LoveNav/love-nav
5
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

登录token

Browse Source
This commit is contained in:
Zhang Liguo
2023-12-21 22:39:29 +08:00
parent 1399bfd1e5
commit 9a0fa79bcb
9 changed files with 418 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

125
src/main/java/com/lovenav/utils/TokenUtils.java Normal file
View File

@@ -0,0 +1,125 @@
package com.lovenav.utils;
import com.auth0.jwt.JWT;
import com.auth0.jwt.JWTVerifier;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.exceptions.JWTDecodeException;
import com.auth0.jwt.interfaces.DecodedJWT;
import com.lovenav.entity.User;
import com.lovenav.service.UserService;
import io.jsonwebtoken.*;
import org.apache.tomcat.util.codec.binary.Base64;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.springframework.stereotype.Service;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import java.util.UUID;
@Component
public class TokenUtils {
private static final long EXPIRE_TIME = 60 * 1000; // 1分钟
// private static final long EXPIRE_TIME = 15 * 60 * 1000; // 15分钟
// 加密密文,私钥
private static final String TOKEN_SECRET = "jiamimiwen";
// 由字符串生成加密key
public SecretKey generalKey() {
System.out.println("进入由字符串生成加密key方法");
// 本地的密码解码
byte[] encodedKey = Base64.decodeBase64(TOKEN_SECRET);
// 根据给定的字节数组使用AES加密算法构造一个密钥
SecretKey key = new SecretKeySpec(encodedKey, 0, encodedKey.length, "AES");
return key;
}
// 生成签名
public String sign(User user) {
System.out.println("生成签名方法开始执行!");
try {
// 设置过期时间,单位毫秒
Date expTime = new Date(System.currentTimeMillis() + EXPIRE_TIME);
// 私钥和加密算法
Algorithm algorithm = Algorithm.HMAC256(user.getUserPassword()); //使用用户输入的密码
// Algorithm algorithm = Algorithm.HMAC256(TOKEN_SECRET);
// 设置头部信息,也可以不用设置头部信息jwt会自动生成
// Map<String, Object> header = new HashMap<String, Object>();
// header.put("typ", "JWT");
// header.put("alg", "HS256");
// 或
// header.put("Type", "JWT");
// header.put("alg", "HS256");
// 生成JWT的时间
Date issuedAt = new Date(System.currentTimeMillis());
// 返回token字符串
System.out.println("生成签名方法结束执行!");
return JWT.create() // 表示new一个Jwt设置jwt的body
// .withHeader(header) // 设置头部信息
.withClaim("userLogin", user.getUserLogin()) // 数据库中用户的id
.withClaim("email", user.getUserEmail()) // 前端输入的用户名
.withIssuedAt(issuedAt) // jwt的签发时间
.withExpiresAt(expTime) // jwt过期时间
.sign(algorithm);
} catch (Exception e) {
e.printStackTrace();
return null;
}
}
/**
*
* @Title: verify
* @Description: 检验token是否正确
* @param: @param token 密钥
* @param: @param username 登录名
* @param: @param password 密码
* @param: @return
* @return: boolean
* @throws
*/
public boolean verify(String token, String username, String password) {
System.out.println("进入检验token是否正确方法");
try {
Algorithm algorithm = Algorithm.HMAC256(password); //使用用户输入的密码
// Algorithm algorithm = Algorithm.HMAC256(TOKEN_SECRET);
JWTVerifier verifier = JWT.require(algorithm).withClaim("username", username).build();
// JWTVerifier verifier = JWT.require(algorithm).build();
verifier.verify(token);
return true;
} catch (Exception e) {
return false;
}
}
// 获取登录名
public String getUsername(String token) {
System.out.println("进入获取登录名方法!");
try {
DecodedJWT jwt = JWT.decode(token);
return jwt.getClaim("username").asString();
} catch (JWTDecodeException e) {
return null;
}
}
// 解密jwt
public Claims parseJWT(String jwt) throws Exception {
System.out.println("进入解密jwt方法");
SecretKey key = generalKey(); // 签名秘钥,和生成的签名的秘钥一模一样
Claims claims = Jwts.parser() // 得到DefaultJwtParser
.setSigningKey(key) // 设置签名的秘钥
.parseClaimsJws(jwt).getBody(); // 设置需要解析的jwt
return claims;
}
}