1.pom依赖
<!-- JSON Web Token (JWT) 生成token --> <dependency> <groupId>com.auth0</groupId> <artifactId>java-jwt</artifactId> <version>3.8.2</version> </dependency><!-- json --> <dependency> <groupId>com.alibaba</groupId> <artifactId>fastjson</artifactId> <version>1.2.62</version> </dependency>2.JWT加密解密工具类
public class JWTUtils { private static final String JWTSECRET = "myScrect"; /** * 生成token * @param userId * @return */ public static String createToken(String userId) { String token = Jwts.builder() .setSubject(userId)// .setExpiration(new Date(System.currentTimeMillis() + 60 * 60 * 24 * 1000 * 365))//设置过期时间 .signWith(SignatureAlgorithm.HS256, JWTSECRET) .compact(); return token; } /** * 解析token * @param token * @return */ public static String verifyToken(String token){ String user = Jwts.parser() .setSigningKey(JWTSECRET) .parseClaimsJws(token) .getBody() .getSubject(); return user; }}3.PBKDF2加密实现
public class PBKDF2 { private static final Logger logger = LoggerFactory.getLogger(PBKDF2.class); /** * 算法名称 */ private static final String PBKDF2_ALGORITHM = "PBKDF2WithHmacSHA256"; /** * 盐的长度 */ private static final int SALT_SIZE = 16; /** * 生成密文的长度 */ private static final int HASH_SIZE = 32; /** * 迭代次数 */ private static final int PBKDF2_ITERATIONS = 1000; /** * 对输入的密码进行验证 * * @param password 待验证密码 * @param encryptedPassword 密文 * @param salt 盐值 */ public static boolean verify(String password, String encryptedPassword, String salt) { // 用相同的盐值对用户输入的密码进行加密 String result = getPBKDF2(password, salt); // 把加密后的密文和原密文进行比较,相同则验证成功,否则失败 return result != null && result.equals(encryptedPassword); } /** * 根据password和salt生成密文 * * @param password 未加密密码 * @param salt 加密盐 * @return 加密后密码 */ public static String getPBKDF2(String password, String salt) { //将16进制字符串形式的salt转换成byte数组 byte[] bytes = DatatypeConverter.parseHexBinary(salt); KeySpec spec = new PBEKeySpec(password.toCharArray(), bytes, PBKDF2_ITERATIONS, HASH_SIZE * 4); byte[] hash; try { SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance(PBKDF2_ALGORITHM); hash = secretKeyFactory.generateSecret(spec).getEncoded(); } catch (Exception e) { logger.error("密码加密失败,{}", e.getMessage()); return null; } //将byte数组转换为16进制的字符串 return DatatypeConverter.printHexBinary(hash); } /** * 生成随机盐值 */ public static String generateSalt() { SecureRandom random = null; try { random = SecureRandom.getInstance("SHA1PRNG"); } catch (Exception e) { logger.error("生成随机盐失败,{}", e.getMessage()); } byte[] bytes = new byte[SALT_SIZE / 2]; random.nextBytes(bytes); //将byte数组转换为16进制的字符串 return DatatypeConverter.printHexBinary(bytes); }}4.代码测试
aop拦截类 WebLogAspect —环绕权限验证—解析token
用户登入
/** * 登入 */ @Override public LoginResponseVO login(EmployeeLoginArg args) { User user = baseMapper.selectOne( new QueryWrapper<User>() .select("id,name,password,salt") .eq("username", args.getUsername()) ); ParamCheck.notNull(user, "账号或密码错误"); ParamCheck.assertTrue(PBKDF2.verify(args.getPassword(), user.getPassword(), user.getSalt()), "账号或密码错误"); // 生成token,并存入redis中 JSONObject tokenJson = new JSONObject(); tokenJson.put("userId", user.getId()); String token = JWTUtils.createJWT(tokenJson); redisUtils.set(CacheConst.WEBSITE_TOKEN_PREFIX + user.getId(), token, ConfigConst.DEFAULT_PC_TOKEN_INVALID_TIME); logger.info(redisUtils.get(CacheConst.WEBSITE_TOKEN_PREFIX + user.getId()).toString()); LoginResponseVO res = new LoginResponseVO(); res.setUserId(user.getId()); res.setUserName(user.getName()); res.setToken(token); return res; }用户登出
/** * 登出 */ @Async @Override public void logOut(String token) { JSONObject tokenJson = JWTUtils.parseJWT(token); if (tokenJson == null) { return; } String userId = tokenJson.getString("userId"); if (userId == null) { return; } redisUtils.del(CacheConst.WEBSITE_TOKEN_PREFIX + userId); }