什么是权限
jwt工具类
package com.atguigu.common.jwt;
import io.jsonwebtoken.*;
import org.springframework.util.StringUtils;
import java.util.Date;
//jwt 工具类
public class JwtHelper {
//有效时长
private static long tokenExpiration = 365 * 24 * 60 * 60 * 1000;
//签名 便于加密(数据编码)
private static String tokenSignKey = "123456";
//更具用户名称和用户id生成token字符串
public static String createToken(Long userId, String username) {
String token = Jwts.builder()
//分类
.setSubject("AUTH-USER")
//设置token有效时长
.setExpiration(new Date(System.currentTimeMillis() + tokenExpiration))
//主体部分
.claim("userId", userId)
.claim("username", username)
//签名部分
.signWith(SignatureAlgorithm.HS512, tokenSignKey)
.compressWith(CompressionCodecs.GZIP)
.compact();
return token;
}
//从token字符串中获取用户id
public static Long getUserId(String token) {
try {
if (StringUtils.isEmpty(token)) return null;
//根据密钥解码
Jws<Claims> claimsJws = Jwts.parser().setSigningKey(tokenSignKey).parseClaimsJws(token);
//获取主体部分
Claims claims = claimsJws.getBody();
//得到用户id
Integer userId = (Integer) claims.get("userId");
return userId.longValue();
} catch (Exception e) {
e.printStackTrace();
return null;
}
}
//从token字符串中获取用户名称
public static String getUsername(String token) {
try {
if (StringUtils.isEmpty(token)) return "";
Jws<Claims> claimsJws = Jwts.parser().setSigningKey(tokenSignKey).parseClaimsJws(token);
Claims claims = claimsJws.getBody();
return (String) claims.get("username");
} catch (Exception e) {
e.printStackTrace();
return null;
}
}
public static void main(String[] args) {
String token = JwtHelper.createToken(1L, "admin");
System.out.println(token);
System.out.println(JwtHelper.getUserId(token));
System.out.println(JwtHelper.getUsername(token));
}
}
md5工具类
package com.atguigu.common.utils;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
public final class MD5 {
public static String encrypt(String strSrc) {
try {
char hexChars[] = { '0', '1', '2', '3', '4', '5', '6', '7', '8',
'9', 'a', 'b', 'c', 'd', 'e', 'f' };
byte[] bytes = strSrc.getBytes();
MessageDigest md = MessageDigest.getInstance("MD5");
md.update(bytes);
bytes = md.digest();
int j = bytes.length;
char[] chars = new char[j * 2];
int k = 0;
for (int i = 0; i < bytes.length; i++) {
byte b = bytes[i];
chars[k++] = hexChars[b >>> 4 & 0xf];
chars[k++] = hexChars[b & 0xf];
}
return new String(chars);
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
throw new RuntimeException("MD5加密出错!!+" + e);
}
}
public static void main(String[] args) {
System.out.println(MD5.encrypt("111111"));
}
}
登录具体过程
@PostMapping("login")
public Result login(@RequestBody LoginVo loginVo) {
// Map<String,Object> map=new HashMap<>();
// map.put("token","admin");
// return Result.ok(map);
//1 获取输入的用户名和密码
//2 根据用户名查询数据库
String username = loginVo.getUsername();
LambdaQueryWrapper<SysUser> wrapper = new LambdaQueryWrapper<>();
wrapper.eq(SysUser::getUsername, username);
SysUser sysUser = sysUserService.getOne(wrapper);
//3 用户信息是否存在
if (sysUser == null) {
throw new GuiguException(201, "用户名不存在");
}
//4 判断密码
//数据库密码(md5加密)
String password_db = sysUser.getPassword();
//对键盘输入密码进行加密
String password_input = MD5.encrypt(loginVo.getPassword());
if (!password_db.equals(password_input)) {
throw new GuiguException(201, "密码错误");
}
//5 判断用户是否被禁用 1 可用 0警用
if (sysUser.getStatus().intValue() == 0) {
throw new GuiguException(201, "用户被禁用");
}
//6 使用jwt更具用户id和用户名称生成token
String token = JwtHelper.createToken(sysUser.getId(), sysUser.getUsername());
//7 返回
Map<String, Object> map = new HashMap<>();
map.put("token", token);
return Result.ok(map);
}