1. 首先按照我本人本身的习惯一个返回类型的类,与token无关,仅仅是为了方便.java
Result.javaweb
package kim.chengcheng.goods.Addition.Token;
import java.io.Serializable;
import io.swagger.annotations.Api;
/**
* Controller返回对象定义
*/
public class Result<T> implements Serializable {
private static final long serialVersionUID = 1L;
public T result;
public String code;
public String msg;
public boolean success;
public Result(T result, String code, String msg, boolean success) {
this.result = result;
this.code = code;
this.msg = msg;
this.success = success;
}
public T getResult() {
return this.result;
}
public void setResult(T result) {
this.result = result;
}
public String getCode() {
return this.code;
}
public void setCode(String code) {
this.code = code;
}
public String getmsg() {
return this.msg;
}
public void setmsg(String msg) {
this.msg = msg;
}
public boolean isSuccess() {
return success;
}
public void setSuccess(boolean success) {
this.success = success;
}
public Result() {
}
public static <T> Result<T> ok() {
return new Result<T>(null, "1", null, true);
}
public static <T> Result<T> ok(T result) {
return new Result<T>(result, "1", null, true);
}
public static <T> Result<T> ok(T result, String code) {
return new Result<T>(result, code, null, true);
}
public static <T> Result<T> fail(String code) {
return new Result<T>(null, code, code, false);
}
public static <T> Result<T> fail(T result, String code) {
return new Result<T>(result, code, code, false);
}
public static <T> Result<T> fail(String code, String msg) {
return new Result<T>(null, code, msg, false);
}
}
2. 建立JWT生成TOKEN类redis
jwtUtils.java算法
package kim.chengcheng.goods.Addition.Token;
import io.jsonwebtoken.*;
import org.bouncycastle.util.encoders.Base64;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import java.util.Date;
/**
* 用于生成Token,和Token验证
*/
public class JwtUtils {
public static final String JWT_SECERT = "6ACF4742CAB18FEFE053258E300A7B77";
/**
* 建立key
*/
public static SecretKey generalKey() {
byte[] encodedKey = Base64.decode(JWT_SECERT);
SecretKey key = new SecretKeySpec(encodedKey, 0, encodedKey.length, "AES");
return key;
}
/**
* 签发JWT
* @param subject 能够是JSON数据 尽量少
*/
public static String createJWT(String subject) {
SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.HS256;
long nowMillis = System.currentTimeMillis();
Date now = new Date(nowMillis);
SecretKey secretKey = generalKey();
JwtBuilder builder = Jwts.builder()
.setSubject(subject) // 主题
.setIssuer("user") // 签发者
.setIssuedAt(now) // 签发时间
.signWith(signatureAlgorithm, secretKey); // 签名算法以及密匙
// if (ttlMillis >= 0) {
// long expMillis = nowMillis + ttlMillis;
// Date expDate = new Date(expMillis);
// builder.setExpiration(expDate); // 过时时间
// }
return builder.compact();
}
/**
* 验证JWT
*/
public static Boolean validateJWT(String jwtStr) {
boolean claims = false;
try {
parseJWT(jwtStr);
} catch (ExpiredJwtException e) {
e.printStackTrace();
} catch (SignatureException e) {
e.printStackTrace();
} catch (Exception e) {
e.printStackTrace();
}
return claims;
}
/**
* 解析JWT字符串
*/
public static Claims parseJWT(String jwt) throws Exception {
SecretKey secretKey = generalKey();
return Jwts.parser()
.setSigningKey(secretKey)
.parseClaimsJws(jwt)
.getBody();
}
}
3.测试类spring
package kim.chengcheng.goods.Addition.Token;
import kim.chengcheng.goods.dao.UsersDao;
import kim.chengcheng.goods.model.Users;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.util.HashMap;
import java.util.Map;
/**
* 测试Token - JWT签发
*/
@RestController
public class LoginControllerTest {
private static final Logger logger = LoggerFactory.getLogger(LoginControllerTest.class);
@Autowired
UsersDao usersDao;
// 测试用,若是正式使用则存放到数据库或者是redis中
private static Map<String,Object> TokenValidation = new HashMap<String, Object>();
/**
* 用户登陆
*/
@RequestMapping(value="loginTokenTest",method = RequestMethod.POST)
public Result login(String username, String password,HttpServletResponse
response) {
Users users = usersDao.selectUsers(username);
if(users != null){
if(users.getPassword().equals(password)){
//把token返回给客户端-->客户端保存至cookie-->客户端每次请求附带cookie参数
String JWT = JwtUtils.createJWT(username);
TokenValidation.put(JWT, users); // 存储Toekn
return Result.ok(TokenValidation);
}else{
return Result.fail("500", "用户名或密码错误,请重试");
}
}else{
return Result.fail("500", "无此用户!");
}
}
/**
* 获取用户信息
*/
@RequestMapping(value="selectTestsUsers",method = RequestMethod.POST)
public Result description(String username, HttpServletRequest request) {
// 从前端获取Header请求头
String token = request.getHeader("authorization");
if (null == token || "".equals(token)) {
return Result.fail("500", "Token不能为空,请从新登陆!!");
}
try {
// 从前端获取到Token令牌去对应的存储位置取
Object users = TokenValidation.get(token);
return Result.ok(users.toString());
} catch (Exception e) {
// 若是前端传入的Token令牌和存入的Token令牌不一致,会致使TOken验证失败
return Result.ok("500", "Token验证失败,请从新登陆!!");
}
}
}