jwt连接器中文官网,jwt

1.pom依赖

<!-- JSON Web Token (JWT) 生成token --> <dependency> <groupId>com.auth0</groupId> <artifactId>java-jwt</artifactId> <version>3.8.2</version> </dependency><!-- json --> <dependency> <groupId>com.alibaba</groupId> <artifactId>fastjson</artifactId> <version>1.2.62</version> </dependency>

2.JWT加密解密工具类

public class JWTUtils { private static final String JWTSECRET = "myScrect"; /** * 生成token * @param userId * @return */ public static String createToken(String userId) { String token = Jwts.builder() .setSubject(userId)// .setExpiration(new Date(System.currentTimeMillis() + 60 * 60 * 24 * 1000 * 365))//设置过期时间 .signWith(SignatureAlgorithm.HS256, JWTSECRET) .compact(); return token; } /** * 解析token * @param token * @return */ public static String verifyToken(String token){ String user = Jwts.parser() .setSigningKey(JWTSECRET) .parseClaimsJws(token) .getBody() .getSubject(); return user; }}

3.PBKDF2加密实现

public class PBKDF2 { private static final Logger logger = LoggerFactory.getLogger(PBKDF2.class); /** * 算法名称 */ private static final String PBKDF2_ALGORITHM = "PBKDF2WithHmacSHA256"; /** * 盐的长度 */ private static final int SALT_SIZE = 16; /** * 生成密文的长度 */ private static final int HASH_SIZE = 32; /** * 迭代次数 */ private static final int PBKDF2_ITERATIONS = 1000; /** * 对输入的密码进行验证 * * @param password 待验证密码 * @param encryptedPassword 密文 * @param salt 盐值 */ public static boolean verify(String password, String encryptedPassword, String salt) { // 用相同的盐值对用户输入的密码进行加密 String result = getPBKDF2(password, salt); // 把加密后的密文和原密文进行比较，相同则验证成功，否则失败 return result != null && result.equals(encryptedPassword); } /** * 根据password和salt生成密文 * * @param password 未加密密码 * @param salt 加密盐 * @return 加密后密码 */ public static String getPBKDF2(String password, String salt) { //将16进制字符串形式的salt转换成byte数组 byte[] bytes = DatatypeConverter.parseHexBinary(salt); KeySpec spec = new PBEKeySpec(password.toCharArray(), bytes, PBKDF2_ITERATIONS, HASH_SIZE * 4); byte[] hash; try { SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance(PBKDF2_ALGORITHM); hash = secretKeyFactory.generateSecret(spec).getEncoded(); } catch (Exception e) { logger.error("密码加密失败,{}", e.getMessage()); return null; } //将byte数组转换为16进制的字符串 return DatatypeConverter.printHexBinary(hash); } /** * 生成随机盐值 */ public static String generateSalt() { SecureRandom random = null; try { random = SecureRandom.getInstance("SHA1PRNG"); } catch (Exception e) { logger.error("生成随机盐失败,{}", e.getMessage()); } byte[] bytes = new byte[SALT_SIZE / 2]; random.nextBytes(bytes); //将byte数组转换为16进制的字符串 return DatatypeConverter.printHexBinary(bytes); }}

4.代码测试
aop拦截类 WebLogAspect —环绕权限验证—解析token

/** * 环绕 * 权限验证 */ @Around("webLog()") public Object doAround(ProceedingJoinPoint proceedingJoinPoint) throws Throwable { ServletRequestAttributes attributes = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes(); ParamCheck.notNull(attributes, "无效请求"); HttpServletRequest request = attributes.getRequest(); String token = request.getHeader("token"); if (StringUtils.isEmpty(token)) { throw new CheckException("非法请求", ConfigConst.Return.ACCESS_RESTRICTED); } // 解析token JSONObject tokenJson = JWTUtils.parseJWT(token); if (tokenJson == null) { tokenExpired(); } String userId = tokenJson.getString("userId"); if (StringUtils.isEmpty(userId)) { tokenExpired(); } // 校验token是否过期 Object redisToken = redisUtils.get(CacheConst.WEBSITE_TOKEN_PREFIX + userId); if (StringUtils.isEmpty(redisToken)) { tokenExpired(); } // 更新过期时间 redisUtils.expire(CacheConst.WEBSITE_TOKEN_PREFIX + userId, ConfigConst.DEFAULT_PC_TOKEN_INVALID_TIME); ThreadLocalUtils.setUserId(Integer.parseInt(userId)); // 执行具体方法 return proceedingJoinPoint.proceed(); } /** * token 失效 */ private void tokenExpired() { throw new CheckException("登录已过期，请重新登录", ConfigConst.Return.TOKEN_EXPIRED); }

用户登入

/** * 登入 */ @Override public LoginResponseVO login(EmployeeLoginArg args) { User user = baseMapper.selectOne( new QueryWrapper<User>() .select("id,name,password,salt") .eq("username", args.getUsername()) ); ParamCheck.notNull(user, "账号或密码错误"); ParamCheck.assertTrue(PBKDF2.verify(args.getPassword(), user.getPassword(), user.getSalt()), "账号或密码错误"); // 生成token，并存入redis中 JSONObject tokenJson = new JSONObject(); tokenJson.put("userId", user.getId()); String token = JWTUtils.createJWT(tokenJson); redisUtils.set(CacheConst.WEBSITE_TOKEN_PREFIX + user.getId(), token, ConfigConst.DEFAULT_PC_TOKEN_INVALID_TIME); logger.info(redisUtils.get(CacheConst.WEBSITE_TOKEN_PREFIX + user.getId()).toString()); LoginResponseVO res = new LoginResponseVO(); res.setUserId(user.getId()); res.setUserName(user.getName()); res.setToken(token); return res; }

用户登出

/** * 登出 */ @Async @Override public void logOut(String token) { JSONObject tokenJson = JWTUtils.parseJWT(token); if (tokenJson == null) { return; } String userId = tokenJson.getString("userId"); if (userId == null) { return; } redisUtils.del(CacheConst.WEBSITE_TOKEN_PREFIX + userId); }