SpringBoot整合JWT完成登录认证

SpringBoot整合JWT完成登录认证

对现有的使用cookie/seesion进行会话认证的项目改造,使用JWT进行登录认证。

依赖

        <!--引入jwt-->
        <dependency>
            <groupId>com.auth0</groupId>
            <artifactId>java-jwt</artifactId>
            <version>3.15.0</version>
        </dependency>

JWT配置

对请求进行拦截,在拦截器中获取到请求头中携带的token,然后进行校验,校验通过才能进行其它操作。

/**
 *
 * JWT验证拦截器
 */
public class JWTInterceptor implements HandlerInterceptor {


    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        HashMap<String, Object> map = new HashMap<>();
        //令牌建议放在请求头中,获取请求头中的令牌
        String token = request.getHeader("token");
        try {
            JWTUtils.verify(token);
            //验证通过,放行
            return true;
        } catch (SignatureVerificationException e) {
            e.printStackTrace();
            map.put("msg", "无效签名");
        } catch (TokenExpiredException e) {
            e.printStackTrace();
            map.put("msg", "token过期");
        } catch (AlgorithmMismatchException e) {
            e.printStackTrace();
            map.put("msg", "token算法不一致");
        } catch (Exception e) {
            e.printStackTrace();
            map.put("msg", "token失败");
        }
        //设置状态
        map.put("state", false);
        //将map转化为json,response使用的是Jacksson
        String resultJson = new ObjectMapper().writeValueAsString(map);
        response.setContentType("application/json;charset=UTF-8");
        response.getWriter().print(resultJson);
        return false;
    }
}

对Interceptor进行配置,主要是配置拦截器可以拦截的路径和要放行的路径。

@Configuration
public class WebMvcConfig implements WebMvcConfigurer {

    @Override
    public void addResourceHandlers(ResourceHandlerRegistry registry) {
        registry.addResourceHandler("/images/**")
                .addResourceLocations("file:" + Constant.FILE_UPLOAD_DIR);
        // 解决swagger无法访问
        registry.addResourceHandler("/swagger-ui.html")
                .addResourceLocations("classpath:/META-INF/resources/");
        // 解决swagger的js文件无法访问
        registry.addResourceHandler("/webjars/**")
                .addResourceLocations("classpath:/META-INF/resources/webjars/");
        registry.addResourceHandler("/static/**").addResourceLocations("classpath:/static/");
        WebMvcConfigurer.super.addResourceHandlers(registry);
    }

    @Override
    public void addInterceptors(InterceptorRegistry registry) {
        registry.addInterceptor(new JWTInterceptor())
                //拦截率路径
                .addPathPatterns("/**")
                //放行路径
                .excludePathPatterns(Arrays.asList("/swagger-ui.html", "/swagger-ui.html/**", "/user/**"));
    }
}

JWT工具类

public class JWTUtils {

    private static final String SIGNATURE = "nfw&8534';/#njYdwNJKDW10!`";

    /**
     * 生成token
     * @param map 传入payload
     * @return
     */
    public static String getToken(Map<String, String> map) {
        JWTCreator.Builder builder = JWT.create();
        map.forEach((k,v) -> {
            builder.withClaim(k,v);
        });
        Calendar instance = Calendar.getInstance();
        instance.add(Calendar.SECOND, 7);
        builder.withExpiresAt(instance.getTime());
        return builder.sign(Algorithm.HMAC256(SIGNATURE)).toString();
    }


    /**
     * 验证token
     * @param token
     */
    public static void verify(String token) {
        JWT.require(Algorithm.HMAC256(SIGNATURE)).build().verify(token);
    }


    /**
     * 获取Token中的payload
     * @param token
     * @return
     */
    public static DecodedJWT getToken(String token) {
        return JWT.require(Algorithm.HMAC256(SIGNATURE)).build().verify(token);
    }

}

登录验证


    /**
     * 用户登录
     * @return
     */
    @RequestMapping("/login")
    public ApiRestResponse login(@RequestParam String username, @RequestParam String password, HttpSession session) {
        if (StringUtils.isEmpty(username)) {
            return ApiRestResponse.error(IMallExceptionEnum.NEED_USER_NAME);
        }
        if (StringUtils.isEmpty(password)) {
            return ApiRestResponse.error(IMallExceptionEnum.NEED_PASSWORD);
        }
        User user = new User(username, password);
        User result = userService.login(user);
        if (result != null) {
            //session中不保存用户密码
//            user.setPassword(null);
//            session.setAttribute(Constant.SESSION_USER, user);

            //使用JWT 完成
            Map<String, Object> map = new HashMap<>();
            HashMap<String, String> playload = new HashMap<>();
            playload.put("id", result.getId().toString());
            playload.put("name", result.getUsername());
            //生成JWT令牌
            String token = JWTUtils.getToken(playload);
            map.put("state", true);
            map.put("msg", "认证成功");
            map.put("token", token);
            return ApiRestResponse.success(map);
        } else {
            return ApiRestResponse.error(IMallExceptionEnum.NAMEORPASSWORD_ERROR);
        }
    }

需要注意的是,后端获取token是从header中获取的,所以前端在第一次登录成功拿到token后,之后的每一次请求都要在header中携带token

参考

  • JWT详细教程与使用

你可能感兴趣的:(spring,boot,java,spring,JWT)