1.引入依赖
<!--引入JWT依赖,由于是基于Java,所以需要的是java-jwt-->
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt</artifactId>
<version>0.9.1</version>
</dependency>
<dependency>
<groupId>com.auth0</groupId>
<artifactId>java-jwt</artifactId>
<version>3.4.0</version>
</dependency>
2.创建JWT工具类
public class JwtUtil {
private final static Long ttlMillis = 1000 * 60 * 60l;
public static String createJWT(User user) {
SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.HS256;
long nowMillis = System.currentTimeMillis();
Date now = new Date(nowMillis);
Map<String, Object> claims = new HashMap<String, Object>();
claims.put("id", user.getId());
claims.put("username", user.getUsername());
claims.put("password", user.getPassword());
String key = user.getPassword();
String subject = user.getUsername();
JwtBuilder builder = Jwts.builder()
.setClaims(claims)
.setId(UUID.randomUUID().toString())
.setIssuedAt(now)
.setSubject(subject)
.signWith(signatureAlgorithm, key);
if (ttlMillis >= 0) {
long expMillis = nowMillis + ttlMillis;
Date exp = new Date(expMillis);
builder.setExpiration(exp);
}
return "Bearer "+builder.compact();
}
public static Claims parseJWT(String token, User user) {
String key = user.getPassword();
Claims claims = Jwts.parser()
.setSigningKey(key)
.parseClaimsJws(token).getBody();
return claims;
}
public static Boolean isVerify(String token, User user) {
String key = user.getPassword();
Claims claims = Jwts.parser()
.setSigningKey(key)
.parseClaimsJws(token).getBody();
if (claims.get("password").equals(user.getPassword())) {
return true;
}
return false;
}
}
3.创建JWT注解类
@Target({ElementType.METHOD, ElementType.TYPE})
@Retention(RetentionPolicy.RUNTIME)
public @interface PassToken {
boolean required() default true;
}
@Target({ElementType.METHOD,ElementType.TYPE})
@Retention(RetentionPolicy.RUNTIME)
public @interface CheckToken {
boolean required() default true;
}
4.创建用于JWT验证的拦截器
public class AuthenticationInterceptor implements HandlerInterceptor {
@Autowired
private UserService userService;
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object object) throws Exception {
response.setCharacterEncoding("utf-8");
response.setContentType("application/json; charset=utf-8");
if (!(object instanceof HandlerMethod)) {
return true;
}
HandlerMethod handlerMethod = (HandlerMethod) object;
Method method = handlerMethod.getMethod();
if (method.isAnnotationPresent(PassToken.class)) {
PassToken loginToken = method.getAnnotation(PassToken.class);
if (loginToken.required()) {
return true;
}
}
if (method.isAnnotationPresent(CheckToken.class)) {
String token = request.getHeader("Authorization").replace("Bearer ","");
CheckToken checkToken = method.getAnnotation(CheckToken.class);
if (checkToken.required()) {
if (token == null) {
returnJsonResult(response, 401, "无token,请重新登录");
}
Integer userId;
try {
userId = JWT.decode(token).getClaim("id").asInt();
} catch (JWTDecodeException j) {
returnJsonResult(response, 401, "访问异常");
throw new RuntimeException("访问异常!");
}
User user = userService.findById(userId);
if (user == null) {
returnJsonResult(response, 401, "用户不存在,请重新登录");
throw new RuntimeException("用户不存在,请重新登录");
}
Boolean verify = JwtUtil.isVerify(token, user);
if (!verify) {
returnJsonResult(response, 400, "非法访问");
throw new RuntimeException("非法访问!");
}
return true;
}
}
return true;
}
void returnJsonResult(HttpServletResponse response, Integer code, String msg) throws IOException {
PrintWriter out = response.getWriter();
ResponseResult result = new ResponseResult(null, code, msg);
ObjectMapper mapper = new ObjectMapper();
String jsonResult = mapper.writeValueAsString(result);
out.print(jsonResult);
out.flush();
out.close();
}
}
5.在SpringMVC.xml中配置拦截器
<!-- 配置拦截器 -->
<mvc:interceptors>
<mvc:interceptor>
<mvc:mapping path="/**"/>
<bean class="com.baixingyuan.interceptor.AuthenticationInterceptor"></bean>
</mvc:interceptor>
</mvc:interceptors>
6.使用刚才创建的注解类
@PostMapping("/login")
@PassToken
public ResponseResult login(@RequestBody User user){
@DeleteMapping("/{newId}")
@CheckToken
public ResponseResult delete(@PathVariable("newId") Integer newId){
7.测试
1.测试登录
1.使用postman发送登录请求
2.登录成功,返回token
2.获取用户列表
1.发送请求
2.验证成功,返回数据