springboot token签名

使用JWT(JSON WEB TOKEN)工具, <artifactId>jjwt</artifactId>

 

生成token方式

package com.travelsky.auto.token;

import com.travelsky.config.TokenConfig;
import io.jsonwebtoken.*;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.stereotype.Component;

import java.sql.Date;
import java.time.LocalDateTime;
import java.time.ZoneId;

/**
 * token工厂
 */
@Component
@Slf4j
public class TokenFactory {

    @Autowired
    private TokenConfig tokenConfig;

    /**
     * 生成token
     * @param key
     * @return
     */
    public TokenContent createToken(final String key) {
        final LocalDateTime now = LocalDateTime.now();
        // Claims保存主题信息
        final Claims claims = Jwts.claims().setSubject(tokenConfig.getSubject());
        final String token = Jwts.builder()
                // 设置信息
                .setClaims(claims)
                // 设置主体
                .setIssuer(tokenConfig.getIssuer())
                // 设置创建时间
                .setIssuedAt(Date.from(now.atZone(ZoneId.systemDefault()).toInstant()))
                // 设置过期时间
                .setExpiration(Date.from(now.plusMinutes(tokenConfig.getExpiration()).atZone(ZoneId.systemDefault()).toInstant()))
                // 使用HS512加密
                .signWith(SignatureAlgorithm.HS512, key)
                // 生成字符串token
                .compact();
        return new TokenContent(token, claims);
    }

 

根据前端取回的token进行验证方式

package com.travelsky.auto.token;

import com.travelsky.config.TokenConfig;
import io.jsonwebtoken.*;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.stereotype.Component;

import java.sql.Date;
import java.time.LocalDateTime;
import java.time.ZoneId;

/**
 * token工厂
 */
@Component
@Slf4j
public class TokenFactory {

    @Autowired
    private TokenConfig tokenConfig;
/**
     * 验证token
     * @param key 与subject一致
     * @param token 页面传回的token字符串
     */
    void parser(final String key, final String token) {
        try {
            // 验证token
            Jwts.parser().setSigningKey(key).parseClaimsJws(token);
        } catch (UnsupportedJwtException | MalformedJwtException | IllegalArgumentException | SignatureException ex) {
            log.error("不可用Invalid Token", ex);
            throw new BadCredentialsException("验证失败,Token不可用:Invalid token: ", ex);
        } catch (ExpiredJwtException expiredEx) {
            log.info("过期Token is expired", expiredEx);
            throw new ExpiredTokenException("token过期", expiredEx);
        }
    }
}

 

token配置类

package com.travelsky.config;

import lombok.Data;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.context.annotation.Configuration;

@Configuration
@Data
@ConfigurationProperties(prefix = "token")
public class TokenConfig {

    private String issuer;

    private Long expiration;

    private String subject;
}

 

token配置文件

token:
  issuer: antlord
  expiration: 20
  subject: token

 

posted @ 2019-03-21 11:42  antlord  阅读(1167)  评论(0编辑  收藏  举报