基于Jwt的token认证
1 引入依赖
<!--引入jwt--> <dependency> <groupId>com.auth0</groupId> <artifactId>java-jwt</artifactId> <version>3.3.0</version> </dependency>
2 Jwt工具类
package com.ai.aiga.util.token;
import com.auth0.jwt.JWT;
import com.auth0.jwt.JWTVerifier;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.interfaces.DecodedJWT;
import java.util.HashMap;
import java.util.Map;
public class JwtUtil {
/**
* 生成签名
* @param userName
* @param userId
* @return 加密的token
* @throws Exception
*/
public static String createToken(String userId, String userName) throws Exception{
Map<String, Object> map = new HashMap<String, Object>();
map.put("alg", "HS256");
map.put("typ", "JWT");
String token = JWT.create()
.withHeader(map)//header
.withClaim("userId", userId)
.withClaim("userName", userName)
.sign(Algorithm.HMAC256("xx"));//xx为私钥
return token;
}
/**
* 验证token
* @param token
* @return 验证的结果
* @throws Exception
*/
public static boolean verifyToken(String token) {
try{
JWTVerifier verifier = JWT.require(Algorithm.HMAC256("xx")).build();
DecodedJWT jwt = verifier.verify(token);
return true;
}catch(Exception e){
return false;
}
}
}
3 基于spring-mvc的token认证
3.1 配置spring-mvc.xml文件
<mvc:interceptors> <mvc:interceptor> <!--模糊匹配需要拦截的url路径--> <mvc:mapping path="/**/arch/archQry/**"/> <!--自定义的拦截器--> <bean class="com.ai.aiga.util.token.TokenInterceptor"></bean> </mvc:interceptor> </mvc:interceptors>
3.2 添加拦截器
package com.ai.aiga.util.token;
import com.ai.aiga.view.json.base.JsonBean;
import com.alibaba.fastjson.JSON;
import net.sf.json.JSONObject;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class TokenInterceptor implements HandlerInterceptor {
/**
* @param request
* @param response
* @param handler
* @return
* @throws Exception
*/
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
request.setCharacterEncoding("utf-8");
String token = request.getHeader("accessToken");
if(null != token){
boolean result =JwtUtil.verifyToken(token);
if(result){
return true;
}
}
JsonBean bean = new JsonBean();
bean.setRetCode("502");
bean.setRetMessage("error");
response.getWriter().write(JSON.toJSONString(bean));
return false;
}
@Override
public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, ModelAndView modelAndView) throws Exception {
}
@Override
public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, Exception e) throws Exception {
}
}
4 基于shiro的token认证
4.1 配置spring-shiro.xml文件
<!-- Shiro Filter --> <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> <property name="securityManager" ref="securityManager" /> <property name="filters"> <map> <entry key="token"> <bean class="com.ai.aiga.security.shiro.TokenInterceptor" /> </entry> </map> </property> <property name="filterChainDefinitions"> <value> /**/arch/archQry/** = token </value> </property> </bean>
4.2 添加拦截器
package com.ai.aiga.security.shiro;
import com.ai.aiga.util.token.JwtUtil;
import com.ai.aiga.view.json.base.JsonBean;
import com.alibaba.fastjson.JSON;
import org.apache.shiro.web.servlet.AdviceFilter;
import org.apache.shiro.web.util.WebUtils;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.util.Map;
public class TokenInterceptor extends AdviceFilter {
/**
* @param request
* @param response
* @return
* @throws Exception
*/
protected boolean preHandle(ServletRequest request, ServletResponse response) throws Exception {
request.setCharacterEncoding("utf-8");
String token = WebUtils.toHttp(request).getHeader("accessToken");
if(null != token){
boolean result =JwtUtil.verifyToken(token);
if(result){
return true;
}
}
WebUtils.toHttp(response).setHeader("Content-type", "text/html;charset=UTF-8");
response.setCharacterEncoding("utf-8");
JsonBean bean = new JsonBean();
bean.setRetCode("502");
bean.setRetMessage("token认证失败");
response.getWriter().write(JSON.toJSONString(bean));
return false;
}
}