SpringBoot+JWT实现token验证并将用户信息存储到@注解内
springboot集成jwt实现token验证
一、引入jwt依赖
<!--jwt-->
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt</artifactId>
<version>0.9.0</version>
</dependency>
<dependency>
<groupId>com.auth0</groupId>
<artifactId>java-jwt</artifactId>
<version>3.9.0</version>
</dependency>
二、自定义两个注解
/**
* 忽略Token验证
*
*/
@Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
@Documented
public @interface IgnoreAuth {
boolean required() default true;
}
/**
* 登陆用户信息
*
*/
@Target({ElementType.PARAMETER,ElementType.METHOD})
@Retention(RetentionPolicy.RUNTIME)
public @interface LoginUser {
boolean required() default true;
}
@Target:注解的做用目标
@Target(ElementType.TYPE)——接口、类、枚举、注解
@Target(ElementType.PARAMETER)——方法参数
@Target(ElementType.METHOD)——方法
三、定义一个用户实体类
/**
* 用户类
*
*/
@Data
@ApiModel(value="User对象", description="用户表")
public class User extends BaseEntity<User> {
private static final long serialVersionUID=1L;
@ApiModelProperty(value = "编号")
private String id;
@ApiModelProperty(value = "归属公司")
private String companyId;
@ApiModelProperty(value = "归属部门")
private String officeId;
@ApiModelProperty(value = "登陆名")
private String loginName;
@ApiModelProperty(value = "密码")
private String password;
@ApiModelProperty(value = "工号")
private String no;
@ApiModelProperty(value = "姓名")
private String name;
@ApiModelProperty(value = "邮箱")
private String email;
@ApiModelProperty(value = "电话")
private String phone;
@ApiModelProperty(value = "手机")
private String mobile;
@ApiModelProperty(value = "用户类型")
private String userType;
@ApiModelProperty(value = "用户头像")
private String photo;
@ApiModelProperty(value = "最后登录IP")
private String loginIp;
@ApiModelProperty(value = "最后登录时间",example = "2019-11-22 00:00:00")
private Date loginDate;
@EnumFormat
@ApiModelProperty(value = "登陆状态 : 0 正常,1 异常")
private UserLoginFlagEnum loginFlag;
@ApiModelProperty(value = "建立者")
private String createBy;
@ApiModelProperty(value = "建立时间",example = "2019-11-22 00:00:00")
private Date createDate;
@ApiModelProperty(value = "更新者")
private String updateBy;
@ApiModelProperty(value = "更新时间",example = "2019-11-22 00:00:00")
private Date updateDate;
@ApiModelProperty(value = "备注信息")
private String remarks;
@TableLogic
@ApiModelProperty(value = "删除标记")
private String delFlag;
@ApiModelProperty(value = "微信openid")
private String openid;
@Override
protected Serializable pkVal() {
return this.id;
}
}
四、生成token
@Service("TokenService")
public class TokenService {
public String getToken(User user) {
String token="";
token= JWT.create().withAudience(user.getId())// 将 user id 保存到 token 里面
.sign(Algorithm.HMAC256(user.getOpenid()));// 以 OpenId 做为 token 的密钥
return token;
}
}
五、设置拦截器
@Component
public class AuthorizationInterceptor implements HandlerInterceptor {
@Autowired
IUserService userService;
public static final String LOGIN_USER_KEY = "LOGIN_USER_KEY";
@Override
public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object object) throws Exception {
//支持跨域请求
httpServletResponse.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
httpServletResponse.setHeader("Access-Control-Max-Age", "3600");
httpServletResponse.setHeader("Access-Control-Allow-Credentials", "true");
httpServletResponse.setHeader("Access-Control-Allow-Headers", "x-requested-with,X-Nideshop-Token,X-URL-PATH");
httpServletResponse.setHeader("Access-Control-Allow-Origin", httpServletRequest.getHeader("Origin"));
String token = httpServletRequest.getHeader("token");// 从 http 请求头中取出 token
// 若是不是映射到方法直接经过
if(!(object instanceof HandlerMethod)){
return true;
}
HandlerMethod handlerMethod=(HandlerMethod)object;
Method method=handlerMethod.getMethod();
//检查是否有IgnoreAuth注释,有则跳过认证
if (method.isAnnotationPresent(IgnoreAuth.class)) {
IgnoreAuth passToken = method.getAnnotation(IgnoreAuth.class);
if (passToken.required()) {
return true;
}
}
//检查有没有须要用户权限的注解
if (method.isAnnotationPresent(LoginUser.class)) {
LoginUser userLoginToken = method.getAnnotation(LoginUser.class);
if (userLoginToken !=null) {
// 执行认证
if (token == null) {
throw new RuntimeException("无token,请从新登陆");
}
// 获取 token 中的 user id
String userId;
try {
userId = JWT.decode(token).getAudience().get(0);
} catch (JWTDecodeException j) {
throw new RuntimeException("401");
}
//设置userId到request里,后续根据userId,获取用户信息
httpServletRequest.setAttribute(LOGIN_USER_KEY, userId);
User user = userService.getById(userId);
if (user == null) {
throw new RuntimeException("用户不存在,请从新登陆");
}
// 验证 token
JWTVerifier jwtVerifier = JWT.require(Algorithm.HMAC256(user.getOpenid())).build();
try {
jwtVerifier.verify(token);
} catch (JWTVerificationException e) {
throw new RuntimeException("401");
}
return true;
}
}
return true;
}
@Override
public void postHandle(HttpServletRequest httpServletRequest,
HttpServletResponse httpServletResponse,
Object o, ModelAndView modelAndView) throws Exception {
}
@Override
public void afterCompletion(HttpServletRequest httpServletRequest,
HttpServletResponse httpServletResponse,
Object o, Exception e) throws Exception {
}
}
六、配置拦截器
在配置类上添加了注解@Configuration,标明了该类是一个配置类而且会将该类做为一个SpringBean添加到IOC容器内java
@Configuration
public class InterceptorConfig implements WebMvcConfigurer {
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(authenticationInterceptor())
.addPathPatterns("/**");
}
@Bean
public AuthenticationInterceptor authenticationInterceptor() {
return new AuthenticationInterceptor();
}
}
七、token验证流程
一、用户登陆是生成token
二、从http请求头中取出token
三、判断是否映射到方法
四、检查是否有@IgnoreAuth注释,有则跳过认证
五、检查是否有用户登陆的注解,有则须要取出并验证
六、认证经过则能够访问web
相关文章
- 1. JavaScript用户注册信息验证
- 2. 将openstack的Token认证信息存储在memcache中
- 3. koa2+mysql+vue实现用户注册、登陆、token验证
- 4. koa2+mysql+vue实现用户注册、登录、token验证
- 5. 将用户信息保存到session、Cookie?
- 6. 用户信息验证
- 7. 用户信息存储
- 8. 获取jwt(json web token)中存储的用户信息
- 9. RxBinding实现用户注册验证
- 10. Flask项目实战——7—(Redis数据库存储验证码信息、验证登陆界面的表单信息、注册功能实现、登陆实现)
- 更多相关文章...
- • XML 验证 - XML 教程
- • DTD 验证 - DTD 教程
- • 三篇文章了解 TiDB 技术内幕——说存储
- • Spring Cloud 微服务实战(三) - 服务注册与发现
相关标签/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
欢迎关注本站公众号,获取更多信息
相关文章