JSON Web Token,其实token就是一段字符串,由三部分组成:Header,Payload,Signature
①加入依赖
![](https://images.cnblogs.com/OutliningIndicators/ContractedBlock.gif)
<dependency> <groupId>com.auth0</groupId> <artifactId>java-jwt</artifactId> <version>3.4.0</version> </dependency>
②自建工具类
![](https://images.cnblogs.com/OutliningIndicators/ContractedBlock.gif)
public class JwtUtil { //过期时间 private static final long EXPIRE_TIME = 120 * 60 * 1000; //私钥 private static final String TOKEN_SECRET = "gmnfdc"; public static String createToken(Nfuser user) { try { String json = JSON.toJSONString(user); // 设置过期时间 Date date = new Date(System.currentTimeMillis() + EXPIRE_TIME); // 私钥和加密算法 Algorithm algorithm = Algorithm.HMAC256(TOKEN_SECRET); // 返回token字符串 return JWT.create().withIssuer("auth0").withSubject(json) .withClaim("loginname", user.getLoginname()) .withClaim("cnname", user.getCnname()) .withClaim("id", user.getId()) .withExpiresAt(date).sign(algorithm); } catch (Exception e) { e.printStackTrace(); return null; } } public static boolean verifyToken(String token) { try { Algorithm algorithm = Algorithm.HMAC256(TOKEN_SECRET); JWTVerifier verifier = JWT.require(algorithm) .withIssuer("auth0") .build(); //Reusable verifier instance DecodedJWT jwt = verifier.verify(token); return true; } catch (JWTVerificationException e) { e.printStackTrace(); return false; } } public static String getClaim(String token,String key) { try { DecodedJWT jwt = JWT.decode(token); return jwt.getClaim(key).asString(); } catch (JWTVerificationException e) { e.printStackTrace(); return null; } } }
③登录后返回token
![](https://images.cnblogs.com/OutliningIndicators/ContractedBlock.gif)
String token = JwtUtil.createToken(nfuser);
response.addHeader("token", token);
④控制器拦截类,用到了mybatisplus的返回类
![](https://images.cnblogs.com/OutliningIndicators/ContractedBlock.gif)
public class RedisSessionInterceptor implements HandlerInterceptor { @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { String token = request.getHeader("Authorization"); if (!StringUtils.isNull(token) && JwtUtil.verifyToken(token)) { return true; } else { responseCode(response, "400"); return false; } } @Override public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception { } @Override public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception { } private void responseCode(HttpServletResponse response, String code) { try { response.getWriter().print(JSONObject.toJSONString(R.failed(code))); } catch (IOException e) { e.printStackTrace(); } } }
⑤axios增加拦截,登录成功后会存储token到本地
![](https://images.cnblogs.com/OutliningIndicators/ContractedBlock.gif)
window.localStorage.setItem('user', JSON.stringify(successResponse.data.data))
window.localStorage.setItem('token', successResponse.headers["token"])
![](https://images.cnblogs.com/OutliningIndicators/ContractedBlock.gif)
axios.interceptors.request.use( config => { const token = window.localStorage.getItem("token"); config.headers.Authorization = token return config; }, error => { return Promise.reject(error); } ); axios.interceptors.response.use( response => { if (response.data.code === -1 && response.data.msg == "400") { router.replace({ name: 'Login', query: { redirect: router.currentRoute.fullPath } }) } return response; // return Promise.reject(response); }, error => { return Promise.reject(error); } );