日常记录：
 
Java如何传入username和password，来获取token
 
 
 
首先postman测试，返回正常
 
 
 
 
 
 
然后Java中我使用的是resttemplate，注意先设置头，然后Map中put账号密码，再把header的头，contenttype设置为MediaType.Application_JSON(是传JSON格式的数据“application/JSON”时用这个)
 
 
最后打印一下，获取到了token，成功
 
每日一句心灵鸡汤：
 
也许你想成为太阳，可你却只是一颗星辰；也许你想成为大树，可你却是一棵小草。于是，你有些自卑。其实，你和别人一样，也是一片风景：做不了太阳，就做星辰，在自己的星座发光发热；做不了大树，就做小草，以自己的绿色装点希望……

一：简介
 
token 值: 登录令牌.利用 token 值来判断用户的登录状态.类似于 MD5 加密之后的长字符串
 用户登录成功之后,在后端(服务器端)会根据用户信息生成一个唯一的值.这个值就是 token 值
 生成完之后将token值返回给前端，前端存储cookie或session中，每次请求接口需要携带token值，后端会进行相应判断，如果过期或者当前值不相同则进行拦截
 
二：编码
 
MD5加密
 
/**
* @Author: guwenhai
* @Description:    MD5加密
* @Date: 11:41 2020/6/11
*/
public static String getMD5Str(String str) {
   byte[] digest = null;
   try {
       MessageDigest md5 = MessageDigest.getInstance("md5");
       digest  = md5.digest(str.getBytes("utf-8"));
   } catch (NoSuchAlgorithmException e) {
       e.printStackTrace();
   } catch (UnsupportedEncodingException e) {
       e.printStackTrace();
   }
   //16是表示转换为16进制数
   String md5Str = new BigInteger(1, digest).toString(16);
   return md5Str;
}
 
生成token
 
/**
* 加密
* @param object 加密数据
* @param maxTime 有效期（毫秒数）
* @param <T>
* @return
*/
public static <T> String encode(T object,long maxTime){
   try{
       //秘钥加密
       final JWTSigner signer=new JWTSigner(SECRET);
       final Map<String ,Object> data=new HashMap<>(10);
       //存入的信息
       data.put(PAYLOAD,object);
       //有效日期时间
       data.put(EXP,System.currentTimeMillis()+maxTime);
       //生成加密字符串
       return signer.sign(data);
   } catch (Exception e) {
       e.printStackTrace();
       return null;
   }
}
 
解密token
 
/**
 * 数据解密
 * @param jwt 解密数据
 * @return
 * @throws Exception
 */
public static ReturnBase decode(String jwt) throws Exception{
    ReturnBase returnData = new ReturnBase(StatusCode.Success);
    //获取秘钥
    final JWTVerifier jwtVerifier=new JWTVerifier(SECRET);
    final Map<String,Object> data=jwtVerifier.verify(jwt);
    //判断数据是否超时或者符合标准
    if(data.containsKey(EXP)&&data.containsKey(PAYLOAD)){
        //有效期时间戳
        long exp = (long) data.get(EXP);
        //当前时间戳
        long currentTimeMillis = System.currentTimeMillis();
        if(exp > currentTimeMillis){
            //解析数据信息
            Map<String,Object> json= (Map<String, Object>) data.get(PAYLOAD);
            returnData.setData(json);
        }else {
            returnData = new ReturnBase(99999,"用户登录超时");
        }
    }else {
        returnData = new ReturnBase(99999,"用户token错误");
    }
    return returnData;
}

 
 
public class AuthenticationInterceptor implements HandlerInterceptor {
    @Autowired
    UserService userService;
    @Override
    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object object) throws Exception {
        String token = httpServletRequest.getHeader("token");// 从 http 请求头中取出 token
        // 如果不是映射到方法直接通过
        if(!(object instanceof HandlerMethod)){
            return true;
        }
        HandlerMethod handlerMethod=(HandlerMethod)object;
        Method method=handlerMethod.getMethod();
        //检查是否有passtoken注释，有则跳过认证
        if (method.isAnnotationPresent(PassToken.class)) {
            PassToken passToken = method.getAnnotation(PassToken.class);
            if (passToken.required()) {
                return true;
            }
        }
        //检查有没有需要用户权限的注解
        if (method.isAnnotationPresent(UserLoginToken.class)) {
            UserLoginToken userLoginToken = method.getAnnotation(UserLoginToken.class);
            if (userLoginToken.required()) {
                // 执行认证
                if (token == null) {
                    throw new RuntimeException("无token，请重新登录");
                }
                // 获取 token 中的 user id
                String userId;
                try {
                    userId = JWT.decode(token).getAudience().get(0);
                } catch (JWTDecodeException j) {
                    throw new RuntimeException("401");
                }
                User user = userService.findUserById(userId);
                if (user == null) {
                    throw new RuntimeException("用户不存在，请重新登录");
                }
                // 验证 token
                JWTVerifier jwtVerifier = JWT.require(Algorithm.HMAC256(user.getPassword())).build();
                try {
                    jwtVerifier.verify(token);
                } catch (JWTVerificationException e) {
                    throw new RuntimeException("401");
                }
                //将验证通过后的用户信息放到请求中
                httpServletRequest.setAttribute("currentUser", user);
                return true;
            }
        }
        return true;
    }

    @Override
    public void postHandle(HttpServletRequest httpServletRequest, 
                                  HttpServletResponse httpServletResponse, 
                            Object o, ModelAndView modelAndView) throws Exception {

    }
    @Override
    public void afterCompletion(HttpServletRequest httpServletRequest, 
                                          HttpServletResponse httpServletResponse, 
                                          Object o, Exception e) throws Exception {
    }
 
spring-boot 集成JWT实现token验证
 
1、引入JWT依赖,由于是基于Java，所以需要的是java-jwt
 
<dependency>
      <groupId>com.auth0</groupId>
      <artifactId>java-jwt</artifactId>
      <version>3.4.0</version>
</dependency>
 
2、需要自定义两个注解
 
用来跳过验证的PassToken
 
@Target({ElementType.METHOD, ElementType.TYPE})
@Retention(RetentionPolicy.RUNTIME)
public @interface UserLoginToken {
    boolean required() default true;
}
 
需要登录才能进行操作的注解UserLoginToken 
 
@Target({ElementType.METHOD, ElementType.TYPE})
@Retention(RetentionPolicy.RUNTIME)
public @interface PassToken {
    boolean required() default true;
}
 
如果不能导入依赖包，手动导入 
 
import java.lang.annotation.RetentionPolicy;
 
import java.lang.annotation.ElementType;
 
3、实体类UserInfo简写
 
package com.presoft.wydl.packs.system.model;

import java.util.Date;

import com.fasterxml.jackson.annotation.JsonFormat;

public class UserInfo {
    private Long id;

    private String rybm;

    private String zh;

    private String mm;

    private String ryxm;
}
 
4、token的生成方法
 
package com.presoft.wydl.common.util;

import com.auth0.jwt.JWT;
import com.auth0.jwt.algorithms.Algorithm;
import com.presoft.wydl.packs.system.model.UserInfo;

public class JwtUtil {

	public static String getToken(UserInfo user) {
        String token="";
        token= JWT.create().withAudience(user.getRybm())
                .sign(Algorithm.HMAC256(user.getMm()));
        return token;
    }
}
 
5、接下来需要写一个拦截器去获取token并验证token
 
6、配置拦截器
 
@Configuration
public class InterceptorConfig extends   WebMvcConfigurationSupport {
    @Override
    public void addInterceptors(InterceptorRegistry registry) {
        registry.addInterceptor(authenticationInterceptor())
                .addPathPatterns("/**");   
    }
    @Bean
    public AuthenticationInterceptor authenticationInterceptor() {
        return new AuthenticationInterceptor();
    }
    @Override
    public void addArgumentResolvers(List<HandlerMethodArgumentResolver> argumentResolvers) {
        super.addArgumentResolvers(argumentResolvers);
        argumentResolvers.add(new CurrentUserMethodArgumentResolver());
    }
}



 
7、登录验证Controller
 
//登录
	@PassToken
    @RequestMapping(value = "/loginByTele",method = RequestMethod.POST)
    public Object login(HttpServletRequest request ,UserInfoVo vo){
        UserInfo userForBase=userInfoMapper.findBySjhm(vo.getSjhm());
        if(userForBase==null){
            Response response = new Response();
			response.setCode("300");
			response.setMsg("登录失败,用户不存在");
			return response;
        }else {
            if (!userForBase.getMm().equals(vo.getMm())){
                Response response = new Response();
				response.setCode("300");
				response.setMsg("登录失败,密码错误");
				return response;
            }else {
                String token = JwtUtil.getToken(userForBase);
                userForBase.setToken(token);
                Response response = new Response("200","请求成功",userForBase);
    			response.setCode("200");
    			return response;
            }
        }
    }
 
原文 https://www.jianshu.com/p/e88d3f8151db
 
 

 
 
//获取当前登录用户的用户名
 
 
AppSecurityUtils.obtainLoginedUsername()
 
 
//获取当前用户token
 
 
AppSecurityUtils.obtainAccessToken()
 
 
AppSecurityUtils.java
 
 


import org.apache.shiro.subject.Subject;


/**
 * @author yangty
 *
 */
public class AppSecurityUtils {
	
	/**
	 * 获取当前登录用户的用户名
	 * @return
	 */
	public static String obtainLoginedUsername() {
		Subject currentUser = org.apache.shiro.SecurityUtils.getSubject();
		if(currentUser == null || currentUser.getPrincipal() == null) {
			return "";
		}
		AppShiroUser shiroUser = (AppShiroUser)currentUser.getPrincipal();
		return shiroUser.getId();
	}
	
	/**
	 * 获取当前用户token
	 * 
	 * @return
	 */
	public static String obtainAccessToken() {
		Subject currentUser = org.apache.shiro.SecurityUtils.getSubject();
		if(currentUser == null || currentUser.getPrincipal() == null) {
			return "";
		}
		
		AppShiroUser shiroUser = (AppShiroUser)currentUser.getPrincipal();
		
		return shiroUser.getAccessToken();
	}
}
 
 
AppShiroUser 
 
 


import java.io.Serializable;

public class AppShiroUser implements Serializable{

	/**
	 * 
	 */
	private static final long serialVersionUID = 8494048657048720145L;

	private String id;	// 用户ID
	
	private String accessToken;	// 用户oauth授权accessToken
	
	private String ipAddress;//用户登录的机器IP

	public AppShiroUser(String id, String accessToken) {
		super();
		this.id = id;
		this.accessToken = accessToken;
	}

	public String getId() {
		return id;
	}

	public String getAccessToken() {
		return accessToken;
	}

	public void setAccessToken(String accessToken) {
		this.accessToken = accessToken;
	}
	
	/**
	 * @return the ipAddress
	 */
	public String getIpAddress() {
		return ipAddress;
	}

	/**
	 * @param ipAddress the ipAddress to set
	 */
	public void setIpAddress(String ipAddress) {
		this.ipAddress = ipAddress;
	}
	
	/**
	 * 本函数输出将作为默认的<shiro:principal/>输出.
	 */
	@Override
	public String toString() {
		return id;
	}
}
 
 
 
 
 
转载于:https://my.oschina.net/yangty2017/blog/917131