jwt工具类封装与统一拦截_封装jwt技术工具类-优快云博客

本文链接：https://blog.youkuaiyun.com/weixin_45914112/article/details/127175919

本文介绍了一种使用JWT进行用户身份验证的方法，包括依赖引入、实体类定义、工具类实现及拦截器配置等内容。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

直接进入正题

引入依赖

 <!--    token依赖-->
        <dependency>
            <groupId>com.auth0</groupId>
            <artifactId>java-jwt</artifactId>
            <version>3.10.0</version>
        </dependency>
        <!--        序列化-->
        <dependency>
            <groupId>com.alibaba</groupId>
            <artifactId>fastjson</artifactId>
        </dependency>
        <!--    token依赖 end-->
             <dependency>
            <groupId>org.projectlombok</groupId>
            <artifactId>lombok</artifactId>
            <optional>true</optional>
        </dependency>

实体类

@Data
public class User {
    private Integer id;
    private String name;
    private String sex;
    private String email;
    private String phone;
    private String password;
    private String userpic;
    private Integer isLocked;
    @DateTimeFormat(pattern = "yyyy-MM-dd")
    @JsonFormat(pattern = "yyyy-MM-dd")
    private Date createdtime;
    @DateTimeFormat(pattern = "yyyy-MM-dd")
    @JsonFormat(pattern = "yyyy-MM-dd")
    private Date updatedtime;
}

工具类

public class JwtUtils {
    private static final String KEY = "casual";

    /**
     * 生成token
     * @param user
     * @return
     */
    public static  String createToken(User user){
//        设置过期时间,1天过期
        Calendar calendar = Calendar.getInstance();
        calendar.add(Calendar.DAY_OF_YEAR,1);
//        claim :声明
        JWTCreator.Builder builder = JWT.create()
//                payload的内容，由一个个的claim组成
        .withClaim("userInfo", JSON.toJSONString(user))
                .withExpiresAt(calendar.getTime());
        String token = builder.sign(Algorithm.HMAC256(KEY));
        return token;
    }

    /**
     * token校验
     * @param token
     * @return
     */
   public static DecodedJWT verify (String token){
        DecodedJWT verify = null;
        try{
            verify = JWT.require(Algorithm.HMAC256(KEY)).build().verify(token);
        }catch (SignatureVerificationException e){
            e.printStackTrace();
            System.out.println("签名不一致");
        }catch (TokenExpiredException e){
            e.printStackTrace();
            System.out.println("令牌过期");
        }catch (AlgorithmMismatchException e){
            e.printStackTrace();
            System.out.println("签名算法不一致");
        }catch (InvalidClaimException e){
            e.printStackTrace();
            System.out.println("payload不可用");
        }catch (Exception e){
            e.printStackTrace();
            System.out.println("校验失败");
        }
        return verify;
   }
    /**
     * token解析为User对象
     * @return
     */
   public static User tokenParse(DecodedJWT decodedJWT){
       Claim claim = decodedJWT.getClaim("userInfo");
       if (claim != null){
           String userString = claim.asString();
           User user = JSON.parseObject(userString,User.class);
           return user;
       }else {
           return  null;
       }
   }
}

测试类

public class Tokentest {
    
    String token = null;
    @Test
    public void  test(){
        User user= new User();
        user.setId(1);
        user.setName("李华");
        token = JwtUtil.createToken(user);
        System.out.println(token);
        DecodedJWT decodedJWT = JwtUtil.verify(token);
        if (decodedJWT != null){
            User user1 = JwtUtil.tokenParse(decodedJWT);
            System.out.println(user1.toString());
        }
    }
}

结果
在这里插入图片描述
当然如果我们每个结果都写一次拦截判断就使得会代码变得冗余，所以我们需要写一个配置类来拦截请求
编写拦截器

//token统一拦截处理

/**
 * token验证拦截
 */
@Configuration
public class JwtInterceptor implements HandlerInterceptor {
    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {
        // 取得token
        String token = request.getHeader("token");
        if (token != null) {
            DecodedJWT decodedJWT = JwtUtils.verify(token);
            if (decodedJWT != null) {
                User user = JwtUtils.tokenParse(decodedJWT);
//                System.out.println(user);
                System.out.println("我是拦截器的------》"+token);
                if (user != null) {
                    return true;
                } else {
                    return false;
                }
            } else {
                return false;
            }
        } else {
            return false;
        }
    }

    @Override
    public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler,
                           ModelAndView modelAndView) throws Exception {
        // TODO Auto-generated method stub

    }

    @Override
    public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex)
            throws Exception {
        // TODO Auto-generated method stub

    }

}

@Configuration
public class CORSConfiguration extends WebMvcConfigurationSupport {

    /**
     * 这里主要为了解决跨域问题,所以重写addCorsMappings方法
     */
    @Override
    protected void addCorsMappings(CorsRegistry registry) {
        registry.addMapping("/**")
                .allowedOrigins("*")
                .allowedMethods("GET", "HEAD", "POST","PUT", "DELETE", "OPTIONS")
                .allowedHeaders("*")
                .exposedHeaders("access-control-allow-headers",
                        "access-control-allow-methods",
                        "access-control-allow-origin",
                        "access-control-max-age",
                        "X-Frame-Options")
                .allowCredentials(false).maxAge(3600);
        super.addCorsMappings(registry);
    }

    /**
     * 这里主要是处理token统一拦截，在引入JwtInterceptor类
     * @param registry
     */
    @Override
    public void addInterceptors(InterceptorRegistry registry) {
        //拦截路径可自行配置多个可用 ，分隔开，写控制层的路径
        registry.addInterceptor(new JwtInterceptor()).addPathPatterns("/user/**");
    }
}