######post######http://localhost:8080/login?username=1&password=1
################token:eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjE1OTA0ODg1NDUsInVzZXJuYW1lIjoiMSJ9.Tk6S2yECmtfLbk8_fE9Bw477rNuUMh1fNdFsI4BlmEo
**********************************************************************************************
######get######http://localhost:8080/api/test
######Header[token:eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjE1OTA0ODg1NDUsInVzZXJuYW1lIjoiMSJ9.Tk6S2yECmtfLbk8_fE9Bw477rNuUMh1fNdFsI4BlmEo]
1、pom.xml
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>com.auth0</groupId>
<artifactId>java-jwt</artifactId>
<version>3.10.3</version>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<version>1.18.12</version>
<scope>provided</scope>
</dependency>
2、SysUser
import lombok.Data;
@Data
public class SysUser {
private String username;
private String password;
}
3、JwtUtil
import com.auth0.jwt.JWT;
import com.auth0.jwt.JWTVerifier;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.interfaces.DecodedJWT;
import javax.servlet.http.HttpServletRequest;
import java.util.Date;
public class JwtUtil {
// Token过期时间30分钟
public static final long EXPIRE_TIME = 30 * 60 * 1000;
/* *
* @Author lsc
* <p> 校验token是否正确 </p>
* @Param token
* @Param username
* @Param secret
* @Return boolean
*/
public static boolean verify(String token, String username, String secret) {
try {
// 设置加密算法
Algorithm algorithm = Algorithm.HMAC256(secret);
JWTVerifier verifier = JWT.require(algorithm)
.withClaim("username", username).build();
// 效验TOKEN
DecodedJWT jwt = verifier.verify(token);
return true;
} catch (Exception exception) {
return false;
}
}
/* *
* @Author lsc
* <p>生成签名,30min后过期 </p>
* @Param [username, secret]
* @Return java.lang.String
*/
public static String sign(String username, String secret) {
Date date = new Date(System.currentTimeMillis() + EXPIRE_TIME);
Algorithm algorithm = Algorithm.HMAC256(secret);
// 附带username信息
return JWT.create().withClaim("username", username).withExpiresAt(date).sign(algorithm);
}
/* *
* @Author lsc
* <p> 获得用户名 </p>
* @Param [request]
* @Return java.lang.String
*/
public static String getUserNameByToken(HttpServletRequest request) {
String token = request.getHeader("token");
DecodedJWT jwt = JWT.decode(token);
return jwt.getClaim("username").asString();
}
}
4、Service
sysUserService
@Service
public class SysUserService {
public String getPassword(){
return "1";
}
}
5、Interceptor&Config
public class JwtInterceptor implements HandlerInterceptor {
@Autowired
SysUserService sysUserService;
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
// 从 http 请求头中取出 token
String token = request.getHeader("token");
// 如果不是映射到方法直接通过
if(!(handler instanceof HandlerMethod)){
return true;
}
if (token != null){
String username = JwtUtil.getUserNameByToken(request);
// 这边拿到的 用户名 应该去数据库查询获得密码,简略,步骤在service直接获取密码
boolean result = JwtUtil.verify(token,username,sysUserService.getPassword());
if(result){
System.out.println("通过拦截器");
return true;
}
}
return false;
}
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
}
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
}
}
@Configuration
public class InterceptorConfig implements WebMvcConfigurer {
/* *
* @Author lsc
* <p> 设置拦截路径 </p>
* @Param [registry]
* @Return void
*/
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(authenticationInterceptor()).addPathPatterns("/**").excludePathPatterns("/login");
}
/* *
* @Author lsc
* <p> 将拦截器注入context </p>
* @Param []
* @Return com.zszxz.jwt.interceptor.JwtInterceptor
*/
@Bean
public JwtInterceptor authenticationInterceptor() {
return new JwtInterceptor();
}
/* *
* @Author lsc
* <p>跨域支持 </p>
* @Param [registry]
* @Return void
*/
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**").allowedOrigins("*").allowCredentials(true).allowedMethods("GET", "POST", "DELETE", "PUT", "PATCH", "OPTIONS", "HEAD")
.maxAge(3600 * 24);
}
}
6、Controller
@Controller
public class SysUserController {
// @RequestMapping(value = "/login")
@RequestMapping("/login")
@ResponseBody
public Map<String, Object> login(SysUser sysUser){
Map<String, Object> map = new HashMap<>();
String username = sysUser.getUsername();
String password = sysUser.getPassword();
// 省略 账号密码验证
// 验证成功后发送token
String token = JwtUtil.sign(username,password);
if (token != null){
map.put("code", "200");
map.put("message","认证成功");
map.put("token", token);
return map;
}
map.put("code", "403");
map.put("message","认证失败");
return map;
}
}
@RestController
public class TestController {
@RequestMapping(value = "/api/test")
public String get(){
return "pwd:1";
}
}
7、@SpringBootApplication
public class JwttestApplication {
public static void main(String[] args) {
SpringApplication.run(JwttestApplication.class, args);
}
}