springboot+jwt(com.auth0)
1、pom.xml
<dependency>
<groupId>com.auth0</groupId>
<artifactId>java-jwt</artifactId>
<version>3.7.0</version>
</dependency>
2、JwtUtil.java
@Component
public class JwtUtil {
//建立token
//token是有三個部分分别用"."隔開
//第一部分是聲明用什麼算法進行簽名
//第二部分是加密的資料,如下就是用userId
//第三部分是密鑰,如下就是"abc",解密第二部分資料時需要用到
public String create(Long userId){
return JWT.create().withClaim("userId", userId)
.sign(Algorithm.HMAC256("abc"));
}
/**
* 校驗token是否正确
*
* @param token 密鑰
* @return 傳回是否校驗通過
*/
public boolean verify(String token) {
try {
//abc——>建立token時的第三部分
JWT.require(Algorithm.HMAC256("abc")).build().verify(token);
return true;
} catch (Exception exception) {
return false;
}
}
/**
* 根據Token擷取userId
*/
public Integer getUserId(String token) throws JWTDecodeException {
return JWT.decode(token).getClaim("userId").asInt();
}
}
3、Interceptor.java
public class Interceptor implements HandlerInterceptor {
@Autowired
private JwtUtil jwtUtil;
@Override
public boolean preHandle(@RequestBody HttpServletRequest request, HttpServletResponse response, Object handler){
String token = request.getHeader("Authorization");
if (!(handler instanceof HandlerMethod)) {
return true;
}
if (token == null){
//token為空,進行業務處理
return false;
}
if (token != null){
if(!jwtUtil.verify(token)){
//token檢驗失敗,如果在建立token時加上過期時間,時間過期了這裡就是校驗失敗
return false;
}else{
return true;
}
}
return false;
}
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView){}
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex){}
}
4、Configuration.java
@Configuration
public class Configuration implements WebMvcConfigurer {
@Bean
Interceptor interceptor() {
return new Interceptor();
}
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(interceptor())
//攔截一切請求
.addPathPatterns("/**")
//排除登入請求
.excludePathPatterns("/login");
}
}