SpringBoot 整合JWT 实现认证授权服务
1. 引入JWT依赖
<dependency>
<groupId>com.auth0</groupId>
<artifactId>java-jwt</artifactId>
<version>3.4.1</version>
</dependency>
2. 创建生成Token工具类
@Service
public class TokenUtil {
public String getToken(UserVO user) {
return JWT.create().withAudience(user.getCUserName()).sign(Algorithm.HMAC256(user.getCPwd()));
}
}
3. 创建拦截器配置
@Configuration
public class InterceptorConfig implements WebMvcConfigurer {
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(authenticationInterceptor())
.addPathPatterns("/**")
.excludePathPatterns("/swagger-resources/**", "/webjars/**", "/v2/**", "/swagger-ui.html/**");
}
@Bean
public AuthenticationInterceptor authenticationInterceptor() {
return new AuthenticationInterceptor();
}
}
4. 创建自定义拦截器
public class AuthenticationInterceptor extends HandlerInterceptorAdapter {
@Autowired
UserService userService;
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
if (!(handler instanceof HandlerMethod)) {
return true;
}
String token = request.getHeader("token");
HandlerMethod handlerMethod = (HandlerMethod) handler;
Method method = handlerMethod.getMethod();
if (method.isAnnotationPresent(PassToken.class)) {
PassToken passToken = method.getAnnotation(PassToken.class);
if (passToken.required()) {
return true;
}
}
if (method.isAnnotationPresent(UserLoginToken.class)) {
UserLoginToken userLoginToken = method.getAnnotation(UserLoginToken.class);
if (userLoginToken.required()) {
if (StringUtils.isEmpty(token)) {
throw new RuntimeException("无效token,请登录");
}
List<String> audience = null;
try {
audience = JWT.decode(token).getAudience();
} catch (Exception e) {
e.getStackTrace();
throw new RuntimeException("无效token,请登录");
}
String userId = audience.get(0);
UserVO user = userService.getUserByName(userId);
if (user == null) {
throw new RuntimeException("用户不存在");
}
JWTVerifier jwtVerifier = JWT.require(Algorithm.HMAC256(user.getCPwd())).build();
try {
jwtVerifier.verify(token);
return true;
} catch (Exception e) {
e.printStackTrace();
throw new RuntimeException("无效token");
}
}
}
return true;
}
}
5. 创建注解
@Target({ElementType.TYPE,ElementType.METHOD})
@Retention(RetentionPolicy.RUNTIME)
public @interface UserLoginToken {
boolean required() default true;
}
@Target({ElementType.METHOD, ElementType.TYPE})
@Retention(RetentionPolicy.RUNTIME)
public @interface PassToken {
boolean required() default true;
}
6. 使用
@Autowired
TokenUtil tokenUtil;
UserVO userForBase = userService.getUserByName(user.getCUserName());
String token = tokenUtil.getToken(userForBase);