jwt 實現 token 認證
阿新 • • 發佈:2019-09-28
背景:session管理使用者登入狀態成本越來越高 ,token的方式做登入身份校驗,放入redis中 ,jwt 出現後無需redis快取
前提條件:
<dependency> <groupId>com.auth0</groupId> <artifactId>java-jwt</artifactId> <version>3.2.0</version> </dependency> <dependency> <groupId>io.jsonwebtoken</groupId> <artifactId>jjwt</artifactId> <version>0.7.0</version> </dependency>
jwt工具類:
public class JwtUtils { /** * 簽發JWT * @param id * @param subject 可以是JSON資料 儘可能少 * @param ttlMillis * @return String * */ public static String createJWT(String id, String subject, long ttlMillis) { SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.HS256; long nowMillis = System.currentTimeMillis(); Date now = new Date(nowMillis); SecretKey secretKey = generalKey(); JwtBuilder builder = Jwts.builder() .setId(id) .setSubject(subject) // 主題 .setIssuer("user") // 簽發者 .setIssuedAt(now) // 簽發時間 .signWith(signatureAlgorithm, secretKey); // 簽名演算法以及密匙 if (ttlMillis >= 0) { long expMillis = nowMillis + ttlMillis; Date expDate = new Date(expMillis); builder.setExpiration(expDate); // 過期時間 } return builder.compact(); } /** * 驗證JWT * @param jwtStr * @return */ public static CheckResult validateJWT(String jwtStr) { CheckResult checkResult = new CheckResult(); Claims claims = null; try { claims = parseJWT(jwtStr); checkResult.setSuccess(true); checkResult.setClaims(claims); } catch (ExpiredJwtException e) { checkResult.setErrCode(SystemConstant.JWT_ERRCODE_EXPIRE); checkResult.setSuccess(false); } catch (SignatureException e) { checkResult.setErrCode(SystemConstant.JWT_ERRCODE_FAIL); checkResult.setSuccess(false); } catch (Exception e) { checkResult.setErrCode(SystemConstant.JWT_ERRCODE_FAIL); checkResult.setSuccess(false); } return checkResult; } public static SecretKey generalKey() { byte[] encodedKey = Base64.decode(SystemConstant.JWT_SECERT); SecretKey key = new SecretKeySpec(encodedKey, 0, encodedKey.length, "AES"); return key; } /** * * 解析JWT字串 * @param jwt * @return * @throws Exception */ public static Claims parseJWT(String jwt) throws Exception { SecretKey secretKey = generalKey(); return Jwts.parser() .setSigningKey(secretKey) .parseClaimsJws(jwt) .getBody(); } }
使用:
public class LoginController {
@Autowired
UserRepository userRepository;
@ApiOperation(value="使用者登陸")
@RequestMapping(value="login",method = RequestMethod.POST)
public ReturnVo login(String username, String password,HttpServletResponse
response) {
User user = userRepository.findByUsername(username);
if(user!=null){
if(user.getPassword().equals(password)){
//把token返回給客戶端-->客戶端儲存至cookie-->客戶端每次請求附帶cookie引數
String JWT = JwtUtils.createJWT("1", username, SystemConstant.JWT_TTL);
return ReturnVo.ok(JWT);
}else{
return ReturnVo.error();
}
}else{
return ReturnVo.error();
}
}
}