accessToken
:用户获取数据权限refreshToken
:用来获取新的accessToken双 token 验证机制,其中 accessToken 过期时间较短,refreshToken 过期时间较长。当 accessToken 过期后,使用 refreshToken 去请求新的 token。
引入依赖
<!-- JWT依赖-->
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt</artifactId>
<version>0.9.1</version>
</dependency>
<dependency>
<groupId>com.auth0</groupId>
<artifactId>java-jwt</artifactId>
<version>3.4.0</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-redis</artifactId>
</dependency>
<dependency>
<groupId>com.alibaba</groupId>
<artifactId>fastjson</artifactId>
<version>1.2.47</version>
</dependency>
application.yml配置
spring.redis.host=43.139.59.28
spring.redis.port=6379
spring.redis.timeout=10s
spring.redis.password=123
# 加密密钥
jwt.secret=zhangxb
# header 名称
jwt.header=Authorization
# accessToken有效单位为秒
jwt.expire.accessToken=3600
# refreshToken有效单位为秒
jwt.expire.refreshToken=30
RedisUtil工具类
import org.springframework.data.redis.core.StringRedisTemplate;
import org.springframework.stereotype.Component;
import javax.annotation.Resource;
import java.util.concurrent.TimeUnit;
@Component
public class RedisUtil {
@Resource
private StringRedisTemplate stringRedisTemplate;
public void set(String refreshToken, String accessToken, Long time) {
stringRedisTemplate.opsForValue().set(refreshToken,accessToken,time, TimeUnit.SECONDS);
}
public Object get(String refreshToken) {
return stringRedisTemplate.opsForValue().get(refreshToken);
}
public Boolean hasKey(String blacklistPrefix) {
return stringRedisTemplate.opsForValue().get(blacklistPrefix) == null ? false : true;
}
}
JwtToken工具类
import com.alibaba.fastjson.JSONObject;
import com.example.demo.model.UserToken;
import com.example.demo.model.UserTokenInfo;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import org.springframework.beans.BeanUtils;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;
import javax.annotation.Resource;
import java.util.Date;
/**
* @author: zxb
* @createTime: 2022-11-23 14:55
* @version: 1.0.0
* @Description: JwtToken 工具类
*/
@Component
public class JwtTokenUtil {
/**
* 获取黑名单前缀
*/
public static final String TOKEN_BLACKLIST_PREFIX = "TOKEN_BLACKLIST-";
@Value("${jwt.secret}")
public String secret;
@Value("${jwt.header}")
public String header;