<!--引入JWT依赖-->
<dependency>
<groupId>com.auth0</groupId>
<artifactId>java-jwt</artifactId>
<version>3.10.3</version>
</dependency>
utils/生成工具类 tokenUtils
package com.yinming.sprintboot.utils;
import cn.hutool.core.date.DateUtil;
import com.auth0.jwt.JWT;
import com.auth0.jwt.algorithms.Algorithm;
import java.util.Date;
public class TokenUtils {
public static String genToken(String userId,String sign){
return JWT.create().withAudience(userId) //将userId保存到token中作为载荷
.withExpiresAt(DateUtil.offsetHour(new Date(),2))//2小时过期
.sign(Algorithm.HMAC256(sign));//以password为token的密钥
}
}
在 UserServiceImpl 中把token中带进
@Override
public UserDto login(UserDto userDto) {
User one=getUserInfo(userDto);
if(one!=null)
{
BeanUtil.copyProperties(one, userDto,true);
String token= TokenUtils.genToken(one.getId().toString(),one.getPassword());
userDto.setToken(token);
return userDto;
}else {
throw new ServiceException("CODE_124","用户名和错误");
}
}
token: "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhdWQiOiIxIiwiZXhwIjoxNjQ1ODgzODc2fQ.6zGYjPqNKf-TH_tME3W42ftr_9j18nap36Ff5fhxurE"
1、头部(header) 声明类型以及加密算法; 2、负载(payload) 携带一些用户身份信息; 3、签名(signature) 签名信息
request.js
// request 拦截器
// 可以自请求发送前对请求做一些处理
// 比如统一加token,对请求参数统一加密
request.interceptors.request.use(config => {
config.headers['Content-Type'] = 'application/json;charset=utf-8';
let user= localStorage.getItem("user")?JSON.parse(ocalStorage.getItem("user")):{}
if(user){
config.headers['token'] = user.token; // 设置请求头
}
return config
interceptor\JwtInterceptor
package com.yinming.sprintboot.config.interceptor;
import cn.hutool.core.util.StrUtil;
import com.auth0.jwt.JWT;
import com.auth0.jwt.JWTVerifier;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.exceptions.JWTDecodeException;
import com.auth0.jwt.exceptions.JWTVerificationException;
import com.yinming.sprintboot.common.Constants;
import com.yinming.sprintboot.entity.User;
import com.yinming.sprintboot.exception.ServiceException;
import com.yinming.sprintboot.service.IUserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.HandlerInterceptor;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@Component
public class JwtInterceptor implements HandlerInterceptor {
private IUserService userService;
@Autowired
public void setUserService(IUserService userService) {
this.userService = userService;
}
// 在请求进入处理器之前回调这个方法
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
String token=request.getHeader("token");
//如果映身不到方法,直接通过
if(!(handler instanceof HandlerMethod)){
return true;
}
//执行认证
if(StrUtil.isBlank(token)){
throw new ServiceException(Constants.CODE_400,"当前无token");
}
//获取token中的userid
String userId;
try {
userId= JWT.decode(token).getAudience().get(0);
}catch (JWTDecodeException j){
throw new ServiceException(Constants.CODE_400,"TOKEN验证失败");
}
User user=userService.getById(userId);
if(user==null)
{
throw new ServiceException(Constants.CODE_400,"用户不存在");
}
//验证token
JWTVerifier jwtVerifier=JWT.require(Algorithm.HMAC256(user.getPassword())).build();
try{
jwtVerifier.verify(token);
}catch (JWTVerificationException e){
throw new ServiceException(Constants.CODE_400,"token用户不存在");
}
return true;
}
}
InterceptorConfig
package com.yinming.sprintboot.config;
import com.yinming.sprintboot.config.interceptor.JwtInterceptor;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurationSupport;
@Configuration
public class InterceptorConfig extends WebMvcConfigurationSupport {
private JwtInterceptor jwtInterceptor;
@Autowired
public void setJwtInterceptor(JwtInterceptor jwtInterceptor){
this.jwtInterceptor = jwtInterceptor;
}
// 注册拦截器
protected void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(jwtInterceptor)
.addPathPatterns("/**") //拦截所有请求,来判断是否登录
.excludePathPatterns("/user/login", "/user/register", "/**/import", "/**/export");
}
}
utils/ TokenUtils
package com.yinming.sprintboot.utils;
import cn.hutool.core.date.DateUtil;
import cn.hutool.core.util.StrUtil;
import com.auth0.jwt.JWT;
import com.auth0.jwt.algorithms.Algorithm;
import com.yinming.sprintboot.entity.User;
import com.yinming.sprintboot.service.IUserService;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;
import javax.annotation.PostConstruct;
import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
import java.util.Date;
public class TokenUtils {
private static IUserService staticUserService;
@Resource
private static IUserService UserService;
@PostConstruct
public void setUserService(){
staticUserService=UserService;
}
/**
* 生成token
* @param userId
* @param sign
* @retturn
*/
public static String genToken(String userId,String sign){
return JWT.create().withAudience(userId) //将userId保存到token中作为载荷
.withExpiresAt(DateUtil.offsetHour(new Date(),2))//2小时过期
.sign(Algorithm.HMAC256(sign));//以password为token的密钥
}
public static User getCurrentUser(){
try {
HttpServletRequest request= ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
String token=request.getHeader("token");
if(StrUtil.isNotBlank(token)){
String userId=JWT.decode(token).getAudience().get(0);
return staticUserService.getById(Integer.valueOf(userId));
}
}catch (Exception e)
{
return null;
}
return null;
}
Controller.里面调用
User user=TokenUtils.getCurrentUser(); System.out.println(user.getUsername());
3万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
