1.pom
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt</artifactId>
<version>0.9.1</version>
</dependency>
2.JwtFilterConfig
@Configuration
public class JwtFilterConfig {
@Bean
public FilterRegistrationBean jwtFilter() {
final FilterRegistrationBean registrationBean = new FilterRegistrationBean();
JwtAuthenticationFilter filter = new JwtAuthenticationFilter();
registrationBean.setFilter(filter);
return registrationBean;
}
}
3.JwtAuthenticationFilter
public class JwtAuthenticationFilter extends OncePerRequestFilter {
private static final PathMatcher pathMatcher = new AntPathMatcher();
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
try {
if(isProtectedUrl(request)) {
String token = request.getParameter("token");
JwtUtil.validateToken(token);
}
} catch (Exception e) {
response.sendError(HttpServletResponse.SC_UNAUTHORIZED, e.getMessage());
return;
}
filterChain.doFilter(request, response);
}
private boolean isProtectedUrl(HttpServletRequest request) {
return pathMatcher.match("/api/**", request.getServletPath());
}
}
4.JwtUtil
public class JwtUtil {
private static final String SECRET = "xxxxxxxxxxxxxxxxxxx";
private static final String ID_IN_TOKEN = "id";
private static final String NAME_IN_TOKEN = "name";
public static String generateToken(String data) {
HashMap<String, Object> map = new HashMap<>();
map.put(NAME_IN_TOKEN, data);
String jwt = Jwts.builder()
.setClaims(map)
.setExpiration(new Date(System.currentTimeMillis() + 3600_000_00L))
.signWith(SignatureAlgorithm.HS512, SECRET)
.compact();
return jwt;
}
public static void validateToken(String token) {
try {
Map<String, Object> body = Jwts.parser()
.setSigningKey(SECRET)
.parseClaimsJws(token.replace("Bearer ",""))
.getBody();
}catch (Exception e){
throw new IllegalStateException("Invalid Token. "+e.getMessage());
}
}
public static int getCustomerId(String token){
Map<String, Object> body = Jwts.parser()
.setSigningKey(SECRET)
.parseClaimsJws(token)
.getBody();
return Integer.parseInt(body.get(ID_IN_TOKEN).toString());
}
public static String getLoginName(String token){
Map<String, Object> body = Jwts.parser()
.setSigningKey(SECRET)
.parseClaimsJws(token)
.getBody();
return body.get(NAME_IN_TOKEN).toString();
}
}
5.登錄時生成token,調用接口時解析驗證token
String token = JwtUtil.generateToken(customer.getId().toString());
String token = JwtUtil.generateToken(customer.getUsername().toString());
int customerId = JwtUtil.getCustomerId(request.getParameter("token"));
String loginName = JwtUtil.getLoginName(request.getParameter("token"));