登录
程序! 相对安全!<dependency>
<groupId>io.jsonwebtokengroupId>
<artifactId>jjwtartifactId>
<version>0.9.1version>
dependency>
<dependency>
<groupId>javax.xml.bindgroupId>
<artifactId>jaxb-apiartifactId>
<version>2.3.0version>
dependency>
#jwt配置
jwt:
token:
tokenExpiration: 120 #有效时间,单位分钟
tokenSignKey: headline123456 #当前程序签名秘钥 自定义
package com.alex.utils;
import com.alibaba.druid.util.StringUtils;
import io.jsonwebtoken.*;
import lombok.Data;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.context.annotation.Configuration;
import org.springframework.stereotype.Component;
import java.util.Date;
@Data
@Component
@ConfigurationProperties(prefix = "jwt.token")
public class JwtHelper {
private long tokenExpiration; //有效时间,单位毫秒 1000毫秒 == 1秒
private String tokenSignKey; //当前程序签名秘钥
//生成token字符串
public String createToken(Long userId) {
System.out.println("tokenExpiration = " + tokenExpiration);
System.out.println("tokenSignKey = " + tokenSignKey);
String token = Jwts.builder()
.setSubject("YYGH-USER")
.setExpiration(new Date(System.currentTimeMillis() + tokenExpiration*1000*60)) //单位分钟
.claim("userId", userId)
.signWith(SignatureAlgorithm.HS512, tokenSignKey)
.compressWith(CompressionCodecs.GZIP)
.compact();
return token;
}
//从token字符串获取userid
public Long getUserId(String token) {
if(StringUtils.isEmpty(token)) return null;
Jws<Claims> claimsJws = Jwts.parser().setSigningKey(tokenSignKey).parseClaimsJws(token);
Claims claims = claimsJws.getBody();
Integer userId = (Integer)claims.get("userId");
return userId.longValue();
}
//判断token是否有效
public boolean isExpiration(String token){
try {
boolean isExpire = Jwts.parser()
.setSigningKey(tokenSignKey)
.parseClaimsJws(token)
.getBody()
.getExpiration().before(new Date());
//没有过期,有效,返回false
return isExpire;
}catch(Exception e) {
//过期出现异常,返回true
return true;
}
}
}
@org.springframework.boot.test.context.SpringBootTest
public class SpringBootTest {
@Autowired
private JwtHelper jwtHelper;
@Test
public void test(){
//生成 传入用户标识
String token = jwtHelper.createToken(1L);
System.out.println("token = " + token);
//解析用户标识
int userId = jwtHelper.getUserId(token).intValue();
System.out.println("userId = " + userId);
//校验是否到期! false 未到期 true到期
boolean expiration = jwtHelper.isExpiration(token);
System.out.println("expiration = " + expiration);
}
}
url 地址: user/login
请求方式:POST
请求参数:
{
"username":"zhangsan", //用户名
"userPwd":"123456" //明文密码
}
响应数据:
{
"code":"200", // 成功状态码
"message":"success" // 成功状态描述
"data":{
"token":"... ..." // 用户id的token
}
}
{
"code":"501",
"message":"用户名有误"
"data":{}
}
{
"code":"503",
"message":"密码有误"
"data":{}
}
@RestController
@RequestMapping("user")
@CrossOrigin
public class UserController {
@Autowired
private UserService userService;
/**
* 登录需求
* 地址: /user/login
* 方式: post
* 参数:
* {
* "username":"zhangsan", //用户名
* "userPwd":"123456" //明文密码
* }
* 返回:
* {
* "code":"200", // 成功状态码
* "message":"success" // 成功状态描述
* "data":{
* "token":"... ..." // 用户id的token
* }
* }
*
* 大概流程:
* 1. 账号进行数据库查询 返回用户对象
* 2. 对比用户密码(md5加密)
* 3. 成功,根据userId生成token -> map key=token value=token值 - result封装
* 4. 失败,判断账号还是密码错误,封装对应的枚举错误即可
*/
@PostMapping("login")
public Result login(@RequestBody User user){
Result result = userService.login(user);
System.out.println("result = " + result);
return result;
}
}
@Service
public class UserServiceImpl extends ServiceImpl<UserMapper, User>
implements UserService{
@Autowired
private JwtHelper jwtHelper;
@Autowired
private UserMapper userMapper;
/**
* 登录业务实现
* @param user
* @return result封装
*/
@Override
public Result login(User user) {
//根据账号查询
LambdaQueryWrapper<User> queryWrapper = new LambdaQueryWrapper<>();
queryWrapper.eq(User::getUsername,user.getUsername());
User loginUser = userMapper.selectOne(queryWrapper);
//账号判断
if (loginUser == null) {
//账号错误
return Result.build(null, ResultCodeEnum.USERNAME_ERROR);
}
//判断密码
if (!StringUtils.isEmpty(user.getUserPwd())
&& loginUser.getUserPwd().equals(MD5Util.encrypt(user.getUserPwd())))
{
//账号密码正确
//根据用户唯一标识生成token
String token = jwtHelper.createToken(Long.valueOf(loginUser.getUid()));
Map data = new HashMap();
data.put("token",token);
return Result.ok(data);
}
//密码错误
return Result.build(null,ResultCodeEnum.PASSWORD_ERROR);
}
}
url 地址:user/getUserInfo
请求方式:GET
请求头:
token: token内容
响应数据:
{
"code": 200,
"message": "success",
"data": {
"loginUser": {
"uid": 1,
"username": "zhangsan",
"userPwd": "",
"nickName": "张三"
}
}
}
{
"code": 504,
"message": "notLogin",
"data": null
}
/**
* 地址: user/getUserInfo
* 方式: get
* 请求头: token = token内容
* 返回:
* {
* "code": 200,
* "message": "success",
* "data": {
* "loginUser": {
* "uid": 1,
* "username": "zhangsan",
* "userPwd": "",
* "nickName": "张三"
* }
* }
* }
*
* 大概流程:
* 1.获取token,解析token对应的userId
* 2.根据userId,查询用户数据
* 3.将用户数据的密码置空,并且把用户数据封装到结果中key = loginUser
* 4.失败返回504 (本次先写到当前业务,后期提取到拦截器和全局异常处理器)
*/
@GetMapping("getUserInfo")
public Result userInfo(@RequestHeader String token){
Result result = userService.getUserInfo(token);
return result;
}
/**
* 查询用户数据
* @param token
* @return result封装
*/
@Override
public Result getUserInfo(String token) {
//1.判定是否有效期
if (jwtHelper.isExpiration(token)) {
//true过期,直接返回未登录
return Result.build(null,ResultCodeEnum.NOTLOGIN);
}
//2.获取token对应的用户
int userId = jwtHelper.getUserId(token).intValue();
//3.查询数据
User user = userMapper.selectById(userId);
if (user != null) {
user.setUserPwd(null);
Map data = new HashMap();
data.put("loginUser",user);
return Result.ok(data);
}
return Result.build(null,ResultCodeEnum.NOTLOGIN);
}
username=zhangsan
响应数据:
{
"code":"200",
"message":"success"
"data":{}
}
{
"code":"505",
"message":"用户名占用"
"data":{}
}
/**
* url地址:user/checkUserName
* 请求方式:POST
* 请求参数:param形式
* username=zhangsan
* 响应数据:
* {
* "code":"200",
* "message":"success"
* "data":{}
* }
*
* 实现步骤:
* 1. 获取账号数据
* 2. 根据账号进行数据库查询
* 3. 结果封装
*/
@PostMapping("checkUserName")
public Result checkUserName(String username){
Result result = userService.checkUserName(username);
return result;
}
/**
* 检查账号是否可以注册
*
* @param username 账号信息
* @return
*/
@Override
public Result checkUserName(String username) {
LambdaQueryWrapper<User> queryWrapper = new LambdaQueryWrapper<>();
queryWrapper.eq(User::getUsername,username);
User user = userMapper.selectOne(queryWrapper);
if (user != null){
return Result.build(null,ResultCodeEnum.USERNAME_USED);
}
return Result.ok(null);
}
url 地址:user/regist
请求方式:POST
请求参数:
{
"username":"zhangsan",
"userPwd":"123456",
"nickName":"张三"
}
响应数据:
{
"code":"200",
"message":"success"
"data":{}
}
{
"code":"505",
"message":"用户名占用"
"data":{}
}
/**
* url地址:user/regist
* 请求方式:POST
* 请求参数:
* {
* "username":"zhangsan",
* "userPwd":"123456",
* "nickName":"张三"
* }
* 响应数据:
* {
* "code":"200",
* "message":"success"
* "data":{}
* }
*
* 实现步骤:
* 1. 将密码加密
* 2. 将数据插入
* 3. 判断结果,成 返回200 失败 505
*/
@PostMapping("regist")
public Result regist(@RequestBody User user){
Result result = userService.regist(user);
return result;
}
@Override
public Result regist(User user) {
LambdaQueryWrapper<User> queryWrapper = new LambdaQueryWrapper<>();
queryWrapper.eq(User::getUsername,user.getUsername());
Long count = userMapper.selectCount(queryWrapper);
if (count > 0){
return Result.build(null,ResultCodeEnum.USERNAME_USED);
}
user.setUserPwd(MD5Util.encrypt(user.getUserPwd()));
int rows = userMapper.insert(user);
System.out.println("rows = " + rows);
return Result.ok(null);
}