天天看点
返回

springboot+jwt(com.auth0)springboot+jwt(com.auth0)

springboot+jwt(com.auth0)

1、pom.xml 

<dependency>
    <groupId>com.auth0</groupId>
    <artifactId>java-jwt</artifactId>
    <version>3.7.0</version>
 </dependency>

2、JwtUtil.java 

@Component
public class JwtUtil {

	//创建token
	//token是有三个部分分别用"."隔开
	//第一部分是声明用什么算法进行签名
	//第二部分是加密的数据,如下就是用userId
	//第三部分是密钥,如下就是"abc",解密第二部分数据时需要用到
    public String create(Long userId){
        return JWT.create().withClaim("userId", userId)
                .sign(Algorithm.HMAC256("abc"));
    }


    /**
     * 校验token是否正确
     *
     * @param token 密钥
     * @return 返回是否校验通过
     */
    public boolean verify(String token) {
        try {
        	//abc——>创建token时的第三部分
            JWT.require(Algorithm.HMAC256("abc")).build().verify(token);
            return true;
        } catch (Exception exception) {
            return false;
        }
    }


    /**
     * 根据Token获取userId
     */
    public Integer getUserId(String token) throws JWTDecodeException {
        return JWT.decode(token).getClaim("userId").asInt();
    }

}

3、Interceptor.java 

public class Interceptor implements HandlerInterceptor {

    @Autowired
    private JwtUtil jwtUtil;

    @Override
    public boolean preHandle(@RequestBody HttpServletRequest request, HttpServletResponse response, Object handler){
        String token = request.getHeader("Authorization");
        if (!(handler instanceof HandlerMethod)) {
            return true;
        }
        if (token == null){
        	//token为空,进行业务处理
            return false;
        }
        if (token != null){
        	if(!jwtUtil.verify(token)){
        		//token检验失败,如果在创建token时加上过期时间,时间过期了这里就是校验失败
        		return false;
        	}else{
        		return true;
        	}
        }
        return false;
    }

    @Override
    public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView){}

    @Override
    public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex){}
}

4、Configuration.java 

@Configuration
public class Configuration implements WebMvcConfigurer {

    @Bean
    Interceptor interceptor() {
        return new Interceptor();
    }

    @Override
    public void addInterceptors(InterceptorRegistry registry) {
        registry.addInterceptor(interceptor())
        		//拦截一切请求
                .addPathPatterns("/**")
                //排除登录请求				
				.excludePathPatterns("/login");			
    }
}
jwt
上一篇: 软件开发经济实用的15条实践
下一篇: asp.net core Swagger JWT

继续阅读