1. token jwt配置
1.1. pom
<!-- token驗證 -->
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt</artifactId>
<version>0.9.1</version>
</dependency>
1.2. 代碼
1.2.1. 生成token
@Configuration
public class JwtToken {
/**
* 生成jwt token
*/
public Token generateToken(Long userId) {
Date date = new Date();
SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.HS256;
Date expiration = DateUtils.addDays(new Date(), 3);
String token = Jwts.builder()
// 設置header
.setHeaderParam("typ", "JWT")
// 設置簽發時間
.setHeaderParam("alg", "HS256").setIssuedAt(date)
.setExpiration(expiration)
// 設置內容
.claim("userId", String.valueOf(userId))
// 設置簽發人
.setIssuer("lll")
// 簽名,需要算法和key
.signWith(signatureAlgorithm, "xxxxx").compact();
return new Token().setExpireTime(expiration).setToken(token).setUserId(userId);
}
}
1.2.2. token攔截器
public class TokenInterceptor implements HandlerInterceptor {
@Autowired
private ITokenService tokenService;
@Autowired
private JwtToken jwtToken;
private Map<Long, Token> tokenMap = new ConcurrentHashMap<>();
public Set<String> passPath = new HashSet<>();
/**
* 添加token
*
* @param userId
* @return
*/
public Token addToken(Long userId) {
Token token = jwtToken.generateToken(userId);
tokenMap.put(userId, token);
Token tk = tokenService.getById(userId);
if (tk != null) {
tokenService.updateById(token);
} else {
tokenService.save(token);
}
return token;
}
public TokenInterceptor() {
init();
}
@Value("${token.enabled:false}")
public boolean openToken;
/**
* token開關
*
* @param openToken
*/
public void setOpenToken(boolean openToken) {
this.openToken = openToken;
}
@PostConstruct
private void init() {
passPath.add("/fund/user/");
passPath.add("/fund/user/login");
}
private boolean isFilter(String uri) {
if (!openToken) {
return true;
}
return passPath.stream().anyMatch(s -> s.equals(uri));
}
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object arg2) throws Exception {
//普通路徑放行
if (isFilter(request.getRequestURI())) {
return true;
}
//權限路徑攔截
response.setCharacterEncoding("UTF-8");
final String headerToken = request.getHeader("x-access-token");
//判斷請求信息
if (null == headerToken || "".equals(headerToken.trim())) {
response.getWriter().write("用戶未登錄,請先登錄");
return false;
}
//解析Token信息
try {
Claims claims = Jwts.parser().setSigningKey("beikbank@fund").parseClaimsJws(headerToken).getBody();
String tokenUserId = (String) claims.get("userId");
Long itokenUserId = Long.parseLong(tokenUserId);
//根據客戶Token查找緩存Token
Token myToken = tokenMap.get(itokenUserId);
//緩存沒有Token記錄
if (null == myToken) {
Token token = tokenService.getById(itokenUserId);
if (token != null) {
if (judgeToken(response, headerToken, claims, itokenUserId, token)) {
return false;
}
}
return true;
}
if (judgeToken(response, headerToken, claims, itokenUserId, myToken)) {
return false;
}
} catch (Exception e) {
e.printStackTrace();
response.getWriter().write("發生異常,請重新登錄");
return false;
}
//最后才放行
return true;
}
private boolean judgeToken(HttpServletResponse response, String headerToken, Claims claims, Long itokenUserId, Token myToken) throws IOException {
//緩存Token與客戶Token比較
if (!headerToken.equals(myToken.getToken())) {
response.getWriter().write("token不正確,請重新登錄");
return true;
}
//判斷Token過期
Date tokenDate = claims.getExpiration();
if (tokenDate.before(new Date())) {
tokenMap.remove(itokenUserId);
tokenService.removeById(itokenUserId);
response.getWriter().write("token過期,請重新登錄");
return true;
}
return false;
}
}
1.2.3. 設置token
- token設置,在登錄時設置
@Autowired
private TokenInterceptor tokenInterceptor;
@ApiOperation(value = "用戶登錄", notes = "用戶登錄")
@RequestMapping(value = "/login", method = RequestMethod.POST)
public ResponseEntity login( @RequestBody @ApiParam(name = "user", value = "用戶", required = true) @Valid User user) {
boolean result = userService.vaildLogin(user);
Token token = tokenInterceptor.addToken(user.getUserId());
return ResponseEntity.ok(result ? ok(token) : error("登錄失敗,請檢查用戶名和密碼"));
}
