1、使用jjwt的jar包,依赖注入
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt</artifactId>
<version>0.9.1</version>
</dependency>
2、数据库建表存放用户token
CREATE TABLE `g_user_token` (
`TOKEN_ID` INT NOT NULL AUTO_INCREMENT COMMENT 'tokenID',
`USER_ID` INT NOT NULL COMMENT '用户ID',
`USER_TOKEN` VARCHAR(200) NULL COMMENT '用户TOKEN',
`BUILD_TIME` DATETIME DEFAULT NULL COMMENT '构建时间',
PRIMARY KEY (`TOKEN_ID`)
) ENGINE=INNODB DEFAULT CHARSET=utf8 COMMENT='用户token表';
3、相应实体类,MAPPER及数据库层省略
public class UserToken {
private Integer tokenId;
private Integer userId;
private String userToken;
private Date buildTime;
public Integer getTokenId() {
return tokenId;
}
public void setTokenId(Integer tokenId) {
this.tokenId = tokenId;
}
public Integer getUserId() {
return userId;
}
public void setUserId(Integer userId) {
this.userId = userId;
}
public String getUserToken() {
return userToken;
}
public void setUserToken(String userToken) {
this.userToken = userToken;
}
public Date getBuildTime() {
return buildTime;
}
public void setBuildTime(Date buildTime) {
this.buildTime = buildTime;
}
}
4、拦截器
public class TokenInterceptor implements HandlerInterceptor {
@Autowired
private UserTokenBusinessService userTokenBusinessService;
//提供查询
@Override
public void afterCompletion(HttpServletRequest arg0, HttpServletResponse arg1, Object arg2, Exception arg3)
throws Exception {}
@Override
public void postHandle(HttpServletRequest arg0, HttpServletResponse arg1, Object arg2, ModelAndView arg3)
throws Exception {}
@Override
public boolean preHandle(HttpServletRequest arg0, HttpServletResponse arg1, Object arg2) throws Exception {
//登录路径放行
if ("/admin/login".equals(arg0.getRequestURI()) || "/web/login".equals(arg0.getRequestURI())) {
return true;
}
//权限路径拦截
ServletOutputStream opStream=arg1.getOutputStream();
final String headerToken=arg0.getHeader("Authorization");
//判断请求信息
if(null==headerToken||headerToken.trim().equals("")){
opStream.println("You don't have token and need to login");
arg1.setStatus(401);//token为空,需要登录
return false;
}
//解析Token信息
try {
Claims claims = Jwts.parser().setSigningKey("PROTGAS.D.ACE").parseClaimsJws(headerToken).getBody();
String tokenUserId=(String)claims.get("userId");
int userId=Integer.parseInt(tokenUserId);
//根据客户Token查找数据库Token
UserToken userToken=userTokenBusinessService.selectByPrimaryKey(userId);
String myToken = userToken.getUserToken();
//数据库没有Token记录
if(null==myToken) {
opStream.println("I don't have your token and need to login");
arg1.setStatus(401);//token为空,需要登录
return false;
}
//数据库Token与客户Token比较
if( !myToken.equals(hea