SpringBoot 基于JWT实现登录校验
1.添加依赖
<dependency> <groupId>com.auth0</groupId> <artifactId>java-jwt</artifactId> <version>3.4.0</version> </dependency>
2.添加登录接口,返回前端token
@ApiOperation(value = "用户登录") @PassToken @PostMapping(value = "/login") @ResponseBody public Object login(@RequestParam(name = "id") @ApiParam(value = "用户id",required = true) String id, @RequestParam(name = "password") @ApiParam(value = "用户密码",required = true)String password) { ValueOperations<String, Object> operations = redisTemplate.opsForValue(); User user = userService.getUser(id, password); if(user==null){ return new XPFBadRequestException("用户不存在"); } String token=getToken(user); // operations.set(user.getId(), token, 24*60*60, TimeUnit.SECONDS); return new XPFSingleResponse(token); } public String getToken(User user) { String token=""; token= JWT.create().withAudience(user.getId()) .sign(Algorithm.HMAC256(user.getPassword())); return token; }
3.添加需要标志需要登录的注解
@Target({ElementType.METHOD, ElementType.TYPE}) @Retention(RetentionPolicy.RUNTIME) public @interface PassToken { boolean required() default true; } @Target({ElementType.METHOD, ElementType.TYPE}) @Retention(RetentionPolicy.RUNTIME) public @interface UserLoginToken { boolean required() default false; }
4.添加HandlerInterceptor拦截器
@Component public class AuthenticationInterceptor implements HandlerInterceptor { public AuthenticationInterceptor() { System.out.println("注册拦截器"); } @Resource private RedisTemplate<String, Object> redisTemplate; @Resource private UserService userService; @Override public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object object) throws Exception { httpServletResponse.addHeader("Access-Control-Allow-Origin", "*"); httpServletResponse.addHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS"); httpServletResponse.addHeader("Access-Control-Allow-Headers", "Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers,token,showName,phoneNum"); String token = httpServletRequest.getHeader("token");// 从 http 请求头中取出 token String id = httpServletRequest.getHeader("keyId");// 从 http 请求头中取出 keyid // 如果不是映射到方法直接通过 if (!(object instanceof HandlerMethod)) { return true; } HandlerMethod handlerMethod = (HandlerMethod) object; Method method = handlerMethod.getMethod(); //检查是否有passtoken注释,有则跳过认证 if (method.isAnnotationPresent(PassToken.class)) { PassToken passToken = method.getAnnotation(PassToken.class); if (passToken.required()) { return true; } } //检查有没有需要用户权限的注解 if (method.isAnnotationPresent(UserLoginToken.class)) { UserLoginToken userLoginToken = method.getAnnotation(UserLoginToken.class); if (userLoginToken.required()) { // 执行认证 if (token == null) { throw new RuntimeException("无token,请重新登录"); } // 获取 token 中的 user id String userId; try { userId = JWT.decode(token).getAudience().get(0); } catch (JWTDecodeException j) { throw new RuntimeException("401"); } System.out.println("userId=="+userId); User user = userService.getUserById(userId); if (user == null) { throw new RuntimeException("用户不存在,请重新登录"); } // 验证 token JWTVerifier jwtVerifier = JWT.require(Algorithm.HMAC256(user.getPassword())).build(); try { jwtVerifier.verify(token); } catch (JWTVerificationException e) { throw new RuntimeException("401"); } return true; } } return true; } @Override public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, ModelAndView modelAndView) throws Exception { } /* * 整个请求处理完毕回调方法,该方法也是需要当前对应的Interceptor的preHandle()的返回值为true时才会执行, * 也就是在DispatcherServlet渲染了对应的视图之后执行。用于进行资源清理。整个请求处理完毕回调方法。 * 如性能监控中我们可以在此记录结束时间并输出消耗时间,还可以进行一些资源清理,类似于try-catch-finally中的finally,但仅调用处理器执行链中*/ @Override public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, Exception e) throws Exception { } }
4.1所有的拦截器的perHandler都是先执行的 和过滤器不同
5.为springmvc添加拦截器,和拦截规则
@Configuration public class ApiConfig extends WebMvcConfigurationSupport { @Autowired private AuthenticationInterceptor authenticationInterceptor; @Override protected void addInterceptors(InterceptorRegistry registry) { registry.addInterceptor(this.authenticationInterceptor).addPathPatterns("/**"); super.addInterceptors(registry); } @Override public void addResourceHandlers(ResourceHandlerRegistry registry) { registry.addResourceHandler("swagger-ui.html") .addResourceLocations("classpath:/META-INF/resources/"); registry.addResourceHandler("/webjars/**") .addResourceLocations("classpath:/META-INF/resources/webjars/"); } }
浙公网安备 33010602011771号