java

关注公众号 jb51net

关闭
首页 > 软件编程 > java > SpringBoot集成JWT工具类与拦截器

SpringBoot集成JWT的工具类与拦截器实现方式

作者:龙域、白泽

这篇文章主要介绍了SpringBoot集成JWT的工具类与拦截器实现方式,具有很好的参考价值,希望对大家有所帮助,如有错误或未考虑完全的地方,望不吝赐教

导入依赖

<!--引入JWT-->
<dependency>
    <groupId>com.auth0</groupId>
    <artifactId>java-jwt</artifactId>
    <version>3.4.0</version>
</dependency>

配置文件

# token配置
token:
  jwt:
    # 令牌自定义标识
    header: Authorization
    # 令牌密钥
    secret: ">?N<:{LWPWXX#$%()(#*!()!KL<><MQLMNQNQJQK sdfkjsdrow32234545fdf"
    # 令牌有效期,单位分钟(默认30分钟)
    expireTime: 30

Jwt工具类

包括token的生成,token的验证并返回存在负载中的用户信息

import java.util.Calendar;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
 
import com.auth0.jwt.JWTCreator;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;
 
import com.auth0.jwt.JWT;
import com.auth0.jwt.JWTVerifier;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.interfaces.Claim;
import com.auth0.jwt.interfaces.DecodedJWT;
 
/**
 * 登录Token的生成和解析
 */
@Component
public class JwtUtils {
 
    /**
     * token秘钥
     */
    public static String SECRET = "";
 
    /**
     * token 过期时间单位
     */
    public static final int calendarField = Calendar.MINUTE;
 
    /**
     * token 过期时间
     */
    public static int calendarInterval = 30;
 
    @Value("${token.jwt.secret}")
    public void setSECRET(String SECRET) {
        JwtUtils.SECRET = SECRET;
    }
 
    @Value("${token.jwt.expireTime}")
    public  void setCalendarInterval(int calendarInterval) {
        JwtUtils.calendarInterval = calendarInterval;
    }
 
    /**
     * JWT生成Token.<br/>
     * <p>
     * JWT构成: header, payload, signature
     *
     * @param map 登录成功后用户信息
     */
    public static String createToken(Map<String,String> map) {
        Date iatDate = new Date();
        // expire time
        Calendar nowTime = Calendar.getInstance();
        nowTime.add(calendarField, calendarInterval);
        Date expiresDate = nowTime.getTime();
 
        // header Map
        Map<String, Object> header = new HashMap<>();
        header.put("alg", "HS256");
        header.put("typ", "JWT");
 
        // 创建 token
        // param backups {iss:Service, aud:APP}
        JWTCreator.Builder builder = JWT.create().withHeader(header); // header 
 
        map.forEach(builder::withClaim); // payload
        // 指定token过期签名 和 签名
        return builder.withExpiresAt(expiresDate).sign(Algorithm.HMAC256(SECRET));
    }
 
    /**
     * 解密token
     * @param token 传入的token
     * @return 解密后的结果
     */
    public static Map<String, Claim> verifyToken(String token) {
        DecodedJWT jwt = null;
        try {
            JWTVerifier verifier = JWT.require(Algorithm.HMAC256(SECRET)).build();
            jwt = verifier.verify(token);
        } catch (Exception e) {
            // token 校验失败, 抛出Token验证非法异常
             e.printStackTrace();
        }
        assert jwt != null;
        return jwt.getClaims();
    }
}

定义拦截器

对需要token验证的接口进行拦截

import com.auth0.jwt.exceptions.AlgorithmMismatchException;
import com.auth0.jwt.exceptions.SignatureVerificationException;
import com.auth0.jwt.exceptions.TokenExpiredException;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.lixianhe.utils.JwtUtils;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;
import org.springframework.web.servlet.HandlerInterceptor;
 
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.util.HashMap;
import java.util.Map;
 
@Component
public class JWTInterceptor implements HandlerInterceptor {
 
    @Value("${token.jwt.heade}r")
    private String header;
 
    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        Map<String, Object> map = new HashMap<>();
        // 获取请求头中的token
        String token = request.getHeader(header);
        if(token ==null){
            response.setStatus(401);
            return false;
        }
        try {
            // 验证token,返回token中的信息
            JwtUtils.verifyToken(token);
            return true;
        }catch (SignatureVerificationException e){
            map.put("msg","无效签名");
        } catch (TokenExpiredException e){
            map.put("msg","token过期");
        }catch (AlgorithmMismatchException e){
            map.put("msg","签名算法不一致");
        }catch (Exception e){
            map.put("msg","token无效");
        }
        String json = new ObjectMapper().writeValueAsString(map);
        response.setContentType("application/json;charset=UTF-8");
        response.getWriter().println(json);
        return false;
    }
}

配置拦截器

配置对哪些路径拦截,哪些路径放行

import com.lixianhe.intercept.JWTInterceptor;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 
@Configuration
public class InterceptorConfig implements WebMvcConfigurer {
 
    @Autowired
    private JWTInterceptor jwtInterceptor;
 
    @Override
    public void addInterceptors(InterceptorRegistry registry) {
        registry.addInterceptor(jwtInterceptor)
                .addPathPatterns("/index") // 拦截
                .excludePathPatterns("/hello"); // 不拦截
    }
}

总结

以上为个人经验,希望能给大家一个参考,也希望大家多多支持脚本之家。

您可能感兴趣的文章:
阅读全文