json web token登录
2016-01-18 22:13
706 查看
1.引入jar包
2.jwt加密得到token,解密获取登录信息
<span style="font-size:18px;">package com.baosight.JWT.tool;
import java.text.ParseException;
import java.util.Map;
import net.minidev.json.JSONObject;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.JWSObject;
import com.nimbusds.jose.JWSSigner;
import com.nimbusds.jose.Payload;
import com.nimbusds.jose.crypto.MACSigner;
import com.nimbusds.jwt.JWT;
import com.nimbusds.jwt.JWTParser;
import com.nimbusds.jwt.ReadOnlyJWTClaimsSet;
public class AuthHelper {
//可有无,随意设置的属性值
static String BAOSIGHT_SHORTNAME = "test";
//站点秘钥
static String BAOSIGHT_SECRET = "3d990d2276917dfac04467df11fff26d";
//加密,id </span><span style="font-size: 18px; font-family: Arial, Helvetica, sans-serif;">(用户在网站中的唯一标示),flag(是否记住密码一周)</span><span style="font-size:18px;"><span style="white-space:pre"> </span>public static String getToken(String id,String flag){
JSONObject userInfo = new JSONObject();
//网站二级域名
userInfo.put("short_name", BAOSIGHT_SHORTNAME);//必须项
//用户id(用户在网站中的唯一标示)
//这里添加一个javabean对象,会出现类型异常
userInfo.put("user_key", id);//必须项
//flag设置到期时间
userInfo.put("flag", flag);
//用户名
userInfo.put("name", "网站用户A");//可选项
Payload payload = new Payload(userInfo);
JWSHeader header = new JWSHeader(JWSAlgorithm.HS256);
header.setContentType("jwt");
// Create JWS object
JWSObject jwsObject = new JWSObject(header, payload);
// Create HMAC signer
JWSSigner signer = new MACSigner(BAOSIGHT_SECRET.getBytes());
try {
jwsObject.sign(signer);
} catch (JOSEException e) {
System.err.println("Couldn't sign JWS object: " + e.getMessage());
return "error";
}
// Serialise JWS object to compact format
String token = jwsObject.serialize();
return token;
}
public static String parseToken(String token){
try {
JWT t=JWTParser.parse(token);
//获取Claims // 包括需要传递的用户信息; { "sub": "1234567890", "name": "John Doe", "admin": true }
ReadOnlyJWTClaimsSet s=t.getJWTClaimsSet();
Map<String, Object> map=s.getAllClaims();
// userInfo userInfo=(com.baosight.JWT.bean.userInfo) map.get("user");
// System.out.println(userInfo.getId()+userInfo.getFlag());
String user_key=(String) map.get("user_key");
String flag=(String) map.get("flag");
System.out.println(flag);
return user_key;
} catch (ParseException e) {
// TODO Auto-generated catch block
e.printStackTrace();
return null;
}
}</span><span style="font-size:18px;">//测试
public static void main(String[] args) {
String token =getToken("venbill","true");
String user_key=parseToken(token);
System.out.println(user_key);
// System.out.println("id:"+u.getId()+", flag:"+u.getFlag());
}
}</span>3.登录:doLogin
servlet:<span style="font-size:18px;">package com.baosight.JWT.servlet;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import com.baosight.JWT.tool.AuthHelper;
/**
* Servlet implementation class doLogin
*/
public class doLogin extends HttpServlet {
private static final long serialVersionUID = 1L;
/**
* @see HttpServlet#HttpServlet()
*/
public doLogin() {
super();
// TODO Auto-generated constructor stub
}
/**
* @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
*/
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
doPost(request, response);
}
/**
* @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
*/
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
String name=request.getParameter("name");
String password=request.getParameter("password");
String getFlag=request.getParameter("autoAuth");
int durationDays=-1;
String autoAuth="flase";
if (getFlag!=null) {
durationDays=7;
autoAuth="true";
}
AuthHelper ah=new AuthHelper();
String token=ah.getToken(name, autoAuth);
System.out.println(token);</span><span style="font-size:18px;"><span style="white-space:pre"> </span>//存入cookie
Cookie cookie = new Cookie("JWT-Test2", token);
cookie.setPath("/");
cookie.setMaxAge(durationDays*60*60*24);
response.addCookie(cookie);
Cookie[] cookies = request.getCookies();
for(Cookie c :cookies ){
System.out.println(c.getName()+"--->"+c.getValue());
}
response.sendRedirect("/JWT-Test2/success.jsp");
}
}
</span>login.html
<span style="font-size:18px;"><!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>welcome to baosight</title> </head> <body> <table> <form action="http://localhost:8888/JWT-Test2/doLogin" method="POST"> <tr><td>用户名: <input type="text" name="name" /><br></td></tr> <tr><td>密 码: <input type="text" name="password" /><br></td> </tr> <tr> <td> <input type="checkbox" name="autoAuth" value="true" />记住一周</td> <td> <input type="submit" value="Submit" /></td></tr> </form> </table> </body> </html></span>
success.html
<span style="font-size:18px;"><%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Insert title here</title>
</head>
<body>
<h1>login success</h1>
<form action="http://localhost:8888/JWT-Test2/doLogout" method="POST">
<input type="submit" value="退出" />
</form>
</body>
</html></span>4.登出doLogout
servlet:<span style="font-size:18px;">package com.baosight.JWT.servlet;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
* Servlet implementation class doLogout
*/
public class doLogout extends HttpServlet {
private static final long serialVersionUID = 1L;
public doLogout() {
super();
}
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
doPost(request, response);
}
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
//删除cookie</span><span style="font-size:18px;"><span style="white-space:pre"> </span>Cookie[] cookies = request.getCookies();
if(cookies != null)
for(Cookie cookie : cookies) {
if(cookie.getName().equals("JWT-Test2")) {
System.out.println("cookname========="+cookie.getName());</span><span style="font-size:18px;"><span style="white-space:pre"> </span>//这里必须设置path,不然删除不了,必要时需要设置path和domain
cookie.setMaxAge(0);
cookie.setPath("/");
response.addCookie(cookie);
break;
}
}
request.getRequestDispatcher("/login.html").forward(request, response);
}
}</span>5.设置过滤器,每次访问页面拿取、判断token
filter:<span style="font-size:18px;">package com.baosight.JWT.filter;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import com.baosight.JWT.tool.AuthHelper;
/**
* Servlet Filter implementation class AuthorTokenFilter
*/
public class AuthorTokenFilter implements Filter {
/**
* Default constructor.
*/
public AuthorTokenFilter() {
// TODO Auto-generated constructor stub
}
/**
* @see Filter#destroy()
*/
public void destroy() {
// TODO Auto-generated method stub
}
/**
* @see Filter#doFilter(ServletRequest, ServletResponse, FilterChain)
*/
public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) resp;
String token = null;
Cookie[] cookies = request.getCookies();</span><span style="font-size:18px;"><span style="white-space:pre"> </span>//拿取cookie并判断
if(cookies != null)
for(Cookie cookie : cookies) {
if(cookie.getName().equals("JWT-Test2")) {
token=cookie.getValue();
break;
}
}
AuthHelper ah=new AuthHelper();
try {
String id=ah.parseToken(token);
System.out.println(id);
request.getRequestDispatcher("/success.jsp").forward(request, response);
} catch (Exception e) {
response.sendRedirect("/JWT-Test2/login.html");
}
chain.doFilter(request, response);
}
/**
* @see Filter#init(FilterConfig)
*/
public void init(FilterConfig fConfig) throws ServletException {
// TODO Auto-generated method stub
}
}</span>web.xml:
<span style="font-size:18px;"><?xml version="1.0" encoding="UTF-8"?> <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5"> <display-name>JWT-Test2</display-name> <servlet> <description></description> <display-name>doLoginServlet</display-name> <servlet-name>doLoginServlet</servlet-name> <servlet-class>com.baosight.JWT.servlet.doLogin</servlet-class> </servlet> <servlet-mapping> <servlet-name>doLoginServlet</servlet-name> <url-pattern>/doLogin</url-pattern> </servlet-mapping> //过滤器配置,访问所有jsp页面都经过该过滤器</span>
<span style="font-size:18px;"> <filter>
<display-name>AuthorTokenFilter</display-name>
<filter-name>AuthorTokenFilter</filter-name>
<filter-class>com.baosight.JWT.filter.AuthorTokenFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>AuthorTokenFilter</filter-name>
<url-pattern>*.jsp</url-pattern>
</filter-mapping>
<servlet>
<description></description>
<display-name>doLogout</display-name>
<servlet-name>doLogout</servlet-name>
<servlet-class>com.baosight.JWT.servlet.doLogout</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>doLogout</servlet-name>
<url-pattern>/doLogout</url-pattern>
</servlet-mapping>
</web-app></span>6.网页打开:http://localhost:8888/JWT-Test2/login.html
登录登出测试
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- 如何解析JSON数组,并只拿到其中的一个属性集
- R和JSON的傻瓜式编程
- 【BZOJ1823】 [JSOI2010]满汉全席
- json formatter
- 关于JS中的this
- JavaScript获取元素样式
- js资源的释放
- js获取返回jsonArray中最后一个对象的id
- Gson解析和封装json数据
- jsp中js获取checkBox选中的项
- 名单管理的js代码
- json字符串转 Dictionary
- js数组操作-找出一组按不同顺序排列的字符串的数组元素
- vollty中关于json的学习总结
- js继承的实现方式
- 经常使用的js小方法
- js-数据转换
- 理解js原型和原型链
- document.body和document.body的区别和兼容性&&js自定义弹框的方法
- js中将两个日期字符串相减 获得天数