JWT整合SpringBoot(拦截器)

1、为什么使用拦截器拦截Token

上个例子我们看到了,每请求一个接口都要验证Token,这样的话就有大量代码冗余

单体应用:用拦截器

分布式应用:在网关中拦截

2、上代码

首先得编写一个拦截器:

  1. package com.zym.springboot_jwt.interceptor;
  3. import com.auth0.jwt.exceptions.AlgorithmMismatchException;
  4. import com.auth0.jwt.exceptions.SignatureVerificationException;
  5. import com.auth0.jwt.exceptions.TokenExpiredException;
  6. import com.fasterxml.jackson.databind.ObjectMapper;
  7. import com.zym.springboot_jwt.util.JWTUtils;
  8. import lombok.extern.slf4j.Slf4j;
  9. import org.springframework.web.servlet.HandlerInterceptor;
  11. import javax.servlet.http.HttpServletRequest;
  12. import javax.servlet.http.HttpServletResponse;
  13. import java.util.HashMap;
  14. import java.util.Map;
  15. @Slf4j
  16. public class JWTInterceptor implements HandlerInterceptor {
  18.     @Override
  19.     public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
  20.         //获取请求头中的Token
  21.         String token = request.getHeader("token");
  22.         Map<String,Object> map = new HashMap<>();
  23.         log.info("当前Token为[{}]",token);
  24.         try{
  25.             JWTUtils.verify(token);//验证令牌
  26.             return true;
  27.         }catch (SignatureVerificationException e){
  28.             e.printStackTrace();
  29.             map.put("msg","无效签名");
  30.         }catch (TokenExpiredException e){
  31.             e.printStackTrace();
  32.             map.put("msg","token过期");
  33.         }catch (AlgorithmMismatchException e){
  34.             e.printStackTrace();
  35.             map.put("msg","算法不一致");
  36.         }catch (Exception e){
  37.             e.printStackTrace();
  38.             map.put("msg","token无效");
  39.         }
  40.         map.put("state",false);
  41.         //将map转为json
  42.         String json = new ObjectMapper().writeValueAsString(map);
  43.         response.setContentType("application/json;charset=UTF-8");
  44.         response.getWriter().println(json);
  45.         return false;
  46.     }
  47. }

将拦截器添加到spring管理:

  1. package com.zym.springboot_jwt.config;
  3. import com.zym.springboot_jwt.interceptor.JWTInterceptor;
  4. import org.springframework.context.annotation.Configuration;
  5. import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
  6. import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
  8. @Configuration
  9. public class InterceptorConfig implements WebMvcConfigurer {
  11.     @Override
  12.     public void addInterceptors(InterceptorRegistry registry) {
  13.         registry.addInterceptor(new JWTInterceptor())
  14.                 .addPathPatterns("/user/test")       //真实的环境应该为登录放行,其他拦截
  15.                 .excludePathPatterns("/user/login");
  16.     }
  17. }

修改controller

  1. @PostMapping("/user/test")
  2.     public String test(){
  3.         return "success";
  4.     }

测试:

没用token时,直接测试接口:
1.png
生成一个token再测试:
2.png
怎么样,是不是比之前每个接口都验证一次来的自然简便呢?当然,这些只是最简单的整合jwt的demo,真实的情况比这个复杂的多,整合springsecurity后,token的payload里面还要封装权限,token还要设置到redis中,以后会出一篇springsecurity+jwt+springboot整合的权限安全控制!