基于Jwt的token认证

1 引入依赖

<!--引入jwt-->
<dependency>
    <groupId>com.auth0</groupId>
    <artifactId>java-jwt</artifactId>
    <version>3.3.0</version>
</dependency>

2 Jwt工具类

package com.ai.aiga.util.token;

import com.auth0.jwt.JWT;
import com.auth0.jwt.JWTVerifier;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.interfaces.DecodedJWT;

import java.util.HashMap;
import java.util.Map;

public class JwtUtil {
    /**
     * 生成签名
     * @param userName
     * @param userId
     * @return 加密的token
     * @throws Exception
     */
    public static String createToken(String userId, String userName) throws Exception{
        Map<String, Object> map = new HashMap<String, Object>();
        map.put("alg", "HS256");
        map.put("typ", "JWT");
        String token = JWT.create()
                .withHeader(map)//header
                .withClaim("userId", userId)
                .withClaim("userName", userName)
                .sign(Algorithm.HMAC256("xx"));//xx为私钥
        return token;
    }

    /**
     * 验证token
     * @param token 
     * @return 验证的结果
     * @throws Exception
     */
    public static boolean verifyToken(String token) {
        try{
            JWTVerifier verifier = JWT.require(Algorithm.HMAC256("xx")).build();
            DecodedJWT jwt = verifier.verify(token);
            return true;
        }catch(Exception e){
            return false;
        }
    }

}

3 基于spring-mvc的token认证

　　3.1 配置spring-mvc.xml文件

<mvc:interceptors>  
    <mvc:interceptor>
        <!--模糊匹配需要拦截的url路径-->
    　　<mvc:mapping path="/**/arch/archQry/**"/>
        <!--自定义的拦截器-->
    　　<bean class="com.ai.aiga.util.token.TokenInterceptor"></bean>
    </mvc:interceptor>
</mvc:interceptors>      

　　3.2 添加拦截器

package com.ai.aiga.util.token;

import com.ai.aiga.view.json.base.JsonBean;
import com.alibaba.fastjson.JSON;
import net.sf.json.JSONObject;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

public class TokenInterceptor implements HandlerInterceptor {
    /**
     * @param request
     * @param response
     * @param handler
     * @return
     * @throws Exception
     */
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        request.setCharacterEncoding("utf-8");
        String token = request.getHeader("accessToken");
        if(null != token){
            boolean result =JwtUtil.verifyToken(token);
            if(result){
                return true;
            }
        }
        JsonBean bean = new JsonBean();
        bean.setRetCode("502");
        bean.setRetMessage("error");
        response.getWriter().write(JSON.toJSONString(bean));
        return false;
    }

    @Override
    public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, ModelAndView modelAndView) throws Exception {

    }

    @Override
    public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, Exception e) throws Exception {

    }
}

4 基于shiro的token认证

　　4.1 配置spring-shiro.xml文件

<!-- Shiro Filter -->
    <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
        <property name="securityManager" ref="securityManager" />
        <property name="filters">  
            <map>  
                <entry key="token">
                    <bean class="com.ai.aiga.security.shiro.TokenInterceptor" />
                </entry>
            </map>  
        </property> 
        <property name="filterChainDefinitions">
            <value>
                /**/arch/archQry/** = token                   
            </value>
        </property>
    </bean>

　　4.2 添加拦截器　　

package com.ai.aiga.security.shiro;

import com.ai.aiga.util.token.JwtUtil;
import com.ai.aiga.view.json.base.JsonBean;
import com.alibaba.fastjson.JSON;
import org.apache.shiro.web.servlet.AdviceFilter;
import org.apache.shiro.web.util.WebUtils;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.util.Map;

public class TokenInterceptor extends AdviceFilter {
    /**
     * @param request
     * @param response
     * @return
     * @throws Exception
     */
    protected boolean preHandle(ServletRequest request, ServletResponse response) throws Exception {
        request.setCharacterEncoding("utf-8");
        String token = WebUtils.toHttp(request).getHeader("accessToken");
        if(null != token){
            boolean result =JwtUtil.verifyToken(token);
            if(result){
                return true;
            }
        }
        WebUtils.toHttp(response).setHeader("Content-type", "text/html;charset=UTF-8");
        response.setCharacterEncoding("utf-8");
        JsonBean bean = new JsonBean();
        bean.setRetCode("502");
        bean.setRetMessage("token认证失败");
        response.getWriter().write(JSON.toJSONString(bean));
        return false;
    }
}