一.令牌的组成
1.标头(header)
2.有效载荷(Payload)
3.签名(signature)
header
标头通常是由两部分组成:令牌的类型(jwt)和所使用的签名算法,例如 HMAC SHA256或RSA
它会使用BASE64 编码组成jwt结构的第一部分
// base64是一种编码,可以被翻译回成原来的样子。并不是一种加密过程
{
“alg” : “HS256”,
“typ”:“JWT”
}
base64对json数据进行的编码
payload
–令牌的第二部分是有效负载,其中包含声明,声明是有关实体(通常是用户)和其他数据的声明,同样的,它会使用base64编码组成jwt结构的第二部分
{
“name”:“zhangdan”
“admin”:true
}
signatrue
前面的都在使用base64进行编码,即前端可以解开知道里面的信息.singature需要使用header和payload以及我们提供的一个秘钥,然后使用header中指定的算法(hs256)进行签名,签名作用是保证jwt秘钥被篡改过
二.第一个jwt程序
构建一个令牌
@Test
void contextLoads() {
HashMap<String, Object> map = new HashMap<>();
Calendar instance = Calendar.getInstance();
instance.add(Calendar.DAY_OF_MONTH,20);
String token = JWT.create()
.withHeader(map) //header
//payload
.withClaim("userId", 323)
.withClaim("username", "xiaohao")
//过期时间
.withExpiresAt(instance.getTime())
//签名
.sign(Algorithm.HMAC256("Life is too short for me to learn Python"));
System.out.println(token);
}
运行结果
eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjE2NTc4MDg0
NzgsInVzZXJJZCI6MzIzLCJ1c2VybmFtZSI6InhpYW9oYW8ifQ.u0nQRy
cV2ovv8jb4NFPsWRibPAr9n5hYJVzIZcVwx98
解析秘钥
@Test
public void test(){
JWTVerifier jwtVerifier = JWT.require(Algorithm.HMAC256("Life is too short for me to learn Python")).build();
DecodedJWT verify = jwtVerifier.verify("eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjE2NTc4MDgzOTAsInVzZXJJZCI6MzIzLCJ1c2VybmFtZSI6InhpYW9oYW8ifQ.m9bX3sKZetWrqRR10DePuTgEocqKVKTR6JqfcYnYOQ4");
System.out.println(verify.getClaim("userId").asInt());
System.out.println(verify.getClaim("username").asString());
}
运行结果
323
xiaohao
三.jwt工具类的封装
package com.wh.utils;
import com.auth0.jwt.JWT;
import com.auth0.jwt.JWTCreator;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.interfaces.DecodedJWT;
import java.util.Calendar;
import java.util.Map;
public class jwtUtils {
/**
* 生成token
*/
private static final String sing="Life is too short for me to learn Python";
public static String getToken(Map<String, String> map){
Calendar instance = Calendar.getInstance();
instance.add(Calendar.DAY_OF_MONTH,20);
JWTCreator.Builder builder = JWT.create();
//payload
map.forEach((k,v)->{
builder.withClaim(k,v);
});
String token = builder.withExpiresAt(instance.getTime())
.sign(Algorithm.HMAC256(sing));
return token;
}
/**
* 验证token
*/
public static DecodedJWT verify(String token){
return JWT.require(Algorithm.HMAC256(sing)).build().verify(token);
}
}
四.springboot整合jwt
在maven里面加入一下
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<version>1.18.16</version>
</dependency>
<dependency>
<groupId>com.alibaba</groupId>
<artifactId>druid</artifactId>
<version>1.1.19</version>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>8.0.25</version>
</dependency>
<dependency>
<groupId>org.mybatis.spring.boot</groupId>
<artifactId>mybatis-spring-boot-starter</artifactId>
<version>2.2.1</version>
</dependency>
配置application.properties
# 应用名称
spring.application.name=jwt
# 应用服务 WEB 访问端口
server.port=9999
spring.datasource.type=com.alibaba.druid.pool.DruidDataSource
spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver
spring.datasource.url=jdbc:mysql://localhost:3306/jwt?characterEncoding=UTF-8
spring.datasource.username=root
spring.datasource.password=123456
mybatis.type.aliases-package=com.wh.entity
mybatis.mapper-locations=classpath:com/wh/mapper/*.xml
logging.level.com.wh.dao=debug
在创建一个user表,里面的字段很简单
SET FOREIGN_KEY_CHECKS=0;
-- ----------------------------
-- Table structure for `user`
-- ----------------------------
DROP TABLE IF EXISTS `user`;
CREATE TABLE `user` (
`id` varchar(255) COLLATE utf8_croatian_ci NOT NULL,
`name` varchar(255) COLLATE utf8_croatian_ci DEFAULT NULL,
`password` varchar(255) COLLATE utf8_croatian_ci DEFAULT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb3 COLLATE=utf8_croatian_ci;
-- ----------------------------
-- Records of user
-- ----------------------------
INSERT INTO `user` VALUES ('1', 'zs', '123');
INSERT INTO `user` VALUES ('2', 'ss', 'sss');
建一个entity包
package com.wh.entity;
import lombok.Data;
import lombok.experimental.Accessors;
@Data
@Accessors(chain = true)
public class User {
private String id;
private String name;
private String password;
}
dao层
package com.wh.dao;
import com.wh.entity.User;
import org.apache.ibatis.annotations.Mapper;
@Mapper
public interface UserDAO {
User login(User user);
}
UserDAOMapper.xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE mapper
PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
"http://mybatis.org/dtd/mybatis-3-mapper.dtd">
<mapper namespace="com.wh.dao.UserDAO">
<select id="login" parameterType="com.wh.entity.User" resultType="com.wh.entity.User">
select * from user where name =#{name} and password =#{password}
</select>
</mapper>
service层
UserService
package com.wh.service;
import com.wh.entity.User;
public interface UserService {
User login(User user);
}
impl
package com.wh.service.Impl;
import com.wh.dao.UserDAO;
import com.wh.entity.User;
import com.wh.service.UserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
@Service
public class UserServiceImmpl implements UserService {
@Autowired
private UserDAO userDAO;
@Override
public User login(User user) {
User userdb = userDAO.login(user);
if (userdb!=null){
return userdb;
}
throw new RuntimeException("登录失败---");
}
}
controller
package com.wh.controller;
import com.wh.entity.User;
import com.wh.service.UserService;
import com.wh.utils.jwtUtils;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;
import javax.annotation.Resource;
import java.util.HashMap;
@RestController
@Slf4j
public class UserController {
@Resource
UserService userService;
@Resource
jwtUtils jwtUtils;
@GetMapping("/user/login")
public HashMap<Object, Object> login(User user){
log.info("用户名:[{}]",user.getName());
log.info("密码:[{}]",user.getPassword());
HashMap<Object, Object> map = new HashMap<>();
try {
User userdb = userService.login(user);
//生成jwt令牌
HashMap<String, String> payload= new HashMap<>();
payload.put("id",userdb.getId());
payload.put("name",userdb.getName());
String token = jwtUtils.getToken(payload);
map.put("state", true);
map.put("msg", "认证成功");
map.put("token",token);
}catch (Exception e){
map.put("state",false);
map.put("msg",e.getMessage());
}
return map;
}
}
还有前面封装的jwt工具类
package com.wh.utils;
import com.auth0.jwt.JWT;
import com.auth0.jwt.JWTCreator;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.interfaces.DecodedJWT;
import org.springframework.stereotype.Component;
import java.util.Calendar;
import java.util.HashMap;
import java.util.Map;
@Component
public class jwtUtils {
/**
* 生成token
*/
private static final String sing="Life is too short for me to learn Python";
public Object getToken;
public static String getToken(HashMap<String, String> map){
Calendar instance = Calendar.getInstance();
instance.add(Calendar.DAY_OF_MONTH,20);
JWTCreator.Builder builder = JWT.create();
//payload
map.forEach((k,v)->{
builder.withClaim(k,v);
});
String token = builder.withExpiresAt(instance.getTime())
.sign(Algorithm.HMAC256(sing));
return token;
}
/**
* 验证token
*/
public static DecodedJWT verify(String token){
return JWT.require(Algorithm.HMAC256(sing)).build().verify(token);
}
}
测试
localhost:9999/user/login?name=zs&password=123
结果
{
"msg": "认证成功",
"state": true,
"token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJuYW1lIjoienMiLCJpZCI6IjEiLCJleHAiOjE2NTc4ODQzNTl9.mpsj60Nf9f04s5uKPE-raL7ygfU9sV7GyccwSIWjoRM"
}
token解析
public Map<String,Object> test(String token) {
HashMap<String, Object> map = new HashMap<>();
log.info("当前token为:[{}]", token);
try {
DecodedJWT verify = jwtUtils.verify(token);
map.put("state", true);
map.put("msg", "请求成功");
return map;
} catch (SignatureVerificationException e) {
e.printStackTrace();
map.put("msg", "无效签名");
} catch (TokenExpiredException e) {
e.printStackTrace();
map.put("msg", "token过期");
} catch (AlgorithmMismatchException e) {
e.printStackTrace();
map.put("msg", "token算法不一致");
} catch (Exception e) {
e.printStackTrace();
map.put("msg", "无效签名");
}
map.put("state", false);
return map;
}
解析代码比较冗余,使用拦截器
新建一个interceptor的包
package com.wh.interceptors;
import com.auth0.jwt.exceptions.AlgorithmMismatchException;
import com.auth0.jwt.exceptions.SignatureVerificationException;
import com.auth0.jwt.exceptions.TokenExpiredException;
import com.auth0.jwt.interfaces.DecodedJWT;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.wh.utils.jwtUtils;
import org.springframework.web.servlet.HandlerInterceptor;
import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.util.HashMap;
public class JwtInterceptor implements HandlerInterceptor {
@Resource
com.wh.utils.jwtUtils jwtUtils;
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
HashMap<String, Object> map = new HashMap<>();
// 获取请求头的令牌
String token = request.getHeader("token");
try {
DecodedJWT verify = jwtUtils.verify(token);
map.put("state", true);
map.put("msg", "请求成功");
return true;
} catch (SignatureVerificationException e) {
e.printStackTrace();
map.put("msg", "无效签名");
} catch (TokenExpiredException e) {
e.printStackTrace();
map.put("msg", "token过期");
} catch (AlgorithmMismatchException e) {
e.printStackTrace();
map.put("msg", "token算法不一致");
} catch (Exception e) {
e.printStackTrace();
map.put("msg", "无效签名");
}
map.put("state",false);
// 将map转为json jackjson
String json = new ObjectMapper().writeValueAsString(map);
response.setContentType("application/json; charset=UTF-8");
response.getWriter().println(json);
return false;
}
}
最后建一个拦截器
package com.wh.config;
import com.wh.interceptors.JwtInterceptor;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
@Configuration
public class InterceptorConfig implements WebMvcConfigurer {
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(new JwtInterceptor())
.addPathPatterns("/user/test")
.excludePathPatterns("/user/login");
//所有用户都放行,其他接口都验证
}
}