【推荐】2019 Java 开发者跳槽指南.pdf(吐血整理) >>> 
[TOC]
前言
之前写了一篇:《密码加密与微服务鉴权JWT详细使用教程》
实际操作(练习实例)
pom(common),在原有基础上添加jwt依赖
<dependencies>
<!--lombok-->
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<version>1.16.20</version>
</dependency>
<!--工具-->
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
</dependency>
<!--jwt依赖-->
<dependency>
<groupId>commons-beanutils</groupId>
<artifactId>commons-beanutils</artifactId>
<version>1.9.3</version>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt</artifactId>
<version>0.9.0</version>
</dependency>
<dependency>
<groupId>joda-time</groupId>
<artifactId>joda-time</artifactId>
<version>2.9.7</version>
</dependency>
</dependencies>
拷贝工具类
保证本地有RAS文件(之前写的有说关于生产RAS点击前往)
项目整合JWT
1、登录时产生token,并返回
2、前端登录后,将token保存到sessionStroage
3、每一次请求中,需要追加请求头
4、在网关中,编写网关过滤器,对请求进行校验
1、登录时产生token,并返回
UserController
private static final String priKeyPath = "D:\\ras\\ras.pri";
@PostMapping("/login")
public BaseResult login(@RequestBody TEmp tEmp) {
TEmp result = empService.login(tEmp);
if (result != null) {
String token = null;
try {
token = JwtUtils.generateToken(result, 30, RasUtils.getPrivateKey(priKeyPath));
} catch (Exception e) {
e.printStackTrace();
}
return BaseResult.ok("登录成功").append("token", token);
} else {
return BaseResult.error("用户名或密码不匹配");
}
}
2、前端登录后,将token保存到sessionStroage
3、每一次请求中,需要追加请求头(api.js)
axios.interceptors.request.use(request => {
//每一次请求头中,请求头需要携带token
//获得token
let token = sessionStorage.getItem('token')
//有设置就放行
if (token) {
request.headers.authorization = token
}
return request
}, error => { });
4、在网关中,编写网关过滤器,对请求进行校验
package com.czxy.filter;
import com.czxy.common.utils.JwtUtils;
import com.czxy.common.utils.RasUtils;
import com.netflix.zuul.ZuulFilter;
import com.netflix.zuul.context.RequestContext;
import com.netflix.zuul.exception.ZuulException;
import org.apache.catalina.User;
import org.springframework.stereotype.Component;
import javax.servlet.http.HttpServletRequest;
/**
* @author 庭前云落
* @Date 2019/12/23 8:31
* @description
*/
@Component
public class LoginFilter extends ZuulFilter {
@Override
public String filterType() {
return "pre";
}
@Override
public int filterOrder() {
return 1;
}
@Override
public boolean shouldFilter() {
//1 获得工具类(请求上下文对象)
RequestContext requestContext = RequestContext.getCurrentContext();
//2 通过工具类获得request对象
HttpServletRequest request = requestContext.getRequest();
String requestURI = request.getRequestURI();
System.out.println(requestURI);
if ("/api/service/emp/login".equals(requestURI)) {
return false;
}
return true; //是否执行
}
private static final String pubKeyPath = "D:\\ras\\ras.pub";
@Override
public Object run() throws ZuulException {
//1、获得工具类(请求上下文)
RequestContext requestContext = RequestContext.getCurrentContext();
//2、获得请求对象
HttpServletRequest request = requestContext.getRequest();
//3、获得请求头,获得token值
String token = request.getHeader("authorization");
//4、判断--校验
try {
JwtUtils.getObjectFromToken(token, RasUtils.getPublicKey(pubKeyPath), User.class);
} catch (Exception e) {
e.printStackTrace();
//不允许放行
requestContext.setSendZuulResponse(false);
requestContext.setResponseStatusCode(403);
}
//放行
return null;
}
}
5、登录拦截器(index.js)未登录跳转回登录页面,已登录则放行
/**配置拦截器 */
router.beforeEach((to,from,next)=>{
if(to.path=='/login'){
next()
return
}
/**如果有token表示登录,程序跳转,否则跳转到登录页面 */
let token= sessionStorage.getItem('token')
if(token){
next()
}else{
next('/login')
}
})
来源:oschina
链接:https://my.oschina.net/tingqianyunluo/blog/3146060