How to use JWT in our code is very simple, just need to introduce the dependency of JWT, what JWT can do, JWT can encapsulate the information you need to pass into a. When we do login authentication, we only need to validate the string.

<dependency> <groupId>com.auth0</groupId> <artifactId> Java -jwt</artifactId> <version>3.10.3</version> </dependency>Copy the code

Once introduced, we can use the API provided by JWT, and we usually wrap a JWTUtils utility class for convenience.

public class JWTUtils { private static String SIGN = "TOKEN! @FE123"; /** * The token is generated. Public static String getToken(map <String, String> map) { JWTCreator.Builder builder = JWT.create(); map.forEach((k,v) -> { builder.withClaim(k,v); }); Calendar instance = Calendar.getInstance(); instance.add(Calendar.DATE,7); builder.withExpiresAt(instance.getTime()); return builder.sign(Algorithm.HMAC256(SIGN)); } public static void verify(String token) { JWT.require(Algorithm.HMAC256(SIGN)).build().verify(token); } public static DecodedJWT getToken(String token) {public static DecodedJWT getToken(String token) {return JWT.require(Algorithm.HMAC256(SIGN)).build().verify(token); }}Copy the code

The utility class is also nice to use if we want to encapsulate some information about the user and put it in a header to respond to the front end.

Map<String, String> payload = new HashMap<>();
payload.put("userId",String.valueOf(user.getUserId()));
payload.put("username",user.getUsername());
payload.put("headUrl",user.getHeadUrl());
payload.put("userType",String.valueOf(user.getUserType()));

String token = JWTUtils.getToken(payload);
response.addHeader("token",token);
Copy the code

When we want to authenticate a user, we just call verify

String token = request.getHeader("token"); try { JWTUtils.verify(token); // Validate token return true; } catch (Exception e) { System.out.println(e.getMessage()); } return false;Copy the code

Another important point is that we need to specify the token in the header when configuring cross-domain access

/** * Configure cross-domain access * @return */ private CorsConfiguration corsConfig() {CorsConfiguration CorsConfiguration = new CorsConfiguration(); corsConfiguration.addAllowedOrigin("*"); * indicates that all requests are regarded as the same source. If you need to specify IP address and port number, you can change the IP address and port number to localhost: 8080, which are separated by commas (,). corsConfiguration.addAllowedHeader("*"); / / headers, which allows the header corsConfiguration. AddAllowedMethod (" * "); / / allow the request method, PSOT, the GET and PUT corsConfiguration. AddExposedHeader (" token "); / / to expand the header browser pass redponse token or cross domain login not receive token corsConfiguration. SetAllowCredentials (true); // Allow the browser to carry cookies return corsConfiguration; } @Bean public CorsFilter corsFilter() { UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();  source.registerCorsConfiguration("/**", corsConfig()); return new CorsFilter(source); }Copy the code