springboot+jwt(com.auth0)
1、pom.xml
<dependency>
<groupId>com.auth0</groupId>
<artifactId>java-jwt</artifactId>
<version>3.7.0</version>
</dependency>
2、JwtUtil.java
@Component
public class JwtUtil {
//创建token
//token是有三个部分分别用"."隔开
//第一部分是声明用什么算法进行签名
//第二部分是加密的数据,如下就是用userId
//第三部分是密钥,如下就是"abc",解密第二部分数据时需要用到
public String create(Long userId){
return JWT.create().withClaim("userId", userId)
.sign(Algorithm.HMAC256("abc"));
}
/**
* 校验token是否正确
*
* @param token 密钥
* @return 返回是否校验通过
*/
public boolean verify(String token) {
try {
//abc——>创建token时的第三部分
JWT.require(Algorithm.HMAC256("abc")).build().verify(token);
return true;
} catch (Exception exception) {
return false;
}
}
/**
* 根据Token获取userId
*/
public Integer getUserId(String token) throws JWTDecodeException {
return JWT.decode(token).getClaim("userId").asInt();
}
}
3、Interceptor.java
public class Interceptor implements HandlerInterceptor {
@Autowired
private JwtUtil jwtUtil;
@Override
public boolean preHandle(@RequestBody HttpServletRequest request, HttpServletResponse response, Object handler){
String token = request.getHeader("Authorization");
if (!(handler instanceof HandlerMethod)) {
return true;
}
if (token == null){
//token为空,进行业务处理
return false;
}
if (token != null){
if(!jwtUtil.verify(token)){
//token检验失败,如果在创建token时加上过期时间,时间过期了这里就是校验失败
return false;
}else{
return true;
}
}
return false;
}
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView){}
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex){}
}
4、Configuration.java
@Configuration
public class Configuration implements WebMvcConfigurer {
@Bean
Interceptor interceptor() {
return new Interceptor();
}
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(interceptor())
//拦截一切请求
.addPathPatterns("/**")
//排除登录请求
.excludePathPatterns("/login");
}
}