java token生成和验证_SpringBoot集成JWT生成token及校验方法过程解析
GitHub源碼地址:https://github.com/zeng-xian-guo/springboot_jwt_token.git
封裝JTW生成token和校驗方法
public class JwtTokenUtil {
//公用密鑰-保存在服務(wù)端,客戶端是不會知道密鑰的,以防被攻擊
public static String SECRET = "ThisIsASecret";
//生成Troke
public static String createToken(String username) {
//簽發(fā)時間
//Date iatDate = new Date();
//過地時間 1分鐘后過期
//Calendar nowTime = Calendar.getInstance();
//nowTime.add(Calendar.MINUTE, 1);
//Date expiresDate = nowTime.getTime();
Map map = new HashMap();
map.put("alg", "HS256");
map.put("typ", "JWT");
String token = JWT.create()
.withHeader(map)
//.withClaim( "name","Free碼生") //設(shè)置 載荷 Payload
//.withClaim("age","12")
//.withClaim( "org","測試")
//.withExpiresAt(expiresDate)//設(shè)置過期時間,過期時間要大于簽發(fā)時間
//.withIssuedAt(iatDate)//設(shè)置簽發(fā)時間
.withAudience(username) //設(shè)置 載荷 簽名的觀眾
.sign(Algorithm.HMAC256(SECRET));//加密
System.out.println("后臺生成token:" + token);
return token;
}
//校驗TOKEN
public static boolean verifyToken(String token) throws UnsupportedEncodingException{
JWTVerifier verifier = JWT.require(Algorithm.HMAC256(SECRET)).build();
try {
verifier.verify(token);
return true;
} catch (Exception e){
return false;
}
}
//獲取Token信息
public static DecodedJWT getTokenInfo(String token) throws UnsupportedEncodingException{
JWTVerifier verifier = JWT.require(Algorithm.HMAC256(SECRET)).build();
try{
return verifier.verify(token);
} catch(Exception e){
throw new RuntimeException(e);
}
}
}
新建自定義注解:@UserLoginToken
@Target({ElementType.METHOD, ElementType.TYPE})
@Retention(RetentionPolicy.RUNTIME)
public @interface UserLoginToken {
boolean required() default true;
}
關(guān)于攔截器配置:
@Configuration
public class InterceptorConfig implements WebMvcConfigurer {
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(authenticationInterceptor())
.addPathPatterns("/**"); // 攔截所有請求,通過判斷是否有 @LoginRequired 注解 決定是否需要登錄
}
@Bean
public AuthenticationInterceptor authenticationInterceptor() {
return new AuthenticationInterceptor();
}
}
public class AuthenticationInterceptor implements HandlerInterceptor {
@Autowired
UserService userService;
@Override
public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object object) throws Exception {
String token = httpServletRequest.getHeader("token");// 從 http 請求頭中取出 token
// 如果不是映射到方法直接通過
if(!(object instanceof HandlerMethod)){
return true;
}
HandlerMethod handlerMethod=(HandlerMethod)object;
Method method=handlerMethod.getMethod();
//檢查是否有passtoken注釋,有則跳過認證
if (method.isAnnotationPresent(PassToken.class)) {
PassToken passToken = method.getAnnotation(PassToken.class);
if (passToken.required()) {
return true;
}
}
//檢查有沒有需要用戶權(quán)限的注解
if (method.isAnnotationPresent(UserLoginToken.class)) {
UserLoginToken userLoginToken = method.getAnnotation(UserLoginToken.class);
if (userLoginToken.required()) {
// 執(zhí)行認證
if (token == null) {
throw new RuntimeException("無token,請重新登錄");
}
// 驗證 token
if(JwtTokenUtil.verifyToken(token)){
return true;
}else {
throw new RuntimeException("401");
}
}
}
return true;
}
@Override
public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, ModelAndView modelAndView) throws Exception {
}
@Override
public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, Exception e) throws Exception {
}
}
登錄:
在Controller上登錄方法不用添加@UserLoginToken自定義注解,其余獲取后臺數(shù)據(jù)方法加上@UserLoginToken自定義注解,目的驗證token是否有效,是則返回數(shù)據(jù),否則提示401無權(quán)限。
測試:
@Controller
@RequestMapping(path = "/api")
public class IndexController {
private String prefix = "index/";
@GetMapping("/index")
public String index()
{
return prefix + "index";
}
@UserLoginToken
@PostMapping("/test")
@ResponseBody
public Object test(){
Map map = new HashMap<>();
map.put("code","200");
map.put("message","你已通過驗證了");
return map;
}
}
HTTP請求帶上登陸成功后生成token,返回成功:
HTTP請求帶上無效token或不帶token,返回失敗:
以上就是本文的全部內(nèi)容,希望對大家的學(xué)習(xí)有所幫助,也希望大家多多支持腳本之家。
總結(jié)
以上是生活随笔為你收集整理的java token生成和验证_SpringBoot集成JWT生成token及校验方法过程解析的全部內(nèi)容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: cydia是什么在哪找到(cydia是什
- 下一篇: java url json字符串_JAV