0
点赞
收藏
分享

微信扫一扫

Java:SpringBoot集成JWT实现token验证

芷兮离离 2022-02-28 阅读 41


demo-jwt

Java:SpringBoot集成JWT实现token验证_java


依赖

<dependency>
<groupId>com.auth0</groupId>
<artifactId>java-jwt</artifactId>
<version>3.4.0</version>
</dependency>

注解

package com.example.demojwt.annotation;

import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;

/**
* 跳过验证
*/
@Target({ElementType.METHOD, ElementType.TYPE})
@Retention(RetentionPolicy.RUNTIME)
public @interface PassToken {
}

JWT工具类

package com.example.demojwt.util;

import com.auth0.jwt.JWT;
import com.auth0.jwt.JWTVerifier;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.exceptions.JWTVerificationException;

import java.util.Date;

/**
* jwt的工具类
*/
public class JwtUtil {
// 过期时间为3分钟
private static final long EXPIRE_TIME = 3 * 60 * 1000;

// 秘钥
private static final String TOKEN_SECRET = "jxxxooo9999";

/**
* 创建token
*
* @param userId
* @param username
* @return
*/
public static String sign(long userId, String username) {
Date date = new Date(System.currentTimeMillis() + EXPIRE_TIME);

Algorithm algorithm = Algorithm.HMAC256(TOKEN_SECRET);

return JWT.create()
.withClaim("userId", userId)
.withClaim("username", username)
.withExpiresAt(date)
.sign(algorithm);
}

/**
* 验证token
*
* @param token
* @return
*/
public static boolean verify(String token) {
// 验证 token
try {
Algorithm algorithm = Algorithm.HMAC256(TOKEN_SECRET);
JWTVerifier verifier = JWT.require(algorithm).build();
verifier.verify(token);
} catch (IllegalArgumentException e) {
return false;
} catch (JWTVerificationException e) {
return false;
}

return true;

}
}

拦截器

package com.example.demojwt.intercepter;

import com.auth0.jwt.JWT;
import com.example.demojwt.annotation.PassToken;
import com.example.demojwt.entity.User;
import com.example.demojwt.service.UserService;
import com.example.demojwt.util.JwtUtil;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.HandlerInterceptor;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.lang.reflect.Method;


/**
* 拦截器去获取token并验证token
* 默认所有接口都需要认证
*/
public class AuthenticationInterceptor implements HandlerInterceptor {
@Autowired
UserService userService;

@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
// 从 http 请求头中取出 token
String token = request.getHeader("token");

// 1、如果不是映射到方法直接通过
if (!(handler instanceof HandlerMethod)) {
return true;
}

HandlerMethod handlerMethod = (HandlerMethod) handler;
Method method = handlerMethod.getMethod();

// 2、检查是否有 PassToken注释,有则跳过认证
if (method.isAnnotationPresent(PassToken.class)) {
return true;
}

// 3、检查 token
if (token == null || "".equals(token)) {
throw new RuntimeException("token无效");
}

// 4、验证 token
if (!JwtUtil.verify(token)) {
throw new RuntimeException("token验证失败");
}

// 5、验证用户是否存在
// 获取 token 中的 userId
Integer userId = JWT.decode(token).getClaim("userId").asInt();

User user = userService.getUserById(userId);
if (user == null) {
throw new RuntimeException("用户不存在");
}

return true;

}
}

完整代码: ​​https://github.com/mouday/Spring-Boot-Demo/tree/master/demo-jwt​​


参考文章

  1. SpringBoot集成JWT实现token验证
  2. SpringBoot2.0 - 集成JWT实现token验证




举报

相关推荐

0 条评论