pom.xml依赖(jar包)
<!-- JWT相关 -->
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt</artifactId>
<version>0.7.0</version>
</dependency>
<!--java与json数据转换-->
<dependency>
<groupId>net.sf.json-lib</groupId>
<artifactId>json-lib</artifactId>
<version>2.2.3</version>
<classifier>jdk15</classifier>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<optional>true</optional>
</dependency>
<dependency>
<groupId>com.auth0</groupId>
<artifactId>java-jwt</artifactId>
<version>3.1.0</version>
</dependency>
<!-- https://mvnrepository.com/artifact/com.alibaba/fastjson -->
<dependency>
<groupId>com.alibaba</groupId>
<artifactId>fastjson</artifactId>
<version>1.2.47</version>
</dependency>
entity层
package com.jwt.demo.entity;
import lombok.Data;
@Data
public class SysUser {
private int id;
private String username;
private String password;
public SysUser(String username, String password){
this.username = username;
this.password = password;
}
public int getId() {
return id;
}
public void setId(int id) {
this.id = id;
}
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
}
dao层
package com.jwt.demo.dao;
import com.jwt.demo.entity.SysUser;
import org.springframework.stereotype.Component;
import java.util.List;
@Component
public interface SysUserDao {
boolean login(SysUser user);
List<SysUser> getList();
}
service层
package com.jwt.demo.service;
import com.jwt.demo.entity.SysUser;
import org.springframework.stereotype.Service;
import java.util.List;
@Service
public interface SysUserService {
boolean login(SysUser user);
List<SysUser> getList();
}
serviceImpl层
package com.jwt.demo.service.serviceImpl;
import com.jwt.demo.entity.SysUser;
import com.jwt.demo.service.SysUserService;
import org.springframework.stereotype.Service;
import java.util.ArrayList;
import java.util.List;
@Service
public class SysUserServiceImpl implements SysUserService {
@Override
public boolean login(SysUser user) {
String username = user.getUsername();
String password = user.getPassword();
if(username.equals("admin") && password.equals("123456")){
return true;
}
return false;
}
@Override
public List<SysUser> getList() {
SysUser user1 = new SysUser("admin1", "123456");
SysUser user2 = new SysUser("admin2", "123456");
SysUser user3 = new SysUser("admin3", "123456");
List<SysUser> list = new ArrayList<>();
list.add(user1);
list.add(user2);
list.add(user3);
return list;
}
}
util工具–使用jwt完成签名生成方法与验证方法
package com.jwt.demo.util;
import com.auth0.jwt.JWT;
import com.auth0.jwt.JWTVerifier;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.interfaces.DecodedJWT;
import com.jwt.demo.entity.SysUser;
import java.util.Date;
public class TokenUtil {
/*
过期时间为24小时,毫秒计时的---毫秒--》秒--》分--》小时--》天
*/
private static final long EXPIRE_TIME= 60 * 24 * 60 * 1000;
/**
* 密钥,注意这里如果真实用到,应当设置到复杂点,相当于私钥的存在。如果被人拿到,相当于它可以自己制造token了。
*/
private static final String TOKEN_SECRET="token-xy"; //密钥盐
/**
* 签名生成
* @param user
* @return
*/
public static String sign(SysUser user){
String token = null;
try {
Date expiresAt = new Date(System.currentTimeMillis() + EXPIRE_TIME);
token = JWT.create()
.withIssuer("小宇不吃饭")//自定义的
.withClaim("username", user.getUsername())
.withExpiresAt(expiresAt)
// 使用了HMAC256加密算法。
.sign(Algorithm.HMAC256(TOKEN_SECRET));
} catch (Exception e){
e.printStackTrace();
}
return token;
}
/**
* 签名验证
* @param token
* @return
*/
public static boolean verify(String token){
try {
JWTVerifier verifier = JWT.require(Algorithm.HMAC256(TOKEN_SECRET)).withIssuer("小宇不吃饭").build();//自定义的
DecodedJWT jwt = verifier.verify(token);
System.out.println("认证通过:");
System.out.println("issuer: " + jwt.getIssuer());
System.out.println("username: " + jwt.getClaim("username").asString());
System.out.println("过期时间:" + jwt.getExpiresAt());
return true;
} catch (Exception e){
return false;
}
}
}
interceptor–添加拦截器
package com.jwt.demo.interceptor;
import com.alibaba.fastjson.JSONObject;
import com.jwt.demo.util.TokenUtil;
import org.springframework.stereotype.Component;
import org.springframework.web.servlet.HandlerInterceptor;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.PrintWriter;
@Component
public class TokenInterceptor implements HandlerInterceptor {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response,Object handler)throws Exception{
if(request.getMethod().equals("OPTIONS")){
response.setStatus(HttpServletResponse.SC_OK);
return true;
}
response.setCharacterEncoding("utf-8");
String token = request.getHeader("token");
if(token != null){
boolean result = TokenUtil.verify(token);
if(result){
System.out.println("通过拦截器");
return true;
}
}
response.setCharacterEncoding("UTF-8");
response.setContentType("application/json; charset=utf-8");
PrintWriter out = null;
try{
JSONObject json = new JSONObject();
json.put("success","false");
json.put("msg","认证失败,未通过拦截器");
json.put("code","50000");
response.getWriter().append(json.toJSONString());
System.out.println("认证失败,未通过拦截器");
// response.getWriter().write("50000");
}catch (Exception e){
e.printStackTrace();
response.sendError(500);
return false;
}
return false;
}
}
config–配置拦截器
package com.jwt.demo.config;
import com.jwt.demo.interceptor.TokenInterceptor;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
import java.util.ArrayList;
import java.util.List;
/**
* 拦截器配置
*/
@Configuration
public class IntercepterConfig implements WebMvcConfigurer {
private TokenInterceptor tokenInterceptor;
//构造方法
public IntercepterConfig(TokenInterceptor tokenInterceptor){
this.tokenInterceptor = tokenInterceptor;
}
@Override
public void addInterceptors(InterceptorRegistry registry){
List<String> excludePath = new ArrayList<>();
excludePath.add("/user_register"); //注册
excludePath.add("/login"); //登录
excludePath.add("/logout"); //登出
excludePath.add("/static/**"); //静态资源
excludePath.add("/assets/**"); //静态资源
registry.addInterceptor(tokenInterceptor)
.addPathPatterns("/**") // 拦截所有请求,通过判断是否有 @LoginRequired 注解 决定是否需要登录
// .excludePathPatterns("/user")//不拦截的
.excludePathPatterns(excludePath);
WebMvcConfigurer.super.addInterceptors(registry);
}
}
controller层
package com.jwt.demo.controller;
import com.jwt.demo.entity.SysUser;
import com.jwt.demo.service.SysUserService;
import com.jwt.demo.util.TokenUtil;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpRequest;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.PrintWriter;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
//@RestController
@Controller
public class UserController {
@Autowired
private SysUserService userService;
// @RequestMapping("/user")
// public String user(){
// return "user";
// }
@GetMapping(value="/login")
@ResponseBody
public Map<String,Object> login(HttpServletRequest request,Model model) throws Exception{
String username = request.getParameter("username");
String password = request.getParameter("password");
Map<String,Object> map = new HashMap<>();
SysUser user = new SysUser(username,password);
if(userService.login(user)){
String token = TokenUtil.sign(user);
if(token != null){
map.put("code", "10000");
map.put("message", "认证成功");
map.put("token", token);
System.out.println(map);
return map;
}
}
map.put("code", "0000");
map.put("message", "认证失败");
System.out.println(map);
// model.addAttribute("yyy",map);
return map;
}
@GetMapping(value="/getList")
@ResponseBody
public List<SysUser> getList(){
List userList = userService.getList();
return userList;
}
}
使用postman进行验证
输入错误
输入正确
复制token,放到headers中
控制太会输出登录的信息和token的使用时间,具体可以到util工具包中修改