怎么把token塞到header里面返回给前端
1、jwt含义:第一部分:我们称它为头部(header),用于存放token类型和加密协议,一般都是固定的;第二部分:我们称其为载荷(payload),用户数据就存放在里面;第三部分:是签证(signature),主要用于服务端的验证;
2、首先 项目中引入pom.xml文件<!-- jwt支持 --><dependency> <groupId>com.auth0</groupId> <artifactId>java-jwt</artifactId> <version>3.4.0</version></dependency>
3、其次:编写jwt工具类:public clas衡痕贤伎s JwtTokenUtil { //定义token返回头部 public static final String AUTH_HEADER_KEY = "Authorization"; //token前缀 public static final String TOKEN_PREFIX = "Bearer "; //签名密钥 public static final String KEY = "q3t6w9z$C&F)J@NcQfTjWnZr4u7x"; //有效期默认为 2hour public static final Long EXPIRATION_TIME = 1000L*60*60*2; /** * 创建TOKEN * @param content * @return */ public static String createToken(String content){ return TOKEN_PREFIX + JWT.create() .withSubject(content) .withExpiresAt(new Date(System.currentTimeMillis() + EXPIRATION_TIME)) .sign(Algorithm.HMAC512(KEY)); } /** * 验证token * @param token */ public static String verifyToken(String token) throws Exception { try { return JWT.require(Algorithm.HMAC512(KEY)) .build() .verify(token.replace(TOKEN_PREFIX, "")) .getSubject(); } catch (TokenExpiredException e){ throw new Exception("token已失效,请重新登录",e); } catch (JWTVerificationException e) { throw new Exception("token验证失败!",e); } }}
4、@Slf4j@Configurationpublic class GlobalWebMvcConfig implements WebMvcConfigurer { /** * 重写父类提供的跨域请求处理的接口 * @param registry */ @Override public void addCorsMappings(CorsRegistry registry) { // 添加映射路径 registry.addMapping("/**") // 放行哪些原始域 .allowedOrigins("*") // 是否发送Cookie信息 .allowCredentials(true) // 放行哪些原始域(请求方式) .allowedMethods("GET", "POST", "DELETE", "PUT", "OPTIONS", "HEAD") // 放行哪些原始域(头部信息) .allowedHeaders("*") // 暴露哪些头部信息(因为跨域访问默认不能获取全部头部信息) .exposedHeaders("Server","Content-Length", "Authorization", "Access-Token", "Access-Control-Allow-Origin", "Access-Control-Allow-Credentials"); }
5、/** * 添加拦截器 * @param registry */ @Override public void addInterceptors(InterceptorRegistry registry) { //添加权限拦截器 registry.addInterceptor( new AuthenticationInterceptor()) .addPathPatterns("/**").excludePathPatterns("/static/**"); }}
6、@Slf4jpublic clas衡痕贤伎s AuthenticationInterceptor implements HandlerInter艘早祓胂ceptor { @Override public boolean preHandle( HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { // 从http请求头中取出token final String token = request.getHeader(JwtTokenUtil.AUTH_HEADER_KEY); //如果不是映射到方法,直接通过 if(!(handler instanceof HandlerMethod)){ return true; } //如果是方法探测,直接通过 if (HttpMethod.OPTIONS.equals(request.getMethod())) { response.setStatus(HttpServletResponse.SC_OK); return true; } //如果方法有JwtIgnore注解,直接通过 HandlerMethod handlerMethod = (HandlerMethod) handler; Method method=handlerMethod.getMethod(); if (method.isAnnotationPresent(JwtIgnore.class)) { JwtIgnore jwtIgnore = method.getAnnotation(JwtIgnore.class); if(jwtIgnore.value()){ return true; } } LocalAssert.isStringEmpty(token, "token为空,鉴权失败!"); //验证,并获取token内部信息 String userToken = JwtTokenUtil.verifyToken(token); //将token放入本地缓存 WebContextUtil.setUserToken(userToken); return true; } @Override public void afterCompletion( HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception { //方法结束后,移除缓存的token WebContextUtil.removeUserToken(); }}
7、/*** 登录* @param userDto* @return*/@JwtIgnore@RequestMapping(value = "/login", method = RequestMethod.POST, produces = {"application/json;charset=UTF-8"})public UserVo login(@RequestBody UserDto userDto, HttpServletResponse response){ //...参数合法性验证 //从数据库获取用户信息 User dbUser = userService.selectByUserNo(userDto.getUserNo); //....用户、密码验证 //创建token,并将token放在响应头 UserToken userToken = new UserToken(); BeanUtils.copyProperties(dbUser,userToken); String token = JwtTokenUtil.createToken(JSONObject.toJSONString(userToken)); response.setHeader(JwtTokenUtil.AUTH_HEADER_KEY, token); //定义返回结果 UserVo result = new UserVo(); BeanUtils.copyProperties(dbUser,result); return result;}
8、通过以上步骤,就可以开始使用将项目的token成功引入head中