现在我主要介绍一下,用户后台登陆系统之后,使用token来校验用户是否合法,使用户信息保持正确。相关代码我已放入下面,有需要的朋友即可尝试一下。
1.首先看到web.xml
<filter>
<filter-name>CharacterEncodingFilter</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>utf-8</param-value>
</init-param>
<init-param>
<param-name>forceEncoding</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CharacterEncodingFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>myAuthenticationFilter</filter-name>
<filter-class>com.javaclimb.util.filter.MyWebFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>myAuthenticationFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
2.找到自定义拦截器的MyWebFilter3.
3.使用 JwtUtil来判断token是否合法
import com.nimbusds.jose.*;
import com.nimbusds.jose.crypto.MACSigner;
import com.nimbusds.jose.crypto.MACVerifier;
import com.javaclimb.util.MapWrapperUtils;
import com.javaclimb.util.ReturnData;
import com.javaclimb.util.exception.CustomerException;
import net.minidev.json.JSONObject;
import java.text.ParseException;
import java.util.Date;
import java.util.Map;
public class JwtUtil {
private static final byte[] secret = "modhfaguafdkslsmxofangsnhpobcewm".getBytes();
public static String creatToken(Map<String, Object> payloadMap) {
JWSHeader jwsHeader = new JWSHeader(JWSAlgorithm.HS256);
Payload payload = new Payload(new JSONObject(payloadMap));
JWSObject jwsObject = new JWSObject(jwsHeader, payload);
try {
JWSSigner jwsSigner = new MACSigner(secret);
jwsObject.sign(jwsSigner);
} catch (JOSEException e) {
throw new CustomerException("toke生成失败");
}
return jwsObject.serialize();
}
public static ReturnData valid(String token) throws ParseException, JOSEException {
ReturnData returnData = null;
JWSObject jwsObject = JWSObject.parse(token);
Payload payload = jwsObject.getPayload();
JWSVerifier jwsVerifier = new MACVerifier(secret);
if (jwsObject.verify(jwsVerifier)) {
JSONObject jsonObject = payload.toJSONObject();
returnData = ReturnData.success(jsonObject.get(MapWrapperUtils.KEY_USER_ID));
if (jsonObject.containsKey("exp")) {
Long expTime = Long.valueOf(jsonObject.get("exp").toString());
Long nowTime = new Date().getTime();
if (nowTime > expTime) {
returnData = ReturnData.fail("登录过期");
}
}
} else {
returnData = ReturnData.fail("token令牌是个假的");
}
return returnData;
}
}
4.MapWrapperUtils相关代码
package com.javaclimb.util;
import java.util.HashMap;
public class MapWrapperUtils extends HashMap<String, Object> {
public static String KEY_USER_ID = "userId";
@Override
public MapWrapperUtils put(String key, Object value) {
super.put(key, value);
return this;
}
public static MapWrapperUtils builder(String key, Object value) {
MapWrapperUtils wrapperUtils = new MapWrapperUtils();
wrapperUtils.put(key, value);
return wrapperUtils;
}
}