`使用jwt生成token验证登录状态`
使用jwt生成token字符串
在pom文件引入jwt相关依赖 代码
.
<dependency>
<groupId>com.nimbusds</groupId>
<artifactId>nimbus-jose-jwt</artifactId>
<version>6.0</version>
</dependency>
<dependency>
<groupId>org.assertj</groupId>
<artifactId>assertj-core</artifactId>
</dependency>
生成token字符串
/**
* 秘钥
*/
private static final byte[] SECRET = "6MNSobBRCHGIO0fS6MNSobBRCHGIO0fS".getBytes();
//设置过期时间 5s
private static final long EXPIRE_TIME = 1000 * 5;
public static String getToken(Long userId) {
try {
/**
* 1.创建一个32-byte的密匙
*/
MACSigner macSigner = new MACSigner(SECRET);
/**
* 2. 建立payload 载体
*/
JWTClaimsSet claimsSet = new JWTClaimsSet.Builder()
.subject("doi")
.expirationTime(new Date(System.currentTimeMillis() + EXPIRE_TIME)) //设置过期时间
.claim("userId", userId) //相关数据可以通过key-value进行存储,在拦截器中进行验证
.build();
/**
* 3. 建立签名
*/
SignedJWT signedJWT = new SignedJWT(new JWSHeader(JWSAlgorithm.HS256), claimsSet);
signedJWT.sign(macSigner);
/**
* 4. 生成token
*/
String token = signedJWT.serialize();
return token;
} catch (KeyLengthException e) {
e.printStackTrace();
} catch (JOSEException e) {
e.printStackTrace();
}
return null;
}
校验token是否有效
public String volidToken(String token) {
try {
JSONObject jsonObject = new JSONObject();
SignedJWT jwt = SignedJWT.parse(token);
JWSVerifier verifier = new MACVerifier(SECRET);
//校验是否有效
if (!jwt.verify(verifier)) {
//token无效
}
//校验超时
Date expirationTime = jwt.getJWTClaimsSet().getExpirationTime();
if (new Date().after(expirationTime)) {
//token过期
}
} catch (ParseException e) {
e.printStackTrace();
} catch (JOSEException e) {
e.printStackTrace();
}
return null;
}
获取放入token字符串中的数据
public String get(String token){
SignedJWT jwt = SignedJWT.parse(token);
Object account = jwt.getJWTClaimsSet().getClaim("userId"); //设置的key值
return account.toString();
}
编写拦截器配置类
拦截器验证
public class AuthenticationInterceptor implements HandlerInterceptor {
private static final Logger logger= LoggerFactory.getLogger(AuthenticationInterceptor.class);
public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object object) throws Exception {
String token = httpServletRequest.getHeader("token");// 从 http 请求头中取出 token
if (token == null) {
throw new Exception("无token,请重新登录");
}
String str = tokenUtil.volidToken(token); //验证token是否过期 是否有效
if(str.equals("1"))|{
//无效
throw new Exception("token无");
}
String userId = tokenUtil.get(token);
User user = userService.getUserById(userId);
if (null == userEntity) {
throw new Exception("用户不存在,请重新登录");
}
return true;
}
}
配置请求是否通过拦截器
@Configuration
public class InterceptorConfig implements WebMvcConfigurer {
/**
* 注入自定义拦截类到spring容器
* @return
*/
@Bean
public AuthenticationInterceptor getMyInterceptor(){
return new AuthenticationInterceptor();
}
@Override
public void addInterceptors(InterceptorRegistry registry) {
InterceptorRegistration registration = registry.addInterceptor(getMyInterceptor());
registration.addPathPatterns("/**"); //所有路径都被拦截 ,可以配置那些路径拦截 使用多个registration.addPathPatterns("");
registration.excludePathPatterns("/user/authLogin"); //那些路径不拦截
registration.excludePathPatterns("/get");
}
}
使用jwt生成token验证登录状态的全部教程完成