2 Star 5 Fork 2

陕西颜值扛把子 / SpringSecurity-JWT-Vue-Deom

Create your Gitee Account
Explore and code with more than 5 million developers,Free private repositories !:)
Sign up
Clone or download
Cancel
Notice: Creating folder will generate an empty file .keep, because not support in Git
Loading...
README.md

JWT Spring Boot Security

Chinese Documents 中文文档

About

This is a demonstration of stateless token-based authentication using JSON Web Token and CSRF protection, Spring Security, Spring Boot and Vue js.

Technology Stack

Component Technology
Frontend Vue.js 2
Backend (REST) SpringBoot (Java)
Security Token Based (Spring Security, JJWT, CSRF)
Client Build Tools vue-cli, Webpack, npm
Server Build Tools Maven

Quick start

Run Environment: Java11, Node 12, Maven3

Clone this project

git clone https://github.com/PuZhiweizuishuai/SpringSecurity-JWT-Vue-Deom.git

Run back end server

cd spring-security-jwt
mvn clean package

Then

java -jar target/security-0.0.1-SNAPSHOT.jar

Run front end server

cd vue
npm install

Then

npm run serve

Final

Open

http://127.0.0.1:8080

Screenshots

主页

登陆

管理员页

Security

JWT token

To generating and verifying JWT I use JJWT. JJWT – a self-contained Java library providing end-to-end JSON Web Tokens creation and verification.

JWT storing strategy

We have a couple of options where to store the token:

HTML5 Web Storage (localStorage or sessionStorage) Cookies

Main problem of Web Storage

It is accessible through JavaScript on the same domain. This means that any JavaScript running on your site will have access to web storage, and because of this can be vulnerable to cross-site scripting (XSS) attacks.

So, to prevent XSS I store the JWT token in a Http-Only/Secure cookie. Cookies, when used with the HttpOnly cookie flag, are not accessible through JavaScript, and are immune to XSS.

CSRF attack

However, cookies are vulnerable to a different type of attack: cross-site request forgery (CSRF). A CSRF attack is a type of attack that occurs when a malicious web site, email, or blog causes a user’s web browser to perform an unwanted action on a trusted site on which the user is currently authenticated.

To prevent CSRF attacks, we must create an extra Javascript readable cookie which is called: XSRF-TOKEN. This cookie must be created when the user is logged in and should contain a random, un-guessable string. Every time the JavaScript application wants to make a request, it will need to read this token and send it along in a custom HTTP header.

Reference document

Spring Security Reference

Vue.js

Dependency software

mavonEditor

element ui

Copyright and license

The code is released under the MIT license.

Comments ( 0 )

Sign in for post a comment

About

使用Spring Security、Spring Boot和Vue js演示无状态JWT身份验证 spread retract
Cancel

Releases

No release

Gitee Metrics

Contributors

All

Activities

load more
can not load any more
Java
1
https://git.oschina.net/puzhiweizuishuai/SpringSecurity-JWT-Vue-Deom.git
git@git.oschina.net:puzhiweizuishuai/SpringSecurity-JWT-Vue-Deom.git
puzhiweizuishuai
SpringSecurity-JWT-Vue-Deom
SpringSecurity-JWT-Vue-Deom
master

Search