代碼地址：https://download.csdn.net/download/weixin_38959210/11269535

首先是jwt的引入?

<dependency><groupId>javax.servlet</groupId><artifactId>javax.servlet-api</artifactId><version>3.0.1</version><scope>provided</scope></dependency> <dependency><groupId>com.auth0</groupId><artifactId>java-jwt</artifactId><version>3.4.0</version></dependency>

賬號密碼測試

import javax.servlet.http.HttpServletResponse; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RestController; import javax.servlet.http.Cookie; import com.baidu.websocket.helper.TokenHelper; import com.baidu.websocket.result.Result;@RestController public class LoginController {@RequestMapping("/login")public String login(Long id,String username,String password,String other,HttpServletResponse resp) {if("qushen".equals(username)&&"123".equals(password)) {//調(diào)用TokenResult result=TokenHelper.loginSuccess(id, username,other);//判斷result是不是200if(result.getCode()==200) {//將獲取到的Token寫入CookieCookie cookie=new Cookie("Authorization",(String) result.getData());cookie.setPath("/");resp.addCookie(cookie);return "Token is:"+result.getData();}}return "用戶名密碼失效";}}

一些常量?

public class SysCfg {public static String TOKEN_LOGO="qs";public static String TOKEN_SALT="520";public static String HEADER_KEY="Authorization"; }

?后臺對token的一些處理

import com.alibaba.fastjson.JSON; import com.auth0.jwt.JWT; import com.auth0.jwt.JWTVerifier; import com.auth0.jwt.algorithms.Algorithm; import com.auth0.jwt.exceptions.JWTDecodeException; import com.auth0.jwt.exceptions.JWTVerificationException;import com.baidu.websocket.core.constans.SysCfg; import com.baidu.websocket.core.entity.SSOUser;public class JwtTokenUtil {public static String createToken(SSOUser user) {String token=SysCfg.TOKEN_LOGO+JWT.create().withSubject(JSON.toJSONString(user)).withAudience(user.getId()+" ").sign(Algorithm.HMAC256(SysCfg.TOKEN_SALT));//SysCfg.TOKEN_LOGO為自定義的logo//withSubject為附加信息//withAudience為唯一認(rèn)證值//sign為加密方式return token;}//校驗token時候正確public static boolean CheckTokenInlaw(String token) {if(!token.startsWith(SysCfg.TOKEN_LOGO)) {return false;}token=token.substring(SysCfg.TOKEN_LOGO.length(),token.length());JWTVerifier jwtVerifier=JWT.require(Algorithm.HMAC256(SysCfg.TOKEN_SALT)).build();try{jwtVerifier.verify(token);return true;}catch (JWTVerificationException e) {return false;}}//根據(jù)Token獲取User對象public static String getTokenUser(String token) {token=token.substring(SysCfg.TOKEN_LOGO.length(),token.length());System.out.println("token:"+token);try {String other=JWT.decode(token).getSubject(); return other;} catch (JWTDecodeException e) {return "解析異常";}}//測試public static void main(String[] args) {String token="qseyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJ7XCJpZFwiOjIxMjIxMzQ0MyxcIm90aGVyXCI6XCLpmYTluKbnmoTkuJzopb9cIixcInVzZXJuYW1lXCI6XCJxdXNoZW5cIn0iLCJhdWQiOiIyMTIyMTM0NDMgIn0.q1J2__uHT9oBDEDhXQ0zO-IjR4MVMP9gZgc8OhF65_s";System.out.println(CheckTokenInlaw(token));if(CheckTokenInlaw(token)) {System.out.println(getTokenUser(token));}}}

?================================================================

另一個系統(tǒng)驗證Token

import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.web.servlet.config.annotation.InterceptorRegistry; import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;import com.baidu.websocket.intercpter.QSSSOintercpter;@Configuration public class QSSSOconfig extends WebMvcConfigurerAdapter{@Overridepublic void addInterceptors(InterceptorRegistry registry) {registry.addInterceptor(qsssoconfig()).addPathPatterns("/**");}@Beanpublic QSSSOintercpter qsssoconfig() {return new QSSSOintercpter();}} import java.lang.reflect.Method; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.springframework.web.method.HandlerMethod; import org.springframework.web.servlet.HandlerInterceptor; import org.springframework.web.servlet.ModelAndView; import javax.servlet.http.Cookie; import com.baidu.websocket.annotation.NoToken; import com.baidu.websocket.core.constans.SysCfg; import com.baidu.websocket.core.util.JwtTokenUtil;public class QSSSOintercpter implements HandlerInterceptor {@Overridepublic boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)throws Exception {// 請求前做Token的校驗工作// 判斷是不是mapping請求if (!(handler instanceof HandlerMethod)) {return true;}// 判斷當(dāng)前的請求的方法需不需要TokenHandlerMethod HandlerMethod = (HandlerMethod) handler;Method method = HandlerMethod.getMethod();if (method.isAnnotationPresent(NoToken.class)) {NoToken notoken = method.getAnnotation(NoToken.class);if (notoken.noNeedToken()) {return true;}} else {// 如果走到這個地方就證明全都是需要token的映射地址// 判斷token有沒有String token = request.getHeader(SysCfg.HEADER_KEY);Cookie[] cookies = request.getCookies();if (cookies != null && cookies.length > 0) {for (Cookie c : cookies) {if (c.getName().equals("Authorization")) {c.getValue();System.out.println("cookies中的Authorization是：" + c.getValue());token=c.getValue();}}}if (token == null || token == " ") {response.getWriter().println("no login");return false;}// 判斷token是否合法if (JwtTokenUtil.CheckTokenInlaw(token)) {String user = JwtTokenUtil.getTokenUser(token);request.setAttribute("SSOuSer", user);return true;} else {response.getWriter().println("do try");return false;}}// 判斷當(dāng)前的請求需不需要Tokenreturn false;}@Overridepublic void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler,ModelAndView modelAndView) throws Exception {}@Overridepublic void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex)throws Exception {}}

?

總結(jié)

以上是生活随笔為你收集整理的手写jwt框架SSO的全部內(nèi)容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網(wǎng)站內(nèi)容還不錯，歡迎將生活随笔推薦給好友。