步驟如下： **1. 封裝jwt工具** ```java public class JwtUtils { /** * token有效期，單位ms。 * 60 * 60 *1000 一個小時 */ public static final Long JWT_TTL = 3600000L; /** * 秘鑰明文 */ public static final String JWT_KEY = "itcast"; /** * 存儲token，這里用Map代替Redis */ private static final Map<String, Object> tokenMap = new HashMap<>(16); /** * 創建token */ public static String createToken(String id, String subject, Map<String, Object> claims, Long ttlMs) { long nowMs = System.currentTimeMillis(); if (ttlMs == null) { ttlMs = JWT_TTL; } JwtBuilder builder = Jwts.builder() //唯一的ID .setId(id) //主題，可以是JSON數據 .setSubject(subject) //簽發者 .setIssuer("admin") //簽發時間 .setIssuedAt(new Date(nowMs)) //使用HS256對稱加密算法簽名, 第二個參數為秘鑰 .signWith(SignatureAlgorithm.HS256, generalKey()) //設置過期時間 .setExpiration(new Date(nowMs + ttlMs)); if (!CollectionUtils.isEmpty(claims)) { //如果想存儲更多的信息（例如角色）可以增加自定義claims builder.claim("roles", claims.get("roles")); } return builder.compact(); } /** * 生成加密后的秘鑰 */ public static SecretKey generalKey() { byte[] encodedKey = Base64.getDecoder().decode(JWT_KEY); SecretKey key = new SecretKeySpec(encodedKey, 0, encodedKey.length, "AES"); return key; } /** * 密碼加密 */ public static String hashpw(String password) { String gensalt = BCrypt.gensalt(); return BCrypt.hashpw(password, gensalt); } /** * 密碼驗證 */ public static boolean checkpw(String password, String hashpw) { boolean checkpw = BCrypt.checkpw(password, hashpw); return checkpw; } /** * 解析token */ public static Claims parseToken(String token) { return Jwts.parser() .setSigningKey(generalKey()) .parseClaimsJws(token) .getBody(); } /** * 登錄成功時存儲token */ public static void putToken(String username, String token) { tokenMap.put(username, token); } /** * 獲取token */ public static String getToken(String username) { return (String) tokenMap.get(username); } /** * 退出時刪除token */ public static void delToken(String username) { tokenMap.remove(username); } } ``` **2. 封裝登錄登出的controller** ```java @RestController @RequestMapping("/admin") @RequiredArgsConstructor public class AdminController { final AdminService adminService; @PostMapping("/login") public Json login(@RequestBody Admin admin) { boolean login = adminService.login(admin); //驗證失敗 if (!login) { return JsonBuilder.error(); } //創建token String token = JwtUtils.createToken(UUID.randomUUID().toString(), admin.getUsername(), null, null); String auth = JwtUtils.hashpw(admin.getUsername()); //存儲token JwtUtils.putToken(auth, token); Map<String, String> info = new HashMap<>(16); info.put("username", admin.getUsername()); info.put("token", token); info.put("auth", auth); return JsonBuilder.ok(info); } @PostMapping("/logout") public Json logout(@RequestBody Admin admin) { //刪除token JwtUtils.delToken(admin.getAuth()); return JsonBuilder.ok(); } @PostMapping("/uuid") public Json getUUID() { return JsonBuilder.ok(UUID.randomUUID().toString()); } } ``` **3. 在過濾器中進行認證** ```java @Component public class AuthorizeFilter implements Filter { private static final String AUTHORIZE_TOKEN = "token"; private static final String AUTHORIZE_auth = "auth"; @Override public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain chain) throws IOException, ServletException { HttpServletRequest request = (HttpServletRequest) servletRequest; HttpServletResponse response = (HttpServletResponse) servletResponse; response.setContentType("text/json;charset=utf-8"); //1. 如果是登錄、退出請求則放行 boolean release = request.getRequestURI().contains("/admin/login") || request.getRequestURI().contains("/admin/logout"); if (release) { //放行 chain.doFilter(request, response); return; } //2. token不存在說明已經退出或未登錄 String auth = request.getHeader(AUTHORIZE_auth); if (JwtUtils.getToken(auth) == null) { String resJson = JSON.toJSONString(JsonBuilder.error("未登錄")); response.getWriter().write(resJson); return; } //3. 請求頭中獲取令牌 String token = request.getHeader(AUTHORIZE_TOKEN); //判斷請求頭中是否有令牌 if (!StringUtils.hasLength(token)) { String resJson = JSON.toJSONString(JsonBuilder.error("無權限訪問")); response.getWriter().write(resJson); return; } //4. 如果請求頭中有令牌則解析令牌 try { JwtUtils.parseToken(token); //放行 chain.doFilter(request, response); } catch (Exception e) { e.printStackTrace(); //5. 解析jwt令牌出錯, 說明令牌過期或者偽造等不合法情況出現 String resJson = JSON.toJSONString(JsonBuilder.error("無權限訪問")); response.getWriter().write(resJson); } } } ``` **3. 測試** （1）未登錄訪問 http://localhost:8080/admin/uuid 。 ``` { "code": 1000, "msg": "未登錄", "success": false } ``` （2）登錄 http://localhost:8080/admin/login 。 ``` //入參 { "username": "zhangsan", "password": "123456" } //出參 { "success": true, "code": 200, "msg": "操作成功", "data": { "auth": "$2a$10$jth464hRdX5IrxIbUwsczOQlbcarlr9hL8klZfQf7wBtLQ89BggLm", "username": "zhangsan", "token": "eyJhbGciOiJIUzI1NiJ9.eyJqdGkiOiI0YWJhYzIxYi0zMDNhLTRlZmYtYTk2My04NDFhOWFlN2I3ZmQiLCJzdWIiOiJ6aGFuZ3NhbiIsImlzcyI6ImFkbWluIiwiaWF0IjoxNjc2NTYyMDk3LCJleHAiOjE2NzY1NjU2OTd9.tid7QncjDhdjAGjcDBPwO53I-5JSOz7aH6g5jt04c64" } } ``` （3）完成登錄后訪問 http://localhost:8080/admin/uuid 。  ``` { "success": true, "code": 200, "msg": "操作成功", "data": "abc10c73-111d-4f35-b819-759698676076" } ``` （4）注銷后再訪問 http://localhost:8080/admin/uuid 。 ``` { "code": 1000, "msg": "未登錄", "success": false } ```