标签:return String Spring Boot JWT token param import public
思路
- 用户登陆成功,服务端创建JWT-Token返回客户端,客户端本地系统存储
- 客户端每次请求携带token
- 服务端创建拦截器,对客户端请求token拦截判断
代码
- tokenUtil
package com.canaan.manager.token;
import io.jsonwebtoken.*;
import io.jsonwebtoken.io.Decoders;
import io.jsonwebtoken.security.Keys;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import javax.crypto.SecretKey;
import java.util.*;
/*
* @Description tokenUtil
* @Author jingguoliang
* @Date 2022/8/1 18:46
* @Ver 1
**/
public class TokenUtil {
private static final Logger log = LoggerFactory.getLogger(TokenUtil.class);
private static String secret = "23423sjfghytsf19r3rslfphlefj385sfakfs+fsdferfd";
public static final String HEADER_TOKEN = "token";
/**
* 创建token
*
* @param userName 用户名称
* @param password 用户密码
* @return Jwt
*/
public static String createToken(String userName, String password) {
//签名
SecretKey secretKey = Keys.hmacShaKeyFor((byte[]) Decoders.BASE64.decode(secret));
//id
String id = UUID.randomUUID().toString();
//设置Claim:优先设置,否则会覆盖其他设置
Map<String, String> claimMap = new HashMap<String, String>();
claimMap.put("userName", userName);
claimMap.put("password", password);
//设置过期时间
Date nowDate = new Date();
Calendar calendar = Calendar.getInstance();
calendar.setTime(nowDate);
calendar.add(Calendar.HOUR, 10);
Date expireDate = calendar.getTime();
//生成JWT令牌
JwtBuilder jwtBuilder = Jwts.builder()
.setHeaderParam("typ", "JWT") //头参数
.setId(id) //标识
.setClaims(claimMap) //设置Claim
.setIssuedAt(nowDate) //签发日期
.setExpiration(expireDate) //过期时间
.signWith(secretKey, SignatureAlgorithm.HS256);//签名
//生成签名
String jwtToken = jwtBuilder.compact();
return jwtToken;
}
/**
* TODO 待完成
*
* @param subject
* @return
*/
public static String createRefreshToken(String subject) {
SecretKey secretKey = Keys.hmacShaKeyFor((byte[]) Decoders.BASE64.decode(secret));
Date nowDate = new Date();
return Jwts.builder().setHeaderParam("typ", "JWT").setSubject(subject).setIssuedAt(nowDate).signWith(secretKey, SignatureAlgorithm.HS256).compact();
}
/**
* 根据token获取Claim
*
* @param token
* @return
*/
public static Claims getTokenClaim(String token) {
Claims claims;
try {
JwtParser build = Jwts.parserBuilder().setSigningKey(secret).build();
Jws<Claims> claimsJws = build.parseClaimsJws(token);
claims = (Claims) claimsJws.getBody();
} catch (ExpiredJwtException e) {
claims = e.getClaims();
}
return claims;
}
/**
* 判断登陆用户是否过期
*
* @param expirationTime
* @return
*/
public static boolean isTokenExpired(Date expirationTime) {
return expirationTime.before(new Date());
}
/**
* 根据token获取用户id
*
* @param token
* @return CurrentUser
*/
public static CurrentUser getCurrentUserFromToken(String token) {
String id = getUserIdFromToken(token);
String userName = getUserNameFromToken(token);
String password = getPasswordFromToken(token);
Date expiration = getExpirationDateFromToken(token);
CurrentUser currentUser = new CurrentUser();
currentUser.setUserId(id);
currentUser.setUserName(userName);
currentUser.setPassword(password);
currentUser.setExpiration(expiration);
return currentUser;
}
/**
* 根据token获取用户过期时间
*
* @param token
* @return
*/
public static Date getExpirationDateFromToken(String token) {
return getTokenClaim(token).getExpiration();
}
/**
* 根据token获取用户id
*
* @param token
* @return
*/
public static String getUserIdFromToken(String token) {
return getTokenClaim(token).getId();
}
/**
* 根据token获取用户名称
*
* @param token
* @return
*/
public static String getUserNameFromToken(String token) {
return getTokenClaim(token).get("userName").toString();
}
/**
* 根据token获取用户登陆密码
*
* @param token
* @return
*/
public static String getPasswordFromToken(String token) {
return getTokenClaim(token).get("password").toString();
}
/**
* 根据token获取签发日期
*
* @param token
* @return
*/
public static Date getIssuedAtDateFromToken(String token) {
return getTokenClaim(token).getIssuedAt();
}
public TokenUtil() {
}
}
- 拦截器
package com.canaan.manager.token;
import com.alibaba.fastjson.JSONObject;
import com.canaan.share.model.bean.RetResult;
import com.canaan.share.utils.ResultUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.Map;
/*
* @Description 权限拦截器
* @Author jingguoliang
* @Date 2022/8/3 14:22
* @Ver 1
**/
@Component
public class AuthenticationInterceptor implements HandlerInterceptor {
private static final Logger logger = LoggerFactory.getLogger(AuthenticationInterceptor.class);
@Autowired
private TokenHandleService tokenHandleService;
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
String token = request.getHeader("token");
//对token进行验证:自己处理逻辑
Map<String, Object> verifyMap = tokenHandleService.verifyToken(token);
boolean result = (Boolean) verifyMap.get("result");
String message = (String) verifyMap.get("message");
//验证失败
if (!result) {
this.returnLoginError(message, response);
}
return result;
}
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
}
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
}
/**
* 登陆失败
*
* @param message
* @param response
* @throws Exception
*/
void returnLoginError(String message, HttpServletResponse response) throws Exception {
//返回登陆超时响应:自己处理逻辑
RetResult retResult = ResultUtil.error(200, "登陆用户超时,请重新登陆");
String msg = JSONObject.toJSONString(retResult);
PrintWriter writer = null;
response.setStatus(401);
response.setCharacterEncoding("UTF-8");
response.setContentType("application/json; charset=utf-8");
try {
writer = response.getWriter();
writer.print(msg);
} catch (IOException e) {
logger.error("response error", e);
} finally {
if (writer != null)
writer.close();
}
}
}
- 添加拦截器
package com.canaan.manager.token;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.method.support.HandlerMethodArgumentResolver;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
import javax.annotation.Resource;
import java.util.List;
/*
* @Description MVC配置
* @Author jingguoliang
* @Date 2022/8/3 14:39
* @Ver 1
**/
@Configuration
public class WebConfigConfiguration implements WebMvcConfigurer {
@Resource
private AuthenticationInterceptor authenticationInterceptor;
/**
* 添加拦截器
*
* @param registry
*/
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(authenticationInterceptor)
.addPathPatterns("/**")
.excludePathPatterns("/login/**"); //放行登陆
}
}
代码下载
- 完整代码可以下载:文件token.zip 。
标签:return,String,Spring,Boot,JWT,token,param,import,public 来源: https://www.cnblogs.com/zuiyue_jing/p/16548209.html
本站声明: 1. iCode9 技术分享网(下文简称本站)提供的所有内容,仅供技术学习、探讨和分享; 2. 关于本站的所有留言、评论、转载及引用,纯属内容发起人的个人观点,与本站观点和立场无关; 3. 关于本站的所有言论和文字,纯属内容发起人的个人观点,与本站观点和立场无关; 4. 本站文章均是网友提供,不完全保证技术分享内容的完整性、准确性、时效性、风险性和版权归属;如您发现该文章侵犯了您的权益,可联系我们第一时间进行删除; 5. 本站为非盈利性的个人网站,所有内容不会用来进行牟利,也不会利用任何形式的广告来间接获益,纯粹是为了广大技术爱好者提供技术内容和技术思想的分享性交流网站。