1.引入依赖
implementation 'io.jsonwebtoken:jjwt-api:0.10.1'
implementation 'io.jsonwebtoken:jjwt-impl:0.10.1'
implementation 'io.jsonwebtoken:jjwt-jackson:0.10.1'
implementation 'com.alibaba:fastjson:1.2.83'
2.创建Interceptor配置类,自动拦截或放行配置好的路径
package com.yuzai.config;
import com.yuzai.interceptor.LoginCheckInterceptor;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
@Configuration
public class InterceptorConfig implements WebMvcConfigurer {
@Autowired
private LoginCheckInterceptor loginCheckInterceptor;
@Override
public void addInterceptors(InterceptorRegistry registry) {
String[] excludePatterns = new String[]{
"/login",
"/swagger-resources/**",
"/swagger-ui/**",
"/swagger-ui.html",
"/swagger-ui.html/**",
"/swagger-resources/**",
"/api",
"/api-docs",
"/api-docs/**",
"/webjars/**",
"/doc.html/**",
"/v2/**",
"/v3/api-docs/**"};
registry.addInterceptor(loginCheckInterceptor)
.addPathPatterns("/**")
.excludePathPatterns(excludePatterns);
}
}
3.编写jwt工具类,负责生成和解析令牌
package com.yuzai.utils;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import java.util.Date;
import java.util.Map;
public class JwtUtils {
private static String signKey = "yuzai798yuzai798yuzai798yuzai798yuzai798yuzai798yuzai798yuzai798";
private static Long expire = 43200000L;
public static String generateJwt(Map<String, Object> claims){
String jwt = Jwts.builder()
.addClaims(claims)
.signWith(SignatureAlgorithm.HS256, signKey)
.setExpiration(new Date(System.currentTimeMillis() + expire))
.compact();
return jwt;
}
public static Claims parseJWT(String jwt){
Claims claims = Jwts.parser()
.setSigningKey(signKey)
.parseClaimsJws(jwt)
.getBody();
return claims;
}
}
4.编写登录校验类,使用jwt令牌校验当前是否为用户登录状态
package com.yuzai.interceptor;
import com.alibaba.fastjson.JSONObject;
import com.yuzai.pojo.Result;
import com.yuzai.utils.JwtUtils;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import lombok.extern.slf4j.Slf4j;
import org.springframework.stereotype.Component;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
@Component
@Slf4j
public class LoginCheckInterceptor implements HandlerInterceptor {
@Override
public boolean preHandle(HttpServletRequest req, HttpServletResponse resp, Object handler) throws Exception {
System.out.println("LoginCheckInterceptor.preHandle");
String url = req.getRequestURL().toString();
log.info("请求的url: {}",url);
if(url.contains("login")){
return true;
}
String jwt = req.getHeader("token");
if(jwt==null){
log.info("请求头token为空,返回未登录的信息");
Result error = Result.error("NOT_LOGIN");
String notLogin = JSONObject.toJSONString(error);
resp.getWriter().write(notLogin);
return false;
}
try {
JwtUtils.parseJWT(jwt);
} catch (Exception e) {
e.printStackTrace();
log.info("解析令牌失败, 返回未登录错误信息");
Result error = Result.error("NOT_LOGIN");
String notLogin = JSONObject.toJSONString(error);
resp.getWriter().write(notLogin);
return false;
}
log.info("令牌合法, 放行");
return true;
}
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
System.out.println("LoginCheckInterceptor.postHandle");
}
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
System.out.println("LoginCheckInterceptor.afterCompletion");
}
}
5.编写登录控制器
package com.yuzai.controller;
import com.yuzai.pojo.Emp;
import com.yuzai.pojo.Result;
import com.yuzai.service.EmpService;
import com.yuzai.utils.JwtUtils;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RestController;
import java.util.HashMap;
import java.util.Map;
@Slf4j
@RestController
public class LoginController {
@Autowired
private EmpService empServiceImpl;
@PostMapping("/login")
public Result login(@RequestBody Emp emp) {
log.info("员工登录");
Emp e = empServiceImpl.getEmpByUsernameAndPassword(emp);
if (e != null){
Map<String, Object> claims = new HashMap<>();
claims.put("id", e.getId());
claims.put("name", e.getName());
claims.put("username", e.getUsername());
String jwt = JwtUtils.generateJwt(claims);
return Result.success(jwt);
}
return Result.error("用户名或密码错误");
}
}