直接进入正题
引入依赖
<!-- token依赖-->
<dependency>
<groupId>com.auth0</groupId>
<artifactId>java-jwt</artifactId>
<version>3.10.0</version>
</dependency>
<!-- 序列化-->
<dependency>
<groupId>com.alibaba</groupId>
<artifactId>fastjson</artifactId>
</dependency>
<!-- token依赖 end-->
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<optional>true</optional>
</dependency>
实体类
@Data
public class User {
private Integer id;
private String name;
private String sex;
private String email;
private String phone;
private String password;
private String userpic;
private Integer isLocked;
@DateTimeFormat(pattern = "yyyy-MM-dd")
@JsonFormat(pattern = "yyyy-MM-dd")
private Date createdtime;
@DateTimeFormat(pattern = "yyyy-MM-dd")
@JsonFormat(pattern = "yyyy-MM-dd")
private Date updatedtime;
}
工具类
public class JwtUtils {
private static final String KEY = "casual";
/**
* 生成token
* @param user
* @return
*/
public static String createToken(User user){
// 设置过期时间,1天过期
Calendar calendar = Calendar.getInstance();
calendar.add(Calendar.DAY_OF_YEAR,1);
// claim :声明
JWTCreator.Builder builder = JWT.create()
// payload的内容,由一个个的claim组成
.withClaim("userInfo", JSON.toJSONString(user))
.withExpiresAt(calendar.getTime());
String token = builder.sign(Algorithm.HMAC256(KEY));
return token;
}
/**
* token校验
* @param token
* @return
*/
public static DecodedJWT verify (String token){
DecodedJWT verify = null;
try{
verify = JWT.require(Algorithm.HMAC256(KEY)).build().verify(token);
}catch (SignatureVerificationException e){
e.printStackTrace();
System.out.println("签名不一致");
}catch (TokenExpiredException e){
e.printStackTrace();
System.out.println("令牌过期");
}catch (AlgorithmMismatchException e){
e.printStackTrace();
System.out.println("签名算法不一致");
}catch (InvalidClaimException e){
e.printStackTrace();
System.out.println("payload不可用");
}catch (Exception e){
e.printStackTrace();
System.out.println("校验失败");
}
return verify;
}
/**
* token解析为User对象
* @return
*/
public static User tokenParse(DecodedJWT decodedJWT){
Claim claim = decodedJWT.getClaim("userInfo");
if (claim != null){
String userString = claim.asString();
User user = JSON.parseObject(userString,User.class);
return user;
}else {
return null;
}
}
}
测试类
public class Tokentest {
String token = null;
@Test
public void test(){
User user= new User();
user.setId(1);
user.setName("李华");
token = JwtUtil.createToken(user);
System.out.println(token);
DecodedJWT decodedJWT = JwtUtil.verify(token);
if (decodedJWT != null){
User user1 = JwtUtil.tokenParse(decodedJWT);
System.out.println(user1.toString());
}
}
}
结果
当然如果我们每个结果都写一次拦截判断就使得会代码变得冗余,所以我们需要写一个配置类来拦截请求
编写拦截器
//token统一拦截处理
/**
* token验证拦截
*/
@Configuration
public class JwtInterceptor implements HandlerInterceptor {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {
// 取得token
String token = request.getHeader("token");
if (token != null) {
DecodedJWT decodedJWT = JwtUtils.verify(token);
if (decodedJWT != null) {
User user = JwtUtils.tokenParse(decodedJWT);
// System.out.println(user);
System.out.println("我是拦截器的------》"+token);
if (user != null) {
return true;
} else {
return false;
}
} else {
return false;
}
} else {
return false;
}
}
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler,
ModelAndView modelAndView) throws Exception {
// TODO Auto-generated method stub
}
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex)
throws Exception {
// TODO Auto-generated method stub
}
}
@Configuration
public class CORSConfiguration extends WebMvcConfigurationSupport {
/**
* 这里主要为了解决跨域问题,所以重写addCorsMappings方法
*/
@Override
protected void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**")
.allowedOrigins("*")
.allowedMethods("GET", "HEAD", "POST","PUT", "DELETE", "OPTIONS")
.allowedHeaders("*")
.exposedHeaders("access-control-allow-headers",
"access-control-allow-methods",
"access-control-allow-origin",
"access-control-max-age",
"X-Frame-Options")
.allowCredentials(false).maxAge(3600);
super.addCorsMappings(registry);
}
/**
* 这里主要是处理token统一拦截,在引入JwtInterceptor类
* @param registry
*/
@Override
public void addInterceptors(InterceptorRegistry registry) {
//拦截路径可自行配置多个可用 ,分隔开,写控制层的路径
registry.addInterceptor(new JwtInterceptor()).addPathPatterns("/user/**");
}
}
效果
携带token
不携带token