1. Increase reliance JWT
<dependency>
<groupId>com.auth0</groupId>
<artifactId>java-jwt</artifactId>
<version>3.8.1</version>
</dependency>
2.JWT Tools
public class TokenUtil { // token key Private static Final String TOKEN_SECRET = "27f56a1ca0a347618ff39c7fdf9ab684" ; // 15-minute timeout period Private static Final Long Out_time * 60 * 150 = 1000 ; Private static Logger LoggerFactory.getLogger = log (. TokenUtil class ) ; / * encrypted * @param the userId * @return * / public static String Sign (String the userId) { the try { a Date EXPIRATION_TIME= new Date(System.currentTimeMillis() + OUT_TIME); Algorithm algorithm = Algorithm.HMAC256(TOKEN_SECRET); Map<String, Object> headerMap = new HashMap<>(2); headerMap.put("type", "JWT"); headerMap.put("alg", "HS256"); return JWT.create().withHeader(headerMap).withClaim("userId", userId).withExpiresAt(expiration_time).sign(algorithm); } catch (Exception e) { log.error(e.getMessage()); return null; } } /** 解密 * @param token * @return */ public static Map<String, Claim> verifyToken(String token) { DecodedJWT decodedJWT=null; try { JWTVerifier verifier = JWT.require(Algorithm.HMAC256(TOKEN_SECRET)).build(); decodedJWT = verifier.verify(token); log.info("超时时间:"+decodedJWT.getExpiresAt()); log.info("载体信息:"+decodedJWT.getClaim("userId") .asString ()); log.info ( "algorithm:" + decodedJWT.getAlgorithm ()); } the catch (Exception E) { // decode exception is thrown log.error (e.getMessage ()); return null ; } return decodedJWT.getClaims (); } }
3. interceptor intercepts the request, and springboot injection interceptors
@Component public class TokenInterceptor implements HandlerInterceptor { private Logger logger = LoggerFactory.getLogger(TokenInterceptor.class); @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { String token = request.getHeader("token"); //token验证 if (!StringEmpty.IsEmpty(token)) { Map<String, Claim> claimMap = TokenUtil.verifyToken(token); if (claimMap!=null ) { // account operation ... return to true ; } the else { // validation errors, jump to the error page Response.sendRedirect (request.getContextPath () + "/ twjd / error" ); return to false ; } } return to false ; } }
@Configuration public class InterceptorConfig implements WebMvcConfigurer { @Autowired private TokenInterceptor tokenInterceptor; @Override public void addInterceptors(InterceptorRegistry registry) { InterceptorRegistration registration = registry.addInterceptor(tokenInterceptor); //拦截配置 registration.addPathPatterns("/twjd/**"); //排除配置 registration.excludePathPatterns("/twjd/login","/twjd/error"); } }
4. User login operation, verify that the user carries token, if the authentication token to carry
/** * 用户登陆 * * @param sysusers * @param request * @param response * @return */ @RequestMapping(value = "/login", method = RequestMethod.POST) @ResponseBody public HashMap<String, String> login(Sysuser sysusers, HttpServletRequest request, HttpServletResponse response) { Sysuser user = logService.getUser(sysusers.getName()); HashMap<String, String> tokenMap = new HashMap<>(1); //User and stored in the issued password is correct token IF ( null ! = User && user.getPassword (). The equals (sysusers.getPassword ())) { IF (! StringEmpty.IsEmpty (user.getPassword ())) { response.setHeader ( "token" , TokenUtil.sign (user.getID ())); tokenMap.put ( "token" , TokenUtil.sign (user.getID ())); // stored in redis set the expiration time of one day IF ( ! redisUtil.exists (sysusers.getName ())) { logger.info ( "active users + 1'd:" + sysusers.getName ()); redisUtil.set (sysusers.getName (), the sysusers, . 1 , TimeUnit.DAYS) ; } Return tokenMap; } } the else { tokenMap.put ( "token", "user absent" ); } return tokenMap; }