JWT(JSON Web Token)
生成JWT
-
添加依赖
<dependency> <groupId>com.auth0</groupId> <artifactId>java-jwt</artifactId> <version>3.10.3</version> </dependency> <dependency> <groupId>io.jsonwebtoken</groupId> <artifactId>jjwt</artifactId> <version>0.9.1</version> </dependency> -
生成token
String token = builder.setSubject(name) //主题,就是token中携带的数据 .setIssuedAt(new Date()) //设置token的生成时间 .setId(user.getUserId() + "") //设置用户id为token id .setClaims(hashMap) //map中可以存放用户的角色权限信息 .setExpiration(new Date(System.currentTimeMillis() + 24 * 60 * 60 * 1000)) //设置token过期时间 .signWith(SignatureAlgorithm.ES256, "jyh9961") .compact(); //设置加密方式和加密密码 -
解析token
if(token == null){ return new ResultVO(ResStatus.NO.getCode(), "请登录", null); }else { //验证token JwtParser parser = Jwts.parser();//解析器 parser.setSigningKey("jyh9961");//解析token的密码必须与生成的一致 try { Jws<Claims> claimsJws = parser.parseClaimsJws(token); Claims body = claimsJws.getBody();//获取token中的数据 String subject = body.getSubject();//获取生成token设置的subject String v1 = body.get("key1",String.class);//获取生成token时储存的Claims的map中的值 return new ResultVO(ResStatus.OK.getCode(), "success", null); } catch (ExpiredJwtException e) { return new ResultVO(ResStatus.NO.getCode(), "登录过期,请重新登录", null); } catch (UnsupportedJwtException e) { return new ResultVO(ResStatus.NO.getCode(), "Token不合法", null); } catch (Exception e) { return new ResultVO(ResStatus.NO.getCode(), "请重新登录", null); } } -
拦截器校验Token
- 创建拦截器
public class CheckTokenInterceptor implements HandlerInterceptor { @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { String token = request.getParameter("token"); if(token == null){ ResultVO resultVO = new ResultVO(ResStatus.NO.getCode(), "请先登录", null); //提示先登录 doResponse(response, resultVO); }else { try { JwtParser parser = Jwts.parser();//解析器 parser.setSigningKey("jyh9961");//解析token的密码必须与生成的一致 Jws<Claims> claimsJws = parser.parseClaimsJws(token); return true; } catch (ExpiredJwtException e) { ResultVO resultVO = new ResultVO(ResStatus.NO.getCode(), "登录过期,请重新登录", null); doResponse(response, resultVO); } catch (UnsupportedJwtException e) { ResultVO resultVO = new ResultVO(ResStatus.NO.getCode(), "Token不合法,请重新登录", null); doResponse(response, resultVO); } catch (Exception e) { ResultVO resultVO = new ResultVO(ResStatus.NO.getCode(), "请先登录", null); doResponse(response, resultVO); } } return false; } private void doResponse(HttpServletResponse response,ResultVO resultVO) throws IOException { response.setContentType("application/json"); response.setCharacterEncoding("utf-8"); PrintWriter out = response.getWriter(); String s = new ObjectMapper().writeValueAsString(resultVO); out.print(s); out.flush(); out.close(); }-
配置拦截器
新建拦截器配置类
@Configuration
public class InterceptorConfig implements WebMvcConfigurer {
@Autowired
private CheckTokenInterceptor checkTokenInterceptor;
@Override
public void addInterceptors(InterceptorRegistry registry) {
//创建拦截url集合
ArrayList<String> PathPatternsList = new ArrayList<>();
PathPatternsList.add("/shopcart/**");
PathPatternsList.add("/orders/**");
registry.addInterceptor(checkTokenInterceptor)
//拦截的url
.addPathPatterns(PathPatternsList)
//放行的url
.excludePathPatterns("/user/**");
}
}
