Springboot-JWT token实现登录

JWT认证过程：

(上图）

1.pom.xml

<dependency>
            <groupId>com.auth0</groupId>
            <artifactId>java-jwt</artifactId>
            <version>3.4.0</version>
        </dependency>

2.annotation（定义注解标识）

@Target({ ElementType.METHOD, ElementType.TYPE})
@Retention(RetentionPolicy.RUNTIME)
public @interface PassToken { 
    boolean required() default true;
}

@Target({ ElementType.METHOD, ElementType.TYPE})
@Retention(RetentionPolicy.RUNTIME)
public @interface UserLoginToken { 
    boolean required() default true;
}

3.config

• 先定义一个生成Token 的方法

@Service("TokenService")
public class TokenService { 
    public String getToken(User user) { 
        String token="";
        token= JWT.create().withAudience(user.getId())// 将 user id 保存到 token 里面
                .sign(Algorithm.HMAC256(user.getPassword()));// 以 password 作为 token 的密钥
        return token;
    }
}

• 配置拦截请求

@Configuration
public class InterceptorConfig implements WebMvcConfigurer { 
    @Override
    public void addInterceptors(InterceptorRegistry registry) { 
        registry.addInterceptor(authenticationInterceptor())
                .addPathPatterns("
public class AuthenticationInterceptor implements HandlerInterceptor { 
    @Autowired
    UserService userService;
    @Override
    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object object) throws Exception { 
        String token = httpServletRequest.getHeader("token");// 从 http 请求头中取出 token
        // 如果不是映射到方法直接通过
        if(!(object instanceof HandlerMethod)){ 
            return true;
        }
        HandlerMethod handlerMethod=(HandlerMethod)object;
        Method method=handlerMethod.getMethod();
        //检查是否有passtoken注释，有则跳过认证
        if (method.isAnnotationPresent(PassToken.class)) { 
            PassToken passToken = method.getAnnotation(PassToken.class);
            if (passToken.required()) { 
                return true;
            }
        }
        //检查有没有需要用户权限的注解
        if (method.isAnnotationPresent(UserLoginToken.class)) { 
            UserLoginToken userLoginToken = method.getAnnotation(UserLoginToken.class);
            if (userLoginToken.required()) { 
                // 执行认证
                if (token == null) { 
                    throw new RuntimeException("无token，请重新登录");
                }
                // 获取 token 中的 user id
                String userId;
                try { 
                    userId = JWT.decode(token).getAudience().get(0);
                } catch (JWTDecodeException j) { 
                    throw new RuntimeException("401");
                }
                User user = userService.findUserById(userId);
                if (user == null) { 
                    throw new RuntimeException("用户不存在，请重新登录");
                }
                // 验证 token
                JWTVerifier jwtVerifier = JWT.require(Algorithm.HMAC256(user.getPassword())).build();
                try { 
                    jwtVerifier.verify(token);
                } catch (JWTVerificationException e) { 
                    throw new RuntimeException("401");
                }
                return true;
            }
        }
        return true;
    }

    @Override
    public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, ModelAndView modelAndView) throws Exception { 

    }
    @Override
    public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, Exception e) throws Exception { 

    }
}

5.entity

public class User { 
    String Id;
    String username;
    String password;

    public String getId() { 
        return Id;
    }

    public void setId(String id) { 
        Id = id;
    }

    public String getUsername() { 
        return username;
    }

    public void setUsername(String username) { 
        this.username = username;
    }

    public String getPassword() { 
        return password;
    }

    public void setPassword(String password) { 
        this.password = password;
    }
}
}

6.mapper

public interface UserMapper { 
    User findByUsername(@Param("username") String username);
    User findUserById(@Param("Id") String Id);
}

7.service

@Service("UserService")
public class UserService { 
    @Autowired
    UserMapper userMapper;
    public User findByUsername(User user){ 
        return userMapper.findByUsername(user.getUsername());
    }
    public User findUserById(String userId) { 
        return userMapper.findUserById(userId);
    }

}

8.controller

 
publi
@RestController
@RequestMapping("user")
public class UserController { 
    @Autowired
    UserService userService;
    @Autowired
    TokenService tokenService;
    //登录
    @PostMapping("/login")
    public Object login( User user){ 
        JSONObject jsonObject=new JSONObject();
        User userForBase=userService.findByUsername(user);
        if(userForBase==null){ 
            jsonObject.put("message","登录失败,用户不存在");
            return jsonObject;
        }else { 
            if (!userForBase.getPassword().equals(user.getPassword())){ 
                jsonObject.put("message","登录失败,密码错误");
                return jsonObject;
            }else { 
                String token = tokenService.getToken(userForBase);
                jsonObject.put("token", token);
                jsonObject.put("user", userForBase);
                return jsonObject;
            }
        }
    }
    @UserLoginToken
    @GetMapping("/getMessage")
    public String getMessage(){ 
        return "你已通过验证";
    }
}