POM
<dependency>
<groupId>com.auth0</groupId>
<artifactId>java-jwt</artifactId>
<version>3.10.3</version>
</dependency>
拦截器
@Configuration
public class InterceptorConfig implements WebMvcConfigurer {
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(jwtInterceptor())
.addPathPatterns("/**")// 拦截所有请求,通过判断是否有token注解决定是否需要登录
.excludePathPatterns("/**/adminLogin");
}
@Bean
public JwtInterceptor jwtInterceptor() {
return new JwtInterceptor();
}
/**
* 跨域支持
*
* @param registry
*/
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**");
}
}
token拦截器
public class JwtInterceptor implements HandlerInterceptor {
@Autowired
private UserService userService;
@Override
public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object object) {
String token = httpServletRequest.getHeader("token");// 从 http 请求头中取出 token
// 如果不是映射到方法直接通过
if (!(object instanceof HandlerMethod)) {
return true;
}
// 执行认证
if (StringUtils.isEmpty(token)) {
throw new MyException(ResultCodeEnum.TOKEN_ERROR);
}
// 获取token中的userId
String userId;
try {
userId = JWT.decode(token).getAudience().get(0);
} catch (JWTDecodeException j) {
throw new MyException(ResultCodeEnum.TOKEN_CHECK_ERROR);
}
// 根据token中的userId查询数据库
User user = userService.getById(Integer.valueOf(userId));
if (user == null) {
throw new MyException(ResultCodeEnum.USER_NOT_EXISTS);
}
// 用户密码加签验证 token
JWTVerifier jwtVerifier = JWT.require(Algorithm.HMAC256(user.getPassword())).build();
try {
jwtVerifier.verify(token);
} catch (JWTVerificationException e) {
throw new MyException(ResultCodeEnum.TOKEN_CHECK_ERROR);
}
return true;
}
}
生成Token工具类
@Component
public class TokenUtils {
private static final long EXPIRE_TIME = 60 * 60 * 1000; //过期时间1小时
@Autowired
public static UserService staticUserService;
@Autowired
public UserService userService;
@PostConstruct
public void setUserService() {
staticUserService = userService;
}
//生成token
public static String getToken(String userId, String sign) {
Date date = new Date(System.currentTimeMillis() + EXPIRE_TIME);
String token = "";
token = JWT.create().withAudience(userId) // 将 userId 保存到 token 里面
.withExpiresAt(date) //1小时后token过期
.sign(Algorithm.HMAC256(sign)); // 以 password 作为 token 的密钥
return token;
}
//获取当前登录的用户信息
public static User getCurrentUser() {
try {
HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
String token = request.getHeader("token");
if (!StringUtils.isEmpty(token)) {
String userId = JWT.decode(token).getAudience().get(0);
return staticUserService.getById(Integer.valueOf(userId));
}
} catch (Exception e) {
return null;
}
return null;
}
}
场景
调用接口的时候,headers添加token