首先pom.xml文件中导入JWT maven依赖
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt</artifactId>
<version>0.9.1</version>
</dependency>
复制代码
其次新创建一个拦截器,继承HandlerInterceptor类
package com.irs.shiro;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import com.irs.util.JsonUtils;
import com.irs.util.JwtHelper;
import com.irs.util.WxResult;
import io.jsonwebtoken.Claims;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import java.io.IOException;
import java.io.PrintWriter;
import static com.sun.xml.internal.ws.api.message.Packet.State.ServerResponse;
public class ApiInterceptor implements HandlerInterceptor {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
throws Exception {
System.out.println("---------preHandle--------");
return check(request, response);
}
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
System.out.println("---------postHandle--------");
}
private boolean check(HttpServletRequest request, HttpServletResponse response) throws Exception{
//对url进行拦截和处理
if (request.getServletPath().equals("/api/getToken")) {
return true;
}
final String requestHeader = request.getHeader("token");
String authToken;
if (requestHeader != null) {
authToken = requestHeader;
Claims r;
//验证token是否过期,包含了验证jwt是否正确
try {
r = JwtHelper.parseJWT(authToken);
Object exp=r.get("exp");
long times=Long.valueOf(exp.toString());
long nowMillis = System.currentTimeMillis()/1000; //10位时间戳
if(nowMillis<=times){
return true;
}else{
//重置response
response.reset();
//设置编码格式
response.setCharacterEncoding("UTF-8");
response.setContentType("application/json;charset=UTF-8");
PrintWriter pw = null;
pw = response.getWriter();
pw.write(JsonUtils.objectToJson(WxResult.build(400,"token过期")));
pw.flush();
pw.close();
return false;
}
} catch (Exception e) {
//有异常就是token解析失败
//重置response
response.reset();
//设置编码格式
response.setCharacterEncoding("UTF-8");
response.setContentType("application/json;charset=UTF-8");
PrintWriter pw = null;
pw = response.getWriter();
pw.write(JsonUtils.objectToJson(WxResult.build(400,"token验证失败")));
pw.flush();
pw.close();
return false;
}
} else {
//header没有带Bearer字段
//重置response
response.reset();
//设置编码格式
response.setCharacterEncoding("UTF-8");
response.setContentType("application/json;charset=UTF-8");
PrintWriter pw = null;
pw = response.getWriter();
pw.write(JsonUtils.objectToJson(WxResult.build(400,"请携带token")));
pw.flush();
pw.close();
return false;
}
}
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
System.out.println("---------afterCompletion--------");
}
}
复制代码
最后在springmvc.xml中配置拦截器
<mvc:interceptors>
<mvc:interceptor>
<!-- 配置拦截规则 -->
<mvc:mapping path="/api/*"/>
<bean class="com.irs.shiro.ApiInterceptor"></bean>
</mvc:interceptor>
</mvc:interceptors>
复制代码