1,登录生成token public class TokenService { public String getToken(User user) { Date start = new Date(); //一小时有效时间 long currentTime = System.currentTimeMillis() + 60* 60 * 1000; Date end = new Date(currentTime); String token = ""; token = JWT.create().withAudience(user.getAccount()).withIssuedAt(start).withExpiresAt(end) .sign(Algorithm.HMAC256(user.getPassword())); return token; } } 2,拦截器鉴证token // 验证 token JWTVerifier jwtVerifier = JWT.require(Algorithm.HMAC256(user.getPassword())).build(); try { jwtVerifier.verify(headerToken); } catch (JWTVerificationException e) { return setUnauthorizedResponse(exchange, "token校验不通过"); } 3,引入maven依赖 <dependency> <groupId>com.auth0</groupId> <artifactId>java-jwt</artifactId> </dependency>