一、生成及校验Token

1.实例代码

public static final String equipmentSecret = "Equipment_Secret";@PostMapping("/getToken/app")
@ApiOperation("获取鉴权token")
public Message.DataRespone<AppTokenVo> getToken(@RequestBody AppTokenRequest appTokenRequest) {//兼容正负3分钟Date endTime = DateTimeUtils.getDateAfterNow(3, "m");Date startTime = DateTimeUtils.getDateAfterNow(-3, "m");Date targetTime = new Date(appTokenRequest.getTime());if (startTime.after(targetTime) || targetTime.after(endTime)) {return Message.Time_Not_In_Use.create();}PProduct product = productService.getProductByProductKey(appTokenRequest.getProductKey());Map<String, String> claims = new HashMap<>();claims.put("productKey", appTokenRequest.getProductKey());claims.put("time", String.valueOf(appTokenRequest.getTime()));String targetSign = SignUtil.sign(claims, product.getProductSecret());if (!targetSign.equals(appTokenRequest.getSign())) {return Message.Sign_Error.create();}String token = Jwts.builder().setClaims(claims).setExpiration(DateTimeUtils.getDateAfterNow(2, "H"))//采用什么算法是可以自己选择的，不一定非要采用HS512.signWith(SignatureAlgorithm.HS512, equipmentSecret).compact();AppTokenVo appTokenVo1 = new AppTokenVo();appTokenVo1.setToken(token);appTokenVo1.setExpiration(DateTimeUtils.getDateAfterNow(2, "H").getTime());return Message.Success.createWithData(appTokenVo1);
}@GetMapping("/checkToken")
@ApiOperation("校验token")
public Message.DataRespone<CheckTokenResultVo> getToken(@RequestParam(required = true, defaultValue = "") String token) {CheckTokenResultVo checkTokenResultVo = new CheckTokenResultVo();Claims claims = null;try {claims = Jwts.parser().setSigningKey(equipmentSecret).parseClaimsJws(token).getBody();} catch (Exception e) {claims = null;}if (claims == null) {return Message.Token_CHECK_ERROR.create();}String productKey = String.valueOf(claims.get("productKey"));checkTokenResultVo.setProductKey(productKey);checkTokenResultVo.setExpiration(claims.getExpiration().getTime());return Message.Success.createWithData(checkTokenResultVo);
}