引入maven依赖:
<dependency>
<groupId>com.auth0</groupId>
<artifactId>java-jwt</artifactId>
<version>3.10.3</version>
</dependency>
编辑工具类:
TokenUtils.java
package com.zhwl.gxb.common.utils;
import com.auth0.jwt.JWT;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.exceptions.JWTDecodeException;
import com.auth0.jwt.interfaces.DecodedJWT;
import com.auth0.jwt.interfaces.JWTVerifier;
import java.util.HashMap;
import java.util.Map;
/***
* @desc token工具类
* @author
* @date 2021/08/22 14:56
* @param
* @return
*/
public class TokenUtils {
//设置过期时间
//private static final long EXPIRE_DATE=30*60*100000;
//token秘钥
private static final String TOKEN_SECRET = "ZCfasfhuaUUHufguGuwu2020BQWE";
//private static final String TOKEN_SECRET = "ZCf2021BQWE";
public static String token (String userName, String password){
String token = "";
try {
//过期时间
// Date date = new Date(System.currentTimeMillis()+EXPIRE_DATE);
//秘钥及加密算法
Algorithm algorithm = Algorithm.HMAC256(TOKEN_SECRET);
//设置头部信息
Map<String,Object> header = new HashMap<>();
header.put("typ","JWT");
header.put("alg","HS256");
//携带username,password信息,生成签名
token = JWT.create()
.withHeader(header)
.withClaim("userName", userName)
.withClaim("password", password)
.sign(algorithm);
}catch (Exception e){
e.printStackTrace();
return null;
}
return token;
}
public static boolean verify(String token){
/**
* @desc 验证token,通过返回true
* @params [token]需要校验的串
**/
try {
Algorithm algorithm = Algorithm.HMAC256(TOKEN_SECRET);
JWTVerifier verifier = JWT.require(algorithm).build();
DecodedJWT jwt = verifier.verify(token);
return true;
}catch (Exception e){
e.printStackTrace();
return false;
}
}
/**
* 通过header头部的token得到login_name
* @return token中包含的用户名
*/
public static Map getInfo(String token) {
try {
DecodedJWT jwt = JWT.decode(token);
//System.out.println("jwt解析的name = " + jwt.getClaim("username").asString());
String userName = jwt.getClaim("userName").asString();
String password = jwt.getClaim("password").asString();
Map<String,String> map = new HashMap();
map.put("userName", userName);
map.put("password", password);
return map;
} catch (JWTDecodeException e) {
System.out.println("解析失败");
return null;
}
}
}
MD5工具类 MD5Utils.java (选择使用,这个最好和框架原登录逻辑去校验密码)
package com.zhwl.gxb.common.utils;
import lombok.extern.slf4j.Slf4j;
import org.springframework.util.DigestUtils;
import java.io.UnsupportedEncodingException;
/**
* @desc MD5工具类
* @author yxs
* @date 2019/5/14 18:06
*/
@Slf4j
public class MD5Utils {
private static final String ENCODE = "UTF-8";
public static String getMd5(String text) {
//加密后的字符串
String encodeStr= DigestUtils.md5DigestAsHex(text.getBytes());
return encodeStr;
}
public static String getMd5(String text, String key) {
//加密后的字符串
String s = text + "&key=" + key;
String encodeStr= null;
try {
encodeStr = DigestUtils.md5DigestAsHex(s.getBytes(ENCODE));
} catch (UnsupportedEncodingException e) {
log.error("加密失败~~~!");
}
return encodeStr.toUpperCase();
}
}
新建登录拦截类
LoginIntercepter.java
package com.fund.framework.config;
import com.alibaba.fastjson.JSON;
import com.fund.common.utils.StringUtils;
import com.fund.common.utils.TokenUtils;
import com.fund.framework.web.domain.AjaxResult;
import com.fund.project.api.mapper.ApiMapper;
import org.springframework.lang.Nullable;
import org.springframework.web.servlet.HandlerInterceptor;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.HashMap;
import java.util.Map;
public class LoginIntercepter implements HandlerInterceptor {
private ApiMapper apiMapper;
public LoginIntercepter(ApiMapper appProperties) {
this.apiMapper = appProperties;
}
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
{
String token = request.g