menu 欢迎来到李羽秋博客
search self_improvement
目录

springBoot JWT 快速入门.md

李羽秋
李羽秋 2022年01月26日  ·  阅读 1,206

------------------ getter & setter ---------------------

public String getSecret() {
    return secret;
}
public void setSecret(String secret) {
    this.secret = secret;
}
public long getExpire() {
    return expire;
}
public void setExpire(long expire) {
    this.expire = expire;
}
public String getHeader() {
    return header;
}
public void setHeader(String header) {
    this.header = header;
}

}


### 2.3配置拦截器

package com.example.interceptor;

import com.example.config.JwtConfig;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.SignatureException;
import org.springframework.stereotype.Component;
import org.springframework.util.StringUtils;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

@Component
public class TokenInterceptor extends HandlerInterceptorAdapter {

@Resource
private JwtConfig jwtConfig ;
@Override
public boolean preHandle(HttpServletRequest request,
                         HttpServletResponse response,
                         Object handler) throws SignatureException {
    /** 地址过滤 */
    String uri = request.getRequestURI() ;
    if (uri.contains("/login")){
        return true ;
    }
    /** Token 验证 */
    String token = request.getHeader(jwtConfig.getHeader());
    if(StringUtils.isEmpty(token)){
        token = request.getParameter(jwtConfig.getHeader());
    }
    if(StringUtils.isEmpty(token)){
        throw new SignatureException(jwtConfig.getHeader()+ "不能为空");
    }

    Claims claims = null;
    try{
        claims = jwtConfig.getTokenClaim(token);
        if(claims == null || jwtConfig.isTokenExpired(claims.getExpiration())){
            throw new SignatureException(jwtConfig.getHeader() + "失效,请重新登录。");
        }
    }catch (Exception e){
        throw new SignatureException(jwtConfig.getHeader() + "失效,请重新登录。");
    }

    /** 设置 identityId 用户身份ID */
    request.setAttribute("identityId", claims.getSubject());
    return true;
}

}


### 2.4注册拦截器到SpringMvc

package com.example.config;

import com.example.interceptor.TokenInterceptor;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
import javax.annotation.Resource;

@Configuration
public class WebConfig implements WebMvcConfigurer {
@Resource
private TokenInterceptor tokenInterceptor ;
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(tokenInterceptor).addPathPatterns("/**");
}
}


### 2.5 编写统一异常处理类

package com.example.config;
import io.jsonwebtoken.SignatureException;
import org.springframework.web.bind.annotation.ExceptionHandler;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.bind.annotation.RestControllerAdvice;
import org.yuyi.full.handler.exception.ExceptionInfoBO;
import org.yuyi.full.handler.exception.ResultBO;
import org.yuyi.full.handler.exception.ResultTool;

@RestControllerAdvice
public class PermissionHandler {
@ExceptionHandler(value = )
@ResponseBody
public ResultBO<?> authorizationException(SignatureException e){
return ResultTool.error(new ExceptionInfoBO(1008,e.getMessage()));
}
}


### 2.6编写测试接口

package com.example.controller;

import com.alibaba.fastjson.JSONObject;
import com.example.config.JwtConfig;
import org.springframework.util.StringUtils;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;
import org.yuyi.full.handler.exception.ResultBO;
import org.yuyi.full.handler.exception.ResultTool;
import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
import java.util.HashMap;
import java.util.Map;

@RestController
public class TokenController {

@Resource
private JwtConfig jwtConfig ;

/**
 * 用户登录接口
 * @param userName
 * @param passWord
 * @return
 */
@PostMapping("/login")
public ResultBO<?> login (@RequestParam("userName") String userName,
                       @RequestParam("passWord") String passWord){
    JSONObject json = new JSONObject();

    /** 验证userName,passWord和数据库中是否一致,如不一致,直接return ResultTool.errer(); 【这里省略该步骤】*/

    // 这里模拟通过用户名和密码,从数据库查询userId
    // 这里把userId转为String类型,实际开发中如果subject需要存userId,则可以JwtConfig的createToken方法的参数设置为Long类型
    String userId = 5 + "";
    String token = jwtConfig.createToken(userId) ;
    if (!StringUtils.isEmpty(token)) {
        json.put("token",token) ;
    }
    return ResultTool.success(json) ;
}

/**
 * 需要 Token 验证的接口
 */
@PostMapping("/info")
public ResultBO<?> info (){
    return ResultTool.success("info") ;
}

/**
 * 根据请求头的token获取userId
 * @param request
 * @return
 */
@GetMapping("/getUserInfo")
public ResultBO<?> getUserInfo(HttpServletRequest request){
    String usernameFromToken = jwtConfig.getUsernameFromToken(request.getHeader("token"));
    return ResultTool.success(usernameFromToken) ;
}

/*
    为什么项目重启后,带着之前的token还可以访问到需要info等需要token验证的接口?
    答案:只要不过期,会一直存在,类似于redis
 */

}

分类:
标签:
本文作者:李羽秋
本文链接: http://150.158.49.119/archives/springbootjwt快速入门md
版权声明: 本文采用 CC BY-NC-SA 3.0 协议进行许可