1.添加依赖:
<!--token生成--> <dependency> <groupId>io.jsonwebtoken</groupId> <artifactId>jjwt</artifactId> <version>0.9.0</version> </dependency>
2.
2.1拦截器类:
import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.servlet.handler.HandlerInterceptorAdapter; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; //拦截器 public class JwtInterceptor extends HandlerInterceptorAdapter { @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { //自动排除生成token的路径,并且如果是options请求是cors跨域预请求,设置allow对应头信息 if(request.getRequestURI().equals("/sign-in")|| RequestMethod.OPTIONS.toString().equals(request.getMethod())){ System.out.println("自动排除生成token的路径"); return true ; } String token = request.getHeader("Authorization"); if (token == null || token.trim()=="") { throw new ServletException("无法获取token."); } //获取表中的token System.out.println("获取到的token=="+token); try { JwtUtils.checkToken(token); return true; } catch (Exception e) { throw new ServletException(e.getMessage()); } } }
2.2生成token和解析token类:
import io.jsonwebtoken.Claims; import io.jsonwebtoken.ExpiredJwtException; import io.jsonwebtoken.Jwts; import io.jsonwebtoken.SignatureAlgorithm; import javax.servlet.ServletException; import java.util.Date; public class JwtUtils { final static String base64EncodedSecretKey = "base64EncodedSecretKey";//私钥 final static long TOKEN_EXP = 1000 * 60 * 60 *24;//过期时间, 1000 * 60测试使用60秒 public static String getToken(String userName) { return Jwts.builder() .setSubject(userName) .claim("username", userName) .setIssuedAt(new Date()) .setExpiration(new Date(System.currentTimeMillis() + TOKEN_EXP)) /*过期时间*/ .signWith(SignatureAlgorithm.HS256, base64EncodedSecretKey) .compact(); } //解析token public static void checkToken(String token) throws ServletException { try { final Claims claims = Jwts.parser().setSigningKey(base64EncodedSecretKey).parseClaimsJws(token).getBody(); System.out.println("从token中解析到的username=="+claims); String username= (String) claims.get("username"); System.out.println("username=="+username); } catch (ExpiredJwtException e1) { throw new ServletException("token expired"); } catch (Exception e) { throw new ServletException("other token exception"); } } }
2.3:
import com.fasterxml.jackson.databind.ObjectMapper; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.http.converter.HttpMessageConverter; import org.springframework.http.converter.StringHttpMessageConverter; import org.springframework.http.converter.json.MappingJackson2HttpMessageConverter; import org.springframework.web.servlet.HandlerInterceptor; import org.springframework.web.servlet.config.annotation.*; import java.nio.charset.Charset; import java.util.List; @Configuration //@EnableWebMvc public class WebConfig extends WebMvcConfigurationSupport { @Override public void addCorsMappings(CorsRegistry registry) { //允许全部请求跨域 registry.addMapping("/**"); } @Override public void addInterceptors(InterceptorRegistry registry) { //添加拦截器 // registry.addInterceptor(new JwtInterceptor()).excludePathPatterns("/sign-in"); registry.addInterceptor(new JwtInterceptor()); } //解决中文乱码问题 @Override public void configureMessageConverters(List<HttpMessageConverter<?>> converters) { super.configureMessageConverters(converters); //解决中文乱码 converters.add(responseBodyConverter()); //解决 添加解决中文乱码后 上述配置之后,返回json数据直接报错 500:no convertter for return value of type converters.add(messageConverter()); } @Bean public HttpMessageConverter<String> responseBodyConverter(){ StringHttpMessageConverter converter = new StringHttpMessageConverter(Charset.forName("UTF-8")); return converter; } @Bean public MappingJackson2HttpMessageConverter messageConverter() { MappingJackson2HttpMessageConverter converter = new MappingJackson2HttpMessageConverter(); converter.setObjectMapper(getObjectMapper()); return converter; } @Bean public ObjectMapper getObjectMapper() { return new ObjectMapper(); } }
3.测试:
@RestController //@RequestMapping(value = {"/account"}) public class AccountController { @PostMapping(value = {"/sign-in"}) public String signIn(SysUser sysUser){ System.out.println("登录接口===="+ JSON.toJSONString(sysUser)); String username=sysUser.getUsername(); String password=sysUser.getPassword(); // userService.signIn(sysUser); // String token= JWTUtil.sign(username,password); String token= JwtUtils.getToken(username); System.out.println("生成token=="+token); //System.out.println("返回数据="+ResponseResult.e(ResponseCode.SIGN_IN_OK,((JwtToken) SecurityUtils.getSubject().getPrincipal()).getToken())); return token; } // @UserLoginToken @RequestMapping(value="/hello") public String hello(){ return "你已通过验证"; } @RequestMapping(value = "/yichang") public String index() throws Exception{ String name=null; if (name==null){ System.out.println("空"); throw new Exception(); // throw new MyException("1001","empty","在获取用户名字的时候为空"); }else { return "hahahha"; } } }