jwt

JSON Web Token，其实token就是一段字符串，由三部分组成：Header，Payload，Signature

①加入依赖

<dependency>
    <groupId>com.auth0</groupId>
    <artifactId>java-jwt</artifactId>
    <version>3.4.0</version>
</dependency>

View Code

②自建工具类

public class JwtUtil {

    //过期时间
    private static final long EXPIRE_TIME = 120 * 60 * 1000;
    //私钥
    private static final String TOKEN_SECRET = "gmnfdc";


    public static String createToken(Nfuser user) {
        try {
            String json = JSON.toJSONString(user);
            // 设置过期时间
            Date date = new Date(System.currentTimeMillis() + EXPIRE_TIME);
            // 私钥和加密算法
            Algorithm algorithm = Algorithm.HMAC256(TOKEN_SECRET);

            // 返回token字符串
            return JWT.create().withIssuer("auth0").withSubject(json)
                    .withClaim("loginname", user.getLoginname())
                    .withClaim("cnname", user.getCnname())
                    .withClaim("id", user.getId())
                    .withExpiresAt(date).sign(algorithm);
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    public static boolean verifyToken(String token) {
        try {
            Algorithm algorithm = Algorithm.HMAC256(TOKEN_SECRET);
            JWTVerifier verifier = JWT.require(algorithm)
                    .withIssuer("auth0")
                    .build(); //Reusable verifier instance
            DecodedJWT jwt = verifier.verify(token);
            return true;
        } catch (JWTVerificationException e) {
            e.printStackTrace();
            return false;
        }
    }

    public  static String getClaim(String token,String key)
    {
        try {
            DecodedJWT jwt = JWT.decode(token);
            return jwt.getClaim(key).asString();
        } catch (JWTVerificationException e) {
            e.printStackTrace();
            return null;
        }
    } 
}

View Code

③登录后返回token

            String token = JwtUtil.createToken(nfuser);
            response.addHeader("token", token);

View Code

④控制器拦截类，用到了mybatisplus的返回类

public class RedisSessionInterceptor implements HandlerInterceptor {



    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {

        String token = request.getHeader("Authorization");
        if (!StringUtils.isNull(token) && JwtUtil.verifyToken(token)) {
            return true;
        } else {
            responseCode(response, "400");
            return false;
        }
    }


    @Override
    public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {

    }

    @Override
    public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {

    }

    private void responseCode(HttpServletResponse response, String code) {
        try {
            response.getWriter().print(JSONObject.toJSONString(R.failed(code)));
        } catch (IOException e) {
            e.printStackTrace();
        }
    }
}

View Code

⑤axios增加拦截，登录成功后会存储token到本地

window.localStorage.setItem('user', JSON.stringify(successResponse.data.data))
window.localStorage.setItem('token', successResponse.headers["token"])

View Code

axios.interceptors.request.use(
  config => {
    const token = window.localStorage.getItem("token");
    config.headers.Authorization = token
    return config;
  },
  error => {
       return Promise.reject(error); 
  }
);
axios.interceptors.response.use(
  response => { 
    if (response.data.code === -1 && response.data.msg == "400") {
      router.replace({
        name: 'Login',
        query: {
          redirect: router.currentRoute.fullPath
        }
      })
    }
    return response;
    // return Promise.reject(response);
  },
 
  error => { 
    return Promise.reject(error);
  }
);

View Code