",
      "updateUserId": 1
    },
    {
      "id": 4,
      "parentId": null,
      "applicationId": 1,
      "name": "用户管理",
      "code": "userManager",
      "url": "/urule/user",
      "description": "决策系统用户管理",
      "type": 1,
      "icon": null,
      "order": 0,
      "status": null,
      "createTime": "2018-04-24 18:39:51",
      "createUserId": 1,
      "updateTime": "2018-04-24 18:39:51",
      "updateUserId": 1
    }
  ]
}

判断当前用户是否有权限

POST /shiro/auth/judge/permission
输入参数必须类型中文描述
applicationKeyyesString需要登录的项目key
AuthorizationyesString认证Token
urlAddressyesString需要鉴权的地址
返回Result类型中文描述
isAllowedbooleantrue:有权限;false:无权限

请求示例

curl -X POST "http://localhost:8030/auth/judge/permission" -H "accept: */*" -H "Authorization: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhcHBsaWNhdGlvbktleSI6InVydWxlIiwiaXNzIjoiY21zIiwidXNlck5hbWUiOiJhc2tlcmx2ZSIsImV4cCI6MTUyNDYzOTMzNSwiaWF0IjoxNTI0NjM5MDM1fQ.zA2J0GvIQGGp4tszhf515u-pFYRDwuU8zXuGK9AGo6I" -H "Content-Type: application/json" -d "{ \"urlAddress\": \"/urule\"}"

返回示例

{
  "type": 1,
  "messageCode": 200,
  "message": "操作成功!",
  "result": {
    "isAllowed": true
  }
}

使用oauth2生成Token,使用sping security实现鉴权

UMS返回参数说明

名称类型说明
typeint请求状态(0:失败;1:成功)
messageCodeint详情请移步错误码page
messageString提示信息
resultObject结果集

获取token

POST /oauth/login
输入参数必须数据类型参数类型中文描述
AuthorizationyesStringheaderBasic + " " + (客户端用户名 + “:” + 客户端密码)进行base64编码
Content-TypeyesStringheader请求入参方式,只支持application/x-www-form-urlencoded或者form-data
usernameyesStringbody用户名
passwordyesStringbody密码
返回Result数据类型中文描述
additionalInformationjson对象扩展对象
additionalInformation.jtistringtoken唯一标识
expirationlong过期时间戳
expiredboolean是否过期
expiresInint多少秒以后过期
refreshTokenjson对象刷新token信息
refreshToken.expirationlong过期时间戳
refreshToken.valuestringrefreshToken值
scopestring数组授权作用域
tokenTypestringtoken类型
valuestringaccess_token值

请求示例

curl -X POST \
  http://localhost:8030/oauth/login \
  -H 'Authorization: Basic dXJ1bGU6dXJ1bGU=' \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  -d 'username=askerlve&password=123456'

返回示例

{
    "message": "操作成功!",
    "messageCode": 200,
    "result": {
        "additionalInformation": {
            "jti": "a5bf41d7-3913-440f-8936-7b81485abd57"
        },
        "expiration": 1525423241889,
        "expired": false,
        "expiresIn": 599,
        "refreshToken": {
            "expiration": 1526718641889,
            "value": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE1MjY3MTg2NDEsInVzZXJfbmFtZSI6ImFza2VybHZlIiwianRpIjoiY2M3MGViODItMmI2My00NzcyLWE1ZTgtZjM2ZWFkNjM3YjBlIiwiY2xpZW50X2lkIjoidXJ1bGUiLCJzY29wZSI6WyJhbGwiXSwiYXRpIjoiYTViZjQxZDctMzkxMy00NDBmLTg5MzYtN2I4MTQ4NWFiZDU3In0.InynNTN3WBSaX8XD1QevKTFiQx65l_8lKFYt-HldOvI"
        },
        "scope": [
            "all"
        ],
        "tokenType": "bearer",
        "value": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE1MjU0MjMyNDEsInVzZXJfbmFtZSI6ImFza2VybHZlIiwianRpIjoiYTViZjQxZDctMzkxMy00NDBmLTg5MzYtN2I4MTQ4NWFiZDU3IiwiY2xpZW50X2lkIjoidXJ1bGUiLCJzY29wZSI6WyJhbGwiXX0.ugnpz0GvN0l42zdk9tOd7MvS3PvVIm4ZNe0f7bWrxh0"
    },
    "type": 1
}

oauth2方式刷新token

POST /oauth/token
输入参数必须数据类型参数类型中文描述
AuthorizationyesStringheaderBasic + " " + (客户端用户名 + “:” + 客户端密码)进行base64编码
Content-TypeyesStringheader请求入参方式,只支持application/x-www-form-urlencoded或者form-data
grant_typeyesStringbody操作类型
refresh_tokenyesStringbody刷新token的值
返回Result数据类型中文描述
access_tokenStringaccess_token值
jtistringtoken唯一标识
expiresInint多少秒以后过期
refreshTokenstring刷新token信息
scopestring授权作用域
tokenTypestringtoken类型

请求示例

curl -X POST \
  http://localhost:8030/oauth/token \
  -H 'Authorization: Basic dXJ1bGU6dXJ1bGU=' \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  -d 'grant_type=refresh_token&refresh_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE1MjY3MTg2NDEsInVzZXJfbmFtZSI6ImFza2VybHZlIiwianRpIjoiY2M3MGViODItMmI2My00NzcyLWE1ZTgtZjM2ZWFkNjM3YjBlIiwiY2xpZW50X2lkIjoidXJ1bGUiLCJzY29wZSI6WyJhbGwiXSwiYXRpIjoiYTViZjQxZDctMzkxMy00NDBmLTg5MzYtN2I4MTQ4NWFiZDU3In0.InynNTN3WBSaX8XD1QevKTFiQx65l_8lKFYt-HldOvI'

返回示例

{
    "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE1MjU0MjQ0MTQsInVzZXJfbmFtZSI6ImFza2VybHZlIiwianRpIjoiYjAyODYzZmYtOTkwYy00OTNjLWFmZTktZjA4ZTBiYTgxZWU1IiwiY2xpZW50X2lkIjoidXJ1bGUiLCJzY29wZSI6WyJhbGwiXX0.Xat3d42TDTZpglFR7kL4wVwnA6JjHSP8HS1x_GESoE8",
    "token_type": "bearer",
    "refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE1MjY3MTg2NDEsInVzZXJfbmFtZSI6ImFza2VybHZlIiwianRpIjoiY2M3MGViODItMmI2My00NzcyLWE1ZTgtZjM2ZWFkNjM3YjBlIiwiY2xpZW50X2lkIjoidXJ1bGUiLCJzY29wZSI6WyJhbGwiXSwiYXRpIjoiYjAyODYzZmYtOTkwYy00OTNjLWFmZTktZjA4ZTBiYTgxZWU1In0.--hu5-nLW_zcUVydksreihQV30aetLlxJsXwcYQXveA",
    "expires_in": 599,
    "scope": "all",
    "jti": "b02863ff-990c-493c-afe9-f08e0ba81ee5"
}

自定义方式刷新token

POST /oauth/auth/refresh
输入参数必须数据类型参数类型中文描述
AuthorizationyesStringheaderBasic + " " + (客户端用户名 + “:” + 客户端密码)进行base64编码
refresh_tokenyesStringbody刷新token的值
返回Result数据类型中文描述
access_tokenStringaccess_token值
jtistringtoken唯一标识
expiresInint多少秒以后过期
refreshTokenstring刷新token信息
scopestring授权作用域
tokenTypestringtoken类型

请求示例

curl -X POST "http://localhost:8030/oauth/auth/refresh" 
-H "Authorization: Basic dXJ1bGU6dXJ1bGU=" 
-H "Content-Type: application/json" 
-d "{ \"refreshToken\": \"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE1Mjc2NzU4OTEsInVzZXJfbmFtZSI6ImFza2VybHZlIiwianRpIjoiNjBlM2YxOGQtNWFhMS00NjcwLWFiMGYtMGUwODc5ZWE5YjhiIiwiY2xpZW50X2lkIjoidXJ1bGUiLCJzY29wZSI6WyJhbGwiXSwiYXRpIjoiYTA0YTM1MzYtMGU3ZS00MDU1LTlmY2MtZjIzZTQ2NmU3Yzc3In0.xB7ciV8syq79VHLYOEM9R365J7VSPXdL0b0oPog1T4c\"}"

返回示例

{
  "type": 1,
  "messageCode": 200,
  "message": "操作成功!",
  "result": {
    "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE1MjYzODA1MDksInVzZXJfbmFtZSI6ImFza2VybHZlIiwianRpIjoiNTM0ZDVhZDItMGQwMS00YjI5LTk2NTctYzU1YjlmZjIwNTBhIiwiY2xpZW50X2lkIjoidXJ1bGUiLCJzY29wZSI6WyJhbGwiXX0.l8NrCs8C0YLkD3qC797JEtED3_PMD689wzj30DvujWs",
    "token_type": "bearer",
    "refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE1Mjc2NzU4OTEsInVzZXJfbmFtZSI6ImFza2VybHZlIiwianRpIjoiNjBlM2YxOGQtNWFhMS00NjcwLWFiMGYtMGUwODc5ZWE5YjhiIiwiY2xpZW50X2lkIjoidXJ1bGUiLCJzY29wZSI6WyJhbGwiXSwiYXRpIjoiNTM0ZDVhZDItMGQwMS00YjI5LTk2NTctYzU1YjlmZjIwNTBhIn0.PT0Zkg1ftH1CSXGbkUp02iZRr68iqfmkI2xIHBzPtM8",
    "expires_in": 599,
    "scope": "all",
    "jti": "534d5ad2-0d01-4b29-9657-c55b9ff2050a"
  }
}

登出

GET /oauth/logout
输入参数必须数据类型参数类型中文描述
AuthorizationyesStringheaderBearer + " " + token
返回Result数据类型中文描述
nonenonenone

请求示例

curl -X GET \
  http://localhost:8030/oauth/logout \
  -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE1MjU2NjE1MzEsInVzZXJfbmFtZSI6ImFza2VybHZlIiwianRpIjoiN2UyOWQ2YzQtYjQ4MC00YzI3LWIyY2EtN2YzZDgwY2E3N2RiIiwiY2xpZW50X2lkIjoidXJ1bGUiLCJzY29wZSI6WyJhbGwiXX0.Esj5eovax8H3uK9df8CID12ia9YkUPMWIgpa7zl7-gQ'

返回示例

{
    "message": "操作成功!",
    "messageCode": 200,
    "type": 1
}

获取权限列表

POST /oauth/auth/list/permission
输入参数必须数据类型参数类型中文描述
AuthorizationyesStringheaderBearer + " " + token
applicationKeyyesStringbody要拉取的项目key
返回Result类型中文描述
idint资源id
parentIdint父节点id
applicationIdint所属系统id
nameString资源名称
codeString资源code
urlString资源地址
descriptionString资源描述
typeint资源类型(0:系统;1:菜单;2:API)
iconString图标
orderint排序
statusint状态(0:禁用 1:启用 -3:垃圾桶 -4:删除)
createTimeDate创建时间
createUserIdint创建人id
updateTimeDate更新时间
updateUserIdint更新者id

请求示例

curl -X POST "http://localhost:8030/oauth/auth/list/permission" \
    -H "accept: */*" \
    -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE1MjU2NjQxNTgsInVzZXJfbmFtZSI6ImFza2VybHZlIiwianRpIjoiMTUxNWUzM2MtYjdhNS00OWRjLTg2MWItMTdjZDc1Y2YwMWUxIiwiY2xpZW50X2lkIjoidXJ1bGUiLCJzY29wZSI6WyJhbGwiXX0.cyGqSJDThvvlqokRdHSl1fMtraVAJm5O3XGSjDiKMtk" \
    -H "Content-Type: application/json" \
    -d "{ \"applicationKey\": \"urule\"}"

返回示例

{
  "type": 1,
  "messageCode": 200,
  "message": "操作成功!",
  "result": [
    {
      "id": 1,
      "parentId": 0,
      "applicationId": 1,
      "name": "决策系统",
      "code": "DSQ",
      "url": "/urule",
      "description": "决策系统",
      "type": 0,
      "icon": "tbd",
      "order": 2,
      "status": 1,
      "createTime": "2018-04-20 17:14:34",
      "createUserId": 1,
      "updateTime": "2018-04-20 17:14:34",
      "updateUserId": 1
    },
    {
      "id": 4,
      "parentId": 1,
      "applicationId": 1,
      "name": "用户管理",
      "code": "userManager",
      "url": "/urule/user",
      "description": "决策系统用户管理",
      "type": 1,
      "icon": "tbd",
      "order": 0,
      "status": 1,
      "createTime": "2018-04-24 18:39:51",
      "createUserId": 1,
      "updateTime": "2018-04-24 18:39:51",
      "updateUserId": 1
    },
    {
      "id": 5,
      "parentId": 4,
      "applicationId": 1,
      "name": "用户新增",
      "code": "userAdd",
      "url": "/urule/user/add",
      "description": "决策系统用户新增",
      "type": 2,
      "icon": "tbd",
      "order": 0,
      "status": 1,
      "createTime": "2018-04-24 18:46:15",
      "createUserId": 1,
      "updateTime": "2018-04-24 18:46:15",
      "updateUserId": 1
    }
  ]
}

判断当前用户是否有权限

POST /oauth/auth/judge/permission
输入参数必须数据类型参数类型中文描述
AuthorizationyesStringheaderBearer + " " + token
applicationKeyyesStringbody要判断的url所属项目key
urlAddressyesStringbody要判断的url
返回Result类型中文描述
isAllowedbooleantrue:有权限;false:无权限

请求示例

curl -X POST "http://localhost:8030/oauth/auth/judge/permission" \
    -H "accept: */*" 
    -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE1MjU2NjQxNTgsInVzZXJfbmFtZSI6ImFza2VybHZlIiwianRpIjoiMTUxNWUzM2MtYjdhNS00OWRjLTg2MWItMTdjZDc1Y2YwMWUxIiwiY2xpZW50X2lkIjoidXJ1bGUiLCJzY29wZSI6WyJhbGwiXX0.cyGqSJDThvvlqokRdHSl1fMtraVAJm5O3XGSjDiKMtk" 
    -H "Content-Type: application/json" 
    -d "{ \"applicationKey\": \"urule\", \"urlAddress\": \"/urule\"}"

返回示例

{
  "type": 1,
  "messageCode": 200,
  "message": "操作成功!",
  "result": {
    "isAllowed": true
  }
}

原文: https://github.com/Askerlve/oauth2-shiro-jwt.git

 类似资料: