JWT的流程
使用JWT工具生成token令牌 --> 拦截器拦截请求 --> 对请求中的token令牌进行验证
相关依赖
<!--引入jwt-->
<dependency>
<groupId>com.auth0</groupId>
<artifactId>java-jwt</artifactId>
<version>3.9.0</version>
</dependency>
JWT Demo:
1.创建实体类
public class User {
private String userId;
private String username;
private String password;
@Override
public String toString() {
return "User{" +
"userId='" + userId + '\'' +
", username='" + username + '\'' +
", password='" + password + '\'' +
'}';
}
public String getUserId() {
return userId;
}
public void setUserId(String userId) {
this.userId = userId;
}
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
}
2.创建JWT工具类(用于加密、解密、验证)
@Component
public class TokenUtil {
// 过期时间
private static final long EXPIRE_TIME = 15 * 60 * 1000;
// 密钥
private static final String TOKEN = "token";
/**
* 生成token令牌
* @param user
* @return
*/
public static String sign(User user){
String token = null;
try{
Date expireDate = new Date(System.currentTimeMillis() + EXPIRE_TIME); //当前时间 + 自定义时间
token = JWT.create()
.withIssuer("auth0") //设置发行者
.withClaim("userId", user.getUserId()) //自定义声明
.withClaim("username", user.getUsername())
.withClaim("password", user.getPassword())
.withExpiresAt(expireDate) //设置过期时间
.sign(Algorithm.HMAC256(TOKEN)); //对JWT进行签名,指定算法加密
System.out.println("生成token令牌:" + token);
}catch (Exception e){
e.printStackTrace();
}
return token; //返回生成的token令牌
}
/**
* 验证token令牌
* @param token
* @return
*/
public static boolean verify(String token){
try {
JWTVerifier verifier = JWT.require(Algorithm.HMAC256(TOKEN)) //初始化JWT验证器,指定算法验证
.withIssuer("auth0").build();
DecodedJWT verify = verifier.verify(token); //验证信息
System.out.println("认证通过!");
return true;
}catch (Exception e){
System.out.println("认证失败!");
return false;
}
}
}
3.创建登录拦截器(用于拦截请求进行验证)
@Component
public class LoginInterceptor implements HandlerInterceptor{
/**
* 方法执行前拦截
* @param request
* @param response
* @param handler
* @return
* @throws Exception
*/
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
String token = request.getHeader("token"); //获取拦截请求的 token令牌
return TokenUtil.verify(token); //验证 token令牌
}
}
4.创建配置类(该类对拦截器进行注册和制定拦截规则)
@Configuration
public class WebConfig implements WebMvcConfigurer{
/**
* 拦截器实例
*/
@Autowired
private LoginInterceptor interceptor;
/**
* 添加拦截规则
* @param registry
*/
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(interceptor) //将interceptor对象注册到拦截器列表中
.addPathPatterns("/*") //对所有请求拦截
.excludePathPatterns("/login"); //对 /login 请求不拦截
}
}
5.创建JsonResult(用于统一请求的返回值格式)
public class JsonResult {
private Integer code;
private Object msg;
public JsonResult(){}
public JsonResult(Integer code, Object msg) {
this.code = code;
this.msg = msg;
}
}
5.创建Controller层(用于登录生成token令牌 和 请求验证token令牌是否成功)
@RestController
public class UserLogin {
/**
* 生成token令牌
* @param user
* @return
*/
@GetMapping("/login")
public JsonResult userLogin(User user){
user.setUserId("1");
String token = TokenUtil.sign(user);
return new JsonResult(200,token);
}
/**
* 使用token令牌测试
* @return
*/
@GetMapping("/test")
public JsonResult userTest(){
return new JsonResult(200,"查询到用户信息");
}
}
使用演示:
1.使用Apifox模拟前端发送请求
2.验证成功样式
3.验证失败样式