JWT-Token令牌认证
1、导入依赖
< dependency>
< groupId> com.auth0</ groupId>
< artifactId> java-jwt</ artifactId>
< version> 3.19.0</ version>
</ dependency>
< dependency>
< groupId> com.alibaba</ groupId>
< artifactId> fastjson</ artifactId>
< version> 1.2.24</ version>
</ dependency>
2、JwtUtils
public class JwtUtils {
private static final String SIGN = "!WZ@Jay" ;
public static String getToken ( Map < String , String > map) {
Calendar instance = Calendar . getInstance ( ) ;
instance. add ( Calendar . DATE, 7 ) ;
JWTCreator. Builder builder = JWT. create ( ) ;
map. forEach ( ( k, v) -> {
builder. withClaim ( k, v) ;
} ) ;
String token = builder. withExpiresAt ( instance. getTime ( ) )
. sign ( Algorithm . HMAC256 ( SIGN) ) ;
return token;
}
public static DecodedJWT verify ( String token) {
return JWT. require ( Algorithm . HMAC256 ( SIGN) ) . build ( ) . verify ( token) ;
}
3、UserMapper.xml
<?xml version="1.0" encoding="UTF-8" ?>
<! DOCTYPE mapper
PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
"http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
< mapper namespace = " com.ant.demo.Mapper.UserMapper" >
< select id = " login" resultType = " com.ant.demo.Entity.User" parameterType = " User" >
select * from user where username=#{username} and password=#{password}
</ select>
</ mapper>
4、UserMapper And UserService
User login ( User user) ;
5、UserServiceImpl
@Override
@Transactional ( propagation = Propagation . SUPPORTS)
public User login ( User user) {
User userDB = userMapper. login ( user) ;
if ( userDB != null ) {
return userDB;
}
throw new RuntimeException ( "~~认证失败~~" ) ;
}
6、UserController
@Slf4j
@CrossOrigin
@RestController
@RequestMapping ( "/user" )
public class UserController {
@Resource
UserService userService;
@PostMapping ( "/login" )
public Map < String , Object > login ( User user) {
Map < String , Object > map = new HashMap < > ( ) ;
log. info ( "用户名:[{}]" , user. getUsername ( ) ) ;
log. info ( "密码:[{}]" , user. getPassword ( ) ) ;
try {
User userDB = userService. login ( user) ;
Map < String , String > payload = new HashMap < > ( ) ;
payload. put ( "username" , userDB. getUsername ( ) ) ;
payload. put ( "password" , userDB. getPassword ( ) ) ;
String token = JwtUtils . getToken ( payload) ;
map. put ( "state" , true ) ;
map. put ( "msg" , 200 ) ;
map. put ( "token" , token) ;
} catch ( Exception e) {
map. put ( "state" , false ) ;
map. put ( "msg" , e. getMessage ( ) ) ;
}
return map;
}
@PostMapping ( "/logout" )
public Map < String , Object > logout ( String token) {
Map < String , Object > map = new HashMap < > ( ) ;
if ( token == null ) {
map. put ( "state" , true ) ;
map. put ( "msg" , "成功退出" ) ;
return map;
}
return null ;
}
token拦截器
1、Interceptors
public class JWTInterceptor implements HandlerInterceptor {
@Override
public boolean preHandle ( HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
Map < String , Object > map = new HashMap < > ( ) ;
String token = request. getHeader ( "token" ) ;
try {
JwtUtils . verify ( token) ;
return true ;
} catch ( SignatureVerificationException e) {
e. printStackTrace ( ) ;
map. put ( "msg" , "签名无效!" ) ;
} catch ( TokenExpiredException e) {
e. printStackTrace ( ) ;
map. put ( "msg" , "token过期!" ) ;
} catch ( AlgorithmMismatchException e) {
e. printStackTrace ( ) ;
map. put ( "msg" , "token算法不一致!" ) ;
} catch ( Exception e) {
e. printStackTrace ( ) ;
map. put ( "msg" , "token无效!" ) ;
}
map. put ( "state" , false ) ;
String json = new ObjectMapper ( ) . writeValueAsString ( map) ;
response. setContentType ( "application/json;charset=UTF-8" ) ;
response. getWriter ( ) . println ( json) ;
return false ;
}
2、InterceptorConfig
@Configuration
public class InterceptorConfig implements WebMvcConfigurer {
@Override
public void addInterceptors ( InterceptorRegistry registry) {
registry. addInterceptor ( new JWTInterceptor ( ) )
. addPathPatterns ( "/**/**" )
. excludePathPatterns ( "/user/login" ) ;
}