SpringBoot-JWT
1.pom.xml中加入依赖
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt</artifactId>
<version>0.9.1</version>
</dependency>
2.写TokenUtils 工具类,主要就2个方法(1.生成token 2.解析token)
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import java.util.UUID;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.JwtBuilder;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
public class TokenUtils {
//its过期时间 7天
private static final long EXPIRE_TIME = 60 * 60 * 1000 * 24 * 7;
//its 私钥
private static final String TOKEN_SECRET = "privateKey";
/*
* 生成token
*/
public static String createToken(Map<String, Object> map) {
//its 过期时长
Date date=new Date(System.currentTimeMillis()+EXPIRE_TIME);
JwtBuilder builder = Jwts.builder().signWith(SignatureAlgorithm.HS256, TOKEN_SECRET);
//设置加密的内容
builder.setClaims(map);
//设置过期时间
builder.setExpiration(date);
String token=builder.compact();
return token;
}
/*
* 解析token
*/
public static Map<String, Object> checkToken(String token) {
Map<String,Object> map=new HashMap<>();
Claims claims = Jwts.parser().setSigningKey(TOKEN_SECRET).parseClaimsJws(token).getBody();
map.put("id", (int) claims.get("id"));
map.put("currentName", (String) claims.get("currentName"));
map.put("fullName", (String)claims.get("fullName"));
map.put("role", (String)claims.get("role"));
return map;
}
}
3.写监听器(在拦击器中调用查询user方法时需要注入对象,但拦截器方法在前会导致对象注入失败,所以需要在监听器中手动创建@bean, 这样就能在Spring映射这个拦截器前,把拦截器中的依赖注入给完成了。)
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.config.annotation.InterceptorRegistration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
@Configuration
public class LoginConfig implements WebMvcConfigurer {
//手动创建拦截器对象
@Bean
public HandlerInterceptor getLoginInterceptor() {
return new LoginInterceptor();
}
@Override
public void addInterceptors(InterceptorRegistry registry) {
InterceptorRegistration registration = registry.addInterceptor(getLoginInterceptor());
//拦截所有请求
registration.addPathPatterns("/**");
//放行请求的URL
registration.excludePathPatterns("/login");
}
}
4.写拦截器
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
import com.wx5b.common.TokenUtils;
import com.wx5b.entity.User;
import com.wx5b.service.UserService;
public class LoginInterceptor extends HandlerInterceptorAdapter {
@Autowired
private UserService userService;
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)throws Exception {
//获取请求携带的token
String requestToken = request.getHeader("X-Token");
//解析token
Map<String, Object> token = TokenUtils.checkToken(requestToken);
Integer uer_id = (Integer) token.get("id");
try {
User user = userService.findUserById(uer_id);
if(user!=null) {
return true;
}
} catch (Exception e) {
throw new RuntimeException("用户不存在!");
}
return false;
}
}
5.登录controller
获取前台提交的用户名密码,去数据库查询,如果存在就讲这个user查出来取出他的内容存放在map集合,再将此集合传给TokenUtils的createToken方法来获取产生的token,然后将此token返回给前台存储,以后每次请求都携带上。前台再次过来请求时拦截器解析出里面的内容,根据内容去数据库查询校验,如果通过就放行。
import java.util.HashMap;
import java.util.Map;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController;
import com.wx5b.common.TokenUtils;
import com.wx5b.entity.User;
import com.wx5b.service.impl.LoginServiceImpl;
import com.wx5b.service.impl.UserServiceImpl;
@RestController
@RequestMapping()
public class LoginController {
@Autowired
LoginServiceImpl loginServiceImpl;
@Autowired
UserServiceImpl userServiceImpl;
@RequestMapping(value = "login", method = RequestMethod.POST)
public Map<String, Object> login(@RequestBody User user,HttpServletResponse response) {
User user_info = loginServiceImpl.login(user);
Boolean result;
String token;
String message;
if (user_info != null) {
Map<String,Object> map=new HashMap<>();
map.put("id",user_info.getId());
map.put("currentName", user_info.getLoginName());
map.put("fullName", user_info.getFullName());
map.put("role", user_info.getRole());
token = TokenUtils.createToken(map);
user_info.setToken(token);
userServiceImpl.updateUser(user_info);
result = true;
message = null;
} else {
result = false;
token = null;
message = "登录失败!工号或密码不正确!";
}
Map<String, Object> map = new HashMap<String, Object>();
map.put("result", result);
map.put("token", token);
map.put("message", message);
map.put("code", 200);
map.put("roles", new String[] {"admin"});
return map;
}
}
浙公网安备 33010602011771号