jwt token验证模块

pom.xml

@@ -58,6 +58,12 @@
 			<version>1.2.15</version>
 		</dependency>
 		
+		<dependency>
+		    <groupId>io.jsonwebtoken</groupId>
+		    <artifactId>jjwt</artifactId>
+		    <version>0.6.0</version>
+		</dependency>
+		
 	</dependencies>
 
 	<build>

src/main/java/com/uas/eis/UasEisApplication.java

@@ -1,6 +1,5 @@
 package com.uas.eis;
 
-import org.springframework.beans.factory.annotation.Configurable;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 

src/main/java/com/uas/eis/controller/HelloWorldController.java

@@ -6,7 +6,9 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 
+import com.uas.eis.entity.Token;
 import com.uas.eis.service.UserService;
+import com.uas.eis.utils.JwtUtil;
 
 @RestController
 public class HelloWorldController {
@@ -23,4 +25,20 @@ public class HelloWorldController {
 	public Map<String, Object> getUser(String username){
 		return userService.getUser(username);
 	}
+	
+	/**
+	 * 首次登陆请求token
+	 */
+	@RequestMapping("/login")
+	public String login(String username){
+		return "token: " + JwtUtil.createJWT("zhuth", "u0783", "ADMIN", "TEST", "gg", 100000, Token.SECURITY_KEY);
+	}
+	
+	/**
+	 * token 测试
+	 */
+	@RequestMapping("/test")
+	public String test(String username){
+		return "success";
+	}
 }

src/main/java/com/uas/eis/core/WebAppConfig.java

@@ -10,7 +10,7 @@ import com.uas.eis.core.support.InterceptorConfig;
 public class WebAppConfig extends WebMvcConfigurationSupport{
 
 	public void addInterceptors(InterceptorRegistry registry){
-		registry.addInterceptor(new InterceptorConfig()).addPathPatterns("/hello");
+		registry.addInterceptor(new InterceptorConfig()).addPathPatterns("/*").excludePathPatterns("/login");
 	}
 	
 }

src/main/java/com/uas/eis/core/support/InterceptorConfig.java

@@ -1,5 +1,7 @@
 package com.uas.eis.core.support;
 
+import java.util.Enumeration;
+
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
@@ -7,11 +9,24 @@ import org.springframework.lang.Nullable;
 import org.springframework.web.servlet.HandlerInterceptor;
 import org.springframework.web.servlet.ModelAndView;
 
+import com.uas.eis.utils.BaseUtil;
+
 public class InterceptorConfig implements HandlerInterceptor{
 
 	public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
 		//token认证
-		throw new RuntimeException("Exception");
+		String token = request.getParameter("token");
+		if(token != null && !token.isEmpty()) {
+			if(TokenHandler.checkToken(token)) {
+				return true;
+			}else {
+				BaseUtil.showError("身份验证不通过");
+				return true;
+			}
+		}else {
+			BaseUtil.showError("身份验证不通过");
+			return true;
+		}
 	}
 	
 	public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler,

src/main/java/com/uas/eis/core/support/TokenHandler.java

@@ -0,0 +1,18 @@
+package com.uas.eis.core.support;
+
+import java.util.Map;
+
+import com.uas.eis.entity.Token;
+import com.uas.eis.utils.JwtUtil;
+
+import io.jsonwebtoken.Claims;
+
+public class TokenHandler {
+	public static String createToken(Map<String, String> params, boolean encode) {
+		return null;
+	}
+	public static boolean checkToken(String token) {
+		Claims claim = JwtUtil.parseJWT(token, Token.SECURITY_KEY);
+		return claim.containsKey("unique_name");
+	}
+}

src/main/java/com/uas/eis/entity/Token.java

@@ -0,0 +1,5 @@
+package com.uas.eis.entity;
+
+public class Token {
+	public static String SECURITY_KEY = "36762702385535371444397399";
+}

src/main/java/com/uas/eis/utils/JwtUtil.java

@@ -0,0 +1,54 @@
+package com.uas.eis.utils;
+
+import java.security.Key;
+import java.util.Date;
+
+import javax.crypto.spec.SecretKeySpec;
+import javax.xml.bind.DatatypeConverter;
+
+import io.jsonwebtoken.Claims;
+import io.jsonwebtoken.JwtBuilder;
+import io.jsonwebtoken.Jwts;
+import io.jsonwebtoken.SignatureAlgorithm;
+
+public class JwtUtil {
+	public static String createJWT(String name, String userId, String role, String audience, String issuer,
+			long TTLMillis, String base64Security) {
+		SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.HS256;
+
+		long nowMillis = System.currentTimeMillis();
+		Date now = new Date(nowMillis);
+
+		// 生成签名密钥
+		byte[] apiKeySecretBytes = DatatypeConverter.parseBase64Binary(base64Security);
+		Key signingKey = new SecretKeySpec(apiKeySecretBytes, signatureAlgorithm.getJcaName());
+
+		// 添加构成JWT的参数
+		JwtBuilder builder = Jwts.builder().setHeaderParam("typ", "JWT")
+				.claim("role", role)
+				.claim("unique_name", name)
+				.claim("userid", userId)
+				.setIssuer(issuer)
+				.setAudience(audience)
+				.signWith(signatureAlgorithm, signingKey);
+		// 添加Token过期时间
+		if (TTLMillis >= 0) {
+			long expMillis = nowMillis + TTLMillis;
+			Date exp = new Date(expMillis);
+			builder.setExpiration(exp).setNotBefore(now);
+		}
+
+		// 生成JWT
+		return builder.compact();
+	}
+
+	public static Claims parseJWT(String jsonWebToken, String base64Security) {
+		try {
+			Claims claims = Jwts.parser().setSigningKey(DatatypeConverter.parseBase64Binary(base64Security))
+					.parseClaimsJws(jsonWebToken).getBody();
+			return claims;
+		} catch (Exception ex) {
+			return null;
+		}
+	}
+}