Java web中使用JWT

jwt.png

java-web 中使用 JWT 进行用户鉴权

环境参数

springboot --1.4.7-release
springcloud--Camden.SR7
pom的配置我们不选择springboot的parent方式，选择下面这种dependencies
代码里用到了lambda，Google guava，这个要了解

pom.xml



    4.0.0

    com.mooc.house.user
    user-srv
    0.0.1-SNAPSHOT
    jar

    user-service
    User Service for house
    
        UTF-8
        UTF-8
        1.8
        2.2.2
        1.3.0
        com.mooc.house.user.UserSrvApplication
    
    
   
        
            
                
                org.springframework.boot
                spring-boot-dependencies
                1.4.7.RELEASE
                pom
                import
                
            
            
                org.springframework.cloud
                spring-cloud-dependencies
                Camden.SR7
                pom
                import
            
        
    

    
        
            org.springframework.boot
            spring-boot-starter-actuator
        
        
            org.springframework.cloud
            spring-cloud-starter-hystrix
        
        
            org.springframework.cloud
            spring-cloud-starter-hystrix-dashboard
        
       
            org.springframework.cloud
            spring-cloud-starter-sleuth
        
        
          org.springframework.cloud
          spring-cloud-starter-zipkin
       
        
            org.springframework.cloud
            spring-cloud-starter-eureka
        
        
            org.springframework.boot
            spring-boot-starter-web
        

        
            org.springframework.boot
            spring-boot-starter-test
            test
        
        
        
           org.zalando
          logbook-core
          ${logbook.version}
        
        
            org.zalando
            logbook-servlet
            ${logbook.version}
        
        
            org.zalando
            logbook-httpclient
            ${logbook.version}
        
        
            org.zalando
            logbook-spring-boot-starter
            ${logbook.version}
        
        
        
           org.springframework.boot
           spring-boot-starter-mail
        

        
            org.mybatis.spring.boot
            mybatis-spring-boot-starter
            1.2.0
        
        
           
        org.springframework.boot  
        spring-boot-starter  
          
              
                org.springframework.boot  
                spring-boot-starter-logging  
              
              
       

        
           org.springframework.boot
          spring-boot-starter-log4j2
        
       
        
          com.lmax
          disruptor
          3.3.6
        
    
        
            com.alibaba
            druid
            1.1.0
        
    
        
            mysql
            mysql-connector-java
        
        
        
           com.google.guava
           guava
           18.0
       
       
        
          org.apache.commons
          commons-lang3
          3.4
        
        
         
          commons-beanutils
          commons-beanutils
        

        
            org.springframework.boot
            spring-boot-starter-redis
        
        
        
           com.auth0
           java-jwt
           3.1.0
         
         
       
        io.springfox
         springfox-swagger2
         ${springfox.version}
       
       
        
        io.springfox
         springfox-swagger-ui
         ${springfox.version}
       
          
      
        com.alibaba
        fastjson
        1.2.24
       
      
        org.springframework.boot
        spring-boot-configuration-processor
        true
      
    

    

    
        ${project.basedir}/target
        ${project.build.directory}/classes
        ${project.artifactId}
        
            
                src/main/resources
            
        
        
            
                org.apache.maven.plugins
                maven-compiler-plugin
                3.1
                
                    1.8
                    1.8
                
            
            
            
                org.springframework.boot
                spring-boot-maven-plugin
                1.4.7.RELEASE
                
                    com.mooc.house.user.UserServiceApplication
                    ZIP
                
                    
                        
                            
                                repackage
                            
                        
                    
            
            
                org.apache.maven.plugins
                maven-source-plugin
                2.4
                
                    
                        attach-sources
                        
                            jar

JWT工具类

package com.mooc.house.user.utils;

import java.io.UnsupportedEncodingException;
import java.util.Date;
import java.util.Map;

import org.apache.commons.lang3.time.DateUtils;

import com.auth0.jwt.JWT;
import com.auth0.jwt.JWTCreator;
import com.auth0.jwt.JWTVerifier;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.interfaces.Claim;
import com.auth0.jwt.interfaces.DecodedJWT;
import com.google.common.collect.Maps;

public class JwtHelper {
  
  private static final String  SECRET = "session_secret";
  
  private static final String  ISSUER = "chunbo_user";
  
  //获取token的方法
  public static String genToken(Map claims){
    try {
      //使用该加密算法
      Algorithm algorithm = Algorithm.HMAC256(SECRET);
      //Builder是JWTCreator的静态内部类
      //{静态内部类只能访问外部类的静态变量和静态方法，Outer.Inner inner = new Outer.Inner()}
      JWTCreator.Builder builder = JWT.create()
          .withIssuer(ISSUER) //设置发布者
          .withExpiresAt(DateUtils.addDays(new Date(), 1));//过期一天
      claims.forEach((k,v) -> builder.withClaim(k, v));//将传入的claims设置到builder里面
      //claims.forEach( builder::withClaim);
      return builder.sign(algorithm).toString(); //使用上面的加密算法进行签名，返回String，就是token
    } catch (IllegalArgumentException | UnsupportedEncodingException e) {
      throw new RuntimeException(e);
    }
  }
  //验证token方法
  public static Map verifyToken(String token)  {
    Algorithm algorithm = null;
    try {
      algorithm = Algorithm.HMAC256(SECRET);
    } catch (IllegalArgumentException | UnsupportedEncodingException e) {
      throw new RuntimeException(e);
    }
    JWTVerifier verifier = JWT.require(algorithm).withIssuer(ISSUER).build();
    DecodedJWT jwt =  verifier.verify(token);
    Map map = jwt.getClaims();
    Map resultMap = Maps.newHashMap();
    map.forEach((k,v) -> resultMap.put(k, v.asString()));
    return resultMap;
  }

}

业务调用流程

用户登录成功 —— JWT生成 token —— 第二次登录？token=xxxxx —— JWT鉴权vertify

需要注意的是

JWT初始化，我们已经确定好过期时间，他无法在后面登出的时候，设置立即失效！
所以我们可以引入中间层Redis，在生成token后，将email token绑定到Redis中 .

Java web中使用JWT

环境参数

pom.xml

JWT工具类

业务调用流程

你可能感兴趣的:(Java web中使用JWT)