java应用系统的 token的实现方法
1. token的实现方法
package cn.joinstar.common;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JOSEObjectType;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.JWSObject;
import com.nimbusds.jose.JWSVerifier;
import com.nimbusds.jose.Payload;
import com.nimbusds.jose.crypto.MACSigner;
import com.nimbusds.jose.crypto.MACVerifier;
import net.minidev.json.JSONObject;
/**
*
* @author [email protected]
*
*/
public class JwtUtil {
/**
* 秘钥
*/
private static final byte[] SECRET="3d990d2276917dfac04467df11ff".getBytes();
/**
* 初始化head部分的数据为
* {
* "alg":"HS256",
* "type":"JWT"
* }
*/
private static final JWSHeader header=new JWSHeader(JWSAlgorithm.HS256, JOSEObjectType.JWT, null, null, null, null, null, null, null, null, null, null, null);
/**
* 生成token,该方法只在用户登录成功后调用
*
* @param Map集合,可以存储用户id,token生成时间,token过期时间等自定义字段
* @return token字符串,若失败则返回null
*/
public static String createToken(Map payload) {
String tokenString=null;
// 创建一个 JWS object
JWSObject jwsObject = new JWSObject(header, new Payload(new JSONObject(payload)));
try {
// 将jwsObject 进行HMAC签名
jwsObject.sign(new MACSigner(SECRET));
tokenString=jwsObject.serialize();
} catch (JOSEException e) {
System.err.println("签名失败:" + e.getMessage());
e.printStackTrace();
}
return tokenString;
}
/**
* 校验token是否合法,返回Map集合,集合中主要包含 state状态码 data鉴权成功后从token中提取的数据
* 该方法在过滤器中调用,每次请求API时都校验
* @param token
* @return Map
*/
public static Map validToken(String token) {
Map resultMap = new HashMap();
try {
JWSObject jwsObject = JWSObject.parse(token);
Payload payload = jwsObject.getPayload();
JWSVerifier verifier = new MACVerifier(SECRET);
if (jwsObject.verify(verifier)) {
JSONObject jsonOBj = payload.toJSONObject();
// token校验成功(此时没有校验是否过期)
resultMap.put("state", TokenState.VALID.toString());
// 若payload包含ext字段,则校验是否过期
if (jsonOBj.containsKey("ext")) {
long extTime = Long.valueOf(jsonOBj.get("ext").toString());
long curTime = new Date().getTime();
// 过期了
if (curTime > extTime) {
resultMap.clear();
resultMap.put("state", TokenState.EXPIRED.toString());
}
}
resultMap.put("data", jsonOBj);
} else {
// 校验失败
resultMap.put("state", TokenState.INVALID.toString());
}
} catch (Exception e) {
//e.printStackTrace();
// token格式不合法导致的异常
resultMap.clear();
resultMap.put("state", TokenState.INVALID.toString());
}
return resultMap;
}
}
2. 生成
package cn.joinstar.service.cloud;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import cn.joinstar.base.BaseServiceImpl;
import cn.joinstar.base.PageList;
import cn.joinstar.common.JwtUtil;
import cn.joinstar.common.ListPage;
import cn.joinstar.entity.cloud.Employee;
import cn.joinstar.entity.cloud.Org;
import cn.joinstar.entity.cloud.UserInfo;
import cn.joinstar.entity.vo.UserInfoVo;
import cn.joinstar.exception.BusinessException;
import cn.joinstar.mapper.cloud.EmployeeMapper;
import cn.joinstar.mapper.cloud.OrgMapper;
import cn.joinstar.mapper.cloud.UserInfoMapper;
import cn.joinstar.mapper.permission.EmployeeRoleMapper;
import cn.joinstar.util.MD5util;
import tk.mybatis.mapper.entity.Example;
@Service("userInfoService")
public class UserInfoServiceImpl extends BaseServiceImpl implements UserInfoService {
@Autowired
private UserInfoMapper userInfoMapper;
@Autowired
private EmployeeMapper employeeMapper;
@Autowired
private EmployeeRoleMapper employeeRoleMapper;
/*@Autowired
private OrgEmployeeMapper orgEmployeeMapper;*/
@Autowired
private OrgMapper orgMapper;
@Override
public Map login(String userName,String password,String mobile) {
UserInfo user = new UserInfo();
if (userName != null && !userName.equals("") && mobile != null && !mobile.equals("")) {
user.setUserName(userName);
user.setMobile(mobile);
user = userInfoMapper.selectOne(user);
if (user == null) {
throw new BusinessException("{user.username.notexist}", "该账户不存在");
}
} else {
if (userName != null && !userName.equals("")) {
user.setUserName(userName);
user = userInfoMapper.selectOne(user);
if (user == null) {
throw new BusinessException("{username.notexist}", "用户名不存在请用手机号登录添加用户名");
}
} else if (mobile != null && !mobile.equals("")) {
user.setMobile(mobile);
user = userInfoMapper.selectOne(user);
}
}
if (user.getDeleteFlag().equals(1)) {
throw new BusinessException("{user.disable}", "账号被禁用");
}
String pwd = MD5util.getMD5(password);
if (!pwd.equals(user.getPassword())) {
throw new BusinessException("{password.error}", "密码错误");
}
Map payload = new HashMap();
Employee employee = new Employee();
Org org = new Org();
if (user.getSuperFlag().equals(1)) {
payload.put("topOrgId", 0);
payload.put("orgId", 0);
payload.put("employeeId", 0);
employee.setName(user.getUserName());
employee.setMobile(user.getMobile());
}else {
//employee = employeeMapper.selectByUserIdAndOrgId(user.getId(), user.getDefaultOrgId());
Example example = new Example(Employee.class);
example.createCriteria().andEqualTo("userId", user.getId());
employee = employeeMapper.selectByExample(example).get(0);
payload.put("topOrgId", employee.getTopOrgId());
payload.put("orgId", employee.getOrgId());
payload.put("employeeId", employee.getId());
org = orgMapper.selectByPrimaryKey(user.getDefaultOrgId());
}
//Map payload = new HashMap();
payload.put("userId", user.getId());
payload.put("superFlag", user.getSuperFlag());
if (user.getUserName() != null) {
payload.put("userName", user.getUserName());
}else {
payload.put("userName", user.getMobile());
}
payload.put("lastLoginTime", System.currentTimeMillis());
String token = JwtUtil.createToken(payload);
Map map = new HashMap<>();
map.put("token", token);
map.put("org", org);
map.put("employee", employee);
return map;
}
@Override
public Integer updateUserInfoStatus(Long id, Integer userStatus) {
return userInfoMapper.updateUserInfoStatus(id, userStatus);
}
@Override
public PageList pageListUser(Integer pageIndex,Integer pageSize,String userName,String name,Long currOrgId
,Long currEmployeeId,Integer superFlag) {
List employeeRoles = employeeRoleMapper.selectByEmployeeRoleId(currEmployeeId);
PageList pageList = new PageList<>();
List userInfos = null;
if (employeeRoles.contains(10l) || superFlag.equals(1)) {//平台管理员
userInfos = userInfoMapper.selectByUserInfo(userName,name,null);
ListPage listPage = new ListPage<>(userInfos, pageIndex, pageSize);
List list = listPage.getPagedList();
pageList.setPageIndex(pageIndex);
pageList.setPageSize(pageSize);
pageList.setRows(list);
long total = userInfos.size();
pageList.setTotal(total);
return pageList;
}else if (employeeRoles.contains(11l)) {//机构管理员
userInfos = userInfoMapper.selectByUserInfo(userName,name,currOrgId);
ListPage listPage = new ListPage<>(userInfos, pageIndex, pageSize);
List list = listPage.getPagedList();
pageList.setPageIndex(pageIndex);
pageList.setPageSize(pageSize);
pageList.setRows(list);
long total = userInfos.size();
pageList.setTotal(total);
return pageList;
}
return pageList;
}
/**
* 验证用户名是否重复
*/
@Override
public Integer queryRepetition(String userName) {
Example example = new Example(UserInfo.class);
example.createCriteria().andEqualTo("userName", userName);
List userInfos = userInfoMapper.selectByExample(example);
if (userInfos.size() > 0) {
throw new BusinessException("{userName.repeat}", "该用户名已存在");
}
return null;
}
}
3. token解析
package cn.joinstar.common;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
import com.alibaba.fastjson.JSONObject;
import cn.joinstar.core.Authentication;
import cn.joinstar.core.SecurityContext;
import cn.joinstar.exception.BusinessException;
public class SecurityInterceptor extends HandlerInterceptorAdapter {
private static Logger log = LoggerFactory.getLogger(SecurityInterceptor.class);
private String tokenHeader = "Authorization";
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
throws Exception {
if(request.getMethod().equals("OPTIONS")){
response.setStatus(204);
//System.out.println("OPTIONS请求");
return true;
}
log.info("handler:"+handler.getClass().getName());
HandlerMethod handlerMethod = (HandlerMethod)handler;
if(handlerMethod.getMethod().getName().equals("requestConfigApi")){//处理配置API
return true;
}
//处理自定义API
RequestAuth requestAuth = handlerMethod.getMethodAnnotation(RequestAuth.class);
if(requestAuth!=null && requestAuth.auth()==false){//非验证API
return true;
}
String token = request.getHeader("token") != null ? request.getHeader("token") : request.getHeader(tokenHeader);
if(token==null){
throw new BusinessException("{token.nothing}", "没有token");
}
Map resultMap = JwtUtil.validToken(token);
log.info(token);
JSONObject jsonObject = JSONObject.parseObject(String.valueOf(resultMap.get("data")));
log.info(jsonObject.toJSONString());
Authentication auth = new Authentication();
auth.setSuperFlag(Integer.valueOf(jsonObject.get("superFlag").toString()));
auth.setUserId(Long.valueOf(jsonObject.get("userId").toString()));
auth.setTopOrgId(Long.valueOf(jsonObject.get("topOrgId").toString()));
auth.setOrgId(Long.valueOf(jsonObject.get("orgId").toString()));
auth.setEmployeeId(Long.valueOf(jsonObject.get("employeeId").toString()));
//auth.setUserName(jsonObject.get("userName").toString());
SecurityContext.setContext(auth);
return true;
}
}