public class JwtUtil { private JwtUtil(){} //创建jwt public static String createJwt(Object subject){ long exp = System.currentTimeMillis() + (1 * 60 * 60 * 1000); JwtBuilder builder = Jwts.builder(); builder.setHeaderParam("typ","JWT") .setHeaderParam("alg", SignatureAlgorithm.HS256) .setSubject(JSON.toJSONString(subject)) .setExpiration(new Date(exp)) .setId(UUID.randomUUID()+"") .setIssuer("system") .signWith(SignatureAlgorithm.HS256,"123456"); return builder.compact(); } //解析jwt public static <T> T parseJwt(String jwt,Class<T> clazz){ JwtParser parser = Jwts.parser(); String subject = parser.setSigningKey("123456").parseClaimsJws(jwt).getBody().getSubject(); System.out.println(subject); return JSON.parseObject(subject,clazz); } private static Key encrypt(String key){ SecretKeySpec secretKeySpec = new SecretKeySpec(key.getBytes(),"AES"); return secretKeySpec; } //保证合法有效验证 拦截器 }
@Component @Slf4j public class JwtInterceptor implements HandlerInterceptor { @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { //X-Token //1获取jwt String token = request.getParameter("token"); if(token == null){ token = request.getHeader("X-Token"); } log.debug("token:--------"+token); //如果没有jwt则没有登录 if(token == null){ Result<Object> result = Result.fail(20004, "未登录"); response.setContentType("application/json;charset=utf-8"); response.getWriter().write(JSON.toJSONString(result)); return false; } //3验证jwt有效性 try { JwtUtil.parseJwt(token, UserInfo.class); } catch (Exception e) { e.printStackTrace(); Result<Object> result = Result.fail(20005, "登录凭证无效"); response.setContentType("application/json;charset=utf-8"); response.getWriter().write(JSON.toJSONString(result)); return false; } // 4 验证通过 放行 return true; }
@Configuration public class MyWebConfig implements WebMvcConfigurer { @Autowired private JwtInterceptor jwtInterceptor; @Override public void addInterceptors(InterceptorRegistry registry) { InterceptorRegistration registration = registry.addInterceptor(jwtInterceptor); registration.addPathPatterns("/**"); registration.excludePathPatterns("/user/login","/user/logout"); } }
<dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-core</artifactId> <version>5.5.3</version> </dependency> <dependency> <groupId>io.jsonwebtoken</groupId> <artifactId>jjwt</artifactId> <version>0.9.1</version> </dependency> <dependency> <groupId>com.alibaba</groupId> <artifactId>fastjson</artifactId> <version>1.2.67</version> </dependency>
//控制器
@ApiOperation("登录") @PostMapping("/login") public Result<Map<String,Object>> login(@RequestBody UserInfo param){ // param.setPassword(passwordEncoder.encode(param.getPassword())); log.debug("加密密码:"+param.getPassword()); UserInfo user = userInfoService.getUserByName(param.getUsername()); if(user == null ){ return Result.fail(20002,"用户名或密码错误"); } //密码判断 boolean matches = passwordEncoder.matches(param.getPassword(), user.getPassword()); if(!matches){ return Result.fail(20002,"用户名或密码错误"); } Map<String,Object> data = new HashMap<>(); user.setPassword(null); // data.put("token",user.getUsername()); data.put("token", JwtUtil.createJwt(user)); return Result.success(data); }