Spring Boot 整合JWT

1. 添加依赖

<!-- jwt -->
<dependency>
    <groupId>com.auth0</groupId>
    <artifactId>java-jwt</artifactId>
    <version>3.16.0</version>
</dependency>

2. 添加 Token 常量类

package com.moji.constants;

/**
 * @author :zhangbocong
 * @version :V1.0
 * @program :moji_service
 * @date :Created in 2021年5月21日 16:36
 * @description :token常量类
 */
public class TokenConstants {
    /**
     * token 签名过期时间:12小时
     */
    public static final Integer EXPIRATION_TIME = 12 * 60 * 60 * 1000;

    /**
     * redis 存放token过期时间:30分钟
     */
    public static final Integer REDIS_TOKEN_EXPIRATION_TIME = 30;

    /**
     * redis 存放token的key规则:token:用户名
     */
    public static final String REDIS_TOKEN_KEY = "token:%s";

    /**
     * token 秘钥
     */
    public static final String TOKEN_SECRET = "5696b50525e1dec4a211fa7eb0218344";

    /**
     * token 加密类型
     */
    public static final String TOKEN_ENCRYPTION_TYPE = "JWT";

    /**
     * token 加密算法
     */
    public static final String TOKEN_ENCRYPTION_ALGORITHM = "HS256";

    /**
     * 请求token可能携带的无效请求头
     */
    public static final String TOKEN_REQUEST_HEAD = "Bearer ";

    /**
     * 不做token校验路径:与shiro保持一致
     */
    public static final String TOKEN_NOT_CHECK_URL = "/moji/notCheck";

    /**
     * 不做token校验路径:与shiro保持一致
     */
    public static final String TOKEN_REQUEST_KEY = "Authorization";
}

3. 添加 Token 工具类 - 用于生产和校验 token

package com.moji.utils.system;

import com.auth0.jwt.JWT;
import com.auth0.jwt.JWTVerifier;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.exceptions.JWTDecodeException;
import com.auth0.jwt.interfaces.DecodedJWT;
import com.moji.constants.TokenConstants;
import com.moji.entity.MojiUserEntity;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.stereotype.Component;

import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.TimeUnit;

/**
 * @author :zhangbocong
 * @version :V1.0
 * @program :moji_service
 * @date :Created in 2021年5月21日 16:33
 * @description :token工具类
 */
@Component
public class TokenUtils {
    private static RedisTemplate<String, String> redisTemplate;
    @Autowired
    public void setRedisTemplate(RedisTemplate redisTemplate){
        TokenUtils.redisTemplate = redisTemplate;
    }

    /**
     * 生成token,过期12小时
     *
     * @param mojiUserEntity 用户信息
     * @return java.lang.String
     */
    public static String sign(MojiUserEntity mojiUserEntity) {
        try {
            // token过期时间
            Date date = new Date(System.currentTimeMillis() + TokenConstants.EXPIRATION_TIME);

            // 私钥及加密算法
            Algorithm algorithm = Algorithm.HMAC256(TokenConstants.TOKEN_SECRET);

            // 设置头信息:加密类型、加密算法
            Map<String, Object> header = new HashMap<>();
            header.put("type", TokenConstants.TOKEN_ENCRYPTION_TYPE);
            header.put("algorithm", TokenConstants.TOKEN_ENCRYPTION_ALGORITHM);

            return JWT.create()
                    .withHeader(header)
                    .withClaim("userName", mojiUserEntity.getUserName())
                    .withClaim("password", mojiUserEntity.getPassword())
                    .withClaim("id", mojiUserEntity.getId())
                    .withClaim("nickName", mojiUserEntity.getNickName())
                    .withClaim("email", mojiUserEntity.getEmail())
                    .withClaim("corpId", mojiUserEntity.getCorpId())
                    .withClaim("edition", mojiUserEntity.getEdition())
                    .withExpiresAt(date)
                    .sign(algorithm);
        } catch (Exception e) {
            return null;
        }
    }

    /**
     * 验证token是否正确
     * 注意:token 要求12小时强制重新登录
     *
     * @return boolean
     */
    public static boolean verify(String token) {
        try {
            // 根据私钥生成JWT效验器
            Algorithm algorithm = Algorithm.HMAC256(TokenConstants.TOKEN_SECRET);
            JWTVerifier verifier = JWT.require(algorithm).build();

            // 校验token签名是否过期
            verifier.verify(token);

            /* 验证redis是否存在此token:如果存在则刷新过期时间,如果不存在则返回false */
            String username = String.format(TokenConstants.REDIS_TOKEN_KEY, getUsername(token));
            Boolean hasKey = redisTemplate.hasKey(username);
            if (hasKey) {
                // 重新设置过期时间
                redisTemplate.expire(String.format(TokenConstants.REDIS_TOKEN_KEY, getUsername(token)),
                        TokenConstants.REDIS_TOKEN_EXPIRATION_TIME, TimeUnit.MINUTES);
                return true;
            } else {
                return false;
            }
        } catch (Exception e) {
            return false;
        }
    }

    /**
     * 获取token过期时间
     *
     * @return 过期时间
     */
    public static Date getExpiresAt(String token) {
        try {
            DecodedJWT jwt = JWT.decode(token);
            return jwt.getExpiresAt();
        } catch (JWTDecodeException e) {
            return null;
        }
    }

    /**
     * 获取token签发时间
     *
     * @return 签发时间
     */
    public static Date getIssuedAt(String token) {
        try {
            DecodedJWT jwt = JWT.decode(token);
            return jwt.getIssuedAt();
        } catch (JWTDecodeException e) {
            return null;
        }
    }

    /**
     * 获得token中的信息无需secret解密也能获得
     *
     * @return token中包含的用户名
     */
    public static String getUsername(String token) {
        try {
            DecodedJWT jwt = JWT.decode(token);
            return jwt.getClaim("userName").asString();
        } catch (JWTDecodeException e) {
            return null;
        }
    }
}

4. 添加过滤器 - 用作 token 验证及用户身份信息获取

package com.moji.filter;

import com.auth0.jwt.JWT;
import com.auth0.jwt.interfaces.DecodedJWT;
import com.moji.constants.TokenConstants;
import com.moji.enums.HttpStatusEnums;
import com.moji.exception.BaseException;
import com.moji.utils.system.TokenUtils;
import org.apache.commons.lang3.StringUtils;
import org.springframework.stereotype.Component;

import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

/**
 * @author :zhangbocong
 * @version :V1.0
 * @program :moji_service
 * @date :Created in 2021年5月7日 10:25
 * @description : token验证及用户信息过滤器
 */
@Component
public class JWTFilter implements Filter {

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest request = (HttpServletRequest) servletRequest;
        HttpServletResponse response = (HttpServletResponse) servletResponse;

        /* 1. 是否校验token路径,包含为不做验证,不包含则验证,校验路径与shiro保持一致 */
        if (!request.getRequestURI().contains(TokenConstants.TOKEN_NOT_CHECK_URL)) {
            // 2. 获取token
            String accessToken = request.getHeader(TokenConstants.TOKEN_REQUEST_KEY);

            // 3. 校验token是否为空
            if (StringUtils.isNotEmpty(accessToken)) {
                // 3.1 校验token格式
                if (accessToken.contains(TokenConstants.TOKEN_REQUEST_HEAD)) {
                    accessToken = accessToken.replace(TokenConstants.TOKEN_REQUEST_HEAD, "");
                }

                // 3.2 校验token是否有效
                boolean verify = TokenUtils.verify(accessToken);
                if (verify) {
                    // 3.3 获取token中的用户信息
                    DecodedJWT decode = JWT.decode(accessToken);
                    // 账户
                    String userName = decode.getClaim("userName").asString();
                    request.setAttribute("userName", userName);

                    // ID
                    Integer id = decode.getClaim("id").asInt();
                    request.setAttribute("id", id);

                    // 账户类型
                    Integer edition = decode.getClaim("edition").asInt();
                    request.setAttribute("edition", edition);

                    // 昵称
                    String nickName = decode.getClaim("nickName").asString();
                    request.setAttribute("nickName", nickName);

                    // 邮箱
                    String email = decode.getClaim("email").asString();
                    request.setAttribute("email", email);

                    // 公司标识
                    String corpId = decode.getClaim("corpId").asString();
                    request.setAttribute("corpId", corpId);
                } else {
                    throw new BaseException(HttpStatusEnums.CLI_ERR_GENERAL_TIPS, "身份验证失败,请重新登录!");
                }
            } else {
                throw new BaseException(HttpStatusEnums.CLI_ERR_GENERAL_TIPS, "token 不可为空!");
            }
        }
        filterChain.doFilter(request, response);
    }

}