之前项目中用到了APP接口问题 在项目中一般会用到webservice与websocket来实现接口数据的接收与发送即信息的传递
web是实时接收发送数据 ---暂且不说
下面说下webservice接口的实现方式 --什么是webservice 链接 https://baike.so.com/doc/5411995-5650117.html
下面来说下在Javaspringboot中实现自定义token验证
首先设置拦截器
@SuppressWarnings({"deprecation","rawtypes","unchecked"})
@Configuration
public class WebConfig extends WebMvcConfigurerAdapter {
/**
* 增加对rest api鉴权的spring mvc拦截器
*/
@Override
public void addInterceptors(InterceptorRegistry registry) {
//InterceptorRegistry 拦截器注册器
//new RestApiInteceptor真正拦截器
//下面表示拦截所有 /sqApi的请求
registry.addInterceptor(new RestApiInteceptor()).addPathPatterns("/sqApi/**");
}
}
其次设置拦截内容即RestApiInteceptor类
public class RestApiInteceptor extends HandlerInterceptorAdapter {
/*preHandle表示请求前拦截
*如果implements HandlerInterceptor类的话还会有
* postHandle请求时拦截afterCompletion请求后拦截
*/
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
if (handler instanceof org.springframework.web.servlet.resource.ResourceHttpRequestHandler) {
return true;
}
HandlerMethod handlerMethod = (HandlerMethod) handler;
return check(request, response, handlerMethod);
}
private boolean check(HttpServletRequest request, HttpServletResponse response, HandlerMethod handlerMethod) {
if (request.getServletPath().equals(JwtConstants.AUTH_PATH)) {
return true;
}
final String requestHeader = request.getHeader(JwtConstants.AUTH_HEADER);
String authToken;
//配置token
if (requestHeader != null && requestHeader.startsWith(JwtConstants.START_STR)) {
authToken = requestHeader.substring(JwtConstants.START_NUM);
//验证token是否过期,包含了验证jwt是否正确
try {
boolean flag = JwtTokenUtil.isTokenExpired(authToken);
if (flag) {
RenderUtil.renderJson(response, new ErrorTip(BizExceptionEnum.TOKEN_EXPIRED.getStatus(), BizExceptionEnum.TOKEN_EXPIRED.getMessage()));
return false;
}
} catch (JwtException e) {
//有异常就是token解析失败
RenderUtil.renderJson(response, new ErrorTip(BizExceptionEnum.TOKEN_ERROR.getStatus(), BizExceptionEnum.TOKEN_ERROR.getMessage()));
return false;
}
} else {
//header没有带Bearer字段
RenderUtil.renderJson(response, new ErrorTip(BizExceptionEnum.TOKEN_ERROR.getStatus(), BizExceptionEnum.TOKEN_ERROR.getMessage()));
return false;
}
return true;
}
}
首先生成token加密方式自己定义
各种工具类了首先请求配置类
public interface JwtConstants {
String AUTH_HEADER = "Authorization";
String START_STR = "Bearer ";
Integer START_NUM = 7;
String SECRET = "defaultSecret";
String MD5KEY = "randomKey";
Long EXPIRATION = 604800L;
String AUTH_PATH = "/sqApi/auth";
}
下面就是token的各种配置了
@Component
public class JwtTokenUtil {
/**
* 获取用户名从token中
*/
public String getUsernameFromToken(String token) {
return getClaimFromToken(token).getSubject();
}
/**
* 获取jwt发布时间
*/
public Date getIssuedAtDateFromToken(String token) {
return getClaimFromToken(token).getIssuedAt();
}
/**
* 获取jwt失效时间
*/
public static Date getExpirationDateFromToken(String token) {
return getClaimFromToken(token).getExpiration();
}
/**
* 获取jwt接收者
*/
public String getAudienceFromToken(String token) {
return getClaimFromToken(token).getAudience();
}
/**
* 获取私有的jwt claim
*/
public static String getPrivateClaimFromToken(String token, String key) {
return getClaimFromToken(token).get(key).toString();
}
/**
* 获取md5 key从token中
*/
public static String getMd5KeyFromToken(String token) {
return getPrivateClaimFromToken(token,JwtConstants.MD5KEY);
}
/**
* 获取jwt的payload部分
*/
public static Claims getClaimFromToken(String token) {
return Jwts.parser()
.setSigningKey(JwtConstants.SECRET)
.parseClaimsJws(token)
.getBody();
}
/**
* 解析token是否正确,不正确会报异常<br>
*/
public void parseToken(String token) throws JwtException {
Jwts.parser().setSigningKey(JwtConstants.SECRET).parseClaimsJws(token).getBody();
}
/**
* <pre>
* 验证token是否失效
* true:过期 false:没过期
* </pre>
*/
public static Boolean isTokenExpired(String token) {
try {
final Date expiration = getExpirationDateFromToken(token);
return expiration.before(new Date());
} catch (ExpiredJwtException expiredJwtException) {
return true;
}
}
/**
* 生成token(通过用户名和签名时候用的随机数)
*/
public String generateToken(String userName, String randomKey) {
Map<String, Object> claims = new HashMap<>();
claims.put(JwtConstants.MD5KEY, randomKey);
return doGenerateToken(claims, userName);
}
/**
* 生成token
*/
private String doGenerateToken(Map<String, Object> claims, String subject) {
final Date createdDate = new Date();
final Date expirationDate = new Date(createdDate.getTime() + JwtConstants.EXPIRATION * 1000);
return Jwts.builder()
.setClaims(claims)
.setSubject(subject)
.setIssuedAt(createdDate)
.setExpiration(expirationDate)
.signWith(SignatureAlgorithm.HS512, JwtConstants.SECRET)
.compact();
}
/**
* 获取混淆MD5签名用的随机字符串
*/
public String getRandomKey() {
return ToolUtil.getRandomString(6);
}
}
其次就是发送错误或者正确数据了
public class RenderUtil {
/**
* 渲染json对象
*/
public static void renderJson(HttpServletResponse response, Object jsonObject) {
try {
response.setContentType("application/json");
response.setCharacterEncoding("UTF-8");
PrintWriter writer = response.getWriter();
writer.write(JSON.toJSONString(jsonObject));
} catch (IOException e) {
throw new SqException(SqExceptionEnum.WRITE_ERROR);
}
}
}