1.引入jwt需要的jar``
<dependency>
<groupId>com.auth0</groupId>
<artifactId>java-jwt</artifactId>
<version>2.2.0</version>
</dependency>
<dependency>
<groupId>com.thetransactioncompany</groupId>
<artifactId>cors-filter</artifactId>
<version>2.6</version>
</dependency>
2.在springmvc下配置拦截器
<mvc:interceptors>
<mvc:interceptor>
<!-- 匹配的是url路径, 如果不配置或/**,将拦截所有的Controller -->
<mvc:mapping path="/mh/**" />
<!-- /register.do 和 /login.do 不需要拦截(这里根据项目具体需求来配置)-->
<mvc:exclude-mapping path="/mh/protaldata/**" />
<bean class="com.yinhai.util.TokenInterceptor"></bean>
</mvc:interceptor>
<!-- 当设置多个拦截器时,先按顺序调用preHandle方法,然后逆序调用每个拦截器的postHandle和afterCompletion方法 -->
</mvc:interceptors>
3.在登录成功后向前端返回加密的对象
String token = JWT.sign(obj, 60L* 1000L* 60*5L);
将obj进行加密然后返回给前端,sign后面的参数为有效时间
4.前端将token放到header 中
$.ajax({
type: "post",
url: "http://192/login/checkRouter.do",
data: param,
dataType: "json",
beforeSend: function (XMLHttpRequest) {
XMLHttpRequest.setRequestHeader("X-Token", "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjE1MzkzMTYyMzk0OTksInBheWxvYWQiOiJ7XCJ1c2VycGhvdG9cIjpcIkQ6L2V4Y2VsL1wiLFwiYWRkcmVzc1wiOlwi6Z2S576K5Yy655-z576K5Zy6MTMwNVwiLFwidXNlcnR5cGVcIjpcIjBcIixcInRyYWRlc1wiOlwi5pWZ6IKyXCIsXCJpZFwiOlwiNVwiLFwiYXBwZWxsYXRpb25cIjpcIjBcIixcInBob25lblwiOlwiMTg3ODk4OTg5ODlcIixcInVzZXJpZFwiOlwiMTExMjQ2XCIsXCJlbWFpbFwiOlwiMjJAcXEuY29tXCIsXCJ1c2VybmFtZVwiOlwibGlzaTNcIn0ifQ.hVOPuk4cDy24KPE3h4aGtMEvP1V2B13et9B6nUdAr4c"),
XMLHttpRequest.setRequestHeader("X-loginId", "5");
},
success: function(data){
console.log(data);
}
});
X-Token后放入token字符串,X-loginId中放入用户的id
5.有时候后端就收不到前端传过来的X-Toke与X-Toke 需要在web.xml配置如下
<filter>
<filter-name>CORS</filter-name>
<filter-class>com.thetransactioncompany.cors.CORSFilter</filter-class>
<init-param>
<param-name>cors.allowOrigin</param-name>
<param-value>*</param-value>
</init-param>
<init-param>
<param-name>cors.supportedMethods</param-name>
<param-value>GET, POST, HEAD, PUT, DELETE</param-value>
</init-param>
<init-param>
<param-name>cors.supportedHeaders</param-name>
<param-value>Authorization,Accept, Origin,X-Requested-With, Content-Type, Last-Modified,X-Token,X-loginId</param-value>
</init-param>
<init-param>
<param-name>cors.exposedHeaders</param-name>
<param-value>Set-Cookie</param-value>
</init-param>
<init-param>
<param-name>cors.supportsCredentials</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CORS</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
其中X-Token,X-loginId必须与前端传递的一致;
6.在拦截器中进行校验是否登录的的用户如下
String token = request.getHeader(“X-Token”);//从前端中获取token
String loginId = request.getHeader(“X-loginId”);//获取用户登录id
JSONObject user = JWT.unsign(token, JSONObject.class);//将token从新转为对象
//解密token后的loginId与用户传来的loginId不一致,一般都是token过期
if(null != loginId && null != user) {
if(loginId.equals(user.get(“id”)+"")) { //验证通过的
return true;
}else{//token过期的
return false;
}
}else{//未登录的
return false;
}
图片共享网站:www.sharepic.vip