1.在SpringBoot中配置JWT
-
maven依赖
<!--JWT--> <dependency> <groupId>com.auth0</groupId> <artifactId>java-jwt</artifactId> <version>3.4.0</version> </dependency> <!-- 跨域认证--> <dependency> <groupId>io.jsonwebtoken</groupId> <artifactId>jjwt</artifactId> <version>0.9.0</version> </dependency>
-
创建JWT拦截器类
package com.deepzero.asf.holmes.interceptors; import com.alibaba.fastjson.JSON; import com.auth0.jwt.exceptions.AlgorithmMismatchException; import com.auth0.jwt.exceptions.SignatureVerificationException; import com.auth0.jwt.exceptions.TokenExpiredException; import com.deepzero.asf.holmes.base.utils.JwtUtils; import org.springframework.web.servlet.HandlerInterceptor; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.security.SignatureException; import java.util.HashMap; /** * @Author: ShiDecai * @CreateTime: 2020-11-26 14:06 * @Description: token检验 */ public class JWTInterceptors implements HandlerInterceptor { @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { HashMap<String, Object> map = new HashMap<>(); String token = request.getHeader("Authorization"); try { JwtUtils.verify(token); map.put("state",true); return true; }catch (SignatureVerificationException e){ map.put("message","无效签名"); }catch (TokenExpiredException e){ map.put("message","token过期"); }catch (AlgorithmMismatchException e){ map.put("message","token加密算法不一致"); }catch (Exception e){ map.put("message","token无效"); } map.put("state",400); String json = JSON.toJSONString(map); response.setContentType("application/json;charset=UTF-8"); response.getWriter().println(json); return false; } }
-
配置JWT拦截器
import org.springframework.context.annotation.Configuration; import org.springframework.web.servlet.config.annotation.InterceptorRegistry; import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; /** * @Author: ShiDecai * @CreateTime: 2020-11-26 14:41 * @Description: 拦截器配置 */ @Configuration public class interceptorConfig implements WebMvcConfigurer { @Override public void addInterceptors(InterceptorRegistry registry) { registry.addInterceptor(new JWTInterceptors()) .addPathPatterns("/**") .excludePathPatterns("/user/**"); } }
2.JWT封装工具类
import com.auth0.jwt.JWT;
import com.auth0.jwt.JWTCreator;
import com.auth0.jwt.JWTVerifier;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.exceptions.JWTDecodeException;
import com.auth0.jwt.exceptions.JWTVerificationException;
import com.auth0.jwt.interfaces.DecodedJWT;
import org.springframework.boot.autoconfigure.security.oauth2.resource.OAuth2ResourceServerProperties;
import java.util.Calendar;
import java.util.Date;
import java.util.Map;
/**
* @Author: ShiDecai
* @CreateTime: 2020-11-24 17:50
* @Description: JWT封装工具类
*/
public class JwtUtils {
/**
* jwt 密钥
*/
private static final String SIGN = "!@#$%DEEP_ZREO^&*()";
public static String getToken(Map<String,String> map){
// 过期时间设置
Calendar instance = Calendar.getInstance();
instance.add(Calendar.DATE,7);
// 设置token信息
JWTCreator.Builder builder = JWT.create();
map.forEach((k,v)->{
builder.withClaim(k,v);
});
String token = builder.withExpiresAt(instance.getTime())
.sign(Algorithm.HMAC256(SIGN));
return token;
}
/**
* 验证token
* @param token
*/
public static void verify(String token){
JWT.require(Algorithm.HMAC256(SIGN)).build().verify(token);
}
/**
* 获得token内的信息
* @param token
* @return
*/
public static DecodedJWT getTokenInfo(String token){
DecodedJWT tokenInfo = JWT.require(Algorithm.HMAC256(SIGN)).build().verify(token);
return tokenInfo;
}
}
3.使用实例
public OperateResultVo login(UserInfo userInfo) {
OperateResultVo vo = new OperateResultVo();// 封装传参实体
String userName = userInfo.getUserName();
String passwd = userInfo.getPassword();
if (Objects.equals("",userName) || Objects.equals(userName,null) ||
Objects.equals(null,passwd) || Objects.equals("",passwd)){
vo.setSuccess(false);
vo.setMsg("账号密码不能为空");
return vo;
}
UserInfo userInfo1 = userInfoDao.getUser(userName,passwd);
if (Objects.equals(null,userInfo1) || Objects.equals("",userInfo1)){
vo.setSuccess(false);
vo.setMsg("账号或密码错误");
return vo;
}
HashMap<String, String> map = new HashMap<>();
map.put("roleName",userInfo.getRoleName());
map.put("userName",userInfo.getUserName());
String token = JwtUtils.getToken(map);
vo.setSuccess(true);
vo.setMsg("登陆成功");
vo.setToken(token);
return vo;
}