一.token监测流程操作
1.用户登录,生成token(EduLoginController)
》(1)拦截器(AuthHandlerInterceptor)将指定登录路径放行,所以不需验证token
》(2)查询用户是否存在
》(3)在(TokenUtil)生成token
》(4)返回token2.头部携带token进入方法
》(1)拦截器进行拦截,并验证token状态
》(2)从头部信息获取token
》(3)在parseToken方法里,将token分解开,获取并用户信息
》(4)返回数据
第一步
第二步
二.代码及配置
1.全局的token的常量和依赖
#token application.properties的配置
token.privateKey='fdasfgdsagaxgsregdfdjyghjfhebfdgwe45ygrfbsdfshfdsag'
token.yangToken=100000
token.oldToken=300000
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt</artifactId>
<version>${jwt.version}</version>
</dependency>
2.拦截器的编写
@Configuration
//@EnableWebMvc
public class AuthWebMvcConfig implements WebMvcConfigurer {
@Autowired
AuthHandlerInterceptor authHandlerInterceptor;
/**
* 给接口都配置拦截器,拦截转向到 authHandlerInterceptor
*/
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(authHandlerInterceptor)
.addPathPatterns("/**")
//放行登录地址
.excludePathPatterns("/eduservice/user/login/**")
//放行swagger
.excludePathPatterns("/swagger-resources/**",
"/webjars/**", "/v2/**", "/swagger-ui.html/**");
}
}
3.权限认证的拦截操作
@Slf4j
@Component
public class AuthHandlerInterceptor implements HandlerInterceptor {
@Autowired
TokenUtil tokenUtil;
@Value("${token.privateKey}")
private String privateKey;
@Value("${token.yangToken}")
private Long yangToken;
@Value("${token.oldToken}")
private Long oldToken;
/**
* 权限认证的拦截操作.
*/
@Override
public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object object) throws Exception {
log.info("=======进入拦截器========");
// 如果不是映射到方法直接通过,可以访问资源.
if (!(object instanceof HandlerMethod)) {
return true;
}
//为空就返回错误
String token = httpServletRequest.getHeader("token");
if (null == token || "".equals(token.trim())) {
return false;
}
log.info("==============token:" + token);
Map<String, String> map = tokenUtil.parseToken(token);
String userId = map.get("roles");
String userRole = map.get("name");
long timeOfUse = System.currentTimeMillis() - Long.parseLong(map.get("timeStamp"));
//1.判断 token 是否过期
//年轻 token
if (timeOfUse < yangToken) {
log.info("年轻 token");
}
//老年 token 就刷新 token
else if (timeOfUse >= yangToken && timeOfUse < oldToken) {
httpServletResponse.setHeader("token",tokenUtil.getToken(userId,userRole));
}
//过期 token 就返回 token 无效.
else {
throw new TokenAuthExpircedException();
}
//2.角色匹配.
if ("user".equals(userRole)) {
log.info("========user账户============");
return true;
}
if ("admin".equals(userRole)) {
log.info("========admin账户============");
return true;
}
return true;
}
}
4.登陆器
@RestController
@Api(value = "登录页面",description = "登录页面")
@RequestMapping("/eduservice/user")
@CrossOrigin //解决跨越问题
//@Api(tags = {"用户管理"}, description = "用户管理")
public class EduLoginController {
@Autowired
LoginService loginService;
@Autowired
UserService userService;
@Autowired
TokenUtil tokenUtil;
@PostMapping("login/{card}/{password}")
@ApiOperation(value = "登录", notes = "index登录页面")
public R login(@PathVariable String card, @PathVariable String password){
//验证账号,密码(账号具有唯一性)
QueryWrapper<User> userQueryWrapper = new QueryWrapper<>();
userQueryWrapper.eq("card",card);
userQueryWrapper.eq("password",password);
User one = userService.getOne(userQueryWrapper);
if (one == null){
return R.error().data("error","用户不存在");
}
String name = one.getName();
//根据用户名生成token
String token = tokenUtil.getToken("username", name);
return R.ok().data("token", token);
}
//info
@GetMapping("info")
@ApiOperation(value = "info")
public R info(HttpServletRequest request) {
String token = request.getHeader("token");
Map<String, String> stringStringMap = tokenUtil.parseToken(token);
return R.ok().data("roles", stringStringMap.get("roles")).data("name", stringStringMap.get("name"));
}
}
5.全局异常监听
@Slf4j
@ControllerAdvice
public class GlobalExceptionHandler {
// 自定义异常处理
@ExceptionHandler(TokenAuthExpircedException.class)
@ResponseBody
public String tokenExpiredExceptionHandler(){
log.warn("用户 token 过期");
return "用户 token 过期";
}
}
6.异常类TokenAuthExpircedException
public class TokenAuthExpircedException extends RuntimeException{
}
最后加上整个项目的结构
代码是参照半亩方糖里的文章敲的,不明白的可以去这里学习
原文链接:https://blog.csdn.net/jarvan5/article/details/113789133