引入jar
<dependency> <groupId>com.auth0</groupId> <artifactId>java-jwt</artifactId> <version>3.3.0</version> </dependency>
新建jwt工具类
/**
* @author HUAWEI
* @Title: JwtToken
* @ProjectName Internetofthings
* @Description: 生成登录token
* @date 2018/9/209:47
*/
public class JwtToken {
/** token秘钥,请勿泄露,请勿随便修改 backups:JKKLJOoasdlfj */
public static final String SECRET = "JKKLJOoasdlfj";
/** token 过期时间: 10天 */
public static final int calendarField = Calendar.DATE;
public static final int calendarInterval = 10;
/**
* JWT生成Token.<br/>
*
* JWT构成: header, payload, signature
*
* @param user_id
* 登录成功后用户user_id, 参数user_id不可传空
*/
public static String createToken(Long user_id) throws Exception {
Date iatDate = new Date();
// expire time
Calendar nowTime = Calendar.getInstance();
nowTime.add(calendarField, calendarInterval);
Date expiresDate = nowTime.getTime();
// header Map
Map<String, Object> map = new HashMap<>();
map.put("alg", "HS256");
map.put("typ", "JWT");
// build token
// param backups {iss:Service, aud:APP}
String token = JWT.create().withHeader(map) // header
.withClaim("iss", "Service") // payload
.withClaim("aud", "APP").withClaim("user_id", null == user_id ? null : user_id.toString())
.withIssuedAt(iatDate) // sign time
.withExpiresAt(expiresDate) // expire time
.sign(Algorithm.HMAC256(SECRET)); // signature
return token;
}
/**
* 解密Token
*
* @param token
* @return
* @throws Exception
*/
public static Map<String, Claim> verifyToken(String token) {
DecodedJWT jwt = null;
try {
JWTVerifier verifier = JWT.require(Algorithm.HMAC256(SECRET)).build();
jwt = verifier.verify(token);
} catch (Exception e) {
// e.printStackTrace();
// token 校验失败, 抛出Token验证非法异常
}
return jwt.getClaims();
}
/**
* 根据Token获取user_id
*
* @param token
* @return user_id
*/
public static Long getAppUID(String token) {
Map<String, Claim> claims = verifyToken(token);
Claim user_id_claim = claims.get("user_id");
if (null == user_id_claim || StringUtils.isEmpty(user_id_claim.asString())) {
// token 校验失败, 抛出Token验证非法异常
}
return Long.valueOf(user_id_claim.asString());
}
}
配置拦截器
<!-- 拦截器 -->
<mvc:interceptors>
<!-- 多个拦截器,顺序执行 -->
<mvc:interceptor>
<!-- /**表示所有url包括子url路径 -->
<mvc:mapping path="/**"/>
<!-- 不拦截登录的请求 -->
<mvc:exclude-mapping path="/sys/LoginUser"/>
<mvc:exclude-mapping path="/sys/getByVerificationCode"/>
<mvc:exclude-mapping path="/publicApi/selectByStatic"/>
<bean class="com.suowei.aop.LoginHandlerIntercepter"/>
</mvc:interceptor>
<!-- 可以继续写mvc interceptor双标签,执行多个拦截器 -->
</mvc:interceptors>
新建自定义拦截器类
public class LoginHandlerIntercepter implements HandlerInterceptor {
@Autowired
private UserService userService;
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
//获取用户的请求头
Long userid = JwtToken.getAppUID(request.getHeader("token"));
if (userid != null){
//获取用户的信息
User user = userService.selectByPrimaryKey(userid);
HttpSession session = request.getSession();
session.setAttribute("user",user);
return true;//非空说明数据库中存在对应帐号
}else {
System.out.println("拦截");
return false;
}
}
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
System.out.println("postHandle");
}
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
System.out.println("afterCompletion");
}
}
前端登录成功后,才会生成token,把token设置在请求头中,
扫一扫
1448
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
