目录结构
pom.xml
<dependency>
<groupId>javax.xml.bind</groupId>
<artifactId>jaxb-api</artifactId>
<version>2.3.1</version>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt</artifactId>
<version>0.9.1</version>
</dependency>
utils/JwtTokenUtil
package com.example.demo.utils;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import java.util.Date;
public class JwtTokenUtil {
private static final long nowMillis = System.currentTimeMillis();
private static final long expMillis = nowMillis + (60 * 1000); //有效期30天
private static final Date exp = new Date(expMillis);
private static final String SECRET_KEY = "your_secret_key";
public static String generateToken(String username, String password) {
return Jwts.builder()
.setSubject(username) // 代表这个JWT的主体,即它的所有人
.claim("password", password) // 记录一些不重要的对象信息放到claims
.setExpiration(exp) //设置有效期
.setIssuedAt(new Date()) // 一个时间戳,代表这个JWT的签发时间
.signWith(SignatureAlgorithm.HS256, SECRET_KEY) //签名方式
.compact();
}
public static boolean validateToken(String token, String uname) {
if (token==null){
return false;
}
System.out.println("有效时间:");
System.out.println(exp);
try {
String username = Jwts.parser()
.setSigningKey(SECRET_KEY)
.parseClaimsJws(token)
.getBody()
.getSubject();
return username.equals(uname) && !isTokenExpired(token);
} catch (Exception e) {
return false;
}
}
private static boolean isTokenExpired(String token) {
return Jwts.parser()
.setSigningKey(SECRET_KEY)
.parseClaimsJws(token)
.getBody()
.getExpiration()
.before(new Date());
}
}
controller/Login
package com.example.demo.controller;
import com.example.demo.utils.JwtTokenUtil;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;
@RestController
public class Login {
@GetMapping("/login")
public String login() {
String token = JwtTokenUtil.generateToken("username", "password");
System.out.println("token:" + token);
String password = "password123";
String storedMD5 = "482c811da5d5b4bc6d497ffa98491e38"; // 假设这是数据库中存储的MD5密码散列
// 验证密码
boolean isValid = MD5Checker.checkPassword(password, storedMD5);
System.out.println("Password is valid: " + isValid);
return token;
}
@GetMapping("/vertical")
public Boolean vertical(@RequestParam String token) {
Boolean validStatus = JwtTokenUtil.validateToken(token, "username");
System.out.println(validStatus);
return validStatus;
}
}
utils/MD5Checker
package com.example.demo.utils;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
public class MD5Checker {
public static String toMD5(String originalString) {
try {
MessageDigest md = MessageDigest.getInstance("MD5");
md.update(originalString.getBytes());
byte[] digest = md.digest();
StringBuilder sb = new StringBuilder();
for (byte b : digest) {
sb.append(String.format("%02x", b));
}
return sb.toString();
} catch (NoSuchAlgorithmException e) {
throw new RuntimeException("Could not find MD5 algorithm", e);
}
}
public static boolean checkPassword(String inputPassword, String storedMD5) {
String md5 = toMD5(inputPassword);
return md5.equalsIgnoreCase(storedMD5);
}
}
网友评论