JWT登录认证Springboot详解

        <!-- token -->
        <dependency>
            <groupid>com.auth0</groupid>
            <artifactid>java-jwt</artifactid>
            <version>3.3.0</version>
        </dependency>

package com.cn.util;

import com.auth0.jwt.jwt;
import com.auth0.jwt.jwtverifier;
import com.auth0.jwt.algorithms.algorithm;
import com.auth0.jwt.exceptions.jwtdecodeexception;
import com.auth0.jwt.interfaces.claim;
import com.auth0.jwt.interfaces.decodedjwt;
import com.cn.util.systempara;
import com.sun.org.apache.xml.internal.security.algorithms.signaturealgorithm;

import java.io.unsupportedencodingexception;
import java.security.signatureexception;
import java.util.calendar;
import java.util.date;
import java.util.hashmap;
import java.util.map;

/**
  * @author 徐本锡
  * @date 2019/7/4
  * @param
  * @return
  **/
public class jwtutil {

    private static final long expire_time = 5 * 60 * 1000;

    public static final string token_header = "token";
    public static final string token_prefix = "xbx_";

    /**
      * @author 徐本锡
      * @description 生成token
      * @date 2019/7/4  
      * @param 
      * @return 
      **/
    public static  string  createtoken (string logon_name) throws unsupportedencodingexception {

        //签名发布时间
        date createtime = new date();

        //设置签名过期时间  5分钟
        calendar nowtime=calendar.getinstance();
        nowtime.add(calendar.minute,5);
        date expirestime = nowtime.gettime();
        //date expirestime = new date(system.currenttimemillis() + expire_time);

        map<string,object> map=new hashmap<string, object>();
        map.put("alg","hs256");//设置算法 为hs256
        map.put("typ","jwt");//设置类型为jwt

        string token= jwt.create()
                .withheader(map)
                .withclaim("logon_name",logon_name) //可以将基本不重要的对象信息放到claims中
                .withissuedat(createtime)//设置签发时间
                .withexpiresat(expirestime)//设置过去时间 过期时间大于签发时间
                .sign(algorithm.hmac256(systempara.secret));//用公共密钥加密

        return token;

    }

    /**
     * 校验token是否正确
     *
     * @param token  密钥
     * @param secret 用户的密码
     * @return 是否正确
     */
    public static boolean verify(string token, string logon_name, string secret) {
        try {
            //根据密码生成jwt效验器
            algorithm algorithm = algorithm.hmac256(systempara.secret);
            jwtverifier verifier = jwt.require(algorithm)
                    .withclaim("logon_name", logon_name)
                    .build();
            //效验token
            decodedjwt jwt = verifier.verify(token);
            return true;
        } catch (exception exception) {
            return false;
        }
    }

    /**
     * 获得token中的信息无需secret解密也能获得
     *
     * @return token中包含的用户名
     */
    public static string getlogonname(string token) {
        try {
            decodedjwt jwt = jwt.decode(token);
            return jwt.getclaim("logon_name").asstring();
        } catch (jwtdecodeexception e) {
            return null;
        }
    }

}

  //service方法中生成token，然后放入返回结果
  string token = jwtutil.createtoken(loginname);
  resultmap.put("token", token);

package com.cn.controller;

import com.baomidou.mybatisplus.core.conditions.query.querywrapper;
import com.cn.domain.empinforvo;
import com.cn.service.logonservice;
import com.cn.util.jwtutil;
import com.cn.util.r;
import org.springframework.beans.factory.annotation.autowired;
import org.springframework.web.bind.annotation.requestmapping;
import org.springframework.web.bind.annotation.requestmethod;
import org.springframework.web.bind.annotation.restcontroller;

import javax.servlet.http.httpservletresponse;
import java.util.hashmap;
import java.util.list;
import java.util.map;

/**
 * @author xbx
 * @date 2019-05-13
 */
@restcontroller
@requestmapping("/logon")
public class logoncontroller {
    private final logonservice logonservice;

    @autowired
    public logoncontroller(logonservice logonservice) {
        this.logonservice = logonservice;
    }

    @requestmapping(value = "", method = requestmethod.post)
    public r logon(httpservletresponse response, empinforvo entity) throws exception{
        map resultmap = logonservice.logon(entity);
        string token = (string) resultmap.get("token");

        //放到响应头部
        response.setheader(jwtutil.token_header, jwtutil.token_prefix + token);

        return r.success(resultmap);
    }

}

package com.cn.interceptor;

import com.cn.util.jwtutil;
import com.cn.util.systempara;
import org.springframework.web.servlet.handlerinterceptor;
import org.springframework.web.servlet.modelandview;

import javax.servlet.http.httpservletrequest;
import javax.servlet.http.httpservletresponse;

/**
 * token验证拦截
 */
public class jwtinterceptor implements handlerinterceptor {

    @override
    public boolean prehandle(httpservletrequest request, httpservletresponse response, object handler)
            throws exception {

        // 取得token
        string tokenheader = request.getheader(jwtutil.token_header);
        if (tokenheader == null || "".equals(tokenheader)) {
            throw new exception("token不存在");
        }
        if (!tokenheader.startswith(jwtutil.token_prefix)) {
            throw new exception("这是你自己造的token吧");
        }
        string token = tokenheader.replace(jwtutil.token_prefix, "");//真正的token

        string logonname = jwtutil.getlogonname(token);

        // 验证token是否有效
        if (!jwtutil.verify(token, logonname, systempara.secret)){
            throw new exception("token已失效");
        }

        return true;
    }

    @override
    public void posthandle(httpservletrequest request, httpservletresponse response, object handler,
                           modelandview modelandview) throws exception {
        // todo auto-generated method stub

    }

    @override
    public void aftercompletion(httpservletrequest request, httpservletresponse response, object handler, exception ex)
            throws exception {
        // todo auto-generated method stub

    }

}

package com.cn.config;

import com.cn.interceptor.jwtinterceptor;
import org.springframework.context.annotation.configuration;
import org.springframework.web.servlet.config.annotation.corsregistry;
import org.springframework.web.servlet.config.annotation.interceptorregistry;
import org.springframework.web.servlet.config.annotation.resourcehandlerregistry;
import org.springframework.web.servlet.config.annotation.webmvcconfigurer;


/**
  * @author 徐本锡
  **/
@configuration
public class webappconfiguration implements webmvcconfigurer  {

    /**
     * 配置静态资源
     */
    @override
    public void addresourcehandlers(resourcehandlerregistry registry) {
        string path= "/";
        for(int i=1900; i<=2500; i++){
            path = string.valueof(i);
            registry.addresourcehandler("/"+path+"/**").addresourcelocations("file:c:/"+path+"/");
            registry.addresourcehandler("/"+path+"/**").addresourcelocations("file:/"+path+"/");
        }
    }

    /**
     * 跨域支持
     */
    @override
    public void addcorsmappings(corsregistry registry) {
        registry.addmapping("/**")
                .allowedorigins("*")
                .allowcredentials(true)
                .allowedmethods("get", "post", "delete", "put", "patch")
                .maxage(3600 * 24);
    }

    /**
     * 添加拦截器
     */
    @override
    public void addinterceptors(interceptorregistry registry) {
        //拦截路径可自行配置多个 可用 ，分隔开
        registry.addinterceptor(new jwtinterceptor()).addpathpatterns("/**").excludepathpatterns("/logon");
    }


}