今天我們繼續聊聊JWT,從上一次的聊天中我們可以看出。JWT的功能還是比較強大的。而在上一次的示例代碼我們可以封裝成一一個工具對象來使用。我們看看在JavaWeb中JWT如何使用。
第一步:創建兩個頁面login.jsp和welcome.jsp
login.jsp:
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>User Login</title>
<script type="text/javascript">
function test() {
window.localStorage.setItem('myCat', 'Tom');
}
function loadPage() {
alert(window.localStorage.getItem('myCat'));
var name = window.localStorage.getItem('myCat');
if(name == "Tom"){
var check = document.getElementById("checkboxid");
check.checked = true;
}
}
</script>
</head>
<body οnlοad="loadPage();">
<h3>請您登錄</h3><br>
<form action="UserLogin" method="get">
用戶名:<input type="text" name="username"><br>
密碼:<input type="text" name="password"><br>
記住我:<input type="checkbox" οnchange="test();" id="checkboxid"><br>
<%-- <input type="hidden" name="userToken" value="<%=request.getCookies()%>"> --%>
<input type="submit" value="提交"><br>
</form>
</body>
</html>
welcome.jsp:
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>User welcome</title>
</head>
<body>
<h1>歡迎您的登錄</h1>
</body>
</html>
第二步:添加相應的依賴
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.alibaba</groupId>
<artifactId>JwtDemo</artifactId>
<version>0.0.1-SNAPSHOT</version>
<packaging>war</packaging>
<dependencies>
<!-- mysql -->
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>5.1.38</version>
</dependency>
<!-- HttpServlet -->
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
<version>3.0.1</version>
<scope>provided</scope>
</dependency>
<!-- JWT -->
<dependency>
<groupId>com.auth0</groupId>
<artifactId>java-jwt</artifactId>
<version>3.3.0</version>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt</artifactId>
<version>0.6.0</version>
</dependency>
<dependency>
<groupId>com.alibaba</groupId>
<artifactId>fastjson</artifactId>
<version>1.2.54</version>
</dependency>
</dependencies>
</project>
第三步:創建登錄校驗的Servlet:
package com.alibaba;
import java.io.IOException;
import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.Statement;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@WebServlet(value = "/UserLogin")
public class UserLogin extends HttpServlet{
/**
* @see
*/
private static final long serialVersionUID = 377879623563586348L;
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
doPost(request, response);
}
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
try {
String userToken = "";
//----------省去亂碼配置------------
Cookie[] cookies = request.getCookies();
for (Cookie cookie : cookies) {
if(cookie.getName() .equals("userToken")) {
userToken = cookie.getValue();
}
}
if(userToken == null || userToken.length() < 1) {
String username = request.getParameter("username");
String password = request.getParameter("password");
if(username == null || username.length() < 1 || password == null || password.length() < 1) {
response.sendRedirect("login.jsp");
}else {
//查數據庫
Connection connection = JdbcUtil.getConnection();
Statement statement = connection.createStatement();
String sql = "select id from user_test where username='"+ username + "' and passwords='" + password + "'";
ResultSet resultSet = statement.executeQuery(sql);
if(!resultSet.next()) {
//用戶名或者密碼不正確
response.sendRedirect("login.jsp");
return;
}
String userTokens = new JwtObject().createUserToken(username);
Connection connection1 = JdbcUtil.getConnection();
Statement statement1 = connection1.createStatement();
int resultUpdata = statement1.executeUpdate("update user_test set userToken= '" + userTokens + "' where username='" + username + "'");
Cookie cookie = new Cookie("userToken", userTokens);
response.addCookie(cookie);
response.sendRedirect("welcome.jsp");
}
}else {
//用攜帶的userToken查詢出用戶的userToken
String sign = new JwtObject().vaildUserToken(userToken);
if(sign == null) {
response.sendRedirect("welcome.jsp");
return;
}
//查數據庫
Connection connection = JdbcUtil.getConnection();
Statement statement = connection.createStatement();
ResultSet resultSet = statement.executeQuery("select userToken from user_test where userToken='"+ userToken + "'");
if(!resultSet.next()) {
//用戶名或者密碼不正確
response.sendRedirect("login.jsp");
return;
}
String userTokenQuery = resultSet.getString(1);
if(!userTokenQuery.split("\\.")[2].equals(sign)) {
response.sendRedirect("login.jsp");
return;
}
Cookie cookie = new Cookie("userToken", userToken);
response.addCookie(cookie);
response.sendRedirect("welcome.jsp");
}
} catch (Exception e) {
// TODO: handle exception
}
}
}
第四步:創建一個連接數據庫的工具對象和在MySQL中創建一張表
package com.alibaba;
import java.sql.Connection;
import java.sql.DriverManager;
public class JdbcUtil {
private static final String DRIVER = "com.mysql.jdbc.Driver";
private static final String URL = "jdbc:mysql://localhost:3306/test1";
private static final String USERNAME = "root";
private static final String PASSWORD = "root";
public static Connection getConnection() {
try {
Class.forName(DRIVER);
Connection connection = DriverManager.getConnection(URL, USERNAME, PASSWORD);
return connection;
} catch (Exception e) {
System.out.println("JdbcUtil/getConnection Exception:" + e);
return null;
}
}
}
建表:
CREATE TABLE `user_test` (
`id` bigint(10) NOT NULL AUTO_INCREMENT COMMENT '主鍵',
`username` varchar(16) DEFAULT NULL COMMENT '用戶名',
`passwords` varchar(32) DEFAULT NULL COMMENT '用戶密碼',
`userToken` varchar(512) DEFAULT NULL COMMENT '用戶的token',
PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=utf8;
第五步:用兩個不同的瀏覽器進行登錄並觀察結果
5.1:先用火狐瀏覽器登錄
5.2:登錄的結果
5.3:用相同的用戶名和密碼在谷歌瀏覽器中登錄
5.4:谷歌瀏覽器登錄的結果
5.5:登錄結果說明
在5.4中我們可以發現,用谷歌瀏覽器登錄的時候竟然沒有登錄成功並且又重定向回登錄頁面了。這是因爲我在此之前我在谷歌已經登錄過了,然後又在火狐上登錄。火狐上登錄以後他生成了最新的JWT的userToken。當谷歌再次登錄的時候userToken校驗不通過造成的結果。當然這與我自己的登錄邏輯也是有關係的。