今天我们继续聊聊JWT,从上一次的聊天中我们可以看出。JWT的功能还是比较强大的。而在上一次的示例代码我们可以封装成一一个工具对象来使用。我们看看在JavaWeb中JWT如何使用。
第一步:创建两个页面login.jsp和welcome.jsp
login.jsp:
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>User Login</title>
<script type="text/javascript">
function test() {
window.localStorage.setItem('myCat', 'Tom');
}
function loadPage() {
alert(window.localStorage.getItem('myCat'));
var name = window.localStorage.getItem('myCat');
if(name == "Tom"){
var check = document.getElementById("checkboxid");
check.checked = true;
}
}
</script>
</head>
<body οnlοad="loadPage();">
<h3>请您登录</h3><br>
<form action="UserLogin" method="get">
用户名:<input type="text" name="username"><br>
密码:<input type="text" name="password"><br>
记住我:<input type="checkbox" οnchange="test();" id="checkboxid"><br>
<%-- <input type="hidden" name="userToken" value="<%=request.getCookies()%>"> --%>
<input type="submit" value="提交"><br>
</form>
</body>
</html>
welcome.jsp:
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>User welcome</title>
</head>
<body>
<h1>欢迎您的登录</h1>
</body>
</html>
第二步:添加相应的依赖
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.alibaba</groupId>
<artifactId>JwtDemo</artifactId>
<version>0.0.1-SNAPSHOT</version>
<packaging>war</packaging>
<dependencies>
<!-- mysql -->
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>5.1.38</version>
</dependency>
<!-- HttpServlet -->
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
<version>3.0.1</version>
<scope>provided</scope>
</dependency>
<!-- JWT -->
<dependency>
<groupId>com.auth0</groupId>
<artifactId>java-jwt</artifactId>
<version>3.3.0</version>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt</artifactId>
<version>0.6.0</version>
</dependency>
<dependency>
<groupId>com.alibaba</groupId>
<artifactId>fastjson</artifactId>
<version>1.2.54</version>
</dependency>
</dependencies>
</project>
第三步:创建登录校验的Servlet:
package com.alibaba;
import java.io.IOException;
import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.Statement;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@WebServlet(value = "/UserLogin")
public class UserLogin extends HttpServlet{
/**
* @see
*/
private static final long serialVersionUID = 377879623563586348L;
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
doPost(request, response);
}
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
try {
String userToken = "";
//----------省去乱码配置------------
Cookie[] cookies = request.getCookies();
for (Cookie cookie : cookies) {
if(cookie.getName() .equals("userToken")) {
userToken = cookie.getValue();
}
}
if(userToken == null || userToken.length() < 1) {
String username = request.getParameter("username");
String password = request.getParameter("password");
if(username == null || username.length() < 1 || password == null || password.length() < 1) {
response.sendRedirect("login.jsp");
}else {
//查数据库
Connection connection = JdbcUtil.getConnection();
Statement statement = connection.createStatement();
String sql = "select id from user_test where username='"+ username + "' and passwords='" + password + "'";
ResultSet resultSet = statement.executeQuery(sql);
if(!resultSet.next()) {
//用户名或者密码不正确
response.sendRedirect("login.jsp");
return;
}
String userTokens = new JwtObject().createUserToken(username);
Connection connection1 = JdbcUtil.getConnection();
Statement statement1 = connection1.createStatement();
int resultUpdata = statement1.executeUpdate("update user_test set userToken= '" + userTokens + "' where username='" + username + "'");
Cookie cookie = new Cookie("userToken", userTokens);
response.addCookie(cookie);
response.sendRedirect("welcome.jsp");
}
}else {
//用携带的userToken查询出用户的userToken
String sign = new JwtObject().vaildUserToken(userToken);
if(sign == null) {
response.sendRedirect("welcome.jsp");
return;
}
//查数据库
Connection connection = JdbcUtil.getConnection();
Statement statement = connection.createStatement();
ResultSet resultSet = statement.executeQuery("select userToken from user_test where userToken='"+ userToken + "'");
if(!resultSet.next()) {
//用户名或者密码不正确
response.sendRedirect("login.jsp");
return;
}
String userTokenQuery = resultSet.getString(1);
if(!userTokenQuery.split("\\.")[2].equals(sign)) {
response.sendRedirect("login.jsp");
return;
}
Cookie cookie = new Cookie("userToken", userToken);
response.addCookie(cookie);
response.sendRedirect("welcome.jsp");
}
} catch (Exception e) {
// TODO: handle exception
}
}
}
第四步:创建一个连接数据库的工具对象和在MySQL中创建一张表
package com.alibaba;
import java.sql.Connection;
import java.sql.DriverManager;
public class JdbcUtil {
private static final String DRIVER = "com.mysql.jdbc.Driver";
private static final String URL = "jdbc:mysql://localhost:3306/test1";
private static final String USERNAME = "root";
private static final String PASSWORD = "root";
public static Connection getConnection() {
try {
Class.forName(DRIVER);
Connection connection = DriverManager.getConnection(URL, USERNAME, PASSWORD);
return connection;
} catch (Exception e) {
System.out.println("JdbcUtil/getConnection Exception:" + e);
return null;
}
}
}
建表:
CREATE TABLE `user_test` (
`id` bigint(10) NOT NULL AUTO_INCREMENT COMMENT '主键',
`username` varchar(16) DEFAULT NULL COMMENT '用户名',
`passwords` varchar(32) DEFAULT NULL COMMENT '用户密码',
`userToken` varchar(512) DEFAULT NULL COMMENT '用户的token',
PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=utf8;
第五步:用两个不同的浏览器进行登录并观察结果
5.1:先用火狐浏览器登录
5.2:登录的结果
5.3:用相同的用户名和密码在谷歌浏览器中登录
5.4:谷歌浏览器登录的结果
5.5:登录结果说明
在5.4中我们可以发现,用谷歌浏览器登录的时候竟然没有登录成功并且又重定向回登录页面了。这是因为我在此之前我在谷歌已经登录过了,然后又在火狐上登录。火狐上登录以后他生成了最新的JWT的userToken。当谷歌再次登录的时候userToken校验不通过造成的结果。当然这与我自己的登录逻辑也是有关系的。