1. 依赖
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt</artifactId>
<version>0.9.1</version>
</dependency>
2. 配置文件(动态获取值)
# 加密
jwt:
secret: A0B1C2D3E4F5G6H7I8J9KALBMCNDOEPFQ0R1S2T3U4V5W6X7Y8Z9
# tocken 过期时间,单位秒
expire: 300
3. 自己写工具类
@ConfigurationProperties(prefix = "jwt") //获取yamL的值
@Component //获取yamL的值
public class JwtUtil {
@Value("${jwt.secret}")
private static String secret; //私钥
/**
* @param subject 消息体
* @param issueDate 签发时间
* @return
*/
public static String createToken(String subject, Date issueDate){
Calendar calendar = Calendar.getInstance();
calendar.setTime(issueDate);
calendar.add(Calendar.DAY_OF_MONTH,20); //20天后过期
String compact = Jwts.builder().setSubject(subject)
.setIssuedAt(issueDate)
.setExpiration(calendar.getTime()) //生成token的过期时间
.signWith(SignatureAlgorithm.HS512, secret)
.compact();
return compact;
}
public static String parseToken(String token){
try {
Claims claims = Jwts.parser().setSigningKey(secret).parseClaimsJws(token).getBody();
if(claims!=null){
return claims.getSubject();
}
}catch (ExpiredJwtException e){
e.printStackTrace();
System.out.println("jwt过期了");
}
return "";
}
}
4. 在过滤器中验证token
@Component
@WebFilter(urlPatterns = "/**") //过滤的地址
public class FilterConfig implements Filter {
@Override
public void init(javax.servlet.FilterConfig filterConfig) throws ServletException {
System.out.println("初始化了");
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) servletRequest;
String token = request.getHeader("token");
if(StringUtils.isEmpty(token)){
System.out.println("你没有登录");
}else {
String s = JwtUtil.parseToken(token);
if(!StringUtils.isEmpty(s)){
System.out.println("过了");
filterChain.doFilter(request,servletResponse);
}
}
}
}