<> be based on springboot Of JWT Simple implementation of token authority verification technology
JWT brief introduction
Json Web Token(JWT):JSON Network token , It is a kind of platform based on which declaration can be transmitted between network application environments JSON Open standards for ((RFC
7519).JWT Is a portable and secure cross platform transmission format , A compact self-contained method is defined for communication between two parties JSON
The transmission information of object security . Because of the existence of digital signatures , The information is credible .
Implementation steps :
Environmental Science spring boot
<>1, add to jwt rely on <dependency> <groupId>com.auth0</groupId> <artifactId>java-jwt</
artifactId> <version>3.8.1</version> </dependency> <dependency> <groupId>
io.jsonwebtoken</groupId> <artifactId>jjwt</artifactId> <version>0.9.1</version>
</dependency> <>2, stay src Create annotation package
New custom annotation class JwtToken
package com.qf.tyleryue_one.annotation; import java.lang.annotation.ElementType
; import java.lang.annotation.Retention; import java.lang.annotation.
RetentionPolicy; import java.lang.annotation.Target; /** * Custom annotation : Before method The representation needs to be intercepted */
@Target({ElementType.METHOD,ElementType.TYPE}) @Retention(RetentionPolicy.
RUNTIME) public @interface JwtToken { } <>3, stay src Create utils package
New custom JwtUtils Tools
package com.qf.tyleryue_one.utils; import com.auth0.jwt.JWT; import com.auth0.
jwt.JWTCreator; import com.auth0.jwt.JWTVerifier; import com.auth0.jwt.
algorithms.Algorithm; import jdk.internal.org.objectweb.asm.TypeReference;
import java.util.Date; /** * Used to generate signatures , Verify signature , By signature */ public class JwtUtils {
// Token valid time private final static long EXPIRE_TIME=5*60*1000; // secret key private final
static String SECRECT="Tyler_Yue_key"; /** * Create token */ public static String sign(
String userId){ // Building failure clock Date exipre_date = new Date(System.currentTimeMillis()
+ EXPIRE_TIME); // Create token JWTCreator.Builder builder = JWT.create();
// to jwt token playload The user who put the order card in the // to userid User order plate builder.withAudience(userId);
// Set token expiration time builder.withExpiresAt(exipre_date); // Encrypts the token key Algorithm algorithm =
Algorithm.HMAC256(SECRECT); String sign = builder.sign(algorithm); return sign;
// Return token } /** * Authentication token */ public static boolean verifyToken(String token){ try {
// Generation checker Algorithm algorithm = Algorithm.HMAC256(SECRECT); // check JWTVerifier build
= JWT.require(algorithm).build(); // If there is no exception, the verification is successful return true; } catch (Exception e)
{ throw new RuntimeException(" Token expiration "); } } } <>4, stay src Next new vo package
Encapsulates a token returned to the user object
package com.qf.tyleryue_one.vo; import com.alibaba.druid.filter.AutoLoad;
import lombok.AllArgsConstructor; import lombok.Data; import lombok.
NoArgsConstructor; /** * Encapsulating a return User object with token */ @Data @AllArgsConstructor
@NoArgsConstructor public class TokenVo { // user name private String usernaem; // Token name
private String token; } <>5, give an example controller Layer user login service login with token package com.qf.
tyleryue_one.controller; import com.qf.tyleryue_one.entity.VueUser; import com.
qf.tyleryue_one.service.VueUserService; import com.qf.tyleryue_one.utils.
JwtUtils; import com.qf.tyleryue_one.vo.Msg; import com.qf.tyleryue_one.vo.
TokenVo; import org.springframework.beans.factory.annotation.Autowired; import
org.springframework.stereotype.Controller; import org.springframework.web.bind.
annotation.*; import java.util.UUID; /** * Login service */ @Controller public class
VueUserController { @Autowired private VueUserService vueUserService;
@RequestMapping(value = "/dealLogin",method = RequestMethod.POST) @CrossOrigin
@ResponseBody public Msg login(@RequestBody VueUser vueUser){ VueUser vueUser1 =
vueUserService.selectByUsername(vueUser.getUsername()); if (vueUser1!=null){ if
(vueUser1.getPassword().equals(vueUser.getPassword())){ // Password matching , Issue token
/// Randomly generated string not userid String userid = UUID.randomUUID().toString(); String token =
JwtUtils.sign(userid); // Encapsulating token objects TokenVo tokenVo = new TokenVo(vueUser.
getUsername(), token); return new Msg(200," Login successful , Token issued ",tokenVo); }else { return
new Msg(403," Password error ",null); } }else { return new Msg(403," user does not exist ",null); } } }
Technology