1、安装maven依赖
<dependency>
<groupId>com.auth0</groupId>
<artifactId>java-jwt</artifactId>
<version>4.5.1</version>
<scope>compile</scope>
</dependency>2、新建用户模拟类,例如
public class SystemUserVO extends BaseEntity {
@NotNull(message = "账号不能为空")//空校验
@NotBlank(message = "账号不能为空") //不能为空字符串
private String account;
private String password;
@NotNull(message = "用户名不能为空")//空校验
@NotBlank(message = "用户名不能为空") //不能为空字符串
private String userName;
private String nickName;
@TableField(updateStrategy = FieldStrategy.ALWAYS)
private String email;
@TableField(updateStrategy = FieldStrategy.ALWAYS)
private String phone;
@TableField(updateStrategy = FieldStrategy.ALWAYS)
@JsonFormat(pattern = "yyyy-MM-dd")
private LocalDate birthday;
@NotNull(message = "性别不能为空")//空校验
private Integer sex;
// @NotNull(message = "用户平台不能为空")//空校验
private Integer userType;
@NotNull(message = "状态不能为空")//空校验
private Integer status;
}3、新建生成token类和解析方法
package com.example.system_manage.utils;
import com.auth0.jwt.JWT;
import com.auth0.jwt.JWTVerifier;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.exceptions.JWTVerificationException;
import com.auth0.jwt.interfaces.DecodedJWT;
import com.example.system_manage.vo.SystemUserVO;
import org.apache.commons.lang3.StringUtils;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import java.util.stream.Collectors;
public class JwtUtil {
private static long expire_time = 1000 * 60 * 60 * 8;
private static String signature = "xxxxxxxxx";
public static String createToken(SystemUserVO user) {
Date date = new Date(System.currentTimeMillis() + expire_time);
Algorithm algorithm = Algorithm.HMAC256(signature);
return JWT.create()
// 将 user id 保存到 token 里面
.withAudience(user.getId().toString())
.withClaim("userName", user.getUserName())
.withClaim("userId", user.getId())
.withClaim("userAccount", user.getAccount())
.withClaim("userType", user.getUserType())
.withClaim("userTenantIds", user.getSystemUserTenantList().stream().map(v -> v.getUserTenantId().toString()).collect(Collectors.joining(",")))
.withClaim("userRoleIds", user.getSystemUserRoleList().stream().map(v -> v.getRoleId().toString()).collect(Collectors.joining(",")))
.withClaim("userDeptIds", user.getSystemUserDeptList().stream().map(v -> v.getDeptId().toString()).collect(Collectors.joining(",")))
.withClaim("userPostIds", user.getSystemUserPostList().stream().map(v -> v.getPostId().toString()).collect(Collectors.joining(",")))
// 60分钟后token过期
.withExpiresAt(date)
// token 的密钥
.sign(algorithm);
}
/**
* 接口解析token
*
* @param token
* @return
*/
public static Map<String, Object> getTokenInform(String token) {
try {
if (StringUtils.isBlank(token)) {
throw new BusinessException("当前无验证令牌");
}
Algorithm algorithm = Algorithm.HMAC256(signature);
JWTVerifier verifier = JWT.require(algorithm)
.build();
DecodedJWT jwt=verifier.verify(token);
Map<String, Object> result = new HashMap<>();
result.put("userId", jwt.getClaim("userId").asLong().toString());
result.put("userName", jwt.getClaim("userName").asString());
result.put("userAccount", jwt.getClaim("userAccount").asString());
result.put("userType", jwt.getClaim("userType").asInt());
result.put("userTenantIds", jwt.getClaim("userTenantIds").asString());
result.put("userRoleIds", jwt.getClaim("userRoleIds").asString());
result.put("userDeptIds", jwt.getClaim("userDeptIds").asString());
result.put("userPostIds", jwt.getClaim("userPostIds").asString());
return result;
} catch (JWTVerificationException exception) {
throw new JWTVerificationException("登录过期,请重新登录");
} catch (Exception e) {
throw new BusinessException(e.getMessage());
}
}
}4、然后在拦截器中进行控制,可参考我之前的文章
集成token
注意这个版本的需要把鉴权替换成我这篇文章的