jwt个人理解就是一种加密方式,以及自带存储的一种app端的身份校验方式
一: 引入jwt加密工具
import java.util.HashMap;
import java.util.Map;
import com.auth0.jwt.JWTSigner;
import com.auth0.jwt.JWTVerifier;
import com.auth0.jwt.internal.com.fasterxml.jackson.databind.ObjectMapper;
public class JWT {
private static final String SECRET = "asdKSLJMH$%^&)($%^&U*(BMNBNMBMNB";
private static final String EXP = "exp";
private static final String PAYLOAD = "payload";
/**
* 加密
* @param object
* the POJO object
* @param maxAge
* the milliseconds of life time
* @return the jwt token
*/
public static <T> String sign(T object, long maxAge) {
try {
final JWTSigner signer = new JWTSigner(SECRET);
final Map<String, Object> claims = new HashMap<String, Object>();
ObjectMapper mapper = new ObjectMapper();
String jsonString = mapper.writeValueAsString(object);
claims.put(PAYLOAD, jsonString);
claims.put(EXP, System.currentTimeMillis() + maxAge);
return signer.sign(claims);
} catch(Exception e) {
return null;
}
}
/**
* 解密
* @param jwt
* @return POJO object
*/
public static<T> T unsign(String jwt, Class<T> classT) {
final JWTVerifier verifier = new JWTVerifier(SECRET);
try {
final Map<String,Object> claims= verifier.verify(jwt);
if (claims.containsKey(EXP) && claims.containsKey(PAYLOAD)) {
long exp = (Long)claims.get(EXP);
long currentTimeMillis = System.currentTimeMillis();
if (exp > currentTimeMillis) {
String json = (String)claims.get(PAYLOAD);
ObjectMapper objectMapper = new ObjectMapper();
return objectMapper.readValue(json, classT);
}
}
return null;
} catch (Exception e) {
return null;
}
}
}
二: 在登录时候对user进行加密
import java.util.HashMap;
import java.util.Map;
public class ResponseData<T> {
private String message;
/**
* 1 :success -1:fail
*/
private int code;
private T data;
public String getMessage() {
return message;
}
public void setMessage(String message) {
this.message = message;
}
public int getCode() {
return code;
}
public void setCode(int code) {
this.code = code;
}
public T getData() {
return data;
}
public void setData(T data) {
this.data = data;
}
public ResponseData(String message, int code) {
this.message = message;
this.code = code;
}
}
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;
import com.xt.tutorial.models.User;
import com.xt.tutorial.utils.JWT;
import com.xt.tutorial.utils.ResponseData;
@Controller
@RequestMapping("/users")
public class UsersController {
@PostMapping("/login")
@ResponseBody
public Object login(@RequestParam String username, @RequestParam String password) {
ResponseData responseData = new ResponseData();
if ("imjack".equals(username) && "123456".equals(password)) {
User user = new User();
user.setId(1);
user.setUsername(username);
user.setPassword(password);
String token = JWT.sign(user, 30L * 24L * 3600L * 1000L);
if (token != null) {
responseData.setData(token);
responseData.setCode(1);
}
return responseData;
}
responseData.setCode(-1);
responseData.setMessage("用户名密码错误");
return responseData;
}
}
三: 其他controller使用token 并解析
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;
import com.xt.tutorial.models.User;
import com.xt.tutorial.utils.JWT;
import com.xt.tutorial.utils.ResponseData;
@Controller
@RequestMapping("/me")
public class OtherController {
@GetMapping("/get_info")
@ResponseBody
public ResponseData getInfo(@RequestParam String token) {
User user = JWT.unsign(token, User.class);
if (user != null) {
/**
* 你的业务代码
*/
}
//登录失效
return new ResponseData("登录失效",-1);
}
}