1、导包(在idea中 的应用)
<!-- jwt token的使用-->
<dependency>
<groupId>com.auth0</groupId>
<artifactId>java-jwt</artifactId>
<version>2.2.0</version>
</dependency>
2、写生成token的工具类(JWT)
import java.util.HashMap;
import java.util.Map;
import com.auth0.jwt.JWTSigner;
import com.auth0.jwt.JWTVerifier;
import com.auth0.jwt.internal.com.fasterxml.jackson.databind.ObjectMapper;
public class JWT {
private static final String SECRET = "XX#$%()(#*!()!KL<><MQLMNQNQJQK sdfkjsdrow32234545fdf>?N<:{LWPW";//额外的盐
private static final String EXP = "exp";
private static final String PAYLOAD = "payload";//负荷
/**
* get jwt String of object
* @param object
* the POJO object
* @param maxAge
* the milliseconds of life time
* @return the jwt token
*/
public static <T> String sign(T object, long maxAge) {
try {
final JWTSigner signer = new JWTSigner(SECRET);
final Map<String, Object> claims = new HashMap<String, Object>();
ObjectMapper mapper = new ObjectMapper();
String jsonString = mapper.writeValueAsString(object);
claims.put(PAYLOAD, jsonString);
claims.put(EXP, System.currentTimeMillis() + maxAge);//失效时间
return signer.sign(claims);
} catch(Exception e) {
return null;
}
}
/**
* get the object of jwt if not expired
* @param jwt
* @return POJO object
*/
public static<T> T unsign(String jwt, Class<T> classT) {
final JWTVerifier verifier = new JWTVerifier(SECRET);
try {
final Map<String,Object> claims= verifier.verify(jwt);
if (claims.containsKey(EXP) && claims.containsKey(PAYLOAD)) {
long exp = (Long)claims.get(EXP);
long currentTimeMillis = System.currentTimeMillis();
if (exp > currentTimeMillis) {
String json = (String)claims.get(PAYLOAD);
ObjectMapper objectMapper = new ObjectMapper();
return objectMapper.readValue(json, classT);//表示可用
}
}
return null;//表示失效
} catch (Exception e) {
return null;
}
}
}
3、生成token(UserController)
@Controller
public class UserController {
@RequestMapping("/login")
@ResponseBody
public ResultBean login(@RequestParam String username, @RequestParam String password) {
if ("haha".equals(username) && "123456".equals(password)) {
User user=new User();
user.setId("1");
user.setName(username);
user.setPassword(password);
/* responseData.putDataValue("user", user);*/
String token = JWT.sign(user, 30L * 24L * 3600L * 1000L);//一个月的时间
if (token != null) {
return new ResultBean("0",token);
}
}
return new ResultBean("0","用户名或密码错误");
}
}
ResultBean 工具类
@Data
public class ResultBean implements Serializable {
private static final long serialVersionUID = 1L;
private String code = "0"; // code
private String msg = ""; // msg
private long count; // count
private List data; // data
public ResultBean() {
}
public ResultBean(List data) {
if (data instanceof Page) {
Page page = (Page) data;
this.count = page.getTotal();
} else {
this.count = data.size();
}
this.data = data;
}
public ResultBean(List data, long count) {
this.data = data;
this.count=count;
}
public ResultBean(String code, String msg) {
this.code = code;
this.msg = msg;
}
public ResultBean(String code, String msg, List data) {
this.code = code;
this.msg = msg;
if (data instanceof Page) {
Page page = (Page) data;
this.count = page.getTotal();
} else {
this.count = data.size();
}
this.data = data;
}
public ResultBean(String code, String msg, long count, List data) {
this.code = code;
this.msg = msg;
if (data instanceof Page) {
Page page = (Page) data;
this.count = page.getTotal();
} else {
this.count = data.size();
}
this.data = data;
}
}
4、测试生成的token是否可用或失效(MeController)
@Controller
@RequestMapping("/me")
public class MeController {
@RequestMapping("/get_info")
@ResponseBody
public ResultBean getInfo(@RequestParam String token) {
User user = JWT.unsign(token, User.class);
if (user != null) {
return new ResultBean("0","成功了。。。。");
}
return new ResultBean("1","token不合法");
}
}