Spring Boot项目——JWT+Token登陆超时验证

思路

  • 用户登陆成功,服务端创建JWT-Token返回客户端,客户端本地系统存储
  • 客户端每次请求携带token
  • 配置MVC:服务端创建拦截器,对客户端请求token拦截判断

代码

  • tokenUtil
package com.canaan.manager.token;

import io.jsonwebtoken.*;
import io.jsonwebtoken.io.Decoders;
import io.jsonwebtoken.security.Keys;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import javax.crypto.SecretKey;
import java.util.*;

/*
 * @Description tokenUtil
 * @Author jingguoliang
 * @Date 2022/8/1 18:46
 * @Ver 1
 **/
public class TokenUtil {
    private static final Logger log = LoggerFactory.getLogger(TokenUtil.class);

    private static String secret = "23423sjfghytsf19r3rslfphlefj385sfakfs+fsdferfd";
    public static final String HEADER_TOKEN = "token";


    /**
     * 创建token
     *
     * @param userName 用户名称
     * @param password 用户密码
     * @return Jwt
     */
    public static String createToken(String userName, String password) {
        //签名
        SecretKey secretKey = Keys.hmacShaKeyFor((byte[]) Decoders.BASE64.decode(secret));
        //id
        String id = UUID.randomUUID().toString();

        //设置Claim:优先设置,否则会覆盖其他设置
        Map<String, String> claimMap = new HashMap<String, String>();
        claimMap.put("userName", userName);
        claimMap.put("password", password);

        //设置过期时间
        Date nowDate = new Date();
        Calendar calendar = Calendar.getInstance();
        calendar.setTime(nowDate);
        calendar.add(Calendar.HOUR, 10);
        Date expireDate = calendar.getTime();

        //生成JWT令牌
        JwtBuilder jwtBuilder = Jwts.builder()
                .setHeaderParam("typ", "JWT") //头参数
                .setId(id) //标识
                .setClaims(claimMap) //设置Claim
                .setIssuedAt(nowDate) //签发日期
                .setExpiration(expireDate) //过期时间
                .signWith(secretKey, SignatureAlgorithm.HS256);//签名
        //生成签名
        String jwtToken = jwtBuilder.compact();

        return jwtToken;

    }

    /**
     * TODO 待完成
     *
     * @param subject
     * @return
     */
    public static String createRefreshToken(String subject) {
        SecretKey secretKey = Keys.hmacShaKeyFor((byte[]) Decoders.BASE64.decode(secret));
        Date nowDate = new Date();
        return Jwts.builder().setHeaderParam("typ", "JWT").setSubject(subject).setIssuedAt(nowDate).signWith(secretKey, SignatureAlgorithm.HS256).compact();
    }

    /**
     * 根据token获取Claim
     *
     * @param token
     * @return
     */
    public static Claims getTokenClaim(String token) {
        Claims claims;
        try {
            JwtParser build = Jwts.parserBuilder().setSigningKey(secret).build();
            Jws<Claims> claimsJws = build.parseClaimsJws(token);
            claims = (Claims) claimsJws.getBody();
        } catch (ExpiredJwtException e) {
            claims = e.getClaims();
        }
        return claims;
    }

    /**
     * 判断登陆用户是否过期
     *
     * @param expirationTime
     * @return
     */
    public static boolean isTokenExpired(Date expirationTime) {
        return expirationTime.before(new Date());
    }

    /**
     * 根据token获取用户id
     *
     * @param token
     * @return CurrentUser
     */
    public static CurrentUser getCurrentUserFromToken(String token) {
        String id = getUserIdFromToken(token);
        String userName = getUserNameFromToken(token);
        String password = getPasswordFromToken(token);
        Date expiration = getExpirationDateFromToken(token);

        CurrentUser currentUser = new CurrentUser();
        currentUser.setUserId(id);
        currentUser.setUserName(userName);
        currentUser.setPassword(password);
        currentUser.setExpiration(expiration);

        return currentUser;
    }


    /**
     * 根据token获取用户过期时间
     *
     * @param token
     * @return
     */
    public static Date getExpirationDateFromToken(String token) {
        return getTokenClaim(token).getExpiration();
    }

    /**
     * 根据token获取用户id
     *
     * @param token
     * @return
     */
    public static String getUserIdFromToken(String token) {
        return getTokenClaim(token).getId();
    }

    /**
     * 根据token获取用户名称
     *
     * @param token
     * @return
     */
    public static String getUserNameFromToken(String token) {
        return getTokenClaim(token).get("userName").toString();
    }

    /**
     * 根据token获取用户登陆密码
     *
     * @param token
     * @return
     */
    public static String getPasswordFromToken(String token) {
        return getTokenClaim(token).get("password").toString();
    }

    /**
     * 根据token获取签发日期
     *
     * @param token
     * @return
     */
    public static Date getIssuedAtDateFromToken(String token) {
        return getTokenClaim(token).getIssuedAt();
    }

    public TokenUtil() {
    }
}
  • 自定义拦截器
package com.canaan.manager.token;

import com.alibaba.fastjson.JSONObject;
import com.canaan.share.model.bean.RetResult;
import com.canaan.share.utils.ResultUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.Map;

/*
 * @Description 权限拦截器
 * @Author jingguoliang
 * @Date 2022/8/3 14:22
 * @Ver 1
 **/
@Component
public class AuthenticationInterceptor implements HandlerInterceptor {
    private static final Logger logger = LoggerFactory.getLogger(AuthenticationInterceptor.class);

    @Autowired
    private TokenHandleService tokenHandleService;

    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        String token = request.getHeader("token");
        //对token进行验证:自己处理逻辑
        Map<String, Object> verifyMap = tokenHandleService.verifyToken(token);
        boolean result = (Boolean) verifyMap.get("result");
        String message = (String) verifyMap.get("message");

        //验证失败
        if (!result) {
            this.returnLoginError(message, response);
        }
        return result;
    }

    @Override
    public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
    }

    @Override
    public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
    }


    /**
     * 登陆失败
     *
     * @param message
     * @param response
     * @throws Exception
     */
    void returnLoginError(String message, HttpServletResponse response) throws Exception {
        //返回登陆超时响应:自己处理逻辑
        RetResult retResult = ResultUtil.error(200, "登陆用户超时,请重新登陆");
        String msg = JSONObject.toJSONString(retResult);

        PrintWriter writer = null;
        response.setStatus(401);
        response.setCharacterEncoding("UTF-8");
        response.setContentType("application/json; charset=utf-8");
        try {
            writer = response.getWriter();
            writer.print(msg);

        } catch (IOException e) {
            logger.error("response error", e);
        } finally {
            if (writer != null)
                writer.close();
        }
    }

}
  • 配置MVC:添加拦截器
package com.canaan.manager.token;

import org.springframework.context.annotation.Configuration;
import org.springframework.web.method.support.HandlerMethodArgumentResolver;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;

import javax.annotation.Resource;
import java.util.List;

/*
 * @Description MVC配置
 * @Author jingguoliang
 * @Date 2022/8/3 14:39
 * @Ver 1
 **/
@Configuration
public class WebConfigConfiguration implements WebMvcConfigurer {
    @Resource
    private AuthenticationInterceptor authenticationInterceptor;
    
    /**
     * 添加拦截器
     *
     * @param registry
     */
    @Override
    public void addInterceptors(InterceptorRegistry registry) {
        registry.addInterceptor(authenticationInterceptor)
                .addPathPatterns("/**")
                .excludePathPatterns("/login/**"); //放行登陆
    }

}

代码下载

  • 完整代码可以下载:文件token.zip 。
posted @ 2022-08-03 18:21  话·醉月  阅读(1451)  评论(0编辑  收藏  举报