JWT和SSM拦截器验证token
2019-12-24 本文已影响0人
Roct
import java.io.UnsupportedEncodingException;
import java.util.*;
import com.auth0.jwt.JWT;
import com.auth0.jwt.JWTCreator;
import com.auth0.jwt.JWTVerifier;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.interfaces.Claim;
import com.auth0.jwt.interfaces.DecodedJWT;
import com.yundong.platform.common.Const;
public class JwtUtil {
private static String ISSUER = "sys_user";
/**
* 生成token 默认有效期是7天
*
* @param claims
* @return
*/
public static String genToken(Map<String, String> claims) {
try {
//使用HMAC256进行加密
Algorithm algorithm = Algorithm.HMAC256(Const.TOKENSALT);
Date date = new Date(); //取时间
Calendar calendar = new GregorianCalendar();
calendar.setTime(date);
calendar.add(calendar.DATE, 7); //把日期往后增加一天,整数 往后推,负数往前移动
Date expireDatePoint = calendar.getTime(); //这个时间就是日期往后推一天的结果
//创建jwt
JWTCreator.Builder builder = JWT.create().
withIssuer(ISSUER). //发行人
withExpiresAt(expireDatePoint); //过期时间点
//传入参数
claims.forEach((key, value) -> {
builder.withClaim(key, value);
});
//签名加密
return builder.sign(algorithm);
} catch (IllegalArgumentException | UnsupportedEncodingException e) {
throw new RuntimeException(e);
}
}
/**
* 生成token
*
* @param claims
* @param expireDatePoint 过期时间点
* @return
*/
public static String genToken(Map<String, String> claims, Date expireDatePoint) {
try {
//使用HMAC256进行加密
Algorithm algorithm = Algorithm.HMAC256(Const.TOKENSALT);
//创建jwt
JWTCreator.Builder builder = JWT.create().
withIssuer(ISSUER). //发行人
withExpiresAt(expireDatePoint); //过期时间点
//传入参数
claims.forEach((key, value) -> {
builder.withClaim(key, value);
});
//签名加密
return builder.sign(algorithm);
} catch (IllegalArgumentException | UnsupportedEncodingException e) {
throw new RuntimeException(e);
}
}
/**
* 解密jwt
*
* @param token
* @return
* @throws RuntimeException
*/
public static Map<String, String> verifyToken(String token) throws RuntimeException {
Algorithm algorithm = null;
try {
//使用HMAC256进行加密
algorithm = Algorithm.HMAC256(Const.TOKENSALT);
} catch (IllegalArgumentException | UnsupportedEncodingException e) {
throw new RuntimeException(e);
}
//解密
JWTVerifier verifier = JWT.require(algorithm).withIssuer(ISSUER).build();
DecodedJWT jwt = verifier.verify(token);
Map<String, Claim> map = jwt.getClaims();
Map<String, String> resultMap = new HashMap<>();
map.forEach((k, v) -> resultMap.put(k, v.asString()));
return resultMap;
}
/**
* sign 签名 (参数名按ASCII码从小到大排序(字典序)+key+MD5+转大写签名)
* @param
* @return
*/
public static String encodeSign(Map<String, String[]> params){
StringBuilder sb = new StringBuilder();
// 将参数以参数名的字典升序排序
Map<String, Object> sortParams = new TreeMap<String, Object>(params);
// 遍历排序的字典,并拼接"key=value"格式
for (Map.Entry<String, Object> entry : sortParams.entrySet()) {
if (entry.getKey().equals("sign")) {
continue;
}
String[] values = (String[])entry.getValue();
if (sb.length()!=0) {
sb.append("&");
}
// 如果参数为空, 那么直接跳过
if (StringTools.StringIsEmpty(values[0])) {
continue;
}
sb.append(entry.getKey()).append("=").append(JsonUtil.obj2String(values[0]));
}
return MD5Util.MD5EncodeUtf8(sb.toString()).toUpperCase();
}
}
package com.yundong.platform.Interceptor;
import com.yundong.platform.common.ServerResponse;
import com.yundong.platform.util.JsonUtil;
import com.yundong.platform.util.JwtUtil;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.PrintWriter;
import java.lang.reflect.Method;
import java.util.Map;
import java.util.SortedMap;
public class ParamCheckInterceptor implements HandlerInterceptor {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
//如果不是映射到方法直接通过
if (!(handler instanceof HandlerMethod)) {
return true;
}
// 校验token
String token = request.getParameter("token");
String user_id = request.getParameter("user_id");
if (token != null && user_id != null) {
try {
Map<String, String> map = JwtUtil.verifyToken(token);
String userId = map.get("userId");
if (!userId.equals(user_id)) {
PrintWriter pw = response.getWriter();
pw.write(JsonUtil.obj2String(ServerResponse.createByErrorMessage("token错误")));
pw.flush();
pw.close();
return false;
}
} catch (Exception e) {
PrintWriter pw = response.getWriter();
pw.write(JsonUtil.obj2String(ServerResponse.createByErrorMessage("token解析失败")));
pw.flush();
pw.close();
return false;
}
}
// 校验参数一致性
Map<String, String[]> map = request.getParameterMap();
String sign = JwtUtil.encodeSign(map);
if (!sign.equals(request.getParameter("sign"))) {
if (request.getRequestURL().toString().contains("localhost")) {
return true;
}
PrintWriter pw = response.getWriter();
pw.write(JsonUtil.obj2String(ServerResponse.createByErrorMessage("签名校验失败")));
pw.flush();
pw.close();
return false;
}
System.out.println("token:::" + token);
return true;
}
@Override
public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, ModelAndView modelAndView) throws Exception {
}
@Override
public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, Exception e) throws Exception {
}
}
