1.jwt简介
2.使用jwt
2.1添加依赖
<dependency>
<groupId>com.auth0</groupId>
<artifactId>java-jwt</artifactId>
<version>3.10.3</version>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt</artifactId>
<version>0.9.1</version>
</dependency>
2.2 生成token
JwtBuilder builder = Jwts.builder();
HashMap<String,Object> map = new HashMap<>();
String token = builder.setSubject(phone)
.setIssuedAt(new Date())
.setId(users.get(0).getUserId() + "")
.setClaims(map)
.setExpiration(new Date(System.currentTimeMillis() + 24 * 60 * 60 * 1000))
.signWith(SignatureAlgorithm.HS256, Base64Utils.stringcode)
.compact();
2.3 校验token
JwtParser parser = Jwts.parser();
parser.setSigningKey(Base64Utils.stringcode);
try {
Jws<Claims> claimsJws = parser.parseClaimsJws(token);
Claims body = claimsJws.getBody();
String subject = body.getSubject();
String key1 = body.get("key1", String.class);
} catch (Exception e) {
System.out.println(e);
}
2.4 拦截器校验Token
package com.computerskills.competition.interceptor;
import com.computerskills.competition.utils.Base64Utils;
import com.computerskills.competition.vo.ResStatus;
import com.computerskills.competition.vo.ResultVo;
import com.fasterxml.jackson.databind.ObjectMapper;
import io.jsonwebtoken.*;
import lombok.SneakyThrows;
import org.springframework.stereotype.Component;
import org.springframework.web.servlet.HandlerInterceptor;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.awt.image.RescaleOp;
import java.io.IOException;
import java.io.PrintWriter;
@Component
public class CheckTokenInterceptor implements HandlerInterceptor {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
String method = request.getMethod();
if ("OPTIONS".equalsIgnoreCase(method)) {
return true;
}
String token = request.getHeader("token");
if(token == null) {
doResponse(response,new ResultVo(ResStatus.Err,"请先登录",null));
} else {
try {
JwtParser parser = Jwts.parser();
parser.setSigningKey(Base64Utils.stringcode);
Jws<Claims> claimsJws = parser.parseClaimsJws(token);
return true;
} catch (ExpiredJwtException e) {
doResponse(response,new ResultVo(ResStatus.Err,"登录已过期,请重新登录",null));
} catch (UnsupportedJwtException e) {
doResponse(response,new ResultVo(ResStatus.Err,"Token不合法",null));
} catch (Exception e) {
doResponse(response,new ResultVo(ResStatus.Err,"请先登录",null));
}
}
return false;
}
private void doResponse(HttpServletResponse response, ResultVo resultVo) throws IOException {
response.setContentType("application/json");
response.setCharacterEncoding("utf-8");
PrintWriter writer = response.getWriter();
String s = new ObjectMapper().writeValueAsString(resultVo);
writer.print(s);
writer.flush();
writer.close();
}
}
package com.computerskills.competition.config;
import com.computerskills.competition.interceptor.CheckTokenInterceptor;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
@Configuration
public class InterceptorConfig implements WebMvcConfigurer {
@Autowired
private CheckTokenInterceptor checkTokenInterceptor;
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(checkTokenInterceptor)
.addPathPatterns("/role/**")
.excludePathPatterns("/user/**");
}
}