1. Jwt消息构成
1.1 组成
一个token 分为3 部分
- 头部(header)
- 载荷 (payload)
- 签证 (signature)
三部分之间用 . 号作为分隔
如:
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ
1.2 header
jwt的头部承载两部分信息
- 声明类型,这里时jwt
- 声明加密的算法,通常直接使用 HMAC SHA256
如:
{
'typ': 'JWT',
'alg': 'HS256'
}
使用base64加密,构成第一部分
eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9
payload
载荷就是存放有效信息的地方,包含三个部分
- 标准中注册的声明
- 公共的声明
- 私有的声明
这其中标准中注册的声明(建议但不强制使用)包括如下部分
- iss : jwt签发者
- sub: jwt面向的用户
- aud: 接收方
- exp: jwt过期时间
- nbf: 定义在什么时间之前,jwt都是不可用的
- iat: jwt签发时间
- jwt唯一身份标识
公共声明存放用户或业务等相关信息
私有声明是提供者和消费者所共同定义的声明,一般不建议存放敏感信息,因为base64是对称解密的,意味着该部分信息可以归类为明文信息
如:
{
"sub": "1234567890",
"name": "John Doe",
"admin": true
}
BASE64 加密
eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9
var encodedString = base64UrlEncode(header) + '.' + base64UrlEncode(payload);
var signature = HMACSHA256(encodedString, '密钥');
加密之后,得到signature签名信息。
TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ
signature
jwt的第三部分是一个签证信息,这个签证信息由三部分组成:
2. 和SpringBoot 集成
2.1 依赖
<!-- jwt支持 -->
<!-- https://mvnrepository.com/artifact/com.auth0/java-jwt -->
<dependency>
<groupId>com.auth0</groupId>
<artifactId>java-jwt</artifactId>
<version>3.18.2</version>
</dependency>
2.2 使用
- 创建获取token的工具类
public class JwtUtils {
/**
* 以paylload
* @param userId
* @param sign
* @return 以userId作为载荷,获取一个token
*/
public static String getToken(Integer userId,String sign){
return JWT.create()
.withClaim("sub",userId)
.sign(Algorithm.HMAC256(sign));
}
}
- 登录、注册、修改信息后刷新token
@Data
public class UserSafety implements Serializable {
private Integer id;
private String username;
private String fullname;
private String avatarUrl;
private String token;
}
@Service
public class UserServiceImpl extends ServiceImpl<UserMapper, User> implements UserService {
@Autowired
private UserMapper userMapper;
@Override
public UserSafety login(UserDto userDto) {
LambdaQueryWrapper<User> wrapper = new LambdaQueryWrapper<>();
wrapper.eq(User::getUsername,userDto.getUsername());
User user = userMapper.selectOne(wrapper);
if(userDto.getPassword().equals(user.getPassword())){
UserSafety userSafety = new UserSafety();
BeanUtils.copyProperties(user, userSafety);
//获取token
setToken(userSafety, user);
return userSafety;
}else {
throw new BusinessException("用户名或员工号已存在");
}
}
private void setToken(UserSafety userSafety, User user){
//获取token
String token = JwtUtils.getToken(user.getId(), user.getPassword());
userSafety.setToken(token);
}
}
@Api(tags = "用户管理控制器")
@RestController
@RequestMapping("/api/v1/user")
public class UserController {
@Autowired
private UserService userService;
@ApiOperation("用户登录")
@PostMapping("/login")
public JsonData login(@RequestBody UserDto userDto, HttpServletResponse response) throws Exception {
if (!StringUtils.hasLength(userDto.getUsername()) || !StringUtils.hasLength(userDto.getPassword())){
return JsonData.buildError(Constant.BUSINESS_ERROR, "登录信息不完善!");
}
UserSafety userSafety = userService.login(userDto);
return handReturnUserInfo(response, userSafety);
}
private JsonData handReturnUserInfo(HttpServletResponse response, UserSafety userSafety) throws UnsupportedEncodingException, JsonProcessingException {
//cookie
ObjectMapper om = new ObjectMapper();
String userInfo = URLEncoder.encode(om.writeValueAsString(userSafety), "utf8");
Cookie cookie = new Cookie("user", userInfo);
cookie.setPath("/");
cookie.setMaxAge(1000 * 24 * 7);
response.addCookie(cookie);
return JsonData.buildSuccess("ok");
}
}
- 前端每次访问前,请求行带上token
request.interceptors.request.use(config => {
config.headers['Content-Type'] = 'application/json;charset=utf-8';
config.headers['token'] = storage.getCookieObj("user").token?storage.getCookieObj("user").token:"";
// config.headers['token'] = user.token; // 设置请求头
return config
}, error => {
return Promise.reject(error)
});
- 创建拦截器
public class TokenInterceptor implements HandlerInterceptor {
@Autowired
private UserService userService;
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {
if(!(handler instanceof HandlerMethod)){
//所有非controller方法,都放行
return true;
}
String token = request.getHeader("token");
if(!StringUtils.hasLength(token)){
throw new ServiceException("未授权的访问!");
}
Integer userId = JWT.decode(token).getClaim("sub").asInt();
//验证token
User user = userService.getById(userId);
if(user == null){
throw new BusinessException("token授权用户不存在");
}
//用户密码加签验证
JWTVerifier verifier = JWT.require(Algorithm.HMAC256(user.getPassword())).build();
try {
verifier.verify(token);
}catch (JWTVerificationException e){
throw new BusinessException("token无效!");
}
//验证成功
return true;
}
}
- 将拦截器注册
@Configuration
public class WebConfig implements WebMvcConfigurer {
/**
* 配置跨域访问
* @param registry
*/
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**")//项目中的所有接口都支持跨域
.allowedOrigins("*")//所有地址都可以访问,也可以配置具体地址
.allowCredentials(true)
.allowedMethods("*")//"GET", "HEAD", "POST", "PUT", "DELETE", "OPTIONS"
.maxAge(3600);// 跨域允许时间
}
// 注册拦截器
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(tokenInterceptor())
.addPathPatterns("/**")
.excludePathPatterns("/api/v1/user/login", "/api/v1/user/register")
.excludePathPatterns("/api/v1/user/importExcel","/api/v1/user/eptExcel");
}
@Bean
public TokenInterceptor tokenInterceptor(){
return new TokenInterceptor();
}
}
- 扩展
根据token获取当前用户
@Component
public class JwtUtils {
/**
* 以paylload
* @param userId
* @param sign
* @return 以userId作为载荷,获取一个token
*/
public static String getToken(Integer userId,String sign){
return JWT.create()
.withClaim("sub",userId)
.sign(Algorithm.HMAC256(sign));
}
@Autowired
private UserService userService;
private static UserService STATIC_USER_SERVICE;
@PostConstruct
public void initLoad(){
STATIC_USER_SERVICE = userService;
}
public static User getCurrentUser(){
ServletRequestAttributes requestAttributes = (ServletRequestAttributes) RequestContextHolder.currentRequestAttributes();
String token = requestAttributes.getRequest().getHeader("token");
Integer sub = JWT.decode(token).getClaim("sub").asInt();
try {
User user = STATIC_USER_SERVICE.getById(sub);
return user;
}catch (Exception e){
return null;
}
}
}