发表于: 2018-03-04 22:34:01
2 662
今日完成:
1. Token类
生成Token(使用DES对数据加密)
<dependency>
<groupId>com.auth0</groupId>
<artifactId>java-jwt</artifactId>
<version>3.3.0</version>
</dependency>
// 过期时间5分钟 毫秒
private static final long EXPIRE_TIME = 5*60*1000;
public static String createToken(Integer id, String name, long signInTime) throws Exception {
try {
String desId = DES.encode(id.toString());
String desSignInTime = DES.encode(String.valueOf(signInTime));
Date date = new Date(System.currentTimeMillis() + EXPIRE_TIME);
Map<String, Object> map = new HashMap<String, Object>();
map.put("alg", "HS256");
map.put("typ", "JWT");
return JWT.create()
.withHeader(map)//header
.withClaim("id", desId) //payload
.withClaim("name", name)
.withClaim("sign_in_time", desSignInTime)
.withExpiresAt(date)
.sign(Algorithm.HMAC256("secret"));//加密
}catch (UnsupportedEncodingException e){
return null;
}
}
验证Token
public static boolean verifyToken(String token) throws Exception {
try {
JWTVerifier verifier = JWT.require(Algorithm.HMAC256("secret")).build();
DecodedJWT jwt = verifier.verify(token);
return true;
}catch (JWTVerificationException e) {
// Map<String, Claim> claims = jwt.getClaims();
// System.out.println(claims.get("name").asString());
e.printStackTrace();
return false;
}
}
2. 在controller中将Token添加到Cookie中
try {
name = schoolService.selectStudentNameById(id);
String Token = JwtToken.createToken(id, name, System.currentTimeMillis());
Cookie cookie = new Cookie("token", Token);
cookie.setMaxAge(5 * 60);//秒
response.addCookie(cookie);
// System.out.println(Token);
} catch (Exception e) {
e.printStackTrace();
}
3. 退出登陆的时候清楚客户端Token(将Tookie的到期时间设置为0)
for (Cookie c : cookies) {
if (c.getName().equals("token")) {
c.setMaxAge(0);
c.setValue(null);
response.addCookie(c);
}
}
使用redirect进行重定向,带着response进行跳转,从一个controller跳转到另一个controller
return new ModelAndView("redirect:/school/index");//带着response跳转
4. spring拦截器
继承自HandlerInterceptorAdapter,重写preHandle方法
public class ProfessionInterceptor extends HandlerInterceptorAdapter {
public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o) throws Exception {
Cookie[] cookies = httpServletRequest.getCookies();
for (Cookie c : cookies) {
if (c.getName().equals("token")) {
String token = c.getValue();
if(JwtToken.verifyToken(token)){
return true;
}
}
}
httpServletRequest.getRequestDispatcher("/school/sign_in").forward(httpServletRequest, httpServletResponse);
return false;
}
}
添加到springmvc配置文件中
<mvc:interceptors>
<!--拦截所有请求-->
<!--<bean class="org.wyq.task.interceptor.ProfessionInterceptor"/>-->
<mvc:interceptor>
<mvc:mapping path="/school/u/profession"/>
<bean class="org.wyq.task.interceptor.ProfessionInterceptor"/>
</mvc:interceptor>
</mvc:interceptors>
明日计划:
1. 把md5,des,cookie,token分别作总结
2. 学习登陆具体流程
3. 尝试session
4. 完成并提交任务5
遇到的问题:
1. com.auth0.jwt.exceptions.TokenExpiredException: The Token has expired on Sun Mar 04 18:16:03 CST 2018.
Cookie和Token的过期时间不一致出的问题
解决方法:
JWT.create()
.withHeader(map)//header
.withClaim("id", desId) //payload
.withClaim("name", name)
.withClaim("sign_in_time", desSignInTime)
.withExpiresAt(date)
.sign(Algorithm.HMAC256("secret"));//加密
cookie.setMaxAge(5 * 60);//秒
2. 在Service中,需要留直接获取pojo类的接口吗,还是留每个pojo类的属性的接口(java9中接口可以拥有私有方法)
收获:
1. 将token添加到cookie中,进行登陆验证和登出
2. 使用spring拦截器对登陆进行验证
成果展示:登陆链接在右上角,颜色很浅
id:1 password:1
评论