这是jwt 官网 https://jwt.io/,有兴趣撸友的可以看一下。
在官网中可以看到,给了一个示例,左边的token 解码以后,就会由youy右边的三部分组成,分别是 头,有效载荷,验证签名。
头(包含算法和类型),有效载荷这个就比较核心了,用户可以在这里添加自己想添加的信息,包含token过期时间等。详情请参考这位撸友大佬https://blog.csdn.net/csdn_blog_lcl/article/details/73485463,验证签名是由头和有效载荷组成,详情查看https://www.cnblogs.com/wwlww/p/8413334.html大佬。
在官网中向下可以看见
点击可以进入
可以看到有如下一下文档可以参考
点击helloworl example 参考官方文档的示例吧
下面就介绍我自己集成的
使用maven
pom.xml
<dependency>
<groupId>com.auth0</groupId>
<artifactId>java-jwt</artifactId>
<version>3.4.0</version>
</dependency>
public interface TokenService {
/**
* 生成用户token
* @param member
* @return
*/
String getToken(Member member);
}
@Service
public class TokenServiceImpl implements TokenService{
/**
* 获取用户token
* @param member
* @return
*/
public String getToken(Member member) {
String token="";
token= JWT.create().withAudience(String.valueOf(member.getId()))
.sign(Algorithm.HMAC256(member.getPassword()));
return token;
}
}
@Target({ElementType.METHOD, ElementType.TYPE})
@Retention(RetentionPolicy.RUNTIME)
public @interface PassToken {
boolean required() default true;
}
@Target({ElementType.METHOD, ElementType.TYPE})
@Retention(RetentionPolicy.RUNTIME)
public @interface UserLoginToken {
boolean required() default true;
}
public class AuthenticationInterceptor implements HandlerInterceptor {
@Autowired
MemberService memberService;
@Override
public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse,
Object object) throws Exception {
String token = httpServletRequest.getHeader("token");// 从 http 请求头中取出
// 如果不是映射到方法
if (!(object instanceof HandlerMethod)) {
return true;
}
HandlerMethod handlerMethod = (HandlerMethod) object;
Method method = handlerMethod.getMethod();
// 检查是否有passtoken注释,有则跳过认证
if (method.isAnnotationPresent(PassToken.class)) {
PassToken passToken = method.getAnnotation(PassToken.class);
if (passToken.required()) {
return true;
}
}
// 检查有没有需要用户权限的注解
if (method.isAnnotationPresent(UserLoginToken.class)) {
UserLoginToken userLoginToken = method.getAnnotation(UserLoginToken.class);
if (userLoginToken.required()) {
// 执行认证
if (token == null) {
//显示错误信息
return false;
}
// 获取 token 中的 user id
String memberId;
try {
memberId = JWT.decode(token).getAudience().get(0);
} catch (JWTDecodeException j) {
j.printStackTrace();
//显示错误信息
return false;
}
Member member = memberService.selectById(memberId);
if (member == null) {
//显示错误信息
return false;
}
// 验证 token
JWTVerifier jwtVerifier = JWT.require(Algorithm.HMAC256(member.getPassword())).build();
try {
jwtVerifier.verify(token);
} catch (JWTVerificationException e) {
e.printStackTrace();
//显示错误信息
return false;
}
httpServletRequest.setAttribute("member", member);
return true;
}else{
if (token != null) {
String memberId = null;
try {
memberId = JWT.decode(token).getAudience().get(0);
} catch (JWTDecodeException j) {
}
Member member = memberService.selectById(memberId);
if(member != null){
// 验证 token
JWTVerifier jwtVerifier = JWT.require(Algorithm.HMAC256(member.getPassword())).build();
try {
jwtVerifier.verify(token);
} catch (JWTVerificationException e) {
}
httpServletRequest.setAttribute("member", member);
}
}
}
}
return true;
}
@Override
public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o,
ModelAndView modelAndView) throws Exception {
}
@Override
public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse,
Object o, Exception e) throws Exception {
}
}