jwt鑒權(quán)就不多說(shuō)了,自行百度...
網(wǎng)上關(guān)于springmvc集成的jwt的文章不少,但是都稍顯復(fù)雜了一點(diǎn)..

1.引入jjwt

JJWT aims to be the easiest to use and understand library for creating and verifying JSON Web Tokens (JWTs) on the JVM.

maven pom.xml
<dependency>
      <groupId>io.jsonwebtoken</groupId>
      <artifactId>jjwt</artifactId>
      <version>0.9.0</version>
</dependency>

2.寫(xiě)個(gè)工具類(lèi)簡(jiǎn)單封裝一下創(chuàng)建和鑒權(quán)步驟
注意:jwt標(biāo)準(zhǔn)注冊(cè)聲明中比較重要的就是exp字段,用于判斷token是否過(guò)期,其他的可以按照個(gè)人喜好情況自行添加.

public class Jwt {
    private static String key = "WkskpDhSkuBUOP*ITB*123123123";
    public  static  String createJwt(String userId){
        //默認(rèn)簽發(fā)有效期24小時(shí)的token
        return createJwt(userId,"subject","issure",86400000);
    }
    public static String createJwt(String id, String subject, String issure, long till) {
        JwtBuilder jwtBuilder = Jwts.builder().setId(id)
                .signWith(SignatureAlgorithm.HS256, new SecretKeySpec(DatatypeConverter.parseBase64Binary(key), SignatureAlgorithm.HS256.getJcaName()))
                .setIssuer(issure)
                .setSubject(subject)
                .setExpiration(new Date(System.currentTimeMillis() + till));
        return jwtBuilder.compact();
    }

    public static Claims parseJwt(String token) throws Exception {
        Claims claims = Jwts.parser().setSigningKey(DatatypeConverter.parseBase64Binary(key)).parseClaimsJws(token).getBody();
        return claims;


    }
}

3.攔截器使用鑒權(quán)
注意:這里我們只判斷token是否偽造和過(guò)期,不在攔截器里面判斷用戶(hù)權(quán)限信息.
這里token我們默認(rèn)加上bearer加空格前綴。。柒爸。

public class ApiInterceptor extends HandlerInterceptorAdapter {
    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        String authorization=request.getHeader("Authorization");
        if(authorization == null || ! authorization.startsWith("Bearer ")){
            this.setErrorResponse(response,"未攜帶token");
            return false;
        }
        String token=authorization.substring(7);
        try {
            request.setAttribute("user",Jwt.parseJwt(token));
        }catch(Exception e) {
            this.setErrorResponse(response,e.getMessage());
            return  false;
        }
        return  true;
    }
    protected void setErrorResponse(HttpServletResponse response,String message) throws IOException {
        response.setHeader("Content-type", "text/html;charset=UTF-8");
        response.setCharacterEncoding("UTF-8");
        response.getWriter().write(message);
        response.getWriter().flush();
        response.getWriter().close();
        
    }
}

4.配置攔截器
springmvc-xml

    <mvc:interceptors>
        <mvc:interceptor>
            <mvc:mapping path="/*"/>
            <!-- 排除登錄-->
            <mvc:exclude-mapping path="/login"/>
            <bean class="cn.dishenghk.Interceptor.ApiInterceptor"></bean>
        </mvc:interceptor>

    </mvc:interceptors>