json web token登录
2016-01-18 22:13
706 查看
1.引入jar包
2.jwt加密得到token,解密获取登录信息
<span style="font-size:18px;">package com.baosight.JWT.tool; import java.text.ParseException; import java.util.Map; import net.minidev.json.JSONObject; import com.nimbusds.jose.JOSEException; import com.nimbusds.jose.JWSAlgorithm; import com.nimbusds.jose.JWSHeader; import com.nimbusds.jose.JWSObject; import com.nimbusds.jose.JWSSigner; import com.nimbusds.jose.Payload; import com.nimbusds.jose.crypto.MACSigner; import com.nimbusds.jwt.JWT; import com.nimbusds.jwt.JWTParser; import com.nimbusds.jwt.ReadOnlyJWTClaimsSet; public class AuthHelper { //可有无,随意设置的属性值 static String BAOSIGHT_SHORTNAME = "test"; //站点秘钥 static String BAOSIGHT_SECRET = "3d990d2276917dfac04467df11fff26d"; //加密,id </span><span style="font-size: 18px; font-family: Arial, Helvetica, sans-serif;">(用户在网站中的唯一标示),flag(是否记住密码一周)</span>
<span style="font-size:18px;"><span style="white-space:pre"> </span>public static String getToken(String id,String flag){ JSONObject userInfo = new JSONObject(); //网站二级域名 userInfo.put("short_name", BAOSIGHT_SHORTNAME);//必须项 //用户id(用户在网站中的唯一标示) //这里添加一个javabean对象,会出现类型异常 userInfo.put("user_key", id);//必须项 //flag设置到期时间 userInfo.put("flag", flag); //用户名 userInfo.put("name", "网站用户A");//可选项 Payload payload = new Payload(userInfo); JWSHeader header = new JWSHeader(JWSAlgorithm.HS256); header.setContentType("jwt"); // Create JWS object JWSObject jwsObject = new JWSObject(header, payload); // Create HMAC signer JWSSigner signer = new MACSigner(BAOSIGHT_SECRET.getBytes()); try { jwsObject.sign(signer); } catch (JOSEException e) { System.err.println("Couldn't sign JWS object: " + e.getMessage()); return "error"; } // Serialise JWS object to compact format String token = jwsObject.serialize(); return token; } public static String parseToken(String token){ try { JWT t=JWTParser.parse(token); //获取Claims // 包括需要传递的用户信息; { "sub": "1234567890", "name": "John Doe", "admin": true } ReadOnlyJWTClaimsSet s=t.getJWTClaimsSet(); Map<String, Object> map=s.getAllClaims(); // userInfo userInfo=(com.baosight.JWT.bean.userInfo) map.get("user"); // System.out.println(userInfo.getId()+userInfo.getFlag()); String user_key=(String) map.get("user_key"); String flag=(String) map.get("flag"); System.out.println(flag); return user_key; } catch (ParseException e) { // TODO Auto-generated catch block e.printStackTrace(); return null; } }</span>
<span style="font-size:18px;">//测试 public static void main(String[] args) { String token =getToken("venbill","true"); String user_key=parseToken(token); System.out.println(user_key); // System.out.println("id:"+u.getId()+", flag:"+u.getFlag()); } }</span>
3.登录:doLogin
servlet:<span style="font-size:18px;">package com.baosight.JWT.servlet; import java.io.IOException; import javax.servlet.ServletException; import javax.servlet.http.Cookie; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import com.baosight.JWT.tool.AuthHelper; /** * Servlet implementation class doLogin */ public class doLogin extends HttpServlet { private static final long serialVersionUID = 1L; /** * @see HttpServlet#HttpServlet() */ public doLogin() { super(); // TODO Auto-generated constructor stub } /** * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response) */ protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { doPost(request, response); } /** * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response) */ protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String name=request.getParameter("name"); String password=request.getParameter("password"); String getFlag=request.getParameter("autoAuth"); int durationDays=-1; String autoAuth="flase"; if (getFlag!=null) { durationDays=7; autoAuth="true"; } AuthHelper ah=new AuthHelper(); String token=ah.getToken(name, autoAuth); System.out.println(token);</span>
<span style="font-size:18px;"><span style="white-space:pre"> </span>//存入cookie Cookie cookie = new Cookie("JWT-Test2", token); cookie.setPath("/"); cookie.setMaxAge(durationDays*60*60*24); response.addCookie(cookie); Cookie[] cookies = request.getCookies(); for(Cookie c :cookies ){ System.out.println(c.getName()+"--->"+c.getValue()); } response.sendRedirect("/JWT-Test2/success.jsp"); } } </span>
login.html
<span style="font-size:18px;"><!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>welcome to baosight</title> </head> <body> <table> <form action="http://localhost:8888/JWT-Test2/doLogin" method="POST"> <tr><td>用户名: <input type="text" name="name" /><br></td></tr> <tr><td>密 码: <input type="text" name="password" /><br></td> </tr> <tr> <td> <input type="checkbox" name="autoAuth" value="true" />记住一周</td> <td> <input type="submit" value="Submit" /></td></tr> </form> </table> </body> </html></span>
success.html
<span style="font-size:18px;"><%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>Insert title here</title> </head> <body> <h1>login success</h1> <form action="http://localhost:8888/JWT-Test2/doLogout" method="POST"> <input type="submit" value="退出" /> </form> </body> </html></span>
4.登出doLogout
servlet:<span style="font-size:18px;">package com.baosight.JWT.servlet; import java.io.IOException; import javax.servlet.ServletException; import javax.servlet.http.Cookie; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; /** * Servlet implementation class doLogout */ public class doLogout extends HttpServlet { private static final long serialVersionUID = 1L; public doLogout() { super(); } protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { doPost(request, response); } protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { //删除cookie</span>
<span style="font-size:18px;"><span style="white-space:pre"> </span>Cookie[] cookies = request.getCookies(); if(cookies != null) for(Cookie cookie : cookies) { if(cookie.getName().equals("JWT-Test2")) { System.out.println("cookname========="+cookie.getName());</span>
<span style="font-size:18px;"><span style="white-space:pre"> </span>//这里必须设置path,不然删除不了,必要时需要设置path和domain cookie.setMaxAge(0); cookie.setPath("/"); response.addCookie(cookie); break; } } request.getRequestDispatcher("/login.html").forward(request, response); } }</span>
5.设置过滤器,每次访问页面拿取、判断token
filter:<span style="font-size:18px;">package com.baosight.JWT.filter; import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import com.baosight.JWT.tool.AuthHelper; /** * Servlet Filter implementation class AuthorTokenFilter */ public class AuthorTokenFilter implements Filter { /** * Default constructor. */ public AuthorTokenFilter() { // TODO Auto-generated constructor stub } /** * @see Filter#destroy() */ public void destroy() { // TODO Auto-generated method stub } /** * @see Filter#doFilter(ServletRequest, ServletResponse, FilterChain) */ public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws IOException, ServletException { HttpServletRequest request = (HttpServletRequest) req; HttpServletResponse response = (HttpServletResponse) resp; String token = null; Cookie[] cookies = request.getCookies();</span>
<span style="font-size:18px;"><span style="white-space:pre"> </span>//拿取cookie并判断 if(cookies != null) for(Cookie cookie : cookies) { if(cookie.getName().equals("JWT-Test2")) { token=cookie.getValue(); break; } } AuthHelper ah=new AuthHelper(); try { String id=ah.parseToken(token); System.out.println(id); request.getRequestDispatcher("/success.jsp").forward(request, response); } catch (Exception e) { response.sendRedirect("/JWT-Test2/login.html"); } chain.doFilter(request, response); } /** * @see Filter#init(FilterConfig) */ public void init(FilterConfig fConfig) throws ServletException { // TODO Auto-generated method stub } }</span>
web.xml:
<span style="font-size:18px;"><?xml version="1.0" encoding="UTF-8"?> <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5"> <display-name>JWT-Test2</display-name> <servlet> <description></description> <display-name>doLoginServlet</display-name> <servlet-name>doLoginServlet</servlet-name> <servlet-class>com.baosight.JWT.servlet.doLogin</servlet-class> </servlet> <servlet-mapping> <servlet-name>doLoginServlet</servlet-name> <url-pattern>/doLogin</url-pattern> </servlet-mapping> //过滤器配置,访问所有jsp页面都经过该过滤器</span>
<span style="font-size:18px;"> <filter> <display-name>AuthorTokenFilter</display-name> <filter-name>AuthorTokenFilter</filter-name> <filter-class>com.baosight.JWT.filter.AuthorTokenFilter</filter-class> </filter> <filter-mapping> <filter-name>AuthorTokenFilter</filter-name> <url-pattern>*.jsp</url-pattern> </filter-mapping> <servlet> <description></description> <display-name>doLogout</display-name> <servlet-name>doLogout</servlet-name> <servlet-class>com.baosight.JWT.servlet.doLogout</servlet-class> </servlet> <servlet-mapping> <servlet-name>doLogout</servlet-name> <url-pattern>/doLogout</url-pattern> </servlet-mapping> </web-app></span>
6.网页打开:http://localhost:8888/JWT-Test2/login.html
登录登出测试相关文章推荐
- 如何解析JSON数组,并只拿到其中的一个属性集
- R和JSON的傻瓜式编程
- 【BZOJ1823】 [JSOI2010]满汉全席
- json formatter
- 关于JS中的this
- JavaScript获取元素样式
- js资源的释放
- js获取返回jsonArray中最后一个对象的id
- Gson解析和封装json数据
- jsp中js获取checkBox选中的项
- 名单管理的js代码
- json字符串转 Dictionary
- js数组操作-找出一组按不同顺序排列的字符串的数组元素
- vollty中关于json的学习总结
- js继承的实现方式
- 经常使用的js小方法
- js-数据转换
- 理解js原型和原型链
- document.body和document.body的区别和兼容性&&js自定义弹框的方法
- js中将两个日期字符串相减 获得天数