文章目录
JWT登录模块
添加pom依赖
<!--JWT-->
<dependency>
<groupId>com.auth0</groupId>
<artifactId>java-jwt</artifactId>
<version>3.10.3</version>
</dependency>
利用工具类生成token
package com.ww.car.utils;
import cn.hutool.core.date.DateUtil;
import com.auth0.jwt.JWT;
import com.auth0.jwt.algorithms.Algorithm;
import java.util.Date;
public class TokenUtils {
public static String genToken(String userId,String sign){
/**
* 生成token
* @return
*/
return JWT.create().withAudience(userId) // 将 user id 保存到 token 里面,作为载荷
.withExpiresAt(DateUtil.offsetHour(new Date(),2)) //五分钟后token过期
.sign(Algorithm.HMAC256(sign)); // 以 password 作为 token 的密钥
}
}
UserService中返回token数据
验证
重新尝试登录,在网络部分能够看到token的三部分数据
更改request.js
验证
表示每次登录的时候,都会获取一个token放在请求头里,带给后台,后台收到请求后进行验证,验证其是否合法
设置拦截器
JWTInterceptor
package com.ww.car.common.intercepter;
import cn.hutool.core.util.StrUtil;
import com.auth0.jwt.JWT;
import com.auth0.jwt.JWTVerifier;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.exceptions.JWTDecodeException;
import com.auth0.jwt.exceptions.JWTVerificationException;
import com.ww.car.common.Constants;
import com.ww.car.entity.User;
import com.ww.car.exception.ServiceException;
import com.ww.car.service.IUserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.HandlerInterceptor;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class JWTInterceptor implements HandlerInterceptor {
@Autowired
private IUserService userService;
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
String token = request.getHeader("token");
//如果不是映射到方法直接通过
if (!(handler instanceof HandlerMethod)){
return true;
}
//执行认证
if(StrUtil.isBlank(token)){
throw new ServiceException(Constants.CODE_401,"无token,请重新登录");
}
//获取token中的userid
String userId;
try{
userId = JWT.decode(token).getAudience().get(0);
}catch (JWTDecodeException j){
throw new ServiceException(Constants.CODE_401,"token验证失败");
}
//根据token中的UserId查询数据库
User user = userService.getById(userId);
if(user == null){
throw new ServiceException(Constants.CODE_401,"用户不存在,请重新登录");
}
//验证token
JWTVerifier jwtVerifier = JWT.require(Algorithm.HMAC256(user.getPassword())).build();
try{
jwtVerifier.verify(token);
}catch (JWTVerificationException e){
throw new ServiceException(Constants.CODE_401,"token验证失败,请重新登录");
}
return true;
}
}
拦截器InterceptorConfig
package com.ww.car.config;
import com.ww.car.config.intercepter.JWTInterceptor;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
@Configuration
public class InterceptorConfig implements WebMvcConfigurer {
@Override
public void addInterceptors(InterceptorRegistry registry){
registry.addInterceptor(jwtInterceptor())
.addPathPatterns("/**") //拦截所有请求,通过判断token是否合法来决定是否需要登录
.excludePathPatterns("/user/login","user/register","**/export","**/import");
}
@Bean
public JWTInterceptor jwtInterceptor(){
return new JWTInterceptor();
}
}
request.js做相应增加
则不登录就无法显示数据
后台通过token获取用户信息
TokenUtils类增加如下方法
/**
* 获取当前登录的用户信息
* 静态方法只能使用静态对象
*/
public static User getCurrentUser(){
try{
HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
String token = request.getHeader("token");
if(StrUtil.isNotBlank(token)){
String userId = JWT.decode(token).getAudience().get(0);
return staticUserService.getById(Integer.valueOf(userId));
}
}catch (Exception e){
return null;
}
return null;
}
Controller的查找方法添加如下语句,刷新用户界面,控制台打印用户名