GitHub源碼地址：https://github.com/zeng-xian-guo/springboot_jwt_token.git

封裝JTW生成token和校驗方法

public class JwtTokenUtil { //公用密鑰-保存在服務端,客戶端是不會知道密鑰的,以防被攻擊 public static String SECRET = 'ThisIsASecret'; //生成Troke public static String createToken(String username) { //簽發時間 //Date iatDate = new Date(); //過地時間 1分鐘后過期 //Calendar nowTime = Calendar.getInstance(); //nowTime.add(Calendar.MINUTE, 1); //Date expiresDate = nowTime.getTime(); Map<String, Object> map = new HashMap(); map.put('alg', 'HS256'); map.put('typ', 'JWT'); String token = JWT.create() .withHeader(map) //.withClaim( 'name','Free碼生') //設置 載荷 Payload //.withClaim('age','12') //.withClaim( 'org','測試') //.withExpiresAt(expiresDate)//設置過期時間,過期時間要大于簽發時間 //.withIssuedAt(iatDate)//設置簽發時間 .withAudience(username) //設置 載荷 簽名的觀眾 .sign(Algorithm.HMAC256(SECRET));//加密 System.out.println('后臺生成token:' + token); return token; } //校驗TOKEN public static boolean verifyToken(String token) throws UnsupportedEncodingException{ JWTVerifier verifier = JWT.require(Algorithm.HMAC256(SECRET)).build(); try { verifier.verify(token); return true; } catch (Exception e){ return false; } } //獲取Token信息 public static DecodedJWT getTokenInfo(String token) throws UnsupportedEncodingException{ JWTVerifier verifier = JWT.require(Algorithm.HMAC256(SECRET)).build(); try{ return verifier.verify(token); } catch(Exception e){ throw new RuntimeException(e); } }}

新建自定義注解：@UserLoginToken

@Target({ElementType.METHOD, ElementType.TYPE})@Retention(RetentionPolicy.RUNTIME)public @interface UserLoginToken { boolean required() default true;}

關于攔截器配置：

@Configurationpublic class InterceptorConfig implements WebMvcConfigurer { @Override public void addInterceptors(InterceptorRegistry registry) { registry.addInterceptor(authenticationInterceptor()).addPathPatterns('/**'); // 攔截所有請求，通過判斷是否有 @LoginRequired 注解 決定是否需要登錄 } @Bean public AuthenticationInterceptor authenticationInterceptor() { return new AuthenticationInterceptor(); }}

public class AuthenticationInterceptor implements HandlerInterceptor { @Autowired UserService userService; @Override public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object object) throws Exception { String token = httpServletRequest.getHeader('token');// 從 http 請求頭中取出 token // 如果不是映射到方法直接通過 if(!(object instanceof HandlerMethod)){ return true; } HandlerMethod handlerMethod=(HandlerMethod)object; Method method=handlerMethod.getMethod(); //檢查是否有passtoken注釋，有則跳過認證 if (method.isAnnotationPresent(PassToken.class)) { PassToken passToken = method.getAnnotation(PassToken.class); if (passToken.required()) {return true; } } //檢查有沒有需要用戶權限的注解 if (method.isAnnotationPresent(UserLoginToken.class)) { UserLoginToken userLoginToken = method.getAnnotation(UserLoginToken.class); if (userLoginToken.required()) {// 執行認證if (token == null) { throw new RuntimeException('無token，請重新登錄');}// 驗證 tokenif(JwtTokenUtil.verifyToken(token)){ return true;}else { throw new RuntimeException('401');} } } return true; } @Override public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, ModelAndView modelAndView) throws Exception { } @Override public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, Exception e) throws Exception { }}

登錄：

在Controller上登錄方法不用添加@UserLoginToken自定義注解，其余獲取后臺數據方法加上@UserLoginToken自定義注解，目的驗證token是否有效，是則返回數據，否則提示401無權限。

測試：

@Controller@RequestMapping(path = '/api')public class IndexController { private String prefix = 'index/'; @GetMapping('/index') public String index() { return prefix + 'index'; } @UserLoginToken @PostMapping('/test') @ResponseBody public Object test(){ Map<String,Object> map = new HashMap<>(); map.put('code','200'); map.put('message','你已通過驗證了'); return map; }}

HTTP請求帶上登陸成功后生成token，返回成功：

HTTP請求帶上無效token或不帶token，返回失敗：

以上就是本文的全部內容，希望對大家的學習有所幫助，也希望大家多多支持好吧啦網。