发表于: 2018-03-04 22:34:01

2 663


今日完成:

1.       Token

生成Token(使用DES对数据加密)

<dependency>
    <groupId>
com.auth0</groupId>
    <artifactId>
java-jwt</artifactId>
    <version>
3.3.0</version>
</dependency>

 

// 过期时间5分钟 毫秒
private static final long EXPIRE_TIME = 5*60*1000;

public static
String createToken(Integer id, String name, long signInTime) throws Exception {
   
try {
        String desId = DES.encode(id.toString())
;
       
String desSignInTime = DES.encode(String.valueOf(signInTime));
       
Date date = new Date(System.currentTimeMillis() + EXPIRE_TIME);
       
Map<String, Object> map = new HashMap<String, Object>();
       
map.put("alg", "HS256");
       
map.put("typ", "JWT");
        return
JWT.create()
                .withHeader(map)
//header
               
.withClaim("id", desId) //payload
               
.withClaim("name", name)
                .withClaim(
"sign_in_time", desSignInTime)
                .withExpiresAt(date)
                .sign(Algorithm.HMAC256(
"secret"));//加密
   
}catch (UnsupportedEncodingException e){
       
return null;
   
}
}

验证Token

public static boolean verifyToken(String token) throws Exception {
       
try {
            JWTVerifier verifier = JWT.require(Algorithm.HMAC256(
"secret")).build();
           
DecodedJWT jwt = verifier.verify(token);
            return true;
       
}catch (JWTVerificationException e) {
//        Map<String, Claim> claims = jwt.getClaims();
//        System.out.println(claims.get("name").asString());
           
e.printStackTrace();
            return false;
       
}
    }

2.       controller中将Token添加到Cookie

try {
                name =
schoolService.selectStudentNameById(id);
               
String Token = JwtToken.createToken(id, name, System.currentTimeMillis());
               
Cookie cookie = new Cookie("token", Token);
               
cookie.setMaxAge(5 * 60);//
               
response.addCookie(cookie);
//                System.out.println(Token);
           
} catch (Exception e) {
                e.printStackTrace()
;
           
}

3.       退出登陆的时候清楚客户端Token(将Tookie的到期时间设置为0

for (Cookie c : cookies) {
   
if (c.getName().equals("token")) {
        c.setMaxAge(
0);
       
c.setValue(null);
       
response.addCookie(c);
   
}
}

使用redirect进行重定向,带着response进行跳转,从一个controller跳转到另一个controller

return new ModelAndView("redirect:/school/index");//带着response跳转

4.       spring拦截器

继承自HandlerInterceptorAdapter,重写preHandle方法

public class ProfessionInterceptor extends HandlerInterceptorAdapter {
   
public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o) throws Exception {
        Cookie[] cookies = httpServletRequest.getCookies()
;
        for
(Cookie c : cookies) {
           
if (c.getName().equals("token")) {
                String token = c.getValue()
;
                if
(JwtToken.verifyToken(token)){
                   
return true;
                
}
            }
        }
        httpServletRequest.getRequestDispatcher(
"/school/sign_in").forward(httpServletRequest, httpServletResponse);
        return false;
   
}
}

添加到springmvc配置文件中

<mvc:interceptors>
   
<!--拦截所有请求-->
    <!--<bean class="org.wyq.task.interceptor.ProfessionInterceptor"/>-->
   
<mvc:interceptor>
        <
mvc:mapping path="/school/u/profession"/>
        <bean
class="org.wyq.task.interceptor.ProfessionInterceptor"/>
    </
mvc:interceptor>
</
mvc:interceptors>

明日计划:

1.       md5descookietoken分别作总结

2.       学习登陆具体流程

3.       尝试session

4.       完成并提交任务5

遇到的问题:

1.       com.auth0.jwt.exceptions.TokenExpiredException: The Token has expired on Sun Mar 04 18:16:03 CST 2018.

CookieToken的过期时间不一致出的问题

解决方法:

JWT.create()
        .withHeader(map)
//header
       
.withClaim("id", desId) //payload
       
.withClaim("name", name)
        .withClaim(
"sign_in_time", desSignInTime)
        .withExpiresAt(date)
        .sign(Algorithm.HMAC256(
"secret"));//加密

 

cookie.setMaxAge(5 * 60);//

2.       Service中,需要留直接获取pojo类的接口吗,还是留每个pojo类的属性的接口(java9中接口可以拥有私有方法)

收获:

1.       token添加到cookie中,进行登陆验证和登出

2.       使用spring拦截器对登陆进行验证


成果展示:登陆链接在右上角,颜色很浅

id:1  password:1



返回列表 返回列表
评论

    分享到