import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.web.servlet.config.annotation.InterceptorRegistry; import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; @Configuration public class InterceptorConfig implements WebMvcConfigurer { @Override public void addInterceptors(InterceptorRegistry registry) { registry.addInterceptor(jwtInterceptor())//攔截器自定義攔截邏輯執行類 .addPathPatterns("/**")//攔截所有請求地址 .excludePathPatterns("/data-admin/*/login");//越過攔截所有請求,通過判斷token是否合法來決定是否需要登錄 } @Bean public JwtInterceptor jwtInterceptor(){ return new JwtInterceptor(); } }
執行類:
public class JwtInterceptor implements HandlerInterceptor { @Autowired private RedisTemplate redisTemplate; @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { String token = request.getHeader("token"); //如果不是映射到方法直接通過 if (!(handler instanceof HandlerMethod)) { return true; } //執行認證 if (StrUtil.isBlank(token)) { throw new ServiceException("無token,請重新登錄"); } // //獲取token中的username // String userName; // try { // userName = JWT.decode(token).getAudience().get(0); // // } catch (JWTDecodeException j) { // throw new RuntimeException("token異常"); // } // //查看token的username // if (!userName.equals("admin")) { // throw new ServiceException("用戶不存在"); // } // //密碼加簽驗證token // JWTVerifier jwtVerifier = JWT.require(Algorithm.HMAC256("123456")).build(); // try { // jwtVerifier.verify(token); // } catch (JWTVerificationException e) { // throw new ServiceException("token驗證失敗,請重新登錄"); // } String name = "admin"; String password = ""; try { //獲取redis中的密碼 password = String.valueOf(redisTemplate.opsForValue().get("admin")); } catch (Exception e) { throw new ServiceException("redis連接失敗,請聯系管理員"); } //驗證token加密串 try { if (!MD5Util.verify(name + password, token)) { throw new ServiceException("token驗證失敗,請重新登錄"); } } catch (JWTVerificationException e) { throw new ServiceException("token驗證失敗,請重新登錄"); } return true; } }
redis連接工具類:
@Configuration public class RedisConfig { @Bean(name="redisTemplate") public RedisTemplate<String, String> redisTemplate(RedisConnectionFactory factory) { RedisTemplate<String, String> template = new RedisTemplate<>(); RedisSerializer<String> redisSerializer = new StringRedisSerializer(); template.setConnectionFactory(factory); //key序列化方式 template.setKeySerializer(redisSerializer); //value序列化 template.setValueSerializer(redisSerializer); //value hashmap序列化 template.setHashValueSerializer(redisSerializer); //key haspmap序列化 template.setHashKeySerializer(redisSerializer); return template; } }
簡單的MD5加解密,簽名認證:
public class MD5Util { //秘鑰 public static final String KEY = "***********"; /** * 帶秘鑰加密 * * @param text 明文 * @return 密文 */ public static String md5(String text) { // 加密后的字符串 String md5str = DigestUtils.md5Hex(text + KEY); System.out.println("MD5加密后的字符串為:" + md5str); return md5str; } /** * MD5驗證方法 根據傳入的密鑰進行驗證 * * @param text 明文 * @param md5 密文 * @return * @throws Exception */ public static boolean verify(String text, String md5) { String md5str = md5(text); if (md5str.equalsIgnoreCase(md5)) { System.out.println("MD5驗證通過"); return true; } return false; } public static void main(String[] args) { String signKeyMd5 = md5("明文"); System.out.println(signKeyMd5); System.out.println(verify("admin", signKeyMd5)); }
浙公網安備 33010602011771號