JWT拦截器入门
本篇文章主要是介绍jwt拦截器的使用,主要包括token和权限,权限使用jwt有点麻烦,但也不是不可以用,具体看文章中间。
<dependency>
<groupId>com.auth0</groupId>
<artifactId>java-jwt</artifactId>
<version>3.4.1</version>
</dependency>
public class JwtUtil {
public static final String SECRET = "HuangHaoAiTianYang";
public static final String ISSUER = "five";
public static final String USERID = "userId";
public static final String DATA = "data";
public static final Long EXPIRE_TIME = 30*60*1000L;
public JwtUtil() {
}
public static <T> String sign(T data, Integer userId) {
try {
Algorithm algorithm = Algorithm.HMAC256(SECRET);
Date expire = new Date(System.currentTimeMillis() + EXPIRE_TIME);
ObjectMapper objectMapper = new ObjectMapper();
String jsonData = objectMapper.writeValueAsString(data);
String token = JWT.create().withClaim(USERID, userId).withClaim(DATA, jsonData).withExpiresAt(expire).withIssuer(ISSUER).sign(algorithm);
System.out.println(token);
return token;
} catch (JsonProcessingException var6) {
var6.printStackTrace();
return null;
}
}
public static Boolean verify(String token, Integer userId) {
try {
Algorithm algorithm = Algorithm.HMAC256(SECRET);
JWTVerifier verifier = JWT.require(algorithm).withClaim(USERID, userId).withIssuer(ISSUER).build();
verifier.verify(token);
return true;
} catch (Exception var4) {
var4.printStackTrace();
return false;
}
}
public static Integer getUserId(String token) {
try {
DecodedJWT jwt = JWT.decode(token);
return jwt.getClaim(USERID).asInt();
} catch (JWTDecodeException var2) {
var2.printStackTrace();
return null;
}
}
public static <T> T getData(String token, Class<T> tClass) {
try {
DecodedJWT jwt = JWT.decode(token);
String data = jwt.getClaim(DATA).asString();
ObjectMapper objectMapper = new ObjectMapper();
return objectMapper.readValue(data, tClass);
} catch (IOException var5) {
var5.printStackTrace();
return null;
}
}
}
- 以上部署完后我们需要自己再写一个MyHandlerInterceptor来实现HandlerInterceptor接口:
- 需要注意的是如果你的项目里以及实现了该接口最好在实现了此接口的类下进行操作,否则会报错。
@Component
public class WebHandlerIntercept implements HandlerInterceptor {
private Logger logger = LoggerFactory.getLogger(WebHandlerIntercept.class);
@Autowired
private SysUserService sysUserService;
@Autowired
private UserDetailsService userDetailsService;
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
String token = request.getHeader("Authorization");
if (StringUtils.isEmpty(token)) {
throw new SystemException(1009, "请先登录!");
}
Integer userId = JwtUtil.getUserId(token);
if (!JwtUtil.verify(token, userId)) {
throw new SystemException(1009, "身份验证异常,请重新登陆!");
}
TokenData tokenData = JwtUtil.getData(token, TokenData.class);
if (tokenData.getIsSuper()==1){
return true;
}
throw new SystemException(1009, "对不起,你没有该权限!");
}
}
在这里我们可以进行权限的判断,我注释的部分就是权限的相关操作,也是比较简单的,麻烦之处在于需要将url规范。这里就不着重介绍了。
- 接下里如果是ssm项目,则需要在mvc.xml文件配置拦截器:
<!--配置拦截器-->
<mvc:interceptors>
<mvc:interceptor>
<!--要拦截的路径-->
<mvc:mapping path="/**"/>
<!--不拦截的路径-->
<mvc:exclude-mapping path="/static/**"/>
<mvc:exclude-mapping path="/swagger-ui.html"/>
<mvc:exclude-mapping path="/swagger-ui.html/**"/>
<mvc:exclude-mapping path="/swagger-resources/**"/>
<mvc:exclude-mapping path="/v2/**"/>
<mvc:exclude-mapping path="/webjars/**"/>
<mvc:exclude-mapping path="/login/**"/>
<bean class="com.gxa.interceptor.JwtInterceptor"/>
</mvc:interceptor>
</mvc:interceptors>
我们需要放行静态资源以及接口文档和登录接口。
- 如果是springBoot项目我们只需要写一个实现了WebMvcConfigurer接口的类就可以了:
@Configuration
public class CorsConfig implements WebMvcConfigurer {
@Autowired
private WebHandlerIntercept webHandlerIntercept;
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**")
.allowedOrigins("*")
.allowCredentials(true)
.allowedMethods("*")
.allowedHeaders("*")
.maxAge(3600);
}
@Override
public void addResourceHandlers(ResourceHandlerRegistry registry) {
registry.addResourceHandler("/static/**").addResourceLocations("classpath:/static/");
}
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(webHandlerIntercept)
.excludePathPatterns("/**");
}
}
好了,这就是jwt拦截器的简单使用了。
|