springboot如何使用jwt进行token的验证
引入pom依赖<dependency><groupId>com.auth0</groupId><artifactId>java-jwt</artifactId><version>3.10.3</version></dependency>2.编写JWTUtils工具类package com.ran.uti
·
引入pom依赖
<dependency>
<groupId>com.auth0</groupId>
<artifactId>java-jwt</artifactId>
<version>3.10.3</version>
</dependency>
2.编写JWTUtils工具类
package com.ran.utils;
import com.auth0.jwt.JWT;
import com.auth0.jwt.JWTCreator;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.interfaces.DecodedJWT;
import java.util.Calendar;
import java.util.Map;
public class JWTUtils {
private static final String signature = "xxxxxxxxxxx";
/**
* 生成token header.payload.signature
*/
public static String getToken(Map<String, String> map) {
Calendar instance = Calendar.getInstance();
instance.add(Calendar.DATE, 30);
//创建JWT builder
JWTCreator.Builder builder = JWT.create();
//payload
map.forEach(builder::withClaim);
String token = builder.withExpiresAt(instance.getTime()).sign(Algorithm.HMAC256(signature));
return token;
}
/**
* 验证token 合法性
* 验证失败则会抛出异常 验证成功则不抛出异常
* AlgorithmMismatchException 算法不匹配
* TokenExpiredException token过期
* SignatureVerificationException 签名验证失败异常
* Exception token无效
*/
public static void verify(String token){
JWT.require(Algorithm.HMAC256(signature)).build().verify(token);
}
/**
* 获取token方法
*/
public static DecodedJWT getTokenInfo(String token){
DecodedJWT verify = JWT.require(Algorithm.HMAC256(signature)).build().verify(token);
return verify;
}
}
3.为了减少代码冗余在springboot中添加拦截器
package com.ran.interceptor;
import com.auth0.jwt.exceptions.AlgorithmMismatchException;
import com.auth0.jwt.exceptions.SignatureVerificationException;
import com.auth0.jwt.exceptions.TokenExpiredException;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.ran.utils.JWTUtils;
import org.springframework.web.servlet.HandlerInterceptor;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.util.HashMap;
public class JWTInterceptor implements HandlerInterceptor {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
HashMap<String, Object> map = new HashMap<>();
//获取请求头中的token令牌
String token = request.getHeader("Authorization");
try {
JWTUtils.verify(token);
return true;
}catch (AlgorithmMismatchException e){
e.printStackTrace();
map.put("msg","算法不匹配");
}catch (TokenExpiredException e){
e.printStackTrace();
map.put("msg","token过期");
}catch (SignatureVerificationException e){
e.printStackTrace();
map.put("msg","签名验证失败异常");
} catch (Exception e) {
e.printStackTrace();
map.put("msg","token无效");
}
map.put("state",false);//设置状态
// 将map转为json Jackson
String json = new ObjectMapper().writeValueAsString(map);
response.setContentType("application/json;charset=utf-8");
// response.getWriter().write(json);
response.getWriter().println(json);
return false;
}
}
4.配置InterceptorConfig
package com.ran.config;
import com.ran.interceptor.JWTInterceptor;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
@Configuration
public class InterceptorConfig implements WebMvcConfigurer {
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(new JWTInterceptor())
.addPathPatterns("/**")//其他接口进行保护拦截验证
.excludePathPatterns("/user/**");//关于用户的接口放行
}
}
5.现在就可以完美使用JWTtoken验证了
Authing 是一款以开发者为中心的全场景身份云产品,集成了所有主流身份认证协议,为企业和开发者提供完善安全的用户认证和访问管理服务
更多推荐
0
0- 0
已为社区贡献1条内容
所有评论(0)