马上注册,结交更多好友,享用更多功能,让你轻松玩转社区。
您需要 登录 才可以下载或查看,没有账号?立即注册
x
目次
一、什么是JWT:
二、Jwt的利用:
第一步:引入依靠:
第二步:设置拦截器:JwtInterceptor.java:
其中非常文件ServiceException设置如下:
全局非常文件GlobalException.java文件设置如下:
其中所需的Result设置如下:
第三步:设置拦截设置文件:InterceptorConfig.java:
第四步:设置Token工具类文件:TokenUtils.java:
request.js的axios封装文件为:
文件结构大致如下:
一、什么是JWT:
JWT是token的一种实现方式,全称是:JSON Wwb Token。简单来讲,Jwt是一种字符串,可以根据用户信息进行相干的编码操纵生成带有效户信息的JWT token,我们可以根据这个来判断其信息是否准确或者是否被篡改。
二、Jwt的利用:
第一步:引入依靠:
- <dependency>
- <groupId>com.auth0</groupId>
- <artifactId>java-jwt</artifactId>
- <version>4.3.0</version>
- </dependency>
- import com.auth0.jwt.JWT;
- import com.auth0.jwt.JWTVerifier;
- import com.auth0.jwt.algorithms.Algorithm;
- import com.auth0.jwt.exceptions.JWTVerificationException;
- import com.example.cqcrhouduan.Utils.TokenUtils;
- import com.example.cqcrhouduan.exception.ServiceException;
- import com.example.cqcrhouduan.mapper.UserMapper;
- import io.micrometer.common.util.StringUtils;
- import jakarta.servlet.http.HttpServletRequest;
- import jakarta.servlet.http.HttpServletResponse;
- import lombok.extern.slf4j.Slf4j;
- import org.springframework.beans.factory.annotation.Autowired;
- import org.springframework.stereotype.Component;
- import org.springframework.web.servlet.HandlerInterceptor;
- @Component
- @Slf4j
- public class JwtInterceptor implements HandlerInterceptor {
- @Autowired
- private UserMapper userMapper;
- @Override
- public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {
- if(request.getMethod().equals("OPTIONS"))
- {
- return true;
- }
- String token = request.getHeader("token");
- if (StringUtils.isEmpty(token)) {
- token = request.getParameter("token");
- }
- token = token;
- // 执行认证
- if (StringUtils.isEmpty(token)) {
- throw new ServiceException(401, "无token,请重新登录");
- }
- // 获取 token 中的adminId
- String userId;
- User user;
- try {
- userId = JWT.decode(token).getAudience().get(0); //解码
- // 根据token中的userid查询数据库
- user = userMapper.getById(Integer.parseInt(userId));
- user = user;
- } catch (Exception e) {
- String errMsg = "token验证失败,请重新登录";
- log.error(errMsg + ", token=" + token, e);
- throw new ServiceException(401, errMsg);
- }
- if (user == null) {
- throw new ServiceException(401, "用户不存在,请重新登录");
- }
- try {
- // 用户密码加签验证 token
- JWTVerifier jwtVerifier =
- JWT.require(Algorithm.HMAC256(user.getPassword())).build();
- jwtVerifier.verify(token); // 验证token
- } catch (JWTVerificationException e) {
- throw new ServiceException(401, "token验证失败,请重新登录");
- }
- return true;
- }
- }
- import com.example.cqcrhouduan.pojo.Result;
- import lombok.Data;
- @Data
- public class ServiceException extends RuntimeException {
- private int code;
- public ServiceException(String msg){
- super(msg);
- this.code = 500;
- }
- public ServiceException(int code, String msg){
- super(msg);
- this.code = code;
- }
- }
- import com.example.cqcrhouduan.pojo.Result;
- import org.springframework.web.bind.annotation.ControllerAdvice;
- import org.springframework.web.bind.annotation.ExceptionHandler;
- import org.springframework.web.bind.annotation.ResponseBody;
- //自定义异常
- @ControllerAdvice
- public class GlobalException {
- @ExceptionHandler(ServiceException.class)
- @ResponseBody
- public Result serviceException(ServiceException e){
- return Result.error(e.getCode(),e.getMessage());
- }
- }
- import lombok.AllArgsConstructor;
- import lombok.Data;
- import lombok.NoArgsConstructor;
- @Data
- @NoArgsConstructor
- @AllArgsConstructor
- public class Result {
- private Integer code;
- private String msg;
- private Object data;
- public static Result success(Object data){
- return new Result(200,"success",data);
- }
- public static Result success(){
- return new Result(200,"success",null);
- }
- public static Result error(String msg){
- return new Result(500,msg,null);
- }
- public static Result error(Integer Code ,String msg){
- return new Result(Code,msg,null);
- }
- }
- import org.springframework.context.annotation.Bean;
- import org.springframework.context.annotation.Configuration;
- import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
- import org.springframework.web.servlet.config.annotation.WebMvcConfigurationSupport;
- @Configuration
- public class InterceptorConfig extends WebMvcConfigurationSupport {
- // 加自定义拦截器JwtInterceptor,设置拦截规则
- @Override
- protected void addInterceptors(InterceptorRegistry registry) {
- registry.addInterceptor(jwtInterceptor())
- .addPathPatterns("/**")
- .excludePathPatterns("/login","/register");
- super.addInterceptors(registry);
- }
- @Bean
- public JwtInterceptor jwtInterceptor(){
- return new JwtInterceptor();
- }
- }
- import com.auth0.jwt.JWT;
- import com.auth0.jwt.algorithms.Algorithm;
- import com.example.cqcrhouduan.mapper.UserMapper;
- import com.example.cqcrhouduan.pojo.User;
- import jakarta.annotation.PostConstruct;
- import jakarta.annotation.Resource;
- import jakarta.servlet.http.HttpServletRequest;
- import lombok.extern.slf4j.Slf4j;
- import org.apache.commons.lang3.StringUtils;
- import org.springframework.stereotype.Component;
- import org.springframework.web.context.request.RequestContextHolder;
- import org.springframework.web.context.request.ServletRequestAttributes;
- @Component
- @Slf4j
- public class TokenUtils {
- private static UserMapper staticAdminService;
- @Resource
- private UserMapper adminService;
- @PostConstruct
- public void setUserService() {
- staticAdminService = adminService;
- }
- /**
- * 生成token
- *
- * @return
- */
- public static String genToken(int adminId, String sign) {
- return JWT.create().withAudience(Integer.toString(adminId)) // 将 user id 保存到 token 里面,作为载荷
- .withExpiresAt(DateUtil.offsetHours(new Date(), 2)) // 2小时后token过期
- .sign(Algorithm.HMAC256(sign)); // 以 password 作为 token 的密钥
- }
- /**
- * 获取当前登录的用户信息
- *
- * @return user对象
- * /admin?token=xxxx
- */
- public static User getCurrentAdmin() {
- String token = null;
- try {
- HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
- token = request.getHeader("token");
- if (StringUtils.isNotBlank(token)) {
- token = request.getParameter("token");
- }
- if (StringUtils.isBlank(token)) {
- log.error("获取当前登录的token失败, token: {}", token);
- return null;
- }
- String userId = JWT.decode(token).getAudience().get(0);
- return staticAdminService.getById(Integer.valueOf(userId));
- } catch (Exception e) {
- log.error("获取当前登录的管理员信息失败, token={}", token, e);
- return null;
- }
- }
- }
- import axios from "axios";
- import router from "../modules/router.js";
- const request = axios.create({
- baseURL:'http://localhost:8080/', //自己的请求地址
- timeout:30000,
- })
- // Add a request interceptor
- request.interceptors.request.use((config) => {
- config.headers['Content-Type'] = 'application/json;charset=utf-8';
- let user = JSON.parse(localStorage.getItem("userToken") || '{}')
- // console.log(user.token) //查看token
- config.headers['token'] = user.token
- // config.headers.Authorization = localStorage.getItem("userToken")
- console.log("ok")
- // Do something before request is sent
- return config;
- }, error => {
- console.log('request error' + error)
- // Do something with request error
- return Promise.reject(error);
- });
- // Add a response interceptor
- request.interceptors.response.use(response => {
- let res = response.data;
- if (typeof res === 'string'){
- res = res ? JSON.parse(res) : res
- }
- // if(res.code === 401){ //自动跳转
- // router.push('/')
- // }
- // Any status code that lie within the range of 2xx cause this function to trigger
- // Do something with response data
- return res;
- }, function (error) {
- // Any status codes that falls outside the range of 2xx cause this function to trigger
- // Do something with response error
- console.log('response error' + error)
- return Promise.reject(error);
- });
- export default request
免责声明:如果侵犯了您的权益,请联系站长,我们会及时删除侵权内容,谢谢合作!更多信息从访问主页:qidao123.com:ToB企服之家,中国第一个企服评测及商务社交产业平台。 |
