添加依赖
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt</artifactId>
<version>0.7.0</version>
</dependency>
创建工具类,创建token跟解析token
package com.mydemojava.utils;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.JwtBuilder;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import org.springframework.boot.context.properties.ConfigurationProperties;
import java.util.Date;
//yml配置文件
@ConfigurationProperties("jwt.config")
public class createJWTUtil {
private String key;
private long exp;
private String prefix;
public String getKey() {
return key;
}
public void setKey(String key) {
this.key = key;
}
public long getExp() {
return exp;
}
public void setExp(long exp) {
this.exp = exp;
}
public String getPrefix() {
return prefix;
}
public void setPrefix(String prefix) {
this.prefix = prefix;
}
/**
* 签发jwt
* @param id
* @param subject
* @param role
* @return
*/
public String createJwt(String id,String subject,String role){
long nowMillis = System.currentTimeMillis();
Date now =new Date(nowMillis);
JwtBuilder builder= Jwts.builder()
.setId(id)
.signWith(SignatureAlgorithm.HS256,key)//设置密钥
.setSubject(subject)//用户名
.claim("role",role)//角色权限
.setIssuedAt(now);//签发时间
// if (exp>0){
// builder.setExpiration(new Date(nowMillis+exp));
// }
return builder.compact();
}
/**
* 解析token
* @param token
* @return
*/
public Claims parseJwt(String token){
Claims claims = Jwts.parser().
setSigningKey(key). //当初签发时的秘钥
parseClaimsJws(token). //token字符串
getBody();
return claims;
}
}
添加拦截器
package com.mydemojava.Interceptor;
import com.mydemojava.utils.createJWTUtil;
import com.sun.org.apache.xpath.internal.functions.FuncStartsWith;
import io.jsonwebtoken.Claims;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.env.Environment;
import org.springframework.stereotype.Component;
import org.springframework.util.StringUtils;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@Component
public class JwtInterceptor extends HandlerInterceptorAdapter {
@Autowired
private createJWTUtil jwtUtil;
@Autowired
private Environment env;
//拦截器验证token
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
String auth = request.getHeader("auth");
//配置文件的数据
String prefix = env.getProperty("jwt.config.prefix");
//auth.startsWith(prefix)以什么开头
if (!StringUtils.isEmpty(auth)&& auth.startsWith(prefix)){
//截取token
String token = auth.substring(prefix.length());
//解析token
Claims claims = jwtUtil.parseJwt(token);
if ("admin".equals(claims.get("role"))){
request.setAttribute("auth_role",claims);
}
if ("user".equals(claims.get("role"))){
request.setAttribute("auth_user",claims);
}
}
return true;
}
}
把拦截器注册到spring中
package com.mydemojava.config;
import com.mydemojava.Interceptor.JwtInterceptor;
import com.mydemojava.utils.createJWTUtil;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurationSupport;
@Configuration
public class Applicationconfig extends WebMvcConfigurationSupport {
@Autowired
private JwtInterceptor jwtInterceptor;
//把JwtInterceptor添加到拦截器
@Override
protected void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(jwtInterceptor)
.addPathPatterns("/**")
.excludePathPatterns("/**");
}
}
后端验证登录成功后签发token
String token = jwtUtli.createJwt(myMessage.getId(), myMessage.getName(), myMessage.getRole());
//把token的信息存到map中,前端不用就解析了
HashMap<String, String> map = new HashMap<>();
map.put("token", token);
map.put("name", myMessage.getName());
map.put("role", myMessage.getRole());
return new Result("登录成功", map);