JWT——SpringBoot整合JWT 素颜马尾好姑娘i 2022-11-26 14:58 236阅读 0赞 # 一、SpringBoot + MyBatis + JWT # ### 1、引入依赖、编写全局配置文件 ### <!--引入jwt--> <dependency> <groupId>com.auth0</groupId> <artifactId>java-jwt</artifactId> <version>3.4.0</version> </dependency> <!--引入mybatis--> <dependency> <groupId>org.mybatis.spring.boot</groupId> <artifactId>mybatis-spring-boot-starter</artifactId> <version>2.1.3</version> </dependency> <!--引入lombok--> <dependency> <groupId>org.projectlombok</groupId> <artifactId>lombok</artifactId> <version>1.18.12</version> </dependency> <!--引入druid--> <dependency> <groupId>com.alibaba</groupId> <artifactId>druid</artifactId> <version>1.1.19</version> </dependency> <!--引入mysql--> <dependency> <groupId>mysql</groupId> <artifactId>mysql-connector-java</artifactId> <version>5.1.38</version> </dependency> server.port=8989 spring.datasource.type=com.alibaba.druid.pool.DruidDataSource spring.datasource.driver-class-name=com.mysql.jdbc.Driver spring.datasource.url=jdbc:mysql://localhost:3306/jwt?characterEncoding=UTF-8 spring.datasource.username=root spring.datasource.password=1111 mybatis.type-aliases-package=com.zy.entity mybatis.mapper-locations=classpath:com/zy/mapper/*.xml logging.level.com.baizhi.dao=debug ### 2、开发数据库 ### ![在这里插入图片描述][watermark_type_ZmFuZ3poZW5naGVpdGk_shadow_10_text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L20wXzM3OTg5OTgw_size_16_color_FFFFFF_t_70_pic_center] ### 3、编写实体类 ### @Data @Accessors(chain=true) public class User { private String id; private String name; private String password; } ### 4、开发DAO接口和mapper.xml ### @Mapper public interface UserDAO { User login(User user); } <!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd"> <mapper namespace="com.zy.dao.UserDAO"> <!--这里就写的简单点了毕竟不是重点--> <select id="login" parameterType="User" resultType="User"> select * from user where name=#{name} and password = #{password} </select> </mapper> ### 5、开发Service 接口以及实现类 ### public interface UserService { User login(User user);//登录接口 } @Service @Transactional public class UserServiceImpl implements UserService { @Autowired private UserDAO userDAO; @Override @Transactional(propagation = Propagation.SUPPORTS) public User login(User user) { User userDB = userDAO.login(user); if(userDB!=null){ return userDB; } throw new RuntimeException("登录失败~~"); } } #### 6、开发Controller #### @RestController @Slf4j public class UserController { @Autowired private UserService userService; @GetMapping("/user/login") public Map<String, Object> login(User user) { log.info("用户名: [{}]", user.getName()); log.info("密码: [{}]", user.getPassword()); Map<String, Object> map = new HashMap<>(); try { User userDB = userService.login(user); Map<String, String> payload = new HashMap<>(); payload.put("id", userDB.getId()); payload.put("name", userDB.getName()); //生成JWT的令牌 String token = JWTUtils.getToken(payload); map.put("state", true); map.put("msg", "认证成功"); map.put("token", token);//响应token } catch (Exception e) { map.put("state", false); map.put("msg", e.getMessage()); } return map; } } #### 7、通过postman测试 #### 测试错误密码 ![在这里插入图片描述][watermark_type_ZmFuZ3poZW5naGVpdGk_shadow_10_text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L20wXzM3OTg5OTgw_size_16_color_FFFFFF_t_70_pic_center 1] 测试正确账号密码 ![在这里插入图片描述][watermark_type_ZmFuZ3poZW5naGVpdGk_shadow_10_text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L20wXzM3OTg5OTgw_size_16_color_FFFFFF_t_70_pic_center 2] #### 8、编写测试接口 #### @PostMapping("/user/test") public Map<String, Object> test(HttpServletRequest request) { Map<String, Object> map = new HashMap<>(); //处理自己业务逻辑 String token = request.getHeader("token"); // 验证token DecodedJWT verify = JWTUtils.verify(token); log.info("用户id: [{}]", verify.getClaim("id").asString()); log.info("用户name: [{}]", verify.getClaim("name").asString()); map.put("state", true); map.put("msg", "请求成功!"); return map; } ![在这里插入图片描述][watermark_type_ZmFuZ3poZW5naGVpdGk_shadow_10_text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L20wXzM3OTg5OTgw_size_16_color_FFFFFF_t_70_pic_center 3] 不携带Token测试 ![在这里插入图片描述][watermark_type_ZmFuZ3poZW5naGVpdGk_shadow_10_text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L20wXzM3OTg5OTgw_size_16_color_FFFFFF_t_70_pic_center 4] 携带token测试 ![在这里插入图片描述][watermark_type_ZmFuZ3poZW5naGVpdGk_shadow_10_text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L20wXzM3OTg5OTgw_size_16_color_FFFFFF_t_70_pic_center 5] #### 9、存在的问题 #### * 使用上述方式每次都要`传递token数据,每个方法都需要验证token代码冗余`,不够灵活? 如何优化 * 使用拦截器进行优化 使用拦截器 public class JWTInterceptor implements HandlerInterceptor { @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { Map<String, Object> map = new HashMap<>(); //获取请求头中令牌 String token = request.getHeader("token"); try { JWTUtils.verify(token);//验证令牌 return true;//放行请求 } catch (SignatureVerificationException e) { e.printStackTrace(); map.put("msg","无效签名!"); }catch (TokenExpiredException e){ e.printStackTrace(); map.put("msg","token过期!"); }catch (AlgorithmMismatchException e){ e.printStackTrace(); map.put("msg","token算法不一致!"); }catch (Exception e){ e.printStackTrace(); map.put("msg","token无效!!"); } map.put("state",false);//设置状态 //将map 专为json jackson String json = new ObjectMapper().writeValueAsString(map); response.setContentType("application/json;charset=UTF-8"); response.getWriter().println(json); return false; } } @Configuration public class InterceptorConfig implements WebMvcConfigurer { @Override public void addInterceptors(InterceptorRegistry registry) { registry.addInterceptor(new JWTInterceptor()) .addPathPatterns("/user/test") //其他接口token验证 .excludePathPatterns("/user/login"); //所有用户都放心 } } 修改测试接口 @PostMapping("/user/test") public Map<String,Object> test(HttpServletRequest request){ Map<String, Object> map = new HashMap<>(); //处理自己业务逻辑 String token = request.getHeader("token"); DecodedJWT verify = JWTUtils.verify(token); log.info("用户id: [{}]",verify.getClaim("id").asString()); log.info("用户name: [{}]",verify.getClaim("name").asString()); map.put("state",true); map.put("msg","请求成功!"); return map; } ![在这里插入图片描述][watermark_type_ZmFuZ3poZW5naGVpdGk_shadow_10_text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L20wXzM3OTg5OTgw_size_16_color_FFFFFF_t_70_pic_center 6] [watermark_type_ZmFuZ3poZW5naGVpdGk_shadow_10_text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L20wXzM3OTg5OTgw_size_16_color_FFFFFF_t_70_pic_center]: /images/20221124/f7023b6e20324875b56f244c4cc6272a.png [watermark_type_ZmFuZ3poZW5naGVpdGk_shadow_10_text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L20wXzM3OTg5OTgw_size_16_color_FFFFFF_t_70_pic_center 1]: /images/20221124/cc19b194a304493794e6b7158f6cc475.png [watermark_type_ZmFuZ3poZW5naGVpdGk_shadow_10_text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L20wXzM3OTg5OTgw_size_16_color_FFFFFF_t_70_pic_center 2]: /images/20221124/5e98c68539354bce929febdd342b95d5.png [watermark_type_ZmFuZ3poZW5naGVpdGk_shadow_10_text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L20wXzM3OTg5OTgw_size_16_color_FFFFFF_t_70_pic_center 3]: /images/20221124/1851d14c4cab4deb8fbd654677963241.png [watermark_type_ZmFuZ3poZW5naGVpdGk_shadow_10_text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L20wXzM3OTg5OTgw_size_16_color_FFFFFF_t_70_pic_center 4]: /images/20221124/ca3562ab5c23427d9ca0d567ed76a0ef.png [watermark_type_ZmFuZ3poZW5naGVpdGk_shadow_10_text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L20wXzM3OTg5OTgw_size_16_color_FFFFFF_t_70_pic_center 5]: /images/20221124/50772931b8a2489594a643d6b4e58400.png [watermark_type_ZmFuZ3poZW5naGVpdGk_shadow_10_text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L20wXzM3OTg5OTgw_size_16_color_FFFFFF_t_70_pic_center 6]: /images/20221124/7be34c8e6f4f46c4a65bf462205119a5.png
还没有评论,来说两句吧...