SpringBoot整合JWT

最新推荐文章于 2024-06-20 21:16:10 发布

m0_63778432

最新推荐文章于 2024-06-20 21:16:10 发布

阅读量317

点赞数

本文链接：https://blog.csdn.net/m0_63778432/article/details/128042420

版权

导入依赖

除了jwt，还用到了huTool，也需要导入

        <!--引入jwt-->
        <dependency>
            <groupId>com.auth0</groupId>
            <artifactId>java-jwt</artifactId>
            <version>3.10.3</version>
        </dependency>

创建JWT工具类

import cn.hutool.core.date.DateUtil;
import com.auth0.jwt.JWT;
import com.auth0.jwt.algorithms.Algorithm;

import java.util.Date;

public class JwtUtil {

    public static String getToken(String userId,String password){
        return JWT.create().withAudience(userId)  //userId做为Token的载荷
                .withExpiresAt(DateUtil.offsetHour(new Date(),2))  //2小时后过期，此处用的huTool工具类,需导入依赖
                .sign(Algorithm.HMAC256(password));  //password作为token
    }
}

创建一个检测token的拦截器

import cn.hutool.core.util.StrUtil;
import com.auth0.jwt.JWT;
import com.auth0.jwt.JWTVerifier;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.exceptions.JWTDecodeException;
import com.auth0.jwt.exceptions.JWTVerificationException;
import com.xxy.springboot.common.Constants;
import com.xxy.springboot.entity.User;
import com.xxy.springboot.exception.ServiceException;
import com.xxy.springboot.service.UserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.HandlerInterceptor;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;


public class JwtInterceptor implements HandlerInterceptor {

    @Autowired
    private UserService userService;

    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        //获取token
        String token = request.getHeader("token");

        //如果不是映射到方法直接通过
        if(!(handler instanceof HandlerMethod)){
            return true;
        }

        //执行认证
        if(StrUtil.isBlank(token)){
            throw new ServiceException(Constants.CODE_401,"无token,请重新登陆");
        }

        // 获取 token 中的 userId,然后根据id查看是否存在
        String userId;
        try {
            userId = JWT.decode(token).getAudience().get(0);
        } catch (JWTDecodeException j) {
            throw new ServiceException(Constants.CODE_401,"token验证失败,请重新登陆");
        }
        //开始根据id查数据库
        User user = userService.getById(userId);
        if (user == null) {
            throw new ServiceException(Constants.CODE_401,"用户不存在,请重新登陆");
        }


        // 验证token是否正确,根据用户密码加密后得到token2，对比token和token2是否相同
        JWTVerifier jwtVerifier = JWT.require(Algorithm.HMAC256(user.getPassword())).build();
        try {
            jwtVerifier.verify(token);
        } catch (JWTVerificationException e) {
            throw new ServiceException(Constants.CODE_401,"token验证失败,请重新登陆");
        }
        return true;
    }
}

创建一个拦截器配置类，将Jwt拦截器添加进来

import com.xxy.springboot.config.Interceptor.JwtInterceptor;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;

@Configuration
public class InterceptorConfig implements WebMvcConfigurer {
    @Override
    public void addInterceptors(InterceptorRegistry registry) {
        registry.addInterceptor(jwtInterceptor())
                .addPathPatterns("/**") //设置拦截所有路径
                .excludePathPatterns("/user/login","/**/export"); //设置不需要拦截的路径
    }

    @Bean
    public JwtInterceptor jwtInterceptor(){
        return new JwtInterceptor();
    }
}

后端使用：

需要使用JwtUtil工具类，传入userId和password作为参数生成token，然后将token设置到实体类，一起发送到前端

    public UserDto login(UserDto userDto) {
        LambdaQueryWrapper<User> lambdaQueryWrapper = new LambdaQueryWrapper<>();
        lambdaQueryWrapper.eq(User::getUsername, userDto.getUsername());
        lambdaQueryWrapper.eq(User::getPassword, userDto.getPassword());
        User u = getOne(lambdaQueryWrapper);
        System.out.println("u = " + u);
        if (u !=null){
            //开始生成token
            String token = JwtUtil.getToken(u.getId() + "", u.getPassword());
            //给实体类设置token字段的值
            userDto.setToken(token);
            return userDto;
        }
        return null;
    }

前端使用（Vue2）：

发送请求时：

request.interceptors.request.use(config => {
    config.headers['Content-Type'] = 'application/json;charset=utf-8';
    //向后端发送请求时设置请求头，带上token
    let user=localStorage.getItem("user") ? JSON.parse(localStorage.getItem("user")) : {};
    config.headers['token'] = user.token;  // 设置请求头
    return config
}, error => {
    return Promise.reject(error)
});

登陆时接受token：

<script>
    export default {
        name: "Login",
        data(){
            return{
                user:{}
            }
        },
        created() {
          localStorage.clear(); //加载登陆界面前清除token
        },
        methods:{
            login(){
                this.request.post("/login",this.user).then(res=>{
                    if (res != ""){
                        this.$message.success("成功")
                        localStorage.setItem("user",JSON.stringify(res)) //登陆成功后存入token
                        this.$router.push("/")

                    }else {
                        this.$message.error("失败")
                    }
                })
            }
        }
    }
</script>