sprintboot 集成Jwt

SprintBoot集成JWT 原理 逻辑

目前我所理解的Jwt
是用来携带 非敏感信息，用于后续授权验证

第一阶段 生成token 用@passtoken 跳过验证token

目录

第二阶段

拦截器拦截所有请求 ，在需要验证jwt token 的方法进行token验证

代码 token生成 Login.vue

setup() {  
    const { proxy } =useCurrentInstance();
    const login =() => {
      //post 获取服务器数据
      //这里的 proxy.$Ajax 参main.ts 文件
      proxy.$Ajax.post("http://localhost:****/athelete/login",{
        "atheleteid":formState.ID,
        "password":formState.password,
      }).then(res=>{
            console.log(res)
                if(res.data.code=="200"){
                  console.log(res.data);
                  localStorage.setItem("athelete",JSON.stringify(res.data.data.athelete));//写入本地存储空间
                  localStorage.setItem("token",JSON.stringify(res.data.data.token));//写入本地存储空间
                  router.push({name:"AtheletePage",params:{name:res.data.data.athelete.atheletename}})//路由跳转
                }else{
                  message.error("用户名或密码错误")
                }
              }
          ).catch(res=>{
               message.error(res.data.toString()+"系统界面错误")

          }
      )
    }

Controller

@RestController
@RequestMapping("/athelete")
public class AtheleteController {

    @Autowired
    private IAtheleteService atheleteService;

    @GetMapping("/{name}")
    @LoginToken
    public Result findname(@PathVariable String name) {
        QueryWrapper<Athelete> queryWrapper=new QueryWrapper<>();
        queryWrapper.like("atheletename",name);
        if(atheleteService.list(queryWrapper)!=null){
            return Result.success(atheleteService.list(queryWrapper));
        }else{
            return Result.error();
        }
    }

    @PostMapping("/login")
//    @RequestBody 把前端json转java对象
    @PassToken
    public Result login(@RequestBody atheleteDTO athelete){
        Object obj= atheleteService.login(athelete);

        return Result.success(obj);
    }
}

ServiceImp

@Service
public class AtheleteServiceImpl extends ServiceImpl<AtheleteMapper, Athelete> implements IAtheleteService {

    @Autowired
    private tokenService tokenService;

    @Override
    public Object login(atheleteDTO atheletedto) {
        QueryWrapper<Athelete> queryWrapper= new QueryWrapper<>();
        queryWrapper.eq("atheleteid",atheletedto.getAtheleteid());
        queryWrapper.eq("password",atheletedto.getPassword());
        Athelete tempathelete;
        try{
            tempathelete=getOne(queryWrapper);//数据库里获取数据
        }catch (Exception e){
            throw new BusinessException(e);
        }
        if(tempathelete!=null){
            BeanUtils.copyProperties(tempathelete,atheletedto);
            JSONObject jsonObject=new JSONObject();
            jsonObject.put("token",tokenService.getToken(tempathelete));
            jsonObject.put("athelete",tempathelete);
            System.out.println(jsonObject);
            return jsonObject;
        }else{
            throw new BusinessException(ResultEnum.USER_NOT_EXIST);
        }

    }


}

TokenService

package com.example.sportpb.service.common;

import com.auth0.jwt.JWT;
import com.auth0.jwt.algorithms.Algorithm;
import com.example.sportpb.entity.sport.Athelete;
import org.springframework.stereotype.Service;

import java.util.Date;

/**
 * @title: TokenService
 * @Description：token 生成
 */
@Service
public class tokenService {
    /**
     * 过期时间5分钟
     */
    private static final long EXPIRE_TIME = 5 * 60 * 1000;

    public String getToken(Athelete athelete) {
        Date date = new Date(System.currentTimeMillis() + EXPIRE_TIME);
        String token="";
        token= JWT.create().withAudience(athelete.getAtheleteid()) // 将 user id 保存到 token 里面
            .withExpiresAt(date) //五分钟后token过期
            .sign(Algorithm.HMAC256(athelete.getPassword())); // 以 password 作为 token 的密钥
        return token;
    }
}

token验证 获取表数据.vue

setup(){
const insert = () =>{
      // const token=JSON.parse(localStorage.getItem("athelete")!).data.token
      // console.log(token)
      proxy.$Ajax({
        method:'get',
        url:"http://localhost:5894/athelete/张淑",
        header:{
          'token':window.localStorage['token']
        }
      })
          .then((response: { data: any; }) => {
            let datas = response.data.data
            console.log(datas)
            console.log(datas.length)
            for (let i = 0; i < datas.length; i++) {
              //直接push好像不好使，要转成对象然后push 才能渲染
              let basicd = Object.assign({}, Datacon(datas)[i])
              tableDataRec.data.push(basicd)
            }
            console.log(tableDataRec.data)
          })

    }
}

LoginToken

package com.example.sportpb.annotation;

import java.lang.annotation.*;

//需要登录才能进行 *** 作的注解LoginToken
@Target({ElementType.METHOD, ElementType.TYPE})
@Retention(RetentionPolicy.RUNTIME)
@Documented
public @interface LoginToken {
    boolean required() default true;
}

PassToken

package com.example.sportpb.annotation;
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;

//用来跳过验证的PassToken
@Target({ElementType.METHOD, ElementType.TYPE})
@Retention(RetentionPolicy.RUNTIME)
public @interface PassToken {
    boolean required() default true;
}

InterceptorCongfig

package com.example.sportpb.config;



import com.example.sportpb.interceptor.JwtInterceptor;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;

/**
 * @title: InterceptorConfig
 * @Author gjt
 * @Date: 2020-12-21
 * @Description：
 */
@Configuration
public class InterceptorConfig implements WebMvcConfigurer{
    @Override
    public void addInterceptors(InterceptorRegistry registry) {
        registry.addInterceptor(jwtInterceptor())//添加一个实现HadlerInterceptor接口的拦截器实例
                .addPathPatterns("/**");    // 拦截所有请求，通过判断是否有 @LoginRequired 注解 决定是否需要登录

        //注册TestInterceptor拦截器
//        InterceptorRegistration registration = registry.addInterceptor(jwtInterceptor());
//        registration.addPathPatterns("/**");                      //添加拦截路径
//        registration.excludePathPatterns(                         //添加不拦截路径
//            "/**/*.html",            //html静态资源
//            "/**/*.js",              //js静态资源
//            "/**/*.css",             //css静态资源
//            "/**/*.woff",
//            "/**/*.ttf",
//            "/swagger-ui.html"
//        );
    }
    @Bean
    public JwtInterceptor jwtInterceptor() {
        return new JwtInterceptor();
    }
}

JwtInterceptor

package com.example.sportpb.interceptor;

import com.auth0.jwt.JWT;
import com.auth0.jwt.JWTVerifier;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.exceptions.JWTDecodeException;
import com.auth0.jwt.exceptions.JWTVerificationException;
import com.example.sportpb.annotation.LoginToken;
import com.example.sportpb.annotation.PassToken;
import com.example.sportpb.entity.sport.Athelete;
import com.example.sportpb.service.sport.IAtheleteService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.lang.reflect.Method;

/**
 * @title: JwtInterceptor
 * @Author gjt
 * @Date: 2020-12-21
 * @Description：
 */
public class JwtInterceptor implements HandlerInterceptor{

    @Autowired
    private IAtheleteService atheleteService;

    @Override
    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object object) throws Exception {
        String token = httpServletRequest.getHeader("token");// 从 http 请求头中取出 token
        // 如果不是映射到方法直接通过
        System.out.println(httpServletRequest);
        if(!(object instanceof HandlerMethod)){
            return true;
        }
        HandlerMethod handlerMethod=(HandlerMethod)object;
        Method method=handlerMethod.getMethod();
        //检查是否有passtoken注释，有则跳过认证
        if (method.isAnnotationPresent(PassToken.class)) {
            PassToken passToken = method.getAnnotation(PassToken.class);
            if (passToken.required()) {
                return true;
            }
        }
        //检查 有没有需要用户权限的注解,@LogintoToken
        if (method.isAnnotationPresent(LoginToken.class)) {
            LoginToken loginToken = method.getAnnotation(LoginToken.class);
            if (loginToken.required()) {
                // 执行认证
                if (token == null) {
                    throw new RuntimeException("无token，请重新登录");
                }
                // 获取 token 中的 user id
                String atheleteId;
                try {
                    atheleteId = JWT.decode(token).getAudience().get(0);
                } catch (JWTDecodeException j) {
                    throw new RuntimeException("401");
                }
                Athelete athelete = atheleteService.getById(atheleteId);
                if (athelete == null) {
                    throw new RuntimeException("用户不存在，请重新登录");
                }
                // 验证 token
                JWTVerifier jwtVerifier = JWT.require(Algorithm.HMAC256(athelete.getPassword())).build();
                try {
                    jwtVerifier.verify(token);
                } catch (JWTVerificationException e) {
                    throw new RuntimeException("401");
                }
                return true;
            }
        }
        return true;
    }

    @Override
    public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, ModelAndView modelAndView) throws Exception {

    }
    @Override
    public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, Exception e) throws Exception {

    }
}

Token 实际使用相关问题 postman 测试拦截器

postman 发送get 请求，请求头带参数 Authorize

单步debug 可见 httpServletRequest 可以通过 getheader 找到 post 请求头发送的参数 Authorize

前端axios 测试

接收不到，前端发送的请求头信息

本文参考链接：

Jwt教程
通俗易懂的介绍
我参考的代码
SpringBoot整合Jwt