17、SpringBoot集成JWT，实现接口的鉴权交互

## pom引入

~~~xml
<dependency>
            <groupId>com.auth0</groupId>
            <artifactId>java-jwt</artifactId>
            <version>3.4.1</version>
        </dependency>
        <dependency>
            <groupId>io.jsonwebtoken</groupId>
            <artifactId>jjwt</artifactId>
            <version>0.9.1</version>
        </dependency>
~~~

## 建一个utils的工具类，用于使用jwt。

~~~java
package com.mmno.framework.util;

import com.auth0.jwt.JWT;
import com.auth0.jwt.JWTVerifier;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.interfaces.DecodedJWT;

import java.util.Date;
import java.util.HashMap;
import java.util.Map;

public class JwtUtil {
    private static final String secret = "seqier";
    private static final Long expiration = 1209600L;

/**
     * 生成用户token,设置token超时时间
     */
    public static String createToken(String userName) {
        //过期时间
        Date expireDate = new Date(System.currentTimeMillis() + expiration * 1000);
        Map<String, Object> map = new HashMap<>();
        map.put("alg", "HS256");
        map.put("typ", "JWT");
        String token = JWT.create()
                // 添加头部
                .withHeader(map)
                //可以将基本信息放到claims中
                //userName
                .withClaim("userName", userName)
                //超时设置,设置过期的日期
                .withExpiresAt(expireDate)
                //签发时间
                .withIssuedAt(new Date())
                //SECRET加密
                .sign(Algorithm.HMAC256(secret));
        System.out.println(token);
        return token;
    }

/**
     * 校验token并解析token
     */
    public static boolean verifyToken(String token) {
        DecodedJWT jwt;
        try {
            JWTVerifier verifier = JWT.require(Algorithm.HMAC256(secret)).build();
            jwt = verifier.verify(token);
            if (jwt.getExpiresAt().before(new Date())) {
                System.out.println("token过期");
                return false;
            }
        } catch (Exception e) {
            //解码异常则抛出异常
            System.out.println("token解析异常:" + e.getMessage());
            return false;
        }
        return true;
    }

}
~~~

## 在service层的login接口里可以使用 createToken方法生成一段token

这里在jwt里只保存了一个载体，也就是username，你也可以根据实际的业务情总 保存更多的数据，比如 id mobild等。

~~~java
// 生成token
String token = JwtUtil.createToken(shopUser.getUsername());
~~~

## 新建一个拦截器，限制只有在header里传输了正确的token值 才可以正常访问接口。

~~~java
package com.mmno.shop.interceptor;

import cn.hutool.json.JSONUtil;
import com.auth0.jwt.exceptions.AlgorithmMismatchException;
import com.auth0.jwt.exceptions.InvalidClaimException;
import com.auth0.jwt.exceptions.SignatureVerificationException;
import com.auth0.jwt.exceptions.TokenExpiredException;
import com.mmno.framework.util.JwtUtil;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.util.HashMap;
import java.util.Map;

public class TokenInterceptor implements HandlerInterceptor {

@Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        String token= request.getHeader("token");
        Map<String, Object> map= new HashMap<>();
        if (token== null || token.trim().equals("")){
            map.put("message", "无token值!");
        } else{
            try{
                JwtUtil.verifyToken(token);
                return true;
            } catch (SignatureVerificationException e){
                e.printStackTrace();
                map.put("message", "签名不一致!");
            } catch (TokenExpiredException e){
                e.printStackTrace();
                map.put("message","令牌过期!");
            } catch (AlgorithmMismatchException e){
                e.printStackTrace();
                map.put("message", "算法不匹配!");
            } catch (InvalidClaimException e){
                e.printStackTrace();
                map.put("message","失效payload!");
            } catch (Exception e){
                e.printStackTrace();
                map.put("message","token无效");
            }
        }
        map.put("state", false);

// 使用hutool里的JSONUtil 将map转为json
        String json= JSONUtil.toJsonStr(map);
        response.setContentType("application/json;charset=UTF-8");
        response.getWriter().println(json);
        return false;
    }

@Override
    public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
        System.out.println("拦截器处理结束...");
        HandlerInterceptor.super.postHandle(request, response, handler, modelAndView);
    }

@Override
    public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
        System.out.println("请求结束...");
        HandlerInterceptor.super.afterCompletion(request, response, handler, ex);
    }
}

~~~

## 注册这个拦截器

我这里的 addPathPatterns() 定义要拦截哪个url，也可以使用下面这两种形式
.addPathPatterns("/**")
.addPathPatterns("/api/user/**")

excludePathPatterns 定义哪些地址不需要拦截
`/shop/passport/logout`
`/shop/passport/login`
是我的登录和登出接口，要放行！

~~~java

package com.mmno.shop.interceptor;

import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;

@Configuration
public class MyWebMvcConfig implements WebMvcConfigurer {
    @Override
    public void addInterceptors(InterceptorRegistry registry) {
        registry.addInterceptor(new TokenInterceptor())
                .addPathPatterns()
                .excludePathPatterns("/shop/passport/logout", "/shop/passport/login");
    }
}

~~~