依赖pom.xml
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-jwt</artifactId>
<version>1.0.8.RELEASE</version>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt</artifactId>
</dependency>
配置文件bootstrap.yml
配置源码
配置
/**
* 生成、解析token工具类
* @return
*/
@Bean
public Jwt jwt() {
return new Jwt(bProperties.getJwtKey(), bProperties.getJwtTtl());
}
//生成、解析token工具类
public static class Jwt {
private String key;
private long ttl;
public Jwt(String key, long ttl) {
this.key = key;
this.ttl = ttl;
}
/**
* 生成token
* @param id 用户id
* @param subject 用户名称
* @param map 相关参数
* @return
*/
public String createJWT(String id, String subject, Map<String, Object> map) {
long now = System.currentTimeMillis();
long exp = now + ttl;
JwtBuilder jwtBuilder = Jwts.builder().setId(id).setSubject(subject).setIssuedAt(new Date())
.signWith(SignatureAlgorithm.HS256, key);
for (Map.Entry<String, Object> entry : map.entrySet()) {
jwtBuilder.claim(entry.getKey(), entry.getValue());
}
if (ttl > 0) {
jwtBuilder.setExpiration(new Date(exp));
}
String token = jwtBuilder.compact();
return token;
}
/**
* 解析token
* @param token
* @return
*/
public Claims parseJWT(String token) {
Claims claims = null;
try {
claims = Jwts.parser().setSigningKey(key).parseClaimsJws(token).getBody();
} catch (Exception e) {
}
return claims;
}
}
请求拦截器
/**
* 不够安全
*
* 登录,并返回token到页面,String token = jwtUtils.createJwt(user.getId(), user.getUsername(), map);
* map添加Auth.JWT_API_NAME,存放授权关键字
* 每次请求携带token
*
* 统一的用户权限校验(访问接口的权限)
*
* @author vander
*
*/
@Component
public class JwtInterceptor extends HandlerInterceptorAdapter {
@Autowired
Jwt jwt;
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
throws Exception {
// 1.通过request获取请求token信息
String authorization = request.getHeader("Authorization");
// 判断请求头信息是否为空,或者是否已Bearer开头
if (!StringUtils.isEmpty(authorization) && authorization.startsWith("Bearer")) {
// 获取token数据
String token = authorization.replace("Bearer ", "");
// 解析token获取claims
Claims claims = jwt.parseJWT(token);
if (claims != null) {
// 通过claims获取到当前用户的可访问API权限字符串
String apis = (String) claims.get(Auth.JWT_API_NAME); // api-user-delete,api-user-update
// 通过handler
HandlerMethod h = (HandlerMethod) handler;
// 获取接口上的reqeustmapping注解
RequestMapping annotation = h.getMethodAnnotation(RequestMapping.class);
// 获取当前请求接口中的name属性
String name = annotation.name();
// 判断当前用户是否具有响应的请求权限
if (apis.contains(name)) {
request.setAttribute(Auth.JWT_USER_CLAIMS, claims);
return true;
} else {
throw new BException(Code.USER_NO_PERMISSION);
}
}
}
throw new BException(Code.USER_NO_PERMISSION);
}
}
配置拦截器
/**
* 拦截器配置
*
* @author vander
*
*/
@Configuration
public class InterceptorConfig extends WebMvcConfigurationSupport {
@Autowired
private JwtInterceptor jwtInterceptor;
@Autowired
BProperties bProperties;
//添加自定义拦截器
@Override
protected void addInterceptors(InterceptorRegistry registry) {
if(bProperties.isEnableJwt()) {
registry.addInterceptor(jwtInterceptor)
.addPathPatterns(bProperties.getJwtPath())
.excludePathPatterns(bProperties.getJwtExclude()); // 设置不拦截的请求地址
}
}
//排除静态资源访问
@Override
protected void addResourceHandlers(ResourceHandlerRegistry registry) {
registry.addResourceHandler("/**").addResourceLocations("classpath:/static/");
}
}