1.导入XMl
<dependency>
<groupId>com.auth0</groupId>
<artifactId>java-jwt</artifactId>
<version>3.10.3</version>
</dependency>
2.工具类
package leyan.admin.util;
import com.alibaba.fastjson.JSON;
import com.auth0.jwt.JWT;
import com.auth0.jwt.JWTVerifier;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.interfaces.DecodedJWT;
import org.apache.commons.lang3.StringUtils;
import java.util.Calendar;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
public class JWTUtil {
private static final String JWT_SECRET = "secret_www";
/**
* 根据用户获取Token
*/
public static String getUserToken(String username, String userId) {
var message = "";
try {
Map<String, Object> headmap = new HashMap<>();
headmap.put("alg", "256");
headmap.put("typ", "JWT");
Date dateNow = new Date();
Calendar calendar = Calendar.getInstance();
calendar.setTime(dateNow);
calendar.add(Calendar.DATE, +1);
Date dateEnd = calendar.getTime();
Algorithm algorithm = Algorithm.HMAC256(JWT_SECRET);
String token = JWT.create()
.withHeader(headmap)
.withSubject("systemOrder")
.withIssuer("www.com.cn")
.withAudience("www.com.cn")
.withExpiresAt(dateEnd)
.withIssuedAt(dateNow)
.withClaim("userName", username)
.withClaim("userID", userId)
.sign(algorithm);
message = "{\"message\": \"success\", \"success\": \"true\", \"token\": \"" + token + "\"}";
} catch (Exception e) {
message = "{\"message\": \"error\", \"success\": \"false\", \"token\": \"null\"}";
}
return message;
}
/**
* 根据Token验证用户
*/
public static Map<String, String> verificationToken(String token) {
Map<String, String> tokenMap = new HashMap<>();
try {
if (StringUtils.isNotBlank(token)) {
tokenMap = jwtToken(token);
} else {
tokenMap.put("message", "error: token invalid");
}
} catch (Exception ex) {
tokenMap.put("message", "error: token invalid");
}
return tokenMap;
}
/**
* 解密
*/
public static Map<String, String> jwtToken(String str_token) {
Map<String, String> map = new HashMap<>();
map.put("success", "false");
try {
Algorithm algorithm = Algorithm.HMAC256(JWT_SECRET);
JWTVerifier jwtVerifier = JWT.require(algorithm).build();
DecodedJWT decodedJWT = jwtVerifier.verify(str_token);
map.put("userID", decodedJWT.getClaim("userID").asString());
map.put("message", "success");
map.put("success", "true");
map.put("userName", decodedJWT.getClaim("userName").asString());
} catch (Exception ex) {
map.put("message", "error: token invalid");
}
return map;
}
}
示例一:获取根据账号获取Token
@GetMapping("/keyCustomer/loginToken")
public Object toLogin(String username, String password) {
Map maps = new HashMap<String, String>();
var user = interfaceUserService.login(username, password);
if (user != null) {
//身份验证成功
String message = JWTUtil.getUserToken(username, user.getId().toString());
FileUtil.readWriteFile(stockLogFile, StrUtil.getDate() + " get token: " + message);
if (StringUtils.isNotBlank(message)) {
Map tokenMap = JSON.parseObject(message, Map.class);
if (StringUtils.containsIgnoreCase(tokenMap.get("message").toString(), "success")) {
maps.put("token", tokenMap.get("token").toString());
}
}
} else {
maps.put("error", "用户或密码错误");
}
return maps;
}
示例二:根据Token验证身份
@RequestMapping("/XXXX")
@CustomerVisitHistory
public Object groupItemChange(@RequestBody List<OrganizationGroup> organizationGroup, HttpServletRequest req) {
Map maps = new HashMap<String, String>();
if (organizationGroup != null) {
//验证Token身份
Map<String, String> map = JWTUtil.verificationToken(req.getHeader("token"));
if (StringUtils.containsIgnoreCase(map.get("message"), "success")) {
List<HashMap<Object, Object>> hashMaps = organizationUserService.updateGroupItem(organizationGroup);
if (hashMaps != null) {
maps.put("return", hashMaps);
maps.put("Message", "Succeed");
} else {
maps.put("return", hashMaps);
}
} else {
maps.put("NoLogin", "请输入正确Token");
}
}
return maps;
}
interfaceUserService:
public interface InterfaceUserService {
InterfaceUser login(String username, String password);
InterfaceUser getUserByName(String username);
}
interfaceUserServiceimpl:
import lombok.RequiredArgsConstructor;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
@RequiredArgsConstructor
@Service
@Transactional(readOnly = true)
public class InterfaceUserServiceImpl implements InterfaceUserService, UserDetailsService {
private final InterfaceUserMapper interfaceUserMapper;
private final PasswordEncoder passwordEncoder;
public InterfaceUser login(String username, String password) {
var user = getUserByName(username);
if (user != null
&& passwordEncoder.matches(password, user.getPassword())
) {
return user;
}
return null;
}
@Override
public AdminUserPrincipal loadUserByUsername(String username) throws UsernameNotFoundException {
var user = interfaceUserMapper.getUserByName(username);
if (user == null) {
throw new UsernameNotFoundException(username);
}
return new AdminUserPrincipal(user);
}
@Override
public InterfaceUser getUserByName(String username) {
try {
var userPrincipal = loadUserByUsername(username);
return userPrincipal.getInterfaceUser();
} catch (Exception e) {
return null;
}
}
}
Mapper:
<select id="getUserByName" resultType="leyan.admin.entity.InterfaceUser">
select id, username, password, discount, is_all as isAll, is_cas as isCas, is_url as isUrl, is_english as isEnglish, is_intpart as isIntpart from interface_user
where username=#{username}
</select>