参考博客:https://www.liangzl.com/get-article-detail-39644.html
一、添加依赖
<dependency>
<groupId>com.auth0</groupId>
<artifactId>java-jwt</artifactId>
<version>3.8.0</version>
</dependency>
二、添加配置
配置文件中加入jwt配置
security.jwt:
token-ttl: 60
token-secret: thefirsttoken123
swagger中的配置
public class Swagger {
@Bean
public Docket createRestApi(){
log.info("加载swagger配置");
return new Docket(DocumentationType.SWAGGER_2)
.apiInfo(apiInfo())
.select()
.apis(RequestHandlerSelectors.withMethodAnnotation(ApiOperation.class))
.paths(PathSelectors.any())
.build()
.securitySchemes(securitySchemes())
.securityContexts(securityContexts());
}
private ApiInfo apiInfo(){
return new ApiInfoBuilder()
.title("标题")
.termsOfServiceUrl("http://www.XXXX.com")
.build();
}
private List<ApiKey> securitySchemes(){
ApiKey apiKey = new ApiKey("Authorization", "admin-token", "header");
ArrayList<ApiKey> keys = new ArrayList<>();
keys.add(apiKey);
return keys;
}
private List<SecurityContext> securityContexts() {
List<SecurityContext> securityContexts = new ArrayList<>();
SecurityContextBuilder securityContextBuilder = SecurityContext.builder()
.securityReferences(defaultAuth());
securityContextBuilder.forPaths(PathSelectors.regex("^(?!jwt).*$"));
securityContexts.add(securityContextBuilder.build());
return securityContexts;
}
private List<SecurityReference> defaultAuth(){
AuthorizationScope scope = new AuthorizationScope("global", "accessEverything");
SecurityReference reference = new SecurityReference("Authorization", new AuthorizationScope[]{scope});
return Arrays.asList(reference);
}
}
三、创建token的工具类
@Service
public class TokenUtil {
private static final long EXPIRE_TIME = 15 * 60 * 1000;
private static final String TOKEN_SECRET = "thefirsttoken123";
/**
* 生成签名,15分钟过期
* @param **username**
* @param **password**
* @return
*/
public static String sign(String username, String password) {
try {
// 设置过期时间
Date date = new Date(System.currentTimeMillis() + EXPIRE_TIME);
// 私钥和加密算法
Algorithm algorithm = Algorithm.HMAC256(TOKEN_SECRET);
// 设置头部信息
Map<String, Object> header = new HashMap<>(2);
header.put("Type", "Jwt");
header.put("alg", "HS256");
// 返回token字符串
return JWT.create()
.withHeader(header)
.withClaim("loginName", username)
.withClaim("pwd", password)
.withExpiresAt(date)
.sign(algorithm);
} catch (Exception e) {
e.printStackTrace();
return null;
}
}
/**
* 检验token是否正确
* @param **token**
* @return
*/
public static boolean verify(String token){
try {
Algorithm algorithm = Algorithm.HMAC256(TOKEN_SECRET);
JWTVerifier verifier = JWT.require(algorithm).build();
DecodedJWT jwt = verifier.verify(token);
return true;
} catch (Exception e){
return false;
}
}
public static String getUserName(String token){
try {
DecodedJWT jwt = JWT.decode(token);
return jwt.getClaim("loginName").asString();
} catch (JWTDecodeException e){
e.printStackTrace();
return null;
}
}
}
四、设置拦截器,用于拦截未登录的情况下对其他接口的访问
@Configuration
public class InterceptorConfig extends WebMvcConfigurerAdapter {
private TokenInterceptor tokenInterceptor;
public InterceptorConfig(TokenInterceptor tokenInterceptor) {
this.tokenInterceptor = tokenInterceptor;
}
@Override
public void addInterceptors(InterceptorRegistry registry) {
List<String> excludePath = new ArrayList<>();
String sysUserLogin = "/member/login";
String swaggerUI = "/swagger-ui.html";
excludePath.add(sysUserLogin);
excludePath.add(swaggerUI);
excludePath.add("/swagger**/**");
registry.addInterceptor(tokenInterceptor).excludePathPatterns(excludePath);
}
}
/**
* 自定义token拦截器
*/
@Component
public class TokenInterceptor implements HandlerInterceptor {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
if (request.getMethod().equals("OPTIONS")){
response.setStatus(HttpServletResponse.SC_OK);
return true;
}
response.setCharacterEncoding("utf-8");
String token = request.getHeader("admin-token");
if (token != null){
boolean result = TokenUtil.verify(token);
if(result){
System.out.println("通过拦截器");
return true;
}
}
// System.out.println("认证失败");
response.getWriter().write("50000");
return false;
}
}
其中在swagger中配置的时候,securitySchemes 设置APIkey要与之后添加head信息的key相同,才能继续访问其他接口