package com.example.demo.common;
import io.jsonwebtoken.security.Keys;
import javax.crypto.SecretKey;
public class JwtUtil {
private static final SecretKey SECRET_KEY = Keys.secretKeyFor(io.jsonwebtoken.SignatureAlgorithm.HS256);
public static SecretKey getSecretKey() {
return SECRET_KEY;
}
}
package com.example.demo.common;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import org.springframework.web.servlet.HandlerInterceptor;
import javax.crypto.SecretKey;
public class JwtInterceptor implements HandlerInterceptor {
private static final SecretKey SECRET_KEY = JwtUtil.getSecretKey(); // 使用公共工具类获取密钥
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
// 允许 CORS 预检请求
if ("OPTIONS".equalsIgnoreCase(request.getMethod())) {
return true;
}
String authHeader = request.getHeader("Authorization");
if (authHeader != null && authHeader.startsWith("Bearer ")) {
String token = authHeader.substring(7);
try {
Claims claims = Jwts.parserBuilder()
.setSigningKey(SECRET_KEY)
.build()
.parseClaimsJws(token)
.getBody();
return true;
} catch (Exception e) {
e.printStackTrace(); // 打印错误信息
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
return false;
}
}
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
return false;
}
}
package com.example.demo.service;
import com.example.demo.common.JwtUtil;
import com.example.demo.entity.User;
import com.example.demo.mapper.UserMapper;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import javax.crypto.SecretKey;
import java.util.Date;
import java.util.List;
@Service
public class UserServiceImpl implements UserService {
@Autowired
private UserMapper userMapper;
private static final SecretKey SECRET_KEY = JwtUtil.getSecretKey(); // 使用公共工具类获取密钥
@Override
public void insertUser(User user) {
userMapper.insertUser(user);
}
@Override
public User getUserById(Integer id) {
return userMapper.getUserById(id);
}
@Override
public void updateUser(User user) {
userMapper.updateUser(user);
}
@Override
public void deleteUser(Integer id) {
userMapper.deleteUser(id);
}
@Override
public List<User> getAllUsers() {
return userMapper.getAllUsers();
}
@Override
public List<User> getUsersByPage(int pageNumber, int pageSize) {
int offset = (pageNumber - 1) * pageSize;
return userMapper.getUsersByPage(offset, pageSize);
}
@Override
public long getTotalUsers() {
return userMapper.getTotalUsers();
}
@Override
public User login(String username, String password) {
User user = userMapper.getUserByUsername(username);
if (user != null && user.getPassword().equals(password)) {
return user;
}
return null;
}
@Override
public void register(User user) {
// 检查用户名是否已经存在
User existingUser = userMapper.getUserByUsername(user.getUsername());
if (existingUser != null) {
throw new RuntimeException("用户名已存在");
}
userMapper.insertUser(user);
}
@Override
public String generateJwtToken(User user) {
return Jwts.builder()
.setSubject(user.getId().toString())
.setIssuedAt(new Date())
.setExpiration(new Date(System.currentTimeMillis() + 86400000))
.signWith(SECRET_KEY, SignatureAlgorithm.HS256) // 推荐使用此方式
.compact();
}
}
浙公网安备 33010602011771号