版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
springboot--jwt授权
简介
- 关于jwt授权是什么东西,请参考这里
maven依赖
<dependency>
<groupId>com.auth0</groupId>
<artifactId>java-jwt</artifactId>
<version>3.8.3</version>
</dependency>
Token生成与验证
public class TokenHelper {
//设置token过期时间 一星期
private static final long EXPIRE_TIME = 1000*60*60*24*7 ;
//静态密钥&&签名算法
private static final Algorithm ALGORITHM=Algorithm.HMAC256("helloWorld");
//签名生成
public static String sign(String key1,String val1,String key2,String val2) {
String token;
try {
Date expiresAt = new Date(System.currentTimeMillis() + EXPIRE_TIME);
token = JWT.create()
.withIssuer("auth0")
//user_name
.withClaim(key1,val1)
//password
.withClaim(key2,val2)
//过期时间
.withExpiresAt(expiresAt)
//签名算法
.sign(ALGORITHM);
return token;
} catch (Exception e) {
System.out.println("sign error:" + e.getMessage());
return null;
}
}
public static Map<String, Claim> verify(String token) {
try {
JWTVerifier verifier = JWT.require(ALGORITHM)
.withIssuer("auth0").build();
DecodedJWT jwt = verifier.verify(token);
Map<String, Claim> claims = jwt.getClaims();
return claims;
} catch (Exception e) {
System.out.println("verify error:" + e.getMessage());
return null;
}
}
}
cookie 工具类
public class CookieHelper {
public static String getTokenFromCookies(HttpServletRequest req, String name) {
String token="";
Cookie[] cookies = req.getCookies();
if (cookies != null) {
for (Cookie cookie : cookies) {
if (cookie.getName().equals(name)) {
token= cookie.getValue();
}
}
}else{
token=null;
}
return token;
}
}
拦截器
public class PrivateFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) {
}
@Override
public void doFilter(
ServletRequest request,
ServletResponse response,
FilterChain filterChain
) {
try {
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse res = (HttpServletResponse) response;
//获取cookies中的token
String token = CookieHelper.getTokenFromCookies(req, "自定义的cookie名");
//验证token
Map<String, Claim> verify = TokenHelper.verify(token);
if (verify == null) {
res.getWriter().write("token is invalid");
} else {
filterChain.doFilter(request, response);
}
} catch (Exception e) {
System.out.println(e.getMessage());
}
}
@Override
public void destroy() {
}
}
注册拦截器
@Configuration
public class BeanRegisterConfig {
@Bean
public FilterRegistrationBean createFilterBean() {
//过滤器注册类
FilterRegistrationBean registration = new FilterRegistrationBean();
registration.setFilter(new PrivateFilter());
//需要过滤的接口
registration.addUrlPatterns("/user/hello");
return registration;
}
}
登录成功–下发token
String token = TokenHelper.sign("user_name", user_name, "password", password);