1.增加JWT依賴
<dependency>
<groupId>com.auth0</groupId>
<artifactId>java-jwt</artifactId>
<version>3.8.1</version>
</dependency>
2.JWT工具類
public class TokenUtil { //token 密鑰 private static final String TOKEN_SECRET = "27f56a1ca0a347618ff39c7fdf9ab684"; //15分鍾超時時間 private static final long OUT_TIME = 150 * 60 * 1000; private static Logger log = LoggerFactory.getLogger(TokenUtil.class); /** 加密 * @param userId * @return */ public static String sign(String userId) { try { Date expiration_time = new Date(System.currentTimeMillis() + OUT_TIME); Algorithm algorithm = Algorithm.HMAC256(TOKEN_SECRET); Map<String, Object> headerMap = new HashMap<>(2); headerMap.put("type", "JWT"); headerMap.put("alg", "HS256"); return JWT.create().withHeader(headerMap).withClaim("userId", userId).withExpiresAt(expiration_time).sign(algorithm); } catch (Exception e) { log.error(e.getMessage()); return null; } } /** 解密 * @param token * @return */ public static Map<String, Claim> verifyToken(String token) { DecodedJWT decodedJWT=null; try { JWTVerifier verifier = JWT.require(Algorithm.HMAC256(TOKEN_SECRET)).build(); decodedJWT = verifier.verify(token); log.info("超時時間:"+decodedJWT.getExpiresAt()); log.info("載體信息:"+decodedJWT.getClaim("userId").asString()); log.info("算法:"+decodedJWT.getAlgorithm()); }catch (Exception e){ //解碼異常則拋出異常 log.error(e.getMessage()); return null; } return decodedJWT.getClaims(); } }
3.使用攔截器攔截請求,以及springboot注入攔截器
@Component public class TokenInterceptor implements HandlerInterceptor { private Logger logger = LoggerFactory.getLogger(TokenInterceptor.class); @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { String token = request.getHeader("token"); //token驗證 if (!StringEmpty.IsEmpty(token)) { Map<String, Claim> claimMap = TokenUtil.verifyToken(token); if (claimMap!=null){ //賬戶操作... return true; } else { //驗證錯誤,跳轉到錯誤頁面 response.sendRedirect(request.getContextPath()+"/twjd/error"); return false; } } return false; } }
@Configuration public class InterceptorConfig implements WebMvcConfigurer { @Autowired private TokenInterceptor tokenInterceptor; @Override public void addInterceptors(InterceptorRegistry registry) { InterceptorRegistration registration = registry.addInterceptor(tokenInterceptor); //攔截配置 registration.addPathPatterns("/twjd/**"); //排除配置 registration.excludePathPatterns("/twjd/login","/twjd/error"); } }
4.用戶登陸操作,驗證用戶是否攜帶token,如果攜帶token則驗證
/** * 用戶登陸 * * @param sysusers * @param request * @param response * @return */ @RequestMapping(value = "/login", method = RequestMethod.POST) @ResponseBody public HashMap<String, String> login(Sysuser sysusers, HttpServletRequest request, HttpServletResponse response) { Sysuser user = logService.getUser(sysusers.getName()); HashMap<String, String> tokenMap = new HashMap<>(1); //用戶存且密碼正確在則頒發token if (null != user && user.getPassword().equals(sysusers.getPassword())) { if (!StringEmpty.IsEmpty(user.getPassword())) { response.setHeader("token", TokenUtil.sign(user.getID())); tokenMap.put("token", TokenUtil.sign(user.getID())); //存入redis中設置過期時間1天 if (!redisUtil.exists(sysusers.getName())) { logger.info("活躍用戶+1:" + sysusers.getName()); redisUtil.set(sysusers.getName(), sysusers, 1, TimeUnit.DAYS); } return tokenMap; } } else { tokenMap.put("token", "不存在此用戶"); } return tokenMap; }