一,导入pom依赖
<dependency>
<groupId>com.auth0</groupId>
<artifactId>java-jwt</artifactId>
<version>3.8.2</version>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt</artifactId>
<version>0.6.0</version>
</dependency>
二,编写Utils工具类JWTUtils
public class JWTUtils {
private static final String SING = "sxxxcccaaadfehdfuisghgexxe";
/**
* 生成token header.payload.sing
*/
public static String getToken(Map<String ,String> map){
Calendar istance = Calendar.getInstance();
istance.add(Calendar.DATE,1);
JWTCreator.Builder builder = JWT.create();
map.forEach((k,v)->{
builder.withClaim(k,v);
});
// String token = builder
// .withHeader(map)//header 默认值可以不写
// .withClaim("userid", 1)//payload
// .withClaim("username", "psy")
// .withExpiresAt(istance.getTime())//令牌的过期时间
// .sign(Algorithm.HMAC256("SING"));
String token = builder.withExpiresAt(istance.getTime())
.sign(Algorithm.HMAC256(SING));
return token;
}
/**
* 验证token 验证合法性 并返回值
*/
public static DecodedJWT verify(String token){
return JWT.require(Algorithm.HMAC256(SING)).build().verify(token);
}
/**
* 获取token信息 可以由验证的方法代替(可以不写)
*/
public static DecodedJWT getTokenInfo(String token){
DecodedJWT verify = JWT.require(Algorithm.HMAC256(SING)).build().verify(token);
return verify;
}
}
三,编写拦截器类JWTInterceptor
public class JWTInterceptor implements HandlerInterceptor {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
Map<String,Object> map = new HashMap<>();
String token = request.getHeader("token");//获取请求头中的令牌
try{
JWTUtils.verify(token);
return true;
// map.put("state",true);
// map.put("msg","请求成功");
}catch (SignatureVerificationException e){
e.printStackTrace();
map.put("msg","无效签名!");
}catch (TokenExpiredException e){
e.printStackTrace();
map.put("msg","token过期!");
}catch (AlgorithmMismatchException e){
e.printStackTrace();
map.put("msg","token算法不一致!");
} catch (Exception e){
e.printStackTrace();
map.put("msg","token无效!");
}
map.put("state",false);//设置状态
//将map 转换json jackson
String json = new ObjectMapper().writeValueAsString(map);
response.setContentType("application/json;charset=UTF-8");
response.getWriter().println(json);
return false;
}
}
四,config类进行拦截配置InterceptorConfig
@Configuration
public class InterceptorConfig implements WebMvcConfigurer {
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(new JWTInterceptor())
.addPathPatterns("/test")//其他接口都做token验证
.excludePathPatterns("/logins");//所用用户都放行
}
}
五,test拦截 测试类
@RestController
public class UserController {
@PostMapping("/test")
public Map<String,Object> test(HttpServletRequest request){
Map<String,Object> map = new HashMap<>();
//处理业务逻辑
String token = request.getHeader("token");
DecodedJWT verify = JWTUtils.verify(token);
System.out.println(verify.getClaim("id").asString());
System.out.println(verify.getClaim("username").asString());
System.out.println(verify.getClaim("password").asString());
map.put("state",true);
map.put("msg","请求成功");
return map;
}
}
五,项目目录
六,业务逻辑展示UserController
@RestController
public class UserController {
@Autowired
private UserService userServie;
@GetMapping("/logins")
public Map<String,Object> logins(LoginDto loginDto){
User user = new User();
user.setUsername(loginDto.getUsername());
user.setPassword(loginDto.getPassword());
Map<String , Object> map = new HashMap<>();
try{
User userDB = userServie.logins(user);
Map<String,String> payload = new HashMap<>();
payload.put("id",String.valueOf(userDB.getId()));
payload.put("username",userDB.getUsername());
String token = JWTUtils.getToken(payload);
map.put("state",true);
map.put("msg","认证成功");
map.put("token",token);
}catch (Exception e){
map.put("state",false);
map.put("msg",e.getMessage());
}
return map;
}
@PostMapping("/test")
public Map<String,Object> test(HttpServletRequest request){
Map<String,Object> map = new HashMap<>();
//处理业务逻辑
String token = request.getHeader("token");
DecodedJWT verify = JWTUtils.verify(token);
System.out.println(verify.getClaim("id").asString());
System.out.println(verify.getClaim("username").asString());
System.out.println(verify.getClaim("password").asString());
map.put("state",true);
map.put("msg","请求成功");
return map;
}
}