Java使用JWT

JWT

一、简介

1、JWT

JWT为 Json Web Token,是一种令牌生成算法。使用JWT能够保证Token的安全性,且能够进行Token时效性的检验。

2、JWT结构

JWT共由三部分组成,分别是数据头(Header)、Payload(数据体)、验证签名(Verify Signature)组成。其中,Header中的内容为加密信息以及Token的类别,Payload为用户数据、Verify Signature为校验数据。
请添加图片描述

二、依赖

JWT需要两个依赖java-jwt、jjwt

<dependency>
    <groupId>com.auth0</groupId>
    <artifactId>java-jwt</artifactId>
    <version>3.8.2</version>
</dependency>
<dependency>
    <groupId>io.jsonwebtoken</groupId>
    <artifactId>jjwt</artifactId>
    <version>0.9.1</version>
</dependency>

三、Token的生成与解析

1、生成token字符串

import io.jsonwebtoken.JwtBuilder;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import org.springframework.web.bind.annotation.CrossOrigin;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

import java.util.Date;
import java.util.Hashtable;
import java.util.Map;

@RestController
@RequestMapping("/jwt")
@CrossOrigin
public class JWTController {
    @RequestMapping("/token")
    public String getToken(){
        User user=new User(1,"张三","123",new Date());
        String userJson = JSON.toJSONString(user);//序列化user
        JwtBuilder jwtBuilder = Jwts.builder(); //获得JWT构造器
        Map<String,Object> map=new Hashtable<>();
         map.put("kay",userJson);
        String token = jwtBuilder.setSubject("hello") //设置用户数据
            .setIssuedAt(new Date()) //设置jwt生成时间
            .setId("1") //设置id为token id
            .setClaims(map) //通过map传值
            .setExpiration(new Date(System.currentTimeMillis() + 5000)) //设置token有效期
            .signWith(SignatureAlgorithm.HS256, "qianfeng") //设置token加密方式和密码
            .compact(); //生成token字符串
        return token;
    }
}

2、解析token

@RequestMapping("/parser")
@CrossOrigin
public ResponseEntity<User> getUser(@RequestParam("token") String token){
    if (token!=null){
        JwtParser jwtParser= Jwts.parser(); //获取jwt解析器
        jwtParser.setSigningKey("java666");
        try{
            //如果token正确(密码,有效期)则正常运行,否则抛出异常
            Jws<Claims> claimsJws = jwtParser.parseClaimsJws(token);
            Claims body = claimsJws.getBody();//获取body
            String subject = body.getSubject();//获取body中subject中的值
            log.info(subject);
            String key = body.get("key", String.class);//获取Claims中map的值
            User user = JSON.parseObject(key, User.class);//反序列化user
            return new ResponseEntity<User>(user,HttpStatus.OK);
        }catch (Exception e){
            e.printStackTrace();
            return new ResponseEntity<User>(new User(),HttpStatus.NOT_ACCEPTABLE);
        }
    }else {
        return new ResponseEntity<User>(new User(),HttpStatus.NOT_ACCEPTABLE);
    }
}

注:通过Claims的map传值时,如果直接将对象放入map中,解析时得到的时LinkedHashMap类型,其中将map中对象的每一个属性作为其LinkedHashMap的键值对存储;若需要串一个对象的话,可以将其序列化,在解析式再将其反序列化即可

不过也可通过构造器重新构造一个对象出来

请添加图片描述

User user=new User((Integer) key.get("userId"),(String) key.get("userName"),(String) key.get("password"),new Date((Long) key.get("birthday")));

这里还有一个异常,就是body.getSubject()得到的值总是null,可以通过Claims传值

四、使用拦截器拦截Token

1、通过header传递Token

前端token的存取值请看这篇文章:前端存取Cookie与localStorage
前端axios使用headers域传参

axios({
    method:"get",
    url:"api/order/orders",
    headers:{
        token:this.token
    }
}).then((res)=>{
    console.log(res.data)
})

2、注册拦截器

import com.alibaba.fastjson.JSON;
import io.jsonwebtoken.*;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.stereotype.Component;
import org.springframework.web.bind.annotation.CrossOrigin;
import org.springframework.web.servlet.HandlerInterceptor;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;

@Component
@CrossOrigin
public class JwtInterceptor implements HandlerInterceptor {
    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        String method = request.getMethod();
        if ("OPTIONS".equals(method)){
            return true;
        }
        //获取请求头部信息
        String token = request.getHeader("token");
        if (token!=null) {
            try {
                JwtParser jwtParser = Jwts.parser();
                jwtParser.setSigningKey("java666");
                //只做token验证,若不通过,则抛异常
                Jws<Claims> claimsJws = jwtParser.parseClaimsJws(token);
                return true;
            }catch (ExpiredJwtException e){
                doResponse(response,"Token已过期,请重新登陆!");
                return false;
            }catch (UnsupportedJwtException e){
                doResponse(response,"Token不合法,请自重!");
                return false;
            }catch (Exception e){
                doResponse(response,"Token不合法,请自重!");
                return false;
            }
        }
        doResponse(response,"Token已过期,请重新登陆!");
        return false;
    }

    public void doResponse(HttpServletResponse response,String info) throws IOException {
        response.setContentType("application/json");
        response.setCharacterEncoding("utf-8");

        PrintWriter writer = response.getWriter();
        ResponseEntity<String> responseEntity=new ResponseEntity<>(info, HttpStatus.NOT_ACCEPTABLE);
        String json = JSON.toJSONString(responseEntity);
        writer.write(json);
        writer.flush();
        writer.close();
    }
}

3、配置拦截器

import com.qf.interceptor.JwtInterceptor;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;

import java.util.ArrayList;
import java.util.List;

@Configuration
public class MyInterceptorConfig implements WebMvcConfigurer {

    @Autowired
    private JwtInterceptor jwtInterceptor;

    @Override
    public void addInterceptors(InterceptorRegistry registry) {
        List<String> pathPatterns=new ArrayList<>();
        pathPatterns.add("/jwt/parser");
        pathPatterns.add("/order/**");
        List<String> excludePathPatterns=new ArrayList<>();
        excludePathPatterns.add("/jwt/token");
        registry.addInterceptor(jwtInterceptor) //添加拦截器
            .addPathPatterns(pathPatterns) //添加拦截url
            .excludePathPatterns(excludePathPatterns); //添加不拦截url
    }
}

版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/cxmengxin/article/details/119279848