SSM基于Token的登录认证
2024-09-01 13:45:00
1、什么是token
token的意思是“令牌”,是服务端生成的一串字符串,作为客户端进行请求的一个标识。
当用户第一次登录后,服务器生成一个token并将此token返回给客户端,以后客户端只需带上这个token前来请求数据即可,无需再次带上用户名和密码。
简单token的组成;uid(用户唯一的身份标识)、time(当前时间的时间戳)、sign(签名,token的前几位以哈希算法压缩成的一定长度的十六进制字符串。为防止token泄露)
2、SSM基于XML配置
pom.xml引入
<!-- token -->
<dependency>
<groupId>com.auth0</groupId>
<artifactId>java-jwt</artifactId>
<version>2.2.0</version>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt</artifactId>
<version>0.9.0</version>
</dependency>
spring-mvc.xml
配置拦截器
<mvc:interceptors>
<!-- 使用bean定义一个Interceptor,直接定义在mvc:interceptors根下面的Interceptor将拦截所有的请求 -->
<!-- <bean class="com.bybo.aca.web.interceptor.Login"/> -->
<mvc:interceptor>
<!-- 进行拦截:/**表示拦截所有controller -->
<mvc:mapping path="/**" />
<!-- 不进行拦截 -->
<mvc:exclude-mapping path="/user/login"/>
<!-- 不进行拦截 -->
<mvc:exclude-mapping path="/get/tableInforAllByStatus" />
<bean class="com.baccarat.util.JWTInterceptor" />
</mvc:interceptor>
</mvc:interceptors>
拦截器实体类
package com.baccarat.util; import java.io.IOException;
import java.io.PrintWriter;
import java.util.Iterator;
import java.util.Map;
import java.util.Map.Entry; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import org.apache.log4j.Logger;
import org.springframework.stereotype.Component;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView; import com.baccarat.controller.UserController;
import com.baccarat.entity.User; @Component
public class JWTInterceptor implements HandlerInterceptor{
public static Logger logger = Logger.getLogger(UserController.class); public void afterCompletion(HttpServletRequest arg0, HttpServletResponse arg1, Object arg2, Exception arg3)
throws Exception {
// TODO Auto-generated method stub } public void postHandle(HttpServletRequest arg0, HttpServletResponse arg1, Object arg2, ModelAndView arg3)
throws Exception {
// TODO Auto-generated method stub } /**
* Token validates the interceptor
* @author Stephen
* @time 2019-10-11 17:00:32
* */
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object arg2) throws IOException {
ResultVO result = new ResultVO();
PrintWriter out = null ;
String token = request.getHeader("token");
String userId = request.getHeader("userId");
/** 您的处理逻辑 */ //以下是返回拦截器拦截后返回json格式的方式
result.setStatus(203);
result.setMessage("Login verification failed, please login again");
String jsonStr = BaccaratUtil.toJSon(result); response.setCharacterEncoding("UTF-8");
response.setContentType("application/json; charset=utf-8"); out = response.getWriter();
out.append(jsonStr);
return false;
} }
JWTUtil.java
package com.baccarat.util; import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.HashMap;
import java.util.Map; import org.apache.log4j.Logger; import com.auth0.jwt.JWTSigner;
import com.auth0.jwt.JWTVerifier;
import com.auth0.jwt.internal.com.fasterxml.jackson.databind.ObjectMapper;
import com.baccarat.controller.UserController;
import com.baccarat.entity.User; /**
* @Todo JWT(json web token),util
* @author Stephen
* @Time 2019-10-11 12:12:04
*/
public class JWTUtil { private static Logger logger = Logger.getLogger(UserController.class); private static final String SECRET = "XX#$%()(#*!()!KL<><MQLMNQNQJQK sdfkjsdrow32234545fdf>?N<:{LWPW"; private static final String EXP = "exp"; private static final String PAYLOAD = "payload"; private static SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
/**
* @Todo Encrypt, passing in an object and expiration date
* @author Stephen
* @Time 2019-10-11 12:12:44
*/
public static <T> String sign(T object, long maxAge) {
try {
final JWTSigner signer = new JWTSigner(SECRET);
final Map<String, Object> claims = new HashMap<String, Object>();
ObjectMapper mapper = new ObjectMapper();
String jsonString = mapper.writeValueAsString(object);
claims.put(PAYLOAD, jsonString);
claims.put(EXP, System.currentTimeMillis() + maxAge);
return signer.sign(claims);
} catch (Exception e) {
return null;
}
} /**
* @Todo Decrypt, passing in an encrypted token string and decrypted type
* @author Stephen
* @Time 2019-10-11 12:13:08
* @param jwt,classT
* @return T
*/
public static <T> T unsign(String jwt, Class<T> classT) {
final JWTVerifier verifier = new JWTVerifier(SECRET);
try {
final Map<String, Object> claims = verifier.verify(jwt);
if (claims.containsKey(EXP) && claims.containsKey(PAYLOAD)) {
long exp = (Long) claims.get(EXP);
long currentTimeMillis = System.currentTimeMillis();
if (exp > currentTimeMillis) {
String json = (String) claims.get(PAYLOAD);
ObjectMapper objectMapper = new ObjectMapper();
return objectMapper.readValue(json, classT);
}
}
return null;
} catch (Exception e) {
return null;
}
} }
如有疑问请留意
最新文章
- swift_枚举 | 可为空类型 | 枚举关联值 | 枚举递归 | 树的概念
- C++经典编程题#2:大象喝水
- Android自动检测版本及自动升级
- 软件测试技术(五)——Software Review
- ios swift reduce Method
- 最全 Adobe 系列产品 CS6版本 序列号/注册码
- NGINX开篇
- 互联网挣钱info
- iOS之Swift语言的学习
- sim卡中短信简要格式
- C# 中datagridview行里面有三个cheeckbox,要控制成三选一。
- TCP/IP笔记 一.综述
- Sql Server 日期格式化
- LPC1788的内部EEPROM使用
- iframe中 父页面和子页面查找元素的方法
- Java开发笔记(六十一)Lambda表达式
- 记录Redis使用中遇到的两个问题(原子性及数据完整性)
- 集大软件工程15级结对编程week1
- sql server 无法用sql server身份验证
- LINE 不被封锁的技巧