SpringBoot 使用jwt进行身份验证的方法示例

/** * Created by qhong on 2018/6/7 15:34 * 标注该注解的，就不需要登录 **/@Target({ElementType.METHOD,ElementType.TYPE})@Retention(RetentionPolicy.RUNTIME)@Documentedpublic @interface AuthIgnore {}

@Target(ElementType.PARAMETER)@Retention(RetentionPolicy.RUNTIME)public @interface LoginUser {}

@ConfigurationProperties(prefix = "jwt")@Componentpublic class JwtUtils {  private Logger logger = LoggerFactory.getLogger(getClass());  private String secret;  private long expire;  private String header;  /**   * 生成jwt token   */  public String generateToken(long userId) {    Date nowDate = new Date();    //过期时间    Date expireDate = new Date(nowDate.getTime() + expire * 1000);    return Jwts.builder()        .setHeaderParam("typ", "JWT")        .setSubject(userId+"")        .setIssuedAt(nowDate)        .setExpiration(expireDate)        .signWith(io.jsonwebtoken.SignatureAlgorithm.HS512, secret)        .compact();  }  public Claims getClaimByToken(String token) {    try {      return Jwts.parser()          .setSigningKey(secret)          .parseClaimsJws(token)          .getBody();    }catch (Exception e){      logger.debug("validate is token error ", e);      return null;    }  }  /**   * token是否过期   * @return true：过期   */  public boolean isTokenExpired(Date expiration) {    return expiration.before(new Date());  }  public String getSecret() {    return secret;  }  public void setSecret(String secret) {    this.secret = secret;  }  public long getExpire() {    return expire;  }  public void setExpire(long expire) {    this.expire = expire;  }  public String getHeader() {    return header;  }  public void setHeader(String header) {    this.header = header;  }}

# 加密秘钥jwt.secret=f4e2e52034348f86b67cde581c0f9eb5# token有效时长，单位秒jwt.expire=60000jwt.header=token

/** * Created by qhong on 2018/6/7 15:36 **/@Componentpublic class AuthorizationInterceptor extends HandlerInterceptorAdapter {  @Autowired  private JwtUtils jwtUtils;  public static final String USER_KEY = "userId";  @Override  public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {    AuthIgnore annotation;    if(handler instanceof HandlerMethod) {      annotation = ((HandlerMethod) handler).getMethodAnnotation(AuthIgnore.class);    }else{      return true;    }    //如果有@AuthIgnore注解，则不验证token    if(annotation != null){      return true;    }    //获取用户凭证    String token = request.getHeader(jwtUtils.getHeader());    if(StringUtils.isBlank(token)){      token = request.getParameter(jwtUtils.getHeader());    }    //token凭证为空    if(StringUtils.isBlank(token)){      throw new AuthException(jwtUtils.getHeader() + "不能为空", HttpStatus.UNAUTHORIZED.value());    }    Claims claims = jwtUtils.getClaimByToken(token);    if(claims == null || jwtUtils.isTokenExpired(claims.getExpiration())){      throw new AuthException(jwtUtils.getHeader() + "失效，请重新登录", HttpStatus.UNAUTHORIZED.value());    }    //设置userId到request里，后续根据userId，获取用户信息    request.setAttribute(USER_KEY, Long.parseLong(claims.getSubject()));    return true;  }}

@Componentpublic class LoginUserHandlerMethodArgumentResolver implements HandlerMethodArgumentResolver {  @Autowired  private UserService userService;  @Override  public boolean supportsParameter(MethodParameter parameter) {    return parameter.getParameterType().isAssignableFrom(User.class) && parameter.hasParameterAnnotation(LoginUser.class);  }  @Override  public Object resolveArgument(MethodParameter parameter, ModelAndViewContainer container,                 NativeWebRequest request, WebDataBinderFactory factory) throws Exception {    //获取用户ID    Object object = request.getAttribute(AuthorizationInterceptor.USER_KEY, RequestAttributes.SCOPE_REQUEST);    if(object == null){      return null;    }    //获取用户信息    User user = userService.selectById((Long)object);    return user;  }}

@Configurationpublic class WebConfig extends WebMvcConfigurerAdapter {  @Autowired  private AuthorizationInterceptor authorizationInterceptor;  @Autowired  private LoginUserHandlerMethodArgumentResolver loginUserHandlerMethodArgumentResolver;  @Override  public void addInterceptors(InterceptorRegistry registry) {    registry.addInterceptor(authorizationInterceptor).addPathPatterns("/**");  }  @Override  public void addArgumentResolvers(List<HandlerMethodArgumentResolver> argumentResolvers) {    argumentResolvers.add(loginUserHandlerMethodArgumentResolver);  }}

  @PostMapping("/login")  @AuthIgnore  public R login2(@RequestBody User u){    //用户登录    long userId =userService.addUser(u);    //生成token    String token = jwtUtils.generateToken(userId);    Map<String, Object> map = new HashMap<>();    map.put("token", token);    map.put("expire", jwtUtils.getExpire());    return R.ok(map);  }

@RequestMapping(value="/query2",method= RequestMethod.POST)  public User Query2(@LoginUser User u){     return u;  }