引入JWT依赖:
<!--jwt-->
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt</artifactId>
<version>0.9.0</version>
</dependency>
在工程 application.yml 配置文件中添加JWT的配置信息:
##jwt配置
audience:
# 代表这个JWT的接收对象,存入audience
clientId: 098f6bcd4621d373cade4e832627b4f6
# 密钥, 经过Base64加密, 可自行替换
base64Secret: MDk4ZjZiY2Q0NjIxZDM3M2NhZGU0ZTgzMjYyN2I0ZjY=
# JWT的签发主体,存入issuer
name: restapiuser
# 过期时间,时间戳
expiresSecond: 172800
新建配置信息的实体类,以便获取JWT配置:
@Data
@ConfigurationProperties(prefix = "audience")
@Component
public class Audience {
private String clientId;
private String base64Secret;
private String name;
private int expiresSecond;
}
JWT工具类
package com.oliver.config;
import com.oliver.pojo.Audience;
import io.jsonwebtoken.*;
import org.apache.logging.log4j.util.Base64Util;
import javax.crypto.spec.SecretKeySpec;
import javax.xml.bind.DatatypeConverter;
import java.security.Key;
import java.util.Date;
/**
* @ClassName JwtTokenUtil
* @Description TODO
* @Author oliver
* @Date 2020/3/18 10:05
*/
public class JwtTokenUtil {
public static final String AUTH_HEADER_KEY = "Authorization";
public static final String TOKEN_PREFIX = "Bearer ";
/**
* @Author
* @Description //j解析jwt
* @Date 10:10 2020/3/18
* @Param [jsonWebToken, base64Security]
* @return io.jsonwebtoken.Claims
**/
public static Claims parseJWT(String jsonWebToken,String base64Security){
try {
Claims claims = Jwts.parser()
.setSigningKey(DatatypeConverter.parseBase64Binary(base64Security))
.parseClaimsJws(jsonWebToken).getBody();
return claims;
} catch (ExpiredJwtException eje) {
//throw new CustomException(ResultCode.PERMISSION_TOKEN_EXPIRED);
System.out.println("===== Token过期 =====");
} catch (Exception e){
System.out.println("===== token解析异常 =====");
//throw new CustomException(ResultCode.PERMISSION_TOKEN_INVALID);
}
return null;
}
/**
* @Author
* @Description //构建jwt
* @Date 10:13 2020/3/18
* @Param [userId, username, role, audience]
* @return java.lang.String
**/
public static String createJWT(String userId, String username, String role, Audience audience) {
try {
// 使用HS256加密算法
SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.HS256;
long nowMillis = System.currentTimeMillis();
Date now = new Date(nowMillis);
//生成签名密钥
byte[] apiKeySecretBytes = DatatypeConverter.parseBase64Binary(audience.getBase64Secret());
Key signingKey = new SecretKeySpec(apiKeySecretBytes, signatureAlgorithm.getJcaName());
//userId是重要信息,进行加密下
String encryId = Base64Util.encode(userId);
//添加构成JWT的参数
JwtBuilder builder = Jwts.builder().setHeaderParam("typ", "JWT")
// 可以将基本不重要的对象信息放到claims
.claim("role", role)
.claim("userId", userId)
.setSubject(username) // 代表这个JWT的主体,即它的所有人
.setIssuer(audience.getClientId()) // 代表这个JWT的签发主体;
.setIssuedAt(new Date()) // 是一个时间戳,代表这个JWT的签发时间;
.setAudience(audience.getName()) // 代表这个JWT的接收对象;
.signWith(signatureAlgorithm, signingKey);
//添加Token过期时间
int TTLMillis = audience.getExpiresSecond();
if (TTLMillis >= 0) {
long expMillis = nowMillis + TTLMillis;
Date exp = new Date(expMillis);
builder.setExpiration(exp) // 是一个时间戳,代表这个JWT的过期时间;
.setNotBefore(now); // 是一个时间戳,代表这个JWT生效的开始时间,意味着在这个时间之前验证JWT是会失败的
}
//生成JWT
return builder.compact();
} catch (Exception e) {
System.out.println("===== 签名失败 =====");
}
return null;
}
/**
* 从token中获取用户名
* @param token
* @param base64Security
* @return
*/
public static String getUsername(String token, String base64Security){
return parseJWT(token, base64Security).getSubject();
}
/**
* 从token中获取用户ID
* @param token
* @param base64Security
* @return
*/
public static String getUserId(String token, String base64Security){
String userId = parseJWT(token, base64Security).get("userId", String.class);
//return Base64Util.decode(userId);
return Base64Util.encode(userId);
}
/**
* 是否已过期
* @param token
* @param base64Security
* @return
*/
public static boolean isExpiration(String token, String base64Security) {
return parseJWT(token, base64Security).getExpiration().before(new Date());
}
}
JWT验证拦截器
package com.oliver.config;
import com.oliver.pojo.Audience;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.BeanFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpMethod;
import org.springframework.web.context.support.WebApplicationContextUtils;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
* ========================
* token验证拦截器
* Created with IntelliJ IDEA.
* User:pyy
* Date:2019/7/18 9:46
* Version: v1.0
* ========================
*/
@Slf4j
public class JwtInterceptor extends HandlerInterceptorAdapter{
@Autowired
private Audience audience;
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
// 忽略带JwtIgnore注解的请求, 不做后续token认证校验
if (handler instanceof HandlerMethod) {
HandlerMethod handlerMethod = (HandlerMethod) handler;
JwtIgnore jwtIgnore = handlerMethod.getMethodAnnotation(JwtIgnore.class);
if (jwtIgnore != null) {
return true;
}
}
if (HttpMethod.OPTIONS.equals(request.getMethod())) {
response.setStatus(HttpServletResponse.SC_OK);
return true;
}
// 获取请求头信息authorization信息
final String authHeader = request.getHeader(JwtTokenUtil.AUTH_HEADER_KEY);
log.info("## authHeader= {}", authHeader);
if (StringUtils.isBlank(authHeader) || !authHeader.startsWith(JwtTokenUtil.TOKEN_PREFIX)) {
log.info("### 用户未登录,请先登录 ###");
//throw new CustomException(ResultCode.USER_NOT_LOGGED_IN);
}
// 获取token
final String token = authHeader.substring(7);
if(audience == null){
BeanFactory factory = WebApplicationContextUtils.getRequiredWebApplicationContext(request.getServletContext());
audience = (Audience) factory.getBean("audience");
}
// 验证token是否有效--无效已做异常抛出,由全局异常处理后返回对应信息
JwtTokenUtil.parseJWT(token, audience.getBase64Secret());
return true;
}
}
配置拦截器
package com.oliver.config;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
@Configuration
public class WebConfig implements WebMvcConfigurer {
/**
* 添加拦截器
*/
@Override
public void addInterceptors(InterceptorRegistry registry) {
//拦截路径可自行配置多个 可用 ,分隔开
registry.addInterceptor(new JwtInterceptor()).addPathPatterns("/**");
}
/**
* 跨域支持
*
* @param registry
*/
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**")
.allowedOrigins("*")
.allowCredentials(true)
.allowedMethods("GET", "POST", "DELETE", "PUT", "PATCH", "OPTIONS", "HEAD")
.maxAge(3600 * 24);
}
}
Controller接口
package com.oliver.controller;
import com.oliver.config.JwtIgnore;
import com.oliver.config.JwtTokenUtil;
import com.oliver.pojo.Audience;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.configurationprocessor.json.JSONObject;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.ResponseBody;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.util.UUID;
/**
* @ClassName UserController
* @Description TODO
* @Author oliver
* @Date 2020/3/17 15:40
*/
@Controller
public class UserController {
@Autowired
private Audience audience;
@GetMapping({"/",""})
@JwtIgnore
String welcome(Model model){
return "login";
}
@PostMapping("/login")
@ResponseBody
@JwtIgnore
String ajaxLogin(String username, String password, HttpServletRequest request, HttpServletResponse response){
// 这里模拟测试, 默认登录成功,返回用户ID和角色信息
String userId = UUID.randomUUID().toString();
String role = "admin";
// 创建token
String token = JwtTokenUtil.createJWT(userId, username, role, audience);
//log.info("### 登录成功, token={} ###", token);
System.out.println("### 登录成功, token={} ###" + token);
// 将token放在响应头
response.setHeader(JwtTokenUtil.AUTH_HEADER_KEY, JwtTokenUtil.TOKEN_PREFIX + token);
// 将token响应给客户端
JSONObject result = new JSONObject();
//result.put("token", token);
System.out.println(result);
return "登录成功";
}
@GetMapping({ "/index" })
String index(Model model) {
return "index_v1";
}
}
使用PostMan工具进行测试: