jjwt的jar包引入

fastjson的jar包引入

<!-- https://mvnrepository.com/artifact/com.alibaba/fastjson --><dependency><groupId>com.alibaba</groupId><artifactId>fastjson</artifactId><version>1.2.47</version></dependency><!-- https://mvnrepository.com/artifact/io.jsonwebtoken/jjwt --><dependency><groupId>io.jsonwebtoken</groupId><artifactId>jjwt</artifactId><version>0.9.0</version></dependency>

?

用戶登陸成功后生成 token 返給前端進行緩存

?

package com.baojian.zhang.util;import java.util.Date;import io.jsonwebtoken.Jwts; import io.jsonwebtoken.SignatureAlgorithm;public class TokenUtil {//這里是加密解密的key。public static String tokenKey = "MiTMW2toifJyH0MO";/*** 根據用戶卡號生成token，默認有效期為1個月* @param expiresDate 過期時間* @param cardNumber* 用戶卡號* @return token*/public static String createToken(String cardNumber, Date expiresDate) {// 生成tokenreturn Jwts.builder().setSubject(cardNumber).setIssuedAt(new Date())// 設置簽發時間.setExpiration(expiresDate)// 設置過期時間.signWith(SignatureAlgorithm.HS512, tokenKey).compact();}/*** 檢驗token是否可用* * @param token* @return 可用返回true，否則返回false*/public boolean checkToken(String token) {try {Jwts.parser().setSigningKey(tokenKey).parseClaimsJws(token);return true;} catch (Exception e) {e.printStackTrace();return false;}} }

當用戶登錄成功后，訪問接口時進行 token 校驗。本文章把校驗放在 Zuul? 進行統一校驗

package com.baojian.zhang.filter;import javax.servlet.http.HttpServletRequest;import org.apache.commons.lang.StringUtils; import org.springframework.cloud.netflix.zuul.filters.support.FilterConstants;import com.alibaba.fastjson.JSON; import com.baojian.zhang.base.BaseVO; import com.netflix.zuul.ZuulFilter; import com.netflix.zuul.context.RequestContext;import io.jsonwebtoken.Claims; import io.jsonwebtoken.ExpiredJwtException; import io.jsonwebtoken.Jws; import io.jsonwebtoken.Jwts; import io.jsonwebtoken.MalformedJwtException; import io.jsonwebtoken.SignatureException; import io.jsonwebtoken.UnsupportedJwtException;public class TokenFilter extends ZuulFilter {@Overridepublic boolean shouldFilter() {// 過濾含有 sign 的接口RequestContext ctx = RequestContext.getCurrentContext();HttpServletRequest request = ctx.getRequest();ctx.set("startTime", System.currentTimeMillis());// 設置請求開始時間// 獲取 sign 參數String sign = request.getParameter("sign");if (StringUtils.isNotEmpty(sign)) {return true;}return false;}@Overridepublic Object run() {RequestContext ctx = RequestContext.getCurrentContext();HttpServletRequest request = ctx.getRequest();// 獲取 sign 參數String sign = request.getParameter("sign");// 有sign 時必須傳入卡號，檢查卡號是否存在String cardNumber = request.getParameter("cardNumber");if (StringUtils.isEmpty(cardNumber)) {returnResponse(ctx, JSON.toJSONString(new BaseVO<Void>(2, "卡號不能為空")));return null;}// 檢查token是否過期try {Jws<Claims> jws = Jwts.parser().setSigningKey("MiTMW2toifJyH0MO").parseClaimsJws(sign);if (!cardNumber.equals(jws.getBody().getSubject())) {returnResponse(ctx, JSON.toJSONString(new BaseVO<Void>(101, "用戶卡號與token不匹配！")));return null;}} catch (ExpiredJwtException e) {// token已過期returnResponse(ctx, JSON.toJSONString(new BaseVO<Void>(105, "token已過期，請重新登錄！")));return null;} catch (UnsupportedJwtException e) {// token不支持returnResponse(ctx, JSON.toJSONString(new BaseVO<Void>(107, "token信息不能被解析，請重新登錄！")));return null;} catch (MalformedJwtException e) {// token格式不對returnResponse(ctx, JSON.toJSONString(new BaseVO<Void>(106, "token格式錯誤，請重新登錄！")));return null;} catch (SignatureException e) {// token簽名不對returnResponse(ctx, JSON.toJSONString(new BaseVO<Void>(104, "token簽名錯誤，請重新登錄！")));return null;} catch (IllegalArgumentException e) {// token格式轉換錯誤returnResponse(ctx, JSON.toJSONString(new BaseVO<Void>(108, "token為空，請重新登錄！")));return null;}// 這里return的值沒有意義，zuul框架沒有使用該返回值return null;}@Overridepublic String filterType() {/*** pre：可以在請求被路由之前調用* route：在路由請求時候被調用* post：在route和error過濾器之后被調用* error：處理請求時發生錯誤時被調用*/return FilterConstants.PRE_TYPE;}@Overridepublic int filterOrder() {return 0;}private void returnResponse(RequestContext ctx, String body) {ctx.getResponse().setHeader("Content-Type", "application/json;charset=UTF-8");ctx.getResponse().setCharacterEncoding("UTF-8");ctx.setSendZuulResponse(false);ctx.setResponseStatusCode(200);ctx.setResponseBody(body);} }

將TokenFilter加入到請求攔截隊列，在啟動類中添加以下代碼：

package com.baojian.zhang;import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; import org.springframework.cloud.netflix.zuul.EnableZuulProxy; import org.springframework.context.annotation.Bean;import com.baojian.zhang.filter.TokenFilter;@SpringBootApplication @EnableZuulProxy public class MyZuulServiceApplication {public static void main(String[] args) {SpringApplication.run(MyZuulServiceApplication.class, args);}@Beanpublic TokenFilter tokenFilter() {return new TokenFilter();} }

?

總結

以上是生活随笔為你收集整理的spring bootJWT/JJWT JSON WEB TOKEN的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。