导入依赖
除了jwt,还用到了huTool,也需要导入
<!--引入jwt-->
<dependency>
<groupId>com.auth0</groupId>
<artifactId>java-jwt</artifactId>
<version>3.10.3</version>
</dependency>
创建JWT工具类
import cn.hutool.core.date.DateUtil;
import com.auth0.jwt.JWT;
import com.auth0.jwt.algorithms.Algorithm;
import java.util.Date;
public class JwtUtil {
public static String getToken(String userId,String password){
return JWT.create().withAudience(userId) //userId做为Token的载荷
.withExpiresAt(DateUtil.offsetHour(new Date(),2)) //2小时后过期,此处用的huTool工具类,需导入依赖
.sign(Algorithm.HMAC256(password)); //password作为token
}
}
创建一个检测token的拦截器
import cn.hutool.core.util.StrUtil;
import com.auth0.jwt.JWT;
import com.auth0.jwt.JWTVerifier;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.exceptions.JWTDecodeException;
import com.auth0.jwt.exceptions.JWTVerificationException;
import com.xxy.springboot.common.Constants;
import com.xxy.springboot.entity.User;
import com.xxy.springboot.exception.ServiceException;
import com.xxy.springboot.service.UserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.HandlerInterceptor;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class JwtInterceptor implements HandlerInterceptor {
@Autowired
private UserService userService;
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
//获取token
String token = request.getHeader("token");
//如果不是映射到方法直接通过
if(!(handler instanceof HandlerMethod)){
return true;
}
//执行认证
if(StrUtil.isBlank(token)){
throw new ServiceException(Constants.CODE_401,"无token,请重新登陆");
}
// 获取 token 中的 userId,然后根据id查看是否存在
String userId;
try {
userId = JWT.decode(token).getAudience().get(0);
} catch (JWTDecodeException j) {
throw new ServiceException(Constants.CODE_401,"token验证失败,请重新登陆");
}
//开始根据id查数据库
User user = userService.getById(userId);
if (user == null) {
throw new ServiceException(Constants.CODE_401,"用户不存在,请重新登陆");
}
// 验证token是否正确,根据用户密码加密后得到token2,对比token和token2是否相同
JWTVerifier jwtVerifier = JWT.require(Algorithm.HMAC256(user.getPassword())).build();
try {
jwtVerifier.verify(token);
} catch (JWTVerificationException e) {
throw new ServiceException(Constants.CODE_401,"token验证失败,请重新登陆");
}
return true;
}
}
创建一个拦截器配置类,将Jwt拦截器添加进来
import com.xxy.springboot.config.Interceptor.JwtInterceptor;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
@Configuration
public class InterceptorConfig implements WebMvcConfigurer {
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(jwtInterceptor())
.addPathPatterns("/**") //设置拦截所有路径
.excludePathPatterns("/user/login","/**/export"); //设置不需要拦截的路径
}
@Bean
public JwtInterceptor jwtInterceptor(){
return new JwtInterceptor();
}
}
后端使用:
需要使用JwtUtil工具类,传入userId和password作为参数生成token,然后将token设置到实体类,一起发送到前端
public UserDto login(UserDto userDto) {
LambdaQueryWrapper<User> lambdaQueryWrapper = new LambdaQueryWrapper<>();
lambdaQueryWrapper.eq(User::getUsername, userDto.getUsername());
lambdaQueryWrapper.eq(User::getPassword, userDto.getPassword());
User u = getOne(lambdaQueryWrapper);
System.out.println("u = " + u);
if (u !=null){
//开始生成token
String token = JwtUtil.getToken(u.getId() + "", u.getPassword());
//给实体类设置token字段的值
userDto.setToken(token);
return userDto;
}
return null;
}
前端使用(Vue2):
发送请求时:
request.interceptors.request.use(config => {
config.headers['Content-Type'] = 'application/json;charset=utf-8';
//向后端发送请求时设置请求头,带上token
let user=localStorage.getItem("user") ? JSON.parse(localStorage.getItem("user")) : {};
config.headers['token'] = user.token; // 设置请求头
return config
}, error => {
return Promise.reject(error)
});
登陆时接受token:
<script>
export default {
name: "Login",
data(){
return{
user:{}
}
},
created() {
localStorage.clear(); //加载登陆界面前清除token
},
methods:{
login(){
this.request.post("/login",this.user).then(res=>{
if (res != ""){
this.$message.success("成功")
localStorage.setItem("user",JSON.stringify(res)) //登陆成功后存入token
this.$router.push("/")
}else {
this.$message.error("失败")
}
})
}
}
}
</script>