1.下载依赖
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt</artifactId>
<version>0.9.1</version>
</dependency>
2.添加配置文件
jwt:
route:
authentication:
path: /auth
header: Authorization
expiration: 60
secret: almighty.hanhuide.project
startsWith: "Bearer "
token:
validTime: 7
3. 编辑token 工具类
package com.hanhuide.core.utils;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Clock;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import io.jsonwebtoken.impl.DefaultClock;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.stereotype.Component;
import java.io.Serializable;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import java.util.function.Function;
@Component
public class JwtTokenUtil implements Serializable {
private static final long serialVersionUID = -3301605591108950415L;
@Value("${jwt.secret}")
private String secret;
@Value("${jwt.expiration}")
private Long expiration;
@Value("${jwt.header}")
private String tokenHeader;
private Clock clock = DefaultClock.INSTANCE;
public String generateToken(UserDetails userDetails) {
Map<String, Object> claims = new HashMap<>();
return doGenerateToken(claims, userDetails.getUsername());
}
public String doGenerateToken(Map<String, Object> claims, String subject) {
final Date createdDate = clock.now();
final Date expirationDate = calculateExpirationDate(createdDate);
return Jwts.builder()
.setClaims(claims)
.setSubject(subject)
.setIssuedAt(createdDate)
.setExpiration(expirationDate)
.signWith(SignatureAlgorithm.HS512, secret)
.compact();
}
private Date calculateExpirationDate(Date createdDate) {
return new Date(createdDate.getTime() + expiration);
}
public Boolean validateToken(String token, UserDetails userDetails) {
final String username = getUsernameFromToken(token);
return (username.equals(userDetails.getUsername()) && !isTokenExpired(token));
}
public String getUsernameFromToken(String token) {
return getClaimFromToken(token, Claims::getSubject);
}
public static void main(String[] args) {
String tokemn="eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJyb290IiwiaXAiOiIwOjA6MDowOjA6MDowOjEiLCJleHAiOjE1Nzc5NTg4NDYsImlhdCI6MTU3Nzk1ODU0Nn0.78aGErlWt6mmkJGtHHyXiePSJa5kDtTS6OtGs0npB6-kA0u1myB6ptRM8qmghFW_d5KCYXAzmzv9zbotFaJZ0g";
new JwtTokenUtil().isTokenExpired(tokemn);
}
public <T> T getClaimFromToken(String token, Function<Claims, T> claimsResolver) {
final Claims claims = getAllClaimsFromToken(token);
return claimsResolver.apply(claims);
}
public Claims getAllClaimsFromToken(String token) {
return Jwts.parser()
.setSigningKey(secret)
.parseClaimsJws(token)
.getBody();
}
public Boolean isTokenExpired(String token) {
final Date expiration = getExpirationDateFromToken(token);
return expiration.before(clock.now());
}
public Date getExpirationDateFromToken(String token) {
return getClaimFromToken(token, Claims::getExpiration);
}
}
4.添加redis 管理token工具类
package com.hanhuide.core.utils;
import com.hanhuide.toolkit.utils.RedisUtil;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.data.redis.core.StringRedisTemplate;
import org.springframework.stereotype.Component;
/**
* @program: maven
* @description:
* @author: 韩惠德
* @create: 2019-12-20 16:31
* @version: 1.0
**/
@Component
public class TokenRedisUtil {
@Autowired
private RedisUtil redisUtil;
@Autowired
private StringRedisTemplate redisTemplate;
@Value("${jwt.expiration}")
private int expirationSeconds;
@Value("${jwt.token.validTime}")
private int validTime;
/**
* 将token加入到redis黑名单中
*
* @param token
*/
public void addBlackList(String token) {
redisUtil.hset("blacklist", token, "true");
}
/**
* 判断此token是否在黑名单中
*
* @param token
* @return
*/
public Boolean isBlackList(String token) {
return redisUtil.hasKey("blacklist", token);
}
/**
* 查询token下的刷新时间
*
* @param token 查询的key
* @return HV
*/
public Object getTokenValidTimeByToken(String token) {
return redisTemplate.opsForHash().get(token, "tokenValidTime");
}
public Boolean hasKey(String authToken) {
return redisUtil.hasKey(authToken);
}
public String hget(String authToken) {
return redisUtil.hget(authToken, "expirationTime").toString();
}
public void hset(String authToken) {
redisUtil.hset("blacklist", authToken, DateUtil.getTime());
}
public void deleteKey(String authToken) {
redisUtil.deleteKey(authToken);
}
/**
* 查询token下的刷新时间
*
* @param token 查询的key
* @return HV
*/
public Object getUsernameByToken(String token) {
return redisTemplate.opsForHash().get(token, "username");
}
/**
* 查询token下的刷新时间
*
* @param token 查询的key
* @return HV
*/
public Object getIPByToken(String token) {
return redisTemplate.opsForHash().get(token, "ip");
}
/**
* 查询token下的过期时间
*
* @param token 查询的key
* @return HV
*/
public Object getExpirationTimeByToken(String token) {
return redisTemplate.opsForHash().get(token, "expirationTime");
}
public void setTokenRefresh(String token, String username, String ip) {
//刷新时间
Integer expire = validTime * 24 * 60 * 60 * 1000;
redisUtil.hset(token, "tokenValidTime", DateUtil.getAddDayTime(validTime), expire);
redisUtil.hset(token, "expirationTime", DateUtil.getAddDaySecond(expirationSeconds), expire);
redisUtil.hset(token, "username", username, expire);
redisUtil.hset(token, "ip", ip, expire);
}
}
6. 添加拦截器
package com.hanhuide.core.filter;
import com.alibaba.fastjson.JSON;
import com.hanhuide.core.enums.ResultEnum;
import com.hanhuide.core.model.CustomResponseBody;
import com.hanhuide.core.service.impl.CustomUserDetailsService;
import com.hanhuide.core.utils.AccessAddressUtil;
import com.hanhuide.core.utils.DateUtil;
import com.hanhuide.core.utils.JwtTokenUtil;
import com.hanhuide.core.utils.TokenRedisUtil;
import io.jsonwebtoken.Claims;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
import org.springframework.stereotype.Component;
import org.springframework.web.filter.OncePerRequestFilter;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
//import com.deceen.common.utils.JwtTokenUtil;
/**
* @author: zzx
* @date: 2018/10/15 17:30
* @description: 确保在一次请求只通过一次filter,而不需要重复执行
*/
@Component
@Slf4j
public class JwtAuthenticationTokenFilter extends OncePerRequestFilter {
@Value("${jwt.header}")
private String tokenHeader;
@Value("${jwt.startsWith}")
private String startsWith;
@Autowired
CustomUserDetailsService userDetailsService;
@Autowired
private TokenRedisUtil redisUtil;
@Autowired
private JwtTokenUtil jwtTokenUtil;
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
String authHeader = request.getHeader(tokenHeader);
//获取请求的ip地址
String currentIp = AccessAddressUtil.getIpAddress(request);
System.out.println(startsWith);
CustomResponseBody body = new CustomResponseBody();
if (authHeader != null && authHeader.startsWith(startsWith)) {
String authToken = authHeader.substring(startsWith.length());
System.out.println(authToken);
String username = jwtTokenUtil.getUsernameFromToken(authToken);
Claims claims = jwtTokenUtil.getAllClaimsFromToken(authToken);
String ip = (String) claims.get("ip");
//进入黑名单验证
if (redisUtil.isBlackList(authToken)) {
log.info("用户:{}的token:{}在黑名单之中,拒绝访问", username, authToken);
body.setStatus(ResultEnum.TOKEN_IS_BLACKLIST.getCode());
body.setMsg(ResultEnum.TOKEN_IS_BLACKLIST.getMessage());
response.getWriter().write(JSON.toJSONString(body));
return;
}
//判断token是否过期
/*
* 过期的话,从redis中读取有效时间(比如七天登录有效),再refreshToken(根据以后业务加入,现在直接refresh)
* 同时,已过期的token加入黑名单
*/
if (redisUtil.hasKey(authToken)) {//判断redis是否有保存
if (jwtTokenUtil.isTokenExpired(authToken)) {
//获得redis中用户的token刷新时效
String tokenValidTime = (String) redisUtil.getTokenValidTimeByToken(authToken);
String currentTime = DateUtil.getTime();
//这个token已作废,加入黑名单
log.info("{}已作废,加入黑名单", authToken);
redisUtil.hset(authToken);
if (DateUtil.compareDate(currentTime, tokenValidTime)) {
//超过有效期,不予刷新
log.info("{}已超过有效期,不予刷新", authToken);
body.setStatus(ResultEnum.LOGIN_IS_OVERDUE.getCode());
body.setMsg(ResultEnum.LOGIN_IS_OVERDUE.getMessage());
response.getWriter().write(JSON.toJSONString(body));
return;
} else {//仍在刷新时间内,则刷新token,放入请求头中
String usernameByToken = (String) redisUtil.getUsernameByToken(authToken);
username = usernameByToken;//更新username
ip = (String) redisUtil.getIPByToken(authToken);//更新ip
//获取请求的ip地址
Map<String, Object> map = new HashMap<>();
map.put("ip", ip);
String jwtToken = jwtTokenUtil.doGenerateToken(map, usernameByToken);
//更新redis
redisUtil.setTokenRefresh(jwtToken, usernameByToken, ip);
//删除旧的token保存的redis
redisUtil.deleteKey(authToken);
//新的token保存到redis中
redisUtil.setTokenRefresh(jwtToken, username, ip);
log.info("redis已删除旧token:{},新token:{}已更新redis", authToken, jwtToken);
authToken = jwtToken;//更新token,为了后面
response.setHeader("Authorization", "Bearer " + jwtToken);
}
}
}
if (username != null && SecurityContextHolder.getContext().getAuthentication() == null) {
/*
* 加入对ip的验证
* 如果ip不正确,进入黑名单验证
*/
if (ip.equalsIgnoreCase(currentIp)) {//地址不正确
log.info("用户:{}的ip地址变动,进入黑名单校验", username);
//进入黑名单验证
if (redisUtil.isBlackList(authToken)) {
log.info("用户:{}的token:{}在黑名单之中,拒绝访问", username, authToken);
body.setStatus(ResultEnum.TOKEN_IS_BLACKLIST.getCode());
body.setMsg(ResultEnum.TOKEN_IS_BLACKLIST.getMessage());
response.getWriter().write(JSON.toJSONString(body));
return;
}
//黑名单没有则继续,如果黑名单存在就退出后面
}
UserDetails userDetails = userDetailsService.loadUserByUsername(username);
if (userDetails != null) {
UsernamePasswordAuthenticationToken authentication =
new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
SecurityContextHolder.getContext().setAuthentication(authentication);
}
}
}
filterChain.doFilter(request, response);
}
}
7.添加关于过去用户ip的工具类(这个是复制的别人的)
package com.hanhuide.core.utils;
import org.springframework.stereotype.Component;
import javax.servlet.http.HttpServletRequest;
/**
* @author: zzx
* @date: 2018/10/22 15:25
* @description: 自定义访问地址工具类
* 获取请求的ip地址等信息
*/
@Component
public class AccessAddressUtil {
/**
* 获取用户真实IP地址,不使用request.getRemoteAddr();的原因是有可能用户使用了代理软件方式避免真实IP地址,
* 参考文章: http://developer.51cto.com/art/201111/305181.htm
*
* 可是,如果通过了多级反向代理的话,X-Forwarded-For的值并不止一个,而是一串IP值,究竟哪个才是真正的用户端的真实IP呢?
* 答案是取X-Forwarded-For中第一个非unknown的有效IP字符串。
*
* 如:X-Forwarded-For:192.168.1.110, 192.168.1.120, 192.168.1.130,
* 192.168.1.100
*
* 用户真实IP为: 192.168.1.110
* @param request
* @return
*/
public static String getIpAddress(HttpServletRequest request) {
String ip = request.getHeader("x-forwarded-for");
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getHeader("Proxy-Client-IP");
}
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getHeader("WL-Proxy-Client-IP");
}
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getHeader("HTTP_CLIENT_IP");
}
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getHeader("HTTP_X_FORWARDED_FOR");
}
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getRemoteAddr();
}
return ip;
}
}
8。在登录成功页面添加
package com.hanhuide.core.handler;
import com.alibaba.fastjson.JSON;
import com.hanhuide.core.enums.ResultEnum;
import com.hanhuide.core.model.CustomResponseBody;
import com.hanhuide.core.model.CustomAuthDetails;
import com.hanhuide.core.utils.AccessAddressUtil;
import com.hanhuide.core.utils.JwtTokenUtil;
import com.hanhuide.core.utils.TokenRedisUtil;
import com.hanhuide.toolkit.utils.RedisUtil;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.stereotype.Component;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
/**
* @program: maven
* @description: 用户登录成功时返回给前端的数据
* @author: 韩惠德
* @create: 2019-11-29 13:53
* @version: 1.0
**/
@Component
@Slf4j
public class CustomAuthenticationSuccessHandler implements AuthenticationSuccessHandler {
@Autowired
private JwtTokenUtil jwtTokenUtil;
@Autowired
private TokenRedisUtil redisUtil;
@Value("${jwt.header}")
private String header;
@Override
public void onAuthenticationSuccess(HttpServletRequest httpServletRequest, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
response.setHeader("Content-type", "application/json; charset=utf-8");
response.setCharacterEncoding("UTF-8");
String ip = AccessAddressUtil.getIpAddress(httpServletRequest);
CustomResponseBody responseBody = new CustomResponseBody();
CustomAuthDetails userDetails = (CustomAuthDetails) authentication.getDetails();
log.info("用户登录信息{}", userDetails);
Map<String, Object> map = new HashMap<>();
map.put("ip", ip);
String jwtToken = jwtTokenUtil.doGenerateToken(map, userDetails.getUsername());
response.setHeader(header, jwtToken);
responseBody.setJwtToken(jwtToken);
responseBody.setStatus(ResultEnum.USER_LOGIN_SUCCESS.getCode());
responseBody.setMsg(ResultEnum.USER_LOGIN_SUCCESS.getMessage());
String currentIp = AccessAddressUtil.getIpAddress(httpServletRequest);
redisUtil.setTokenRefresh(jwtToken, userDetails.getUsername(), currentIp);
log.info("保存到redis 中");
response.getWriter().write(JSON.toJSONString(responseBody));
}
}
.注入spring
http.addFilterBefore(filter, UsernamePasswordAuthenticationFilter.class);
完事。下一步第三方登录
由于直接找的代码 所以 上述操作无法实现 单用户登录
经修改保存到redis中的数据格式 实现一个用户登录 更新token,更新了拦截器一体util方法类
package com.hanhuide.core.filter;
import com.alibaba.fastjson.JSON;
import com.hanhuide.core.enums.ResultEnum;
import com.hanhuide.core.exception.ExpiredJwtException;
import com.hanhuide.core.model.CustomResponseBody;
import com.hanhuide.core.service.impl.CustomUserDetailsService;
import com.hanhuide.core.utils.AccessAddressUtil;
import com.hanhuide.core.utils.DateUtil;
import com.hanhuide.core.utils.JwtTokenUtil;
import com.hanhuide.core.utils.TokenRedisUtil;
import io.jsonwebtoken.Claims;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
import org.springframework.stereotype.Component;
import org.springframework.web.filter.OncePerRequestFilter;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
/**
* 拦截token
*/
@Component
@Slf4j
public class JwtAuthenticationTokenFilter extends OncePerRequestFilter {
@Value("${jwt.header}")
private String tokenHeader;
@Value("${jwt.startsWith}")
private String startsWith;
@Autowired
CustomUserDetailsService userDetailsService;
@Autowired
private TokenRedisUtil redisUtil;
@Autowired
private JwtTokenUtil jwtTokenUtil;
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
String authHeader = request.getHeader(tokenHeader);
String currentIp = AccessAddressUtil.getIpAddress(request); //获取请求的ip地址
CustomResponseBody body = new CustomResponseBody();
if (authHeader != null && authHeader.startsWith(startsWith)) {
String authToken = authHeader.substring(startsWith.length());
String username = jwtTokenUtil.getUsernameFromToken(authToken);
Claims claims = jwtTokenUtil.getAllClaimsFromToken(authToken);
String ip = (String) claims.get("ip");
//进入黑名单验证
if (redisUtil.isBlackList(username)) {
log.info("用户:{}的token:{}在黑名单之中,拒绝访问", username, authToken);
body.setStatus(ResultEnum.TOKEN_IS_BLACKLIST.getCode());
body.setMsg(ResultEnum.TOKEN_IS_BLACKLIST.getMessage());
response.getWriter().write(JSON.toJSONString(body));
return;
}
/*
* 过期的话,从redis中读取有效时间(比如七天登录有效),再refreshToken(根据以后业务加入,现在直接refresh)
* 同时,已过期的token加入黑名单
*/
if (redisUtil.hasKey(username)) {//判断redis是否有保存
if (jwtTokenUtil.isTokenExpired(authToken)) {
//获得redis中用户的token刷新时效
String tokenValidTime = (String) redisUtil.getTokenValidTimeByToken(authToken);
String currentTime = DateUtil.getTime();
if (DateUtil.compareDate(currentTime, tokenValidTime)) {
log.info("{}已超过有效期,不予刷新", authToken);
body.setStatus(ResultEnum.LOGIN_IS_OVERDUE.getCode());
body.setMsg(ResultEnum.LOGIN_IS_OVERDUE.getMessage());
response.getWriter().write(JSON.toJSONString(body));
return;
} else {
//仍在刷新时间内,则刷新token,放入请求头中
ip = (String) redisUtil.getIPByToken(username);//更新ip
//获取请求的ip地址
Map<String, Object> map = new HashMap<>();
map.put("ip", ip);
String jwtToken = jwtTokenUtil.doGenerateToken(map, username);
//更新redis
redisUtil.setTokenRefresh(username, username, ip);
response.setHeader("Authorization", "Bearer " + jwtToken);
}
}
}
if (username != null && SecurityContextHolder.getContext().getAuthentication() == null) {
/*
* 加入对ip的验证
* 如果ip不正确,进入黑名单验证
*/
if (ip.equalsIgnoreCase(currentIp)) {//地址不正确
log.info("用户:{}的ip地址变动,进入黑名单校验", username);
//进入黑名单验证
if (redisUtil.isBlackList(authToken)) {
log.info("用户:{}的token:{}在黑名单之中,拒绝访问", username, authToken);
body.setStatus(ResultEnum.TOKEN_IS_BLACKLIST.getCode());
body.setMsg(ResultEnum.TOKEN_IS_BLACKLIST.getMessage());
response.getWriter().write(JSON.toJSONString(body));
return;
}
//黑名单没有则继续,如果黑名单存在就退出后面
}
UserDetails userDetails = userDetailsService.loadUserByUsername(username);
if (userDetails != null) {
UsernamePasswordAuthenticationToken authentication =
new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
SecurityContextHolder.getContext().setAuthentication(authentication);
}
}
}
filterChain.doFilter(request, response);
}
}
package com.hanhuide.core.utils;
import com.hanhuide.toolkit.utils.RedisUtil;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.data.redis.core.StringRedisTemplate;
import org.springframework.stereotype.Component;
/**
* @program: maven
* @description:
* @author: 韩惠德
* @create: 2019-12-20 16:31
* @version: 1.0
**/
@Component
public class TokenRedisUtil {
@Autowired
private RedisUtil redisUtil;
@Autowired
private StringRedisTemplate redisTemplate;
@Value("${jwt.expiration}")
private int expirationSeconds;
@Value("${jwt.token.validTime}")
private int validTime;
/**
* 将token加入到redis黑名单中
*
* @param token
*/
public void addBlackList(String token) {
redisUtil.hset("blacklist", token, "true");
}
/**
* 判断此token是否在黑名单中
*
* @param token
* @return
*/
public Boolean isBlackList(String token) {
return redisUtil.hasKey("blacklist", token);
}
/**
* 查询token下的刷新时间
*
* @param token 查询的key
* @return HV
*/
public Object getTokenValidTimeByToken(String token) {
return redisTemplate.opsForHash().get(token, "tokenValidTime");
}
public Boolean hasKey(String authToken) {
return redisUtil.hasKey(authToken);
}
public String hget(String authToken) {
return redisUtil.hget(authToken, "expirationTime").toString();
}
public void hset(String authToken) {
redisUtil.hset("blacklist", authToken, DateUtil.getTime());
}
public void deleteKey(String authToken) {
redisUtil.deleteKey(authToken);
}
/**
* 查询token下的刷新时间
*
* @param token 查询的key
* @return HV
*/
public Object getUsernameByToken(String token) {
return redisTemplate.opsForHash().get(token, "username");
}
/**
* 查询token下的刷新时间
*
* @param token 查询的key
* @return HV
*/
public Object getIPByToken(String token) {
return redisTemplate.opsForHash().get(token, "ip");
}
/**
* 查询token下的过期时间
*
* @param token 查询的key
* @return HV
*/
public Object getExpirationTimeByToken(String token) {
return redisTemplate.opsForHash().get(token, "expirationTime");
}
public void setTokenRefresh(String token, String username, String ip) {
//刷新时间
Integer expire = validTime * 24 * 60 * 60 * 1000;
redisUtil.hset(username, "token", token, expire);
redisUtil.hset(username, "tokenValidTime", DateUtil.getAddDayTime(validTime), expire);
redisUtil.hset(username, "expirationTime", DateUtil.getAddDaySecond(expirationSeconds), expire);
redisUtil.hset(username, "username", username, expire);
redisUtil.hset(username, "ip", ip, expire);
}
}
利用redis 实现了 单点登录