JWT
(整合SpringBoot)
1. 引入依賴
<!-- 引入JWT -->
<dependency>
<groupId>com.auth0</groupId>
<artifactId>java-jwt</artifactId>
<version>3.4.0</version>
</dependency>
2. 編寫工具類
public class JWTUtil {
// 用於JWT進行簽名加密的秘鑰
private static String SECRET = "code-duck-*%#@*!&";
/**
* @Param: 傳入需要設置的payload信息
* @return: 返回token
*/
public static String generateToken(Map<String, String> map) {
JWTCreator.Builder builder = JWT.create();
// 將map內的信息傳入JWT的payload中
map.forEach((k, v) -> {
builder.withClaim(k, v);
});
// 設置JWT令牌的過期時間為60
Calendar instance = Calendar.getInstance();
instance.add(Calendar.SECOND, 60);
builder.withExpiresAt(instance.getTime());
// 設置簽名並返回token
return builder.sign(Algorithm.HMAC256(SECRET)).toString();
}
/**
* @Param: 傳入token
* @return:
*/
public static void verify(String token) {
JWT.require(Algorithm.HMAC256(SECRET)).build().verify(token);
}
/**
* @Param: 傳入token
* @return: 解密的token信息
*/
public static DecodedJWT getTokenInfo(String token) {
return JWT.require(Algorithm.HMAC256(SECRET)).build().verify(token);
}
}
3. 准備項目測試環境
編寫controller>service>mapper
4. 獲取Token
UserController.java
@RestController
@RequestMapping("/user")
public class UserController {
@Autowired
private UserService userService;
@PostMapping("/login")
public Map<String,String> login(@RequestParam("username")String username,
@RequestParam("password")String password){
HashMap<String, String> result = new HashMap<>();
User user = userService.getUser(username);
//返回用戶為空,則說明此用戶名信息不存在
if (user==null){
result.put("msg", "用戶不存在");
return result;
}
//判斷密碼是否正確
if (!user.getPassword().equals(password)){
result.put("msg", "密碼錯誤");
return result;
}
//驗證通過
HashMap<String, String> map = new HashMap<>();
map.put("msg","success");
map.put("username",username);
map.put("role","admin");
//生成token
String token = JwtUtils.generateToken(map);
result.put("token", token);
return result;
}
@RequestMapping("/test")
public String test(){
return "請求成功!!!";
}
}
5. 編寫攔截器
JwtInceptor.java
public class JwtInterceptor implements HandlerInterceptor {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
String token = request.getHeader("token");
HashMap<String, String> map = new HashMap<>();
try {
JwtUtils.verify(token);//驗證令牌
return true;//放行請求
} catch (SignatureVerificationException e) {
e.printStackTrace();
map.put("msg", "無效簽名!");
} catch (TokenExpiredException e) {
e.printStackTrace();
map.put("msg", "token過期!");
} catch (AlgorithmMismatchException e) {
e.printStackTrace();
map.put("msg", "token算法不一致!");
} catch (Exception e) {
e.printStackTrace();
map.put("msg", "token無效!!");
}
map.put("code", "403");//設置狀態
//將 map 轉為json jackson
String json = new ObjectMapper().writeValueAsString(map);
response.setContentType("application/json;charset=UTF-8");
response.getWriter().println(json); //前台返回數據
return false;
}
}
6. 注冊MVC配置
JwtInterceptorConfig.java
@Configuration
public class JwtInterceptorConfig implements WebMvcConfigurer {
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(new JwtInterceptor()) //注冊自定義攔截器
.addPathPatterns("/**") //攔截所有路徑
.excludePathPatterns("/user/login"); //排除登陸請求
}
}