1.将用户信息存储到localStorage里
localStorage.setItem("user",JSON.stringify(res.data));
2.路由守卫
//路由守卫
router.beforeEach((to,from,next)=> {
if(to.path === '/login'){
next();
}
const user = localStorage.getItem("user");
if(!user && to.path !=='/login'){
return next("/login")
}
next();
})
3.jwt在后端鉴权
import org.springframework.context.annotation.Configuration;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.servlet.config.annotation.PathMatchConfigurer;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
@Configuration
public class WebConfig implements WebMvcConfigurer {
@Override
public void configurePathMatch(PathMatchConfigurer configurer){
//指定controller统一接口
configurer.addPathPrefix("/api",clazz ->clazz.isAnnotationPresent(RestController.class));
}
}
前端代码
const user = localStorage.getItem("user");
if(user){
config.headers['token'] = JSON.parse(user).token;
}
拦截器
package com.example.common;
import cn.hutool.core.util.StrUtil;
import com.auth0.jwt.JWT;
import com.auth0.jwt.JWTVerifier;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.exceptions.JWTVerificationException;
import com.example.entity.Admin;
import com.example.exception.CustomException;
import com.example.service.AdminService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Component;
import org.springframework.web.servlet.HandlerInterceptor;
import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
-
拦截器A
*/
@Component
public class JwtInterceptor implements HandlerInterceptor {
private static final Logger log = LoggerFactory.getLogger(JwtInterceptor.class);@Resource
private AdminService adminService;@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler){// 让OPTIONS请求通过if (request.getMethod().equals("OPTIONS")) {response.setStatus(HttpServletResponse.SC_OK);return true;}// 获取tokenString token = request.getHeader("token");if (StrUtil.isBlank(token)){token = request.getParameter("token");}// 开始执行认证if (StrUtil.isBlank(token)){throw new CustomException("无token,请重新登录");}// 获取 token 中的adminIdString adminId;Admin admin;try {adminId = JWT.decode(token).getAudience().get(0);// 根据token中的userid查询数据库admin = adminService.findById(Integer.parseInt(adminId));}catch (Exception e){String errMsg = "token验证失败,请重新登录";log.error(errMsg+",token = " + token,e);throw new CustomException(errMsg);}if (admin == null){throw new CustomException("用户不存在,请重新登录");}try {JWTVerifier jwtVerifier = JWT.require(Algorithm.HMAC256(admin.getPassword())).build();// 根据token中的userid查询数据库jwtVerifier.verify(token);}catch (JWTVerificationException e){throw new CustomException("token验证失败,请重新登录");}log.info("token验证成功,允许放行");return true;}
}
