Bootstrap

spring-boot Jwt实现token的发放和验证

一、具体操作

具体参照这篇

二、几点补充

1、引入Jwt依赖

<!-- https://mvnrepository.com/artifact/io.jsonwebtoken/jjwt -->
		<dependency>
			<groupId>io.jsonwebtoken</groupId>
			<artifactId>jjwt</artifactId>
			<version>0.7.0</version>
		</dependency>

2、在filter中验证token时,过期和非法的token都会抛出异常,可以自定义bean继承自BasicErrorController来进行统一的异常处理(返回给前端固定的Json内容,实际使用时和Js交互还会遇到跨域问题,要给response加上相关的请求头)。

3、贴波自己写的代码

注:基于 boot 1.X, 2.X的BasicErrorController有所不同

不懂的留言

@Configuration
public class JwtConfig {

    @Bean
    public FilterRegistrationBean jwtFilter() {
        final FilterRegistrationBean registrationBean = new FilterRegistrationBean();
        registrationBean.setFilter(new JwtFilter());
        registrationBean.addUrlPatterns("/test/*");//配置对应路径的接口使用此 filter
        return registrationBean;
    }
}
@RestController
public class MyCommonErrorController extends BasicErrorController {
    //统一处理filter抛出的token相关的异常 返回给前端标准格式的json和装填码
    private static final String PATH = "/error";
    private static final String TOKEN_MISS = "Missing or invalid Authorization header";
    private static final String TOKEN_EXPIRED = "token expired";
    private static final String TOKEN_INVALID = "token invalid";
    private static final String TOKEN_ERROR = "error";

    public MyCommonErrorController() {
        super(new DefaultErrorAttributes(), new ErrorProperties());
    }

    @Override
    @RequestMapping(
            produces = {"application/json"}
    )
    public ResponseEntity<Map<String, Object>> error(HttpServletRequest request) {
        //加入跨域相关内容
        HttpServletResponse response = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getResponse();
        response.setHeader("Access-Control-Allow-Origin", "*");
        response.setHeader("Access-Control-Expose-Headers", "X-Total-Count");
        response.setHeader("Access-Control-Allow-Headers", "origin, x-requested-with, x-http-method-override, content-type, Authentication, Authorization, hospital");
        response.setHeader("Access-Control-Allow-Methods", "PUT, GET, POST, DELETE, OPTIONS, HEAD, PATCH");
        
        HttpStatus status = this.getStatus(request);
        Map<String, Object> errorAttributes = this.getErrorAttributes(request, true);
        String message = (String)errorAttributes.get("message");
        Map<String, Object> body = new LinkedHashMap<>(16);
        body.put("code", getCode(message));
        body.put("message", message);
        body.put("data", null);
        return new ResponseEntity(body, status);
    }

    private int getCode(String msg){
        if (TOKEN_MISS.equals(msg)){
            return -1;
        }else if (TOKEN_EXPIRED.equals(msg)){
            return -2;
        }else if (TOKEN_INVALID.equals(msg)){
            return -3;
        }else if (TOKEN_ERROR.equals(msg)){
            return -4;
        }else {
            return -5;
        }
    }

    @Override
    public String getErrorPath() {
        return PATH;
    }
}
@RestController
public class TokenController {
    //登陆接口
    @PostMapping("/login")
    public Object login(@RequestBody LoginRequest loginRequest){
        //假设验证过了用户名和密码 发token
        // Create Twt token
        return generateToken(loginRequest.getUsername());
    }

    private String generateToken(String username) {
        Map<String, Object> claims = new HashMap<>(16);
        claims.put("sub", username);
        claims.put("created", new Date());
        return generateToken((claims));
    }
    
    private String generateToken(Map<String, Object> claims) {
        return Jwts.builder().setClaims(claims)        //payload
                .setExpiration(new Date(System.currentTimeMillis() + 60 * 1000L))  //过期时间
                .signWith(SignatureAlgorithm.HS512, "nicai").compact();  //加密方式
    }
}
@RestController
@RequestMapping("/test")
public class TestController {
    //用于测试token的验证
    @GetMapping("")
    public Object getTest(HttpServletRequest request){
        System.out.println(request.getAttribute("claims"));
        Map<String, String> claims = (Map<String, String>) request.getAttribute("claims");
        return "test"; 
    }
}
@Data
public class TokenException extends Exception {
    //自定义异常类型
    private int code;
    private String msg;

    public TokenException() {
    }

    public TokenException(int code, String msg) {
        super(msg);
        this.code = code;
        this.msg = msg;
    }
}
public class JwtFilter extends GenericFilterBean{
    //Jwtconfig中配置的filter 用于Jwt token的验证工作 配置时可以指定对应的路径
    @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        final HttpServletResponse response = (HttpServletResponse) servletResponse;
        final HttpServletRequest request = (HttpServletRequest) servletRequest;
        String authHeader = request.getHeader("Authorization");

        //规避探测性质的 OPTIONS请求
        String optionsString = "OPTIONS";
        String bearerString = "Bearer ";
        if (optionsString.equals(request.getMethod())){
            response.setStatus(HttpServletResponse.SC_OK);
            filterChain.doFilter(servletRequest, servletResponse);
        }else {
            //验证token
            if (StringUtils.isEmpty(authHeader) || !authHeader.startsWith(bearerString)){
                    throw new ServletException(new TokenException(-1, "Missing or invalid Authorization header"));
            }else {
                String token = authHeader.substring(bearerString.length());
                try {
                    //使用jwt paser来验证签名
                    Claims claims = Jwts.parser().setSigningKey("nicai").parseClaimsJws(token).getBody();
                    request.setAttribute("claims", claims);
                }catch (ExpiredJwtException e){
                    throw new ServletException(new TokenException(-2, "token expired"));
                }catch (SignatureException e){
                    throw new ServletException(new TokenException(-3, "token invalid"));
                }catch (Exception e){
                    throw new ServletException(new TokenException(-4, "error"));
                }

            }
            filterChain.doFilter(servletRequest, servletResponse);
        }

    }

}






;