文章目录
一、创建数据库wjt,新建user表
-- ----------------------------
-- Table structure for user
-- ----------------------------
DROP TABLE IF EXISTS `user`;
CREATE TABLE `user` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`name` varchar(80) DEFAULT NULL,
`password` varchar(40) DEFAULT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=utf8;
-- ----------------------------
-- Records of user
-- ----------------------------
INSERT INTO `user` VALUES ('1', 'zhangsan', '123');
二、在pom.xml中添加如下依赖
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-devtools</artifactId>
<scope>runtime</scope>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<!--lombok依赖-->
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<optional>true</optional>
</dependency>
<!--jwt依赖-->
<dependency>
<groupId>com.auth0</groupId>
<artifactId>java-jwt</artifactId>
<version>3.4.0</version>
</dependency>
<!--mysql依赖-->
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>8.0.13</version>
</dependency>
<!--mybatis依赖-->
<dependency>
<groupId>org.mybatis.spring.boot</groupId>
<artifactId>mybatis-spring-boot-starter</artifactId>
<version>2.1.1</version>
</dependency>
<!--阿里巴巴druid依赖-->
<dependency>
<groupId>com.alibaba</groupId>
<artifactId>druid</artifactId>
<version>1.0.9</version>
</dependency>
</dependencies>
三、application.yml配置
#数据源相关配置
spring:
datasource:
type: com.alibaba.druid.pool.DruidDataSource
driver-class-name: com.mysql.cj.jdbc.Driver
url: jdbc:mysql://localhost:3306/jwt?characterEncoding=UTF-8&serverTimezone=UTC
username: root
password: root
#mybatis相关配置
mybatis:
type-aliases-package: com.uos.entity
mapper-locations: classpath:com/uos/mapper/*.xml
#打印日志相关配置
logging:
level:
com.uos.dao: debug
四、在启动类添加@MapperScan注解
@MapperScan("com.uos.dao")
@SpringBootApplication
public class SpringbootjwtApplication {
public static void main(String[] args) {
SpringApplication.run(SpringbootjwtApplication.class, args);
}
}
五、entity、service、controller等的开发
- 在entity包下新建User类
@Data
@Accessors(chain = true)
public class User {
private String id;
private String name;
private String password;
}
- 在dao包下新建UserDAO 类
public interface UserDAO {
User login(User user);
}
- 在resources/com/uos/dao包下新建UserDAOMapper.xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
<mapper namespace="com.uos.dao.UserDAO">
<select id="login" resultType="User" parameterType="User">
select * from user
where name = #{name} and password = #{password}
</select>
</mapper>
- 在service包下新建UserService 类
public interface UserService {
//登录接口
User login(User user);
}
- 在service/impl包下新建UserServiceImpl 类
@Service
@Transactional
public class UserServiceImpl implements UserService {
@Autowired
private UserDAO userDAO;
@Override
@Transactional(propagation = Propagation.SUPPORTS)
public User login(User user) {
//根据接收的用户名和密码查询数据库
User userDB = userDAO.login(user);
if (userDB != null){
return userDB;
}
throw new RuntimeException("认证失败!");
}
}
- 在controller包下新建UserController类
@RestController
@Slf4j
public class UserController {
@Autowired
private UserService userService;
/*
* 用户登录
* */
@GetMapping("/user/login")
public Map<String, Object> login(User user){
log.info("user:{}", user);
Map<String, Object> map = new HashMap<>();
try {
User userDB = userService.login(user);
Map<String, String> payload = new HashMap<>();
payload.put("id", userDB.getId());
payload.put("name", userDB.getName());
//生成jwt令牌
String token = JWTUtils.getToken(payload);
map.put("state", true);
map.put("token", token);
map.put("msg", "认证成功!");
} catch (Exception e) {
map.put("state", false);
map.put("msg", e.getMessage());
}
return map;
}
@PostMapping("/user/test")
public Map<String, Object> test(String token){
log.info("token={}", token);
Map<String, Object> map = new HashMap<>();
try {
//验证令牌
DecodedJWT verify = JWTUtils.verify(token);
map.put("state", true);
map.put("msg", "请求成功!");
return map;
}catch (SignatureVerificationException e){
e.printStackTrace();
map.put("msg", "无效签名!");
}catch (TokenExpiredException e){
e.printStackTrace();
map.put("msg", "token过期!");
}catch (AlgorithmMismatchException e){
e.printStackTrace();
map.put("msg", "token算法不一致!");
}catch (Exception e) {
e.printStackTrace();
map.put("msg", "token无效!");
}
map.put("state", false);
return map;
}
}
- 在utils包下新建JWTUtils 类
public class JWTUtils {
private static final String SIGNATURE = "!@#$%^&*";
/*
* 生成token header.payload.signature
* */
public static String getToken(Map<String, String> map){
Calendar instance = Calendar.getInstance();
instance.add(Calendar.DATE, 7); //设置默认过期时间为7天
//创建jwt builder
JWTCreator.Builder builder = JWT.create();
//payload
map.forEach((k, v) -> {
builder.withClaim(k, v);
});
//指定令牌过期时间和signature
String token = builder.withExpiresAt(instance.getTime())
.sign(Algorithm.HMAC256(SIGNATURE));
return token;
}
/*
* 验证token合法性 + 获取token信息
*/
public static DecodedJWT verify(String token){
return JWT.require(Algorithm.HMAC256(SIGNATURE)).build().verify(token);
}
/*
* 获取token信息方法
*/
/*public static DecodedJWT getTokenInfo(String token){
DecodedJWT verify = JWT.require(Algorithm.HMAC256(SIGNATURE)).build().verify(token);
return verify;
}*/
}
六、当前整合存在的问题
使用上述方式每次都要传递token数据,每个方法都需要验证token代码冗余,不够灵活。下面使用拦截器进行优化。
七、解决问题
- 在interceptor包下新建JWTInterceptor 类
public class JWTInterceptor implements HandlerInterceptor {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
Map<String, Object> map = new HashMap<>();
//获取请求头中的令牌
String token = request.getHeader("token");
try {
//验证令牌
JWTUtils.verify(token);
//放行请求
return true;
}catch (SignatureVerificationException e){
e.printStackTrace();
map.put("msg", "无效签名!");
}catch (TokenExpiredException e){
e.printStackTrace();
map.put("msg", "token过期!");
}catch (AlgorithmMismatchException e){
e.printStackTrace();
map.put("msg", "token算法不一致!");
}catch (Exception e) {
e.printStackTrace();
map.put("msg", "token无效!");
}
map.put("state", false);
//将map转为json jackson
String json = new ObjectMapper().writeValueAsString(map);
response.setContentType("application/json;charset=UTF-8");
response.getWriter().println(json);
return false;
}
}
- 在config包下新建InterceptorConfig 类
@Configuration
public class InterceptorConfig implements WebMvcConfigurer {
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(new JWTInterceptor())
.addPathPatterns("/user/test") //其他接口需要token验证
.excludePathPatterns("/user/login"); //与用户相关的都放行
}
}
- 重新测试
@PostMapping("/user/test")
public Map<String, Object> test(HttpServletRequest request){
Map<String, Object> map = new HashMap<>();
//处理自己的业务逻辑
String token = request.getHeader("token");
DecodedJWT verify = JWTUtils.verify(token);
log.info("用户id:{}", verify.getClaim("id").asString());
log.info("用户名name:{}", verify.getClaim("name").asString());
map.put("state", true);
map.put("msg", "请求成功!");
return map;
}