JSON Web Token
1.什么是JWT?
JSON Web Token (JWT)是⼀个开放标准(RFC 7519),它定义了⼀种紧凑的、⾃包含的⽅式,⽤于
作为JSON对象在各⽅之间安全地传输信息。该信息可以被验证和信任,因为它是数字签名的。
1.1.什么时候应该用JWT?
JSON Web Token (JWT)是⼀个开放标准,它定义了⼀种紧凑的、⾃包含的⽅式,⽤于
作为JSON对象在各⽅之间安全地传输信息。该信息可以被验证和信任,因为它是数字签名的。
1.2.认证流程
image-20210827165954270
image-20210827170034117
image-20210827170041709
1.3.JWT的优势在哪?
image-20210827170106840
1.4.JWT具体包含的信息
1.header
image-20210827170148205
2.Payload
image
3.Signature
image-20210827170243910
2.SpringBoot JWT 初始化
2.1整合POM
<dependencies>
<!--druid-->
<dependency>
<groupId>com.alibaba</groupId>
<artifactId>druid</artifactId>
<version>1.2.0</version>
</dependency>
<!--mysql-->
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>5.1.38</version>
</dependency>
<!--plus-->
<dependency>
<groupId>com.baomidou</groupId>
<artifactId>mybatis-plus-boot-starter</artifactId>
<version>3.4.3</version>
</dependency>
<!--jwt-->
<dependency>
<groupId>com.auth0</groupId>
<artifactId>java-jwt</artifactId>
<version>3.18.1</version>
</dependency>
<!-- spring -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
2.2测试JWT加密流程
image-20210827170525494
image-20210827170537381
3.封装工具类JWTUtils
image-20210827170611141
4.登录接口逻辑
@GetMapping("/user/login")
public Map<String, Object> login(User user) {
HashMap<String, Object> map = new HashMap<>();
try {
// find user in DB
User userDB = userService.login(user);
HashMap<String, String> payload = new HashMap<>();
// add info into payload
payload.put("id", String.valueOf(userDB.getId()));
payload.put("name", userDB.getName());
// 生成JWT的令牌
String token = JWTUtils.getToken(payload);
// return info to user login
map.put("state", true);
map.put("msg", "认证成功");
map.put("token", token);
} catch (Exception e) {
// can't find user
map.put("state", false);
map.put("msg", e.getMessage());
}
return map;
}
5.验证Token逻辑(原始)
@PostMapping("/user/test")
public Map<String, Object> test(String token) {
HashMap<String, Object> map = new HashMap<>();
/*
try {
JWTUtils.verify(token);
map.put("state", true);
map.put("msg", "请求成功!");
return map;
} catch (SignatureVerificationException e) {
// 过期异常
e.printStackTrace();
map.put("msg", "无效签名!");
} catch (TokenExpiredException e) {
// token不一致异常
e.printStackTrace();
map.put("msg", "token过期!");
} catch (AlgorithmMismatchException e) {
// 算法不一致异常
e.printStackTrace();
map.put("msg", "算法不一致!");
} catch (Exception e) {
e.printStackTrace();
map.put("msg", "无效签名!");
}
map.put("state", false);
*/
// 处理自己的业务逻辑
map.put("state", true);
map.put("msg", "请求成功");
return map;
}
6.JWT过滤器简化验证Token逻辑
image-20210827170642222
6.1创建JWT登录过滤器
image-20210827170650576
6.2注册JWT过滤器到Spring容器中
image-20210827170702967
