Token的含义就不说了: 其他网站有说明哦
上代码: 以下 分三部份
第一部分: JWTToken的 加密/解密
import java.security.Key;
import java.util.Map;
import javax.crypto.spec.SecretKeySpec;
import javax.xml.bind.DatatypeConverter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
public class JavaWebToken {
private static Logger log = LoggerFactory.getLogger(JavaWebToken.class);
//该方法使用HS256算法和Secret:bankgl生成signKey
private static Key getKeyInstance() {
//We will sign our JavaWebToken with our ApiKey secret
SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.HS256;
byte[] apiKeySecretBytes = DatatypeConverter.parseBase64Binary("bankgl");
Key signingKey = new SecretKeySpec(apiKeySecretBytes, signatureAlgorithm.getJcaName());
return signingKey;
}
//使用HS256签名算法和生成的signingKey最终的Token,claims中是有效载荷
public static String createJavaWebToken(Map<String, Object> claims) {
return Jwts.builder().setClaims(claims).signWith(SignatureAlgorithm.HS256, getKeyInstance()).compact();
}
//解析Token,同时也能验证Token,当验证失败返回null
public static Map<String, Object> parserJavaWebToken(String jwt) {
try {
Map<String, Object> jwtClaims =
Jwts.parser().setSigningKey(getKeyInstance()).parseClaimsJws(jwt).getBody();
return jwtClaims;
} catch (Exception e) {
log.error("json web token verify failed");
return null;
}
}
}
第二部分: 拦截器的设置
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import lombok.extern.slf4j.Slf4j;
@Slf4j
public class AuthenticationInterceptor implements HandlerInterceptor {
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
throws Exception {
String url = request.getRequestURI();
log.info("---登录拦截器地址:-------"+url+"---------------------拦截器地址------");
// 如果不是登录操作 判断 session
if (!url.endsWith("api/getAdmin")) {
// 执行认证
String token = request.getHeader("token"); // 从 http 请求头中取出 token
log.info("---登录拦截器开始:-------"+token+"---------------------拦截器------");
log.info("---登录拦截器解码:-------"+JavaWebToken.parserJavaWebToken(token)+"---------------------拦截器------");
if (JavaWebToken.parserJavaWebToken(token) != null) {
// 表示token合法
// response.getWriter().write("{code:200,msg:'success'}");
return true;
} else {
// token不合法或者过期
// response.getWriter().write("{code:400,msg:'token不合法或者过期'}");
return false;
}
}
return true;
}
@Override
public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o,
ModelAndView modelAndView) throws Exception {
}
@Override
public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse,
Object o, Exception e) throws Exception {
}
}
第三部分: 在控制器Handler中 注册拦截器 -- 所有访问设置拦截
import org.springframework.context.annotation.Bean;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
@SuppressWarnings("deprecation")
//@Configuration
public class WebMvcConfigurer extends WebMvcConfigurerAdapter {
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(authenticationInterceptor())
.addPathPatterns("/**"); // 拦截所有请求,通过判断是否有 @LoginRequired 注解 决定是否需要登录
super.addInterceptors(registry);
}
@Bean
public AuthenticationInterceptor authenticationInterceptor() {
return new AuthenticationInterceptor();
}
}
第四: Controller 控制器:
@CrossOrigin
@RequestMapping(value="api/getAdmin", method = RequestMethod.POST)
public JSONObject getAdmin(@Param("email") String email,@Param("passWord") String passWord,HttpServletRequest request,
HttpServletResponse response ){
JSONObject jsonObject = new JSONObject();
String errcode = "{\"errcode\":\"400\"}"; // 登陆标识
String token = null;
Admin admin=adminRepository.findByEmail(email);
if (admin!=null){
if (passWord.equals(admin.getPassWord())){
Map<String,Object> m = new HashMap<String,Object>();
m.put("email", admin.getEmail());
token = JavaWebToken.createJavaWebToken(m);
token = "{\"token\":\""+token+"\"}";
// errcode = "{\"errcode\":\"200\",\"token\":\""+token+"\"}";
// _logger.info("---用户登录成功:-------返回的errcode是:"+errcode+"------------------------------");
_logger.info("---用户登录成功:-------携带的Token是:"+token+"------------------------------");
_logger.info("---用户登录成功:-------Token解码为:"+JSONObject.fromObject(token).toString()+"---------------------拦截器------");
// return JSONObject.fromObject(errcode);
return JSONObject.fromObject(token);
}
_logger.info("---用户登录失败:-------携带的Token是:"+token+"------------------------------");
}
return JSONObject.fromObject(token);
}