前提:引入maven
<!-- JWT-->
<dependency>
<groupId>com.auth0</groupId>
<artifactId>java-jwt</artifactId>
<version>3.7.0</version>
</dependency>
1.token工具类
package com.zsy.util;
import com.auth0.jwt.JWT;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.interfaces.DecodedJWT;
import com.zsy.pojo.User;
import lombok.extern.slf4j.Slf4j;
import org.springframework.stereotype.Component;
import java.util.Calendar;
import java.util.Date;
@Slf4j
@Component
public class TokenUtils {
//密钥
public static final String SECRET = "youareapig??shabixiangpojie?";
//过期时间:秒
public static final int EXPIRE = 5;
/**
* 生成Token
*/
public static String createToken(User user){
Calendar nowTime = Calendar.getInstance();
nowTime.add(Calendar.SECOND, EXPIRE);
Date expireDate = nowTime.getTime();
String token = JWT.create()
.withClaim("id", user.getId())
.withClaim("account",user.getAccount())
.withIssuedAt(new Date())//签名时间
.withExpiresAt(expireDate)//过期时间
.sign(Algorithm.HMAC256(SECRET));//签名
return token;
}
/**
* 验证token
*/
public static DecodedJWT verify(String token) {
//如果有任何验证异常,此处都会抛出异常
DecodedJWT decodedJWT = JWT.require(Algorithm.HMAC256(SECRET)).build().verify(token);
return decodedJWT;
}
/**
* 获取token中的 payload
*/
public static DecodedJWT getTokenInfo(String token) {
DecodedJWT decodedJWT = JWT.require(Algorithm.HMAC256(SECRET)).build().verify(token);
// 使用 TokenUtils.getTokenInfo(token).getClaim("account").asString()
return decodedJWT;
}
}
2.HandlerInterceptor
preHandler:在Controller执行之前调用
package com.example.api.interceptor;
import com.auth0.jwt.exceptions.*;
import com.example.api.jwt.JwtUtil;
import com.fasterxml.jackson.databind.ObjectMapper;
import org.springframework.stereotype.Component;
import org.springframework.web.servlet.HandlerInterceptor;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.util.HashMap;
import java.util.Map;
//拦截器,拦截tonken
@Component
public class AuthenticationInterceptor implements HandlerInterceptor {
public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object object) throws Exception {
System.out.println("进入拦截器");
String token=httpServletRequest.getHeader("token");
Map<String, Object> map = new HashMap<>();
try {
JwtUtil.verify(token);
return true;
} catch (SignatureVerificationException e) {
e.printStackTrace();
map.put("msg", "签名不一致");
map.put("code",500);
} catch (TokenExpiredException e) {
e.printStackTrace();
map.put("msg", "令牌过期");
map.put("code",500);
} catch (AlgorithmMismatchException e) {
e.printStackTrace();
map.put("msg", "算法不匹配");
map.put("code",500);
} catch (InvalidClaimException e) {
e.printStackTrace();
map.put("msg", "失效的payload");
map.put("code",500);
} catch (Exception e) {
e.printStackTrace();
map.put("msg", "token无效");
map.put("code",500);
}
//根据自己所需选择所需的异常处理
map.put("state", false);
//响应到前台: 将map转为json
String json = new ObjectMapper().writeValueAsString(map);
httpServletResponse.setContentType("application/json;charset=UTF-8");
httpServletResponse.getWriter().println(json);
return false;
}
}
3.WebMvcConfigurer
实现addInterceptors方法
package com.example.api.config;
import com.example.api.interceptor.AuthenticationInterceptor;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
import java.util.ArrayList;
import java.util.List;
@Configuration
public class InterceptorConfig implements WebMvcConfigurer {
@Override
public void addInterceptors(InterceptorRegistry registry) {
List<String> excludePathLists= new ArrayList<>();
excludePathLists.add("/user/login");
excludePathLists.add("/user/register");
excludePathLists.add("/user/info");
registry.addInterceptor(new AuthenticationInterceptor())
.addPathPatterns("/**").excludePathPatterns(excludePathLists);
}
}