生成JWT
- 添加依赖
<dependency> <groupId>com.auth0</groupId> <artifactId>java-jwt</artifactId> <version>3.10.3</version> </dependency> <dependency> <groupId>io.jsonwebtoken</groupId> <artifactId>jjwt</artifactId> <version>0.9.1</version> </dependency>
- 生成token
String token = builder.setSubject(name) //主题,就是token中携带的数据 .setIssuedAt(new Date()) //设置token的生成时间 .setId(users.get(0).getUserId() + "") //设置用户id为token id .setClaims(map) //map中可以存放用户的角色权限信息 .setExpiration(new Date(System.currentTimeMillis() + 24 * 60 * 60 * 1000)) //设置过期时间 .signWith(SignatureAlgorithm.HS256, "oyzh") //设置加密方式和加密密码 .compact();
JWT校验
- 如果token正确则正常解析,如果token不正确或者过期,则通过抛出的异常进行识别
try { //验证token JwtParser parser = Jwts.parser(); parser.setSigningKey("QIANfeng6666"); //解析token的SigningKey必须和生成token时设置密码一致 //如果token正确(密码正确,有效期内)则正常执行,否则抛出异常 Jws<Claims> claimsJws = parser.parseClaimsJws(token); Claims body = claimsJws.getBody(); //获取token中用户数据 String subject = body.getSubject(); //获取生成token设置的subject String v1 = body.get("key1", String.class); //获取生成token时存储的Claims的map中的值 return new ResultVO(ResStatus.OK,"success",null); }catch (ExpiredJwtException e){ return new ResultVO(ResStatus.NO,"登录过期,请重新登录!",null); }catch (UnsupportedJwtException e){ return new ResultVO(ResStatus.NO,"Tonken不合法,请自重!",null); }catch (Exception e){ return new ResultVO(ResStatus.NO,"请重新登录!",null); }
拦截器校验Token
- 创建拦截器
@Component public class CheckTokenInterceptor implements HandlerInterceptor { @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { String token = request.getParameter("token"); if(token == null){ ResultVO resultVO = new ResultVO(ResStatus.NO, "请先登录!", null); //提示请先登录 doResponse(response,resultVO); }else{ try { //验证token JwtParser parser = Jwts.parser(); //解析token的SigningKey必须和生成token时设置密码一致 parser.setSigningKey("QIANfeng6666"); //如果token正确(密码正确,有效期内)则正常执行,否则抛出异常 Jws<Claims> claimsJws = parser.parseClaimsJws(token); return true; }catch (ExpiredJwtException e){ ResultVO resultVO = new ResultVO(ResStatus.NO, "登录过期,请重新登录!", null); doResponse(response,resultVO); }catch (UnsupportedJwtException e){ ResultVO resultVO = new ResultVO(ResStatus.NO, "Token不合法,请自重!", null); doResponse(response,resultVO); }catch (Exception e){ ResultVO resultVO = new ResultVO(ResStatus.NO, "请先登录!", null); doResponse(response,resultVO); } } return false; } private void doResponse(HttpServletResponse response,ResultVO resultVO) throws IOException { response.setContentType("application/json"); response.setCharacterEncoding("utf-8"); PrintWriter out = response.getWriter(); String s = new ObjectMapper().writeValueAsString(resultVO); out.print(s); out.flush(); out.close(); } }
-
配置拦截器
@Configuration public class InterceptorConfig implements WebMvcConfigurer { @Autowired private CheckTokenInterceptor checkTokenInterceptor; @Override public void addInterceptors(InterceptorRegistry registry) { registry.addInterceptor(checkTokenInterceptor) .addPathPatterns("/**") .excludePathPatterns("/user/**"); } }