Spring Boot 整合JWT

JWT的基本使用

public class JwtTest {
    private static long time = 1000 * 60 * 60 * 24; // 过期时间 一天
    private static String signature = "admin"; // 签名信息 加密解密用
    
    public static void main(String[] args) {
        encryption(); // 加密
        parse();// 解密
    }
    
    /**
     * JWT 加密
     */
    public static void encryption() {
        // 创建 JWT 对象
        JwtBuilder jwtBuilder = Jwts.builder();
        String jwtToken = jwtBuilder
                // header(头)
                .setHeaderParam("typ", "JWT")
                .setHeaderParam("alg", "HS256")// header 算法
                // payload(载荷):用户信息
                .claim("username", "tom")// payload 载荷(用户信息)
                .claim("role", "admin")
                .setSubject("admin-test")// payload 主题(可以自定义)
                .setExpiration(new Date(System.currentTimeMillis() + time))// 有效时间(24小时)
                .setId(UUID.randomUUID().toString())// jwt的id
                //signature(签名)
                .signWith(SignatureAlgorithm.HS256, signature) // 签名算法和签名变量
                // 拼接成签名信息
                .compact();
        // header(头) : eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.
        // payload(载荷) : eyJ1c2VybmFtZSI6InRvbSIsInJvbGUiOiJhZG1pbiIsInN1YiI6ImFkbWluLXRlc3QiLCJleHAiOjE2NjYwNzE0NzAsImp0aSI6ImJjODIwMDIzLTJlMzQtNDQ4Zi1hOTc4LWE5YjU0ZGVkODhmMiJ9.
        // signature(签名) : K0YmwMtt0ZZFzA0r_bWjR9Med_aXwbQfBJKaldWsjfE
        System.out.println("JWT 加密:" + jwtToken);
    }

    /**
     * 解密
     */
    public static void parse() {

        String token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VybmFtZSI6InRvbSIsInJvbGUiOiJhZG1pbiIsInN1YiI6ImFkbWluLXRlc3QiLCJleHAiOjE2NjYwNzE0NzAsImp0aSI6ImJjODIwMDIzLTJlMzQtNDQ4Zi1hOTc4LWE5YjU0ZGVkODhmMiJ9.K0YmwMtt0ZZFzA0r_bWjR9Med_aXwbQfBJKaldWsjfE";
        // 创建jwt解密对象
        JwtParser jwtParser = Jwts.parser();
        // 解密
        Jws<Claims> claimsJws = jwtParser.setSigningKey(signature).parseClaimsJws(token);
        // 获取 jwt 中载荷
        Claims body = claimsJws.getBody();
        System.out.println("username:" + body.get("username"));
        System.out.println("role:" + body.get("role"));
        System.out.println("id:" + body.getId());
        System.out.println("签名:" + body.getSubject());
        System.out.println("有效期截止时间:" + body.getExpiration());
    }
}

spring boot 整合jwt 登录验证

用户实体类

@Data
public class User {
    private String username;
    private String password;
    private String token;
}

跨域

/**
 * 跨域
 */
@Configuration
public class CroConfiguration implements WebMvcConfigurer {
    @Override
    public void addCorsMappings(CorsRegistry registry) {
        registry.addMapping("/**")
                .allowCredentials(true)
                .allowedOrigins("*")
                .allowedMethods("GET", "POST", "PUT", "DELETE")
                .allowedHeaders("*")
                .exposedHeaders("*");
    }
}

登录和验证token逻辑

@RestController
public class UserController {

    private static long time = 1000*60*60*24;
    private static String signature = "admin";
    // 模拟数据
    private final String USERNAME = "admin";
    private final String PASSWORD = "123456";

    /**
     * 登录返回带token的用户信息
     */
    @GetMapping("/login")
    public User login(User user) {
        if (USERNAME.equals(user.getUsername()) && PASSWORD.equals(user.getPassword())) {
            // 添加token
            JwtBuilder jwtBuilder = Jwts.builder();
            String jwtToken = jwtBuilder
                    .setHeaderParam("typ","JWT")
                    .setHeaderParam("alg","HS256")
                    .claim("username","admin")
                    .setSubject("admin-test")
                    .setExpiration(new Date(System.currentTimeMillis() + time))
                    .setId(UUID.randomUUID().toString())
                    .signWith(SignatureAlgorithm.ES256,signature)
                    .compact();
            user.setToken(jwtToken);
            return user;
        }
        return null;
    }

    /**
     * 验证token
     * HttpServletRequest对象的header中获取token(因为前端token通过header传递)
     * 前端请求形式:
     * axiox({
     *      url:'http://localhost:8080/checkToken',
     *      method:'get',
     *      headers:{
     *           token:admin.token
     *      }
     * }).then(res)=>{
     *
     * }
     */

    @GetMapping("/checkToken")
    public Boolean checkToken(HttpServletRequest request) {
        // 从前端的请求头中获取token
        String token = request.getHeader("token");
        if (token == null) {
            return false;
        }
        // 如果正常解析说明正常,如果抛异常就失败了
        try {
            JwtParser jwtParser = Jwts.parser();
            Jws<Claims> claimsJws = jwtParser.setSigningKey(signature).parseClaimsJws(token);
        }catch (Exception e){
            return false;
        }
        return true;
    }
}

你可能感兴趣的:(后端_SpringBoot,java)