前言:jwt介绍看我的上一篇博客,里面很详情的介绍jwt的基础知识与应用场景JWT(json+web+token)的详情与细节_@小杨爱偷懒的博客-CSDN博客
1.添加pox依赖:
<!-- JWT生成Token-->
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt</artifactId>
<version>0.7.0</version>
</dependency>
2.jwt作为一个工具类使用,创建一个JWTUtils工具类:
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jws;
import io.jsonwebtoken.Jwts;
import org.springframework.util.StringUtils;
import javax.servlet.http.HttpServletRequest;
import java.util.Date;
public class JwtUtils {
/**
* 设置两个常量
* EXPIRE(token的过期时间配置)
* APP_SECRET(密钥(随便命名<中文除外>))
*/
public static final long EXPIRE = 1000 * 60 * 60 * 24; //token过期时间
public static final String APP_SECRET = "hwfw02irj1jfkqjgkjaiqfq"; //秘钥
/**
* //生成token字符串的方法
* @param uid
* @param username
* @return
*/
public static String getJwtToken(Integer uid, String username){
/**jwt由以下三部分所组成 (请求头部信息+有效载荷部分+哈希签名) */
String JwtToken = Jwts.builder()
//请求头部信息
.setHeaderParam("typ", "JWT")
.setHeaderParam("alg", "HS256")
//token的过期时间
.setSubject("my-user")
.setIssuedAt(new Date())
.setExpiration(new Date(System.currentTimeMillis() + EXPIRE))
//有效载荷部分,里面包含的是用户的数据
//设置token主体部分 ,存储用户信息
.claim("uid", uid)
.claim("username", username)
//哈希签名,防伪标签部分
.signWith(io.jsonwebtoken.SignatureAlgorithm.HS512, APP_SECRET)
.compact();
return JwtToken;
}
3.模拟用户登录来看看jwt的效果
用户的登录与注册请看我的这篇博客,基于此博客开发 :
https://blog.csdn.net/f234344435/article/details/124496318?spm=1001.2014.3001.5502
3.1,看一下项目整体结构:
3.2.Controller的修改:
@RestController
@RequestMapping("/users")
public class TUserController {
@Autowired
private TUserService tUserService;
/**
* 用户登录
* @param
* @return
*/
@PostMapping("/login")
public R login(String username, String password){
String token = tUserService.login(username,password);
return R.ok().data("token",token);
}
/**
* 用户注册
* @param
* @return
*/
@PostMapping("/reg")
public R reg(@RequestBody TUser tuser){
tUserService.reg(tuser);
return R.ok();
}
}
返回的是一个token字符串
3.3.Service的修改:
public interface TUserService extends IService<TUser> {
/**
* 用户注册
* @param
*/
void reg(TUser tuser);
/**
* 用户登录
* @param username 用户名
* @param password 用户密码
* @return
*/
String login(String username, String password);
用String类型接收
3.3.ServiceImpl的修改:
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
import com.xxx.xxx.entity.TUser;
import com.xxx.xxx.mapper.TUserMapper;
import com.xxx.xxx.service.TUserService;
import com.xxx.xxx.service.ex.ComFoundException;
import com.xxx.xxx.utils.JwtUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.springframework.util.DigestUtils;
import java.util.Date;
import java.util.UUID;
@Service
public class TUserServiceImpl extends ServiceImpl<TUserMapper, TUser> implements TUserService {
@Autowired
private TUserMapper tUserMapper;
@Override
public void reg(TUser tuser) {
String username = tuser.getUsername();
String password = tuser.getPassword();
if (username==null || password==null){
throw new ComFoundException("注册失败");
}
QueryWrapper<TUser> queryWrapper = new QueryWrapper<>();
queryWrapper.eq("username",username);
TUser tu = tUserMapper.selectOne(queryWrapper);
if (tu!=null){
throw new ComFoundException("注册失败");
}
String salt = UUID.randomUUID().toString().toUpperCase();
String md5Password = getMd5(tuser.getPassword(), salt);
tuser.setPassword(md5Password);
tuser.setSalt(salt);
tuser.setIsDelete(0);
tuser.setCreatedUser(username);
tuser.setCreatedTime(new Date());
tuser.setModifiedUser(username);
tuser.setModifiedTime(new Date());
Integer rows = tUserMapper.insert(tuser);
if (rows != 1) {
throw new ComFoundException("注册失败");
}
}
private String getMd5(String password,String salt){
for (int i = 0; i <3 ; i++) {
password = DigestUtils.md5DigestAsHex((salt + password +salt).getBytes()).toUpperCase();
}
return password;
}
@Override
public String login(String username,String password) {
if (username==null || password==null){
throw new ComFoundException("输入账户或密码为空");
}
QueryWrapper<TUser> queryWrapper = new QueryWrapper<>();
queryWrapper.eq("username",username);
queryWrapper.eq("is_delete",0);
TUser t = tUserMapper.selectOne(queryWrapper);
if (t==null){
throw new ComFoundException("找不到用户信息");
}
String salt = t.getSalt();
String md5Password = getMd5(password, salt);
if (!t.getPassword().equals(md5Password)) {
throw new ComFoundException("密码不正确");
}
// TUser user = new TUser();
// user.setUid(t.getUid());
// user.setUsername(t.getUsername());
// user.setAvatar(t.getAvatar());
//通过jwt返回token字符串
String jwtToken = JwtUtils.getJwtToken(t.getUid(), t.getUsername());
return jwtToken;
}
}
现在返回的是jwtToken这个字符串
3.4.Postman测试
根据自己的端口和接口进行测试,我测试的是:http://localhost:8888/users/login?username=秋&password=333