当前位置:网站首页>JWT学习
JWT学习
2022-08-02 19:11:00 【Linging_24】
文章目录
参考文章:https://www.jianshu.com/p/576dbf44b2ae
JWT
1、什么是JSON WEB TOKEN?
JSON Web令牌(JWT)是一个开放标准(RFC 7519),它定义了一种紧凑而独立的方法,用于在各方之间安全地将信息作为JSON对象传输。由于此信息是经过数字签名的,因此可以被验证和信任。可以使用秘密(使用HMAC算法)或使用RSA或ECDSA的公用/专用密钥对对JWT进行签名。尽管可以对JWT进行加密以提供双方之间的保密性,但我们将重点关注已签名的令牌。签名的令牌可以验证其中包含的声明的完整性,而加密的令牌则将这些声明隐藏在其他方的面前。当使用公钥/私钥对对令牌进行签名时,签名还证明只有持有私钥的一方才是对其进行签名的一方。
2、什么时候我们应该使用JWT?
- 授权:这是使用JWT的最常见方案。一旦用户登录,每个后续请求将包括JWT,从而允许用户访问该令牌允许的路由,服务和资源。单点登录是当今广泛使用JWT的一项功能,因为它的开销很小并且可以在不同的域中轻松使用。
- 信息交换:JSON Web令牌是在各方之间安全传输信息的一种好方法。因为可以对JWT进行签名(例如,使用公钥/私钥对),所以您可以确定发件人是他们所说的人。此外,由于签名是使用标头和有效负载计算的,因此您还可以验证内容是否遭到篡改。
3、JWT的结构组成
- Header 头部
- Payload 负载
- Signature 签名
组成:xxxxx.yyyyy.zzzzz
3.1 Header
Header通常由两部分组成:令牌的类型(即JWT)和所使用的签名算法,例如HMAC SHA256或RSA。
//for example
{
"alg": "HS256", //签名算法
"typ": "JWT" //令牌的类型
}
//这个header一般去改变它
然后,此JSON被Base64Url编码以形成JWT的第一部分.
3.2 Payload
令牌的第二部分是有效负载,其中包含声明。声明是有关实体(通常是用户)和其他数据的声明。共有三种类型的声明:registered
, public
, and private
claims.。
3.2.1 registered claims:
这些是一组非强制性的但建议使用的预定义声明,以提供一组有用的可互操作的声明。其中一些是:iss(issuer:发行方),exp(expiration time:到期时间),sub(subject:主题),aud(audience:受众群体)等
请注意,声明名称仅是三个字符,因为JWT是紧凑的。
3.2.2 public claims
这些可以由使用JWT的人员随意定义。但为避免冲突,应在IANA JSON Web令牌注册表中定义它们,或将其定义为包含抗冲突名称空间的URI。
3.2.3 private claims
这些是自定义声明,旨在在同意使用它们的各方之间共享信息,并且既不是注册声明也不是公共声明。
//for example
{
"sub": "1234567890",
"name": "John Doe",
"admin": true
}
然后对有效负载进行Base64Url编码,以形成JSON Web令牌的第二部分。
请注意,对于已签名的令牌,此信息尽管可以防止篡改,但任何人都可以读取。除非加密,否则不要将机密信息放入JWT的有效负载或报头元素中
3.3 Signature
要创建签名部分,您必须获取编码的报头、编码的有效负载、一个秘密、在报头中指定的算法,并对其进行签名。
例如,如果要使用HMAC SHA256算法,将按以下方式创建签名:
//使用HMAC SHA256算法进行加密签名
HMACSHA256(
base64UrlEncode(header) //对header进行base64加密
+ "." +
base64UrlEncode(payload), //对payload进行base64加密
secret //秘密,随机盐,这个不能给别人知道
)
签名用于验证消息在整个过程中没有被更改,并且,在使用私钥签名的令牌的情况下,它还可以验证JWT的发送者是它所说的人。
输出是三个base64url字符串,用点分隔,可以在HTML和HTTP环境中轻松地传递这些字符串,但与基于XML的标准(如SAML)相比,它更紧凑。
下面显示了一个JWT,它对前一个头和有效负载进行了编码,并用一个秘密进行了签名。
4、基于传统的Session认证
5、基于JWT的认证
6、使用JWT
6.1 导入依赖
<dependency>
<groupId>com.auth0</groupId>
<artifactId>java-jwt</artifactId>
<version>3.11.0</version>
</dependency>
6.2 构建token
public void test(){
//生成token
String token = JWT.create()
.withHeader(null) //设置header,一般采用默认值
.withClaim("name", "zhangsan") //设置payload
.withClaim("age", 18)
.withClaim("sex", "girl")
.sign(Algorithm.HMAC256("[email protected]#[email protected]#@%¥……%")); //设置签名,采用HMAC256算法
System.out.println(token);
}
构建token抛出的异常:
- JWTCreationException //构建token失败时,抛出的异常,非法签名结构,无法转换Claims
6.3 验证token
public void test2(){
//验证token
JWTVerifier build = JWT.require(Algorithm.HMAC256("[email protected]#[email protected]#@%¥……%")).build();
//验证token,验证失败会抛出异常
DecodedJWT verify = build.verify("yJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzZXgiOiJnaXJsIiwibmFtZSI6InpoYW5nc2FuIiwiYWdlIjoxOH0.Cne13wAqFmRgmxgWOKgykGXVSfba5XjS-c4soh83QqQ");
System.out.println(verify.getClaim("name").asString());
System.out.println(verify.getClaim("age").asInt());
System.out.println(verify.getClaim("sex").asString());
}
随机盐:[email protected]#[email protected]#@%¥……% 随机设置,不能被别人知道,加密和解密保持一致
加密算法:HMAC256 加密和解密保持一致
验证token抛出的异常:
先验签,后验token。
7、JWT工具类
/** * JWT工具类 */
public class JWTUtils {
//随机盐,随机设置
private final static String secret = "$%#$%%^[email protected]#[email protected]";
/** * 根据提供的k-v进行生成token * @param payload k-v信息 * @param expireTime 过期时间,单位:秒 * @return token */
public static String createToken(Map<String,String> payload, Integer expireTime) {
Calendar instance = Calendar.getInstance();
instance.add(Calendar.SECOND,expireTime);
String token = null;
try{
//创建Builder对象
JWTCreator.Builder builder = JWT.create().withHeader(null); //header
//payload
payload.forEach((k,v)->{
builder.withClaim(k,v);
});
builder.withExpiresAt(instance.getTime()); //过期时间
token = builder.sign(Algorithm.HMAC256(secret)); //签名
}catch (JWTCreationException e){
System.out.println("构建token异常,请检查签名是否合法...");
}
return token;
}
/** * 验证token是否合法 * @param token * @return false:验证失败 true:验证合法 */
public static boolean verifyJWT(String token){
try{
JWT.require(Algorithm.HMAC256(secret)).build().verify(token);
}catch (JWTVerificationException e){
return false;
}
return true;
}
/** * 获取token的数据 * @return map */
public static Map<String,String> decodeJWT(String token){
Map<String,String> map = new HashMap<>();
try{
DecodedJWT verify = JWT.require(Algorithm.HMAC256(secret)).build().verify(token);
Map<String, Claim> claims = verify.getClaims();
claims.forEach((k,v)->{
map.put(k,v.asString());
});
return map;
}catch (JWTVerificationException e){
return null;
}
}
}
8、JWT在WEB中的应用
1、创建springboot项目,导入依赖
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>com.auth0</groupId>
<artifactId>java-jwt</artifactId>
<version>3.11.0</version>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>8.0.15</version>
</dependency>
<dependency>
<groupId>com.baomidou</groupId>
<artifactId>mybatis-plus-boot-starter</artifactId>
<version>3.4.1</version>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<version>1.18.12</version>
</dependency>
<dependency>
<groupId>org.codehaus.jackson</groupId>
<artifactId>jackson-mapper-asl</artifactId>
<version>1.9.13</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
<version>3.7</version>
</dependency>
2、配置application.yml
mybatis-plus:
type-aliases-package: top.linging.jwt.pojo
mapper-locations: classpath:top/linging/jwt/mapper/*.xml
configuration:
map-underscore-to-camel-case: true
spring:
datasource:
driver-class-name: com.mysql.cj.jdbc.Driver
url: jdbc:mysql://localhost:3306/student?characterEncoding=UTF-8&useSSL=false&allowPublicKeyRetrieval=true&serverTimezone=UTC
username: root
password: 123456
thymeleaf:
prefix: classpath:/templates/
suffix: .html
cache: false
server:
port: 8082
3、编写登录拦截器
public class LoginInterceptor implements HandlerInterceptor {
/** * 获取requestHeader中的token * @param request * @param response * @param handler * @return * @throws Exception */
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
System.out.println("拦截诶器中...............");
//获取requestHeader中的token
String token = CookieUtils.getCookieValue(request,"userToken");
//返回结果
Map<String, Object> map = new HashMap<>();
//验证token失败
if(token == null || !JWTUtils.verifyJWT(token)) {
map.put("status",false);
map.put("msg","login fail");
response.setContentType("application/json;charset=utf-8");
response.getWriter().println(JsonUtil.mapToJson(map));
return false;
}
//放行
System.out.println("成功.....");
return true;
}
}
4、注册拦截器
@Configuration
public class WebConfig implements WebMvcConfigurer {
//拦截器对请求进行拦截与放行
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(new LoginInterceptor())
.addPathPatterns("/user/**")
.excludePathPatterns("/user/login")
.excludePathPatterns("/router/toLogin");
}
private CorsConfiguration corsConfig() {
CorsConfiguration corsConfiguration = new CorsConfiguration();
// 请求常用的三种配置,*代表允许所有,也可以自定义属性(比如 header 只能带什么,只能是 post 方式等)
corsConfiguration.addAllowedOrigin("*");
corsConfiguration.addAllowedHeader("*");
corsConfiguration.addAllowedMethod("*");
corsConfiguration.setAllowCredentials(true);
corsConfiguration.setMaxAge(3600L);
return corsConfiguration;
}
//解决跨域
@Bean
public CorsFilter corsFilter() {
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", corsConfig());
return new CorsFilter(source);
}
}
5、编写mapper层
@Repository
public interface UserMapper extends BaseMapper<User> {
}
6、编写service层
@Service
@Transactional
public class UserServiceImpl implements UserService {
@Autowired
private UserMapper userMapper;
/** * 登录 * @param name * @return */
@Override
public User findUserByName(String name) {
QueryWrapper<User> queryWrapper = new QueryWrapper<>();
queryWrapper.eq("name",name);
return userMapper.selectOne(queryWrapper);
}
/** * 需要登录才能访问的api * @return */
@Override
public List<User> findAllUser() {
return userMapper.selectList(null);
}
}
7、编写controller层
//@CrossOrigin(value = "*")
@RestController
@RequestMapping("/user")
public class UserController {
@Autowired
private UserService userService;
//登录的方法
@PostMapping("/login")
public Map<String,Object> login(@RequestParam("name") String username,
HttpServletRequest request,
HttpServletResponse response){
int expireTime = 10; //过期时间,10s
System.out.println(username);
Map<String, String> payload = new HashMap<>();
payload.put("name",username);
String token = JWTUtils.createToken(payload,expireTime);
Map<String, Object> map = new HashMap<>();
if(token == null){
map.put("status",false);
map.put("msg","login fail");
map.put("token","");
return map;
}
CookieUtils.setCookie(request,response,"userToken",token,expireTime,"",true);
map.put("status",true);
map.put("msg","login ok");
map.put("token",token);
return map;
}
//需要登录之后才能访问的方法
@GetMapping("/list")
public List<User> findAllUser(){
return userService.findAllUser();
}
}
用到的工具类:
/** * @ClassName JsonUtil * @Description json工具类 * @Author AlphaJunS * @Date 2020/3/27 18:59 * @Version 1.0 */
public class JsonUtil {
/** * @Author AlphaJunS * @Date 19:06 2020/3/27 * @Description json转map * @param json * @return java.util.Map<java.lang.String,java.lang.Object> */
public static Map<String,Object> jsonToMap(String json) throws Exception{
ObjectMapper objectMapper = new ObjectMapper();
Map<String,Object> map;
try {
map = (Map<String,Object>)objectMapper.readValue(json, Map.class);
} catch (JsonParseException e) {
// TODO Auto-generated catch block
e.printStackTrace();
throw e;
} catch (JsonMappingException e) {
// TODO Auto-generated catch block
e.printStackTrace();
throw e;
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
throw e;
}
return map;
}
/** * @Author AlphaJunS * @Date 19:07 2020/3/27 * @Description json转List<Map<String,?>> * @param json * @return java.util.List<java.util.Map<java.lang.String,?>> */
public static List<Map<String,?>> jsonToMapList(String json) throws Exception{
ObjectMapper objectMapper = new ObjectMapper();
JavaType javaType = objectMapper.getTypeFactory().constructParametricType(List.class, Map.class);
List<Map<String, ?>> mapList;
try {
mapList = (List<Map<String,?>>)objectMapper.readValue(json, javaType);
} catch (JsonParseException e) {
// TODO Auto-generated catch block
e.printStackTrace();
throw e;
} catch (JsonMappingException e) {
// TODO Auto-generated catch block
e.printStackTrace();
throw e;
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
throw e;
}
return mapList;
}
/** * @Author AlphaJunS * @Date 19:09 2020/3/27 * @Description map转json * @param map * @return java.lang.String */
public static String mapToJson(Map<String,Object> map) throws Exception{
ObjectMapper objectMapper = new ObjectMapper();
String jsonString = objectMapper.writeValueAsString(map);
return jsonString;
}
/** * @Author AlphaJunS * @Date 19:10 2020/3/27 * @Description 对象转json * @param object * @return java.lang.String */
public static String objectToJson(Object object) throws Exception{
ObjectMapper objectMapper = new ObjectMapper();
String jsonList;
try {
jsonList = objectMapper.writeValueAsString(object);
} catch (JsonParseException e) {
// TODO Auto-generated catch block
e.printStackTrace();
throw e;
} catch (JsonMappingException e) {
// TODO Auto-generated catch block
e.printStackTrace();
throw e;
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
throw e;
}
return jsonList;
}
/** * @Author AlphaJunS * @Date 20:52 2020/3/27 * @Description List<Map<String,?>>转json * @param cardInfoList * @return java.lang.String */
public static String mapListToJson(List<Map<String, Object>> cardInfoList) throws Exception{
ObjectMapper objectMapper = new ObjectMapper();
String jsonList;
try {
jsonList = objectMapper.writeValueAsString(cardInfoList);
} catch (JsonParseException e) {
// TODO Auto-generated catch block
e.printStackTrace();
throw e;
} catch (JsonMappingException e) {
// TODO Auto-generated catch block
e.printStackTrace();
throw e;
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
throw e;
}
return jsonList;
}
/** * @Author AlphaJunS * @Date 20:57 2020/3/27 * @Description 数组转json * @param args * @return java.lang.String */
public static String arrayToJson(String[] args) throws Exception{
// 先讲数组转化为map,然后map转json
Map<String,String> map = new HashMap<String,String>();
for(int i=0; i<args.length; i++){
map.put(i+"", args[i]);
}
String json = JsonUtil.objectToJson(map);
return json;
}
}
/** * * Cookie 工具类 * */
public final class CookieUtils {
static final Logger logger = LoggerFactory.getLogger(CookieUtils.class);
/** * 得到Cookie的值, 不编码 * * @param request * @param cookieName * @return */
public static String getCookieValue(HttpServletRequest request, String cookieName) {
return getCookieValue(request, cookieName, false);
}
/** * 得到Cookie的值, * * @param request * @param cookieName * @return */
public static String getCookieValue(HttpServletRequest request, String cookieName, boolean isDecoder) {
Cookie[] cookieList = request.getCookies();
if (cookieList == null || cookieName == null){
return null;
}
String retValue = null;
try {
for (int i = 0; i < cookieList.length; i++) {
if (cookieList[i].getName().equals(cookieName)) {
if (isDecoder) {
retValue = URLDecoder.decode(cookieList[i].getValue(), "UTF-8");
} else {
retValue = cookieList[i].getValue();
}
break;
}
}
} catch (UnsupportedEncodingException e) {
logger.error("Cookie Decode Error.", e);
}
return retValue;
}
/** * 得到Cookie的值, * * @param request * @param cookieName * @return */
public static String getCookieValue(HttpServletRequest request, String cookieName, String encodeString) {
Cookie[] cookieList = request.getCookies();
if (cookieList == null || cookieName == null){
return null;
}
String retValue = null;
try {
for (int i = 0; i < cookieList.length; i++) {
if (cookieList[i].getName().equals(cookieName)) {
retValue = URLDecoder.decode(cookieList[i].getValue(), encodeString);
break;
}
}
} catch (UnsupportedEncodingException e) {
logger.error("Cookie Decode Error.", e);
}
return retValue;
}
/** * 生成cookie,并指定编码 * @param request 请求 * @param response 响应 * @param cookieName name * @param cookieValue value * @param encodeString 编码 */
public static final void setCookie(HttpServletRequest request, HttpServletResponse response, String cookieName, String cookieValue, String encodeString) {
setCookie(request,response,cookieName,cookieValue,null,encodeString, null);
}
/** * 生成cookie,并指定生存时间 * @param request 请求 * @param response 响应 * @param cookieName name * @param cookieValue value * @param cookieMaxAge 生存时间 */
public static final void setCookie(HttpServletRequest request, HttpServletResponse response, String cookieName, String cookieValue, Integer cookieMaxAge) {
setCookie(request,response,cookieName,cookieValue,cookieMaxAge,null, null);
}
/** * 设置cookie,不指定httpOnly属性 */
public static final void setCookie(HttpServletRequest request, HttpServletResponse response, String cookieName, String cookieValue, Integer cookieMaxAge, String encodeString) {
setCookie(request,response,cookieName,cookieValue,cookieMaxAge,encodeString, null);
}
/** * 设置Cookie的值,并使其在指定时间内生效 * * @param cookieMaxAge * cookie生效的最大秒数 */
public static final void setCookie(HttpServletRequest request, HttpServletResponse response, String cookieName, String cookieValue, Integer cookieMaxAge, String encodeString, Boolean httpOnly) {
try {
if(StringUtils.isBlank(encodeString)) {
encodeString = "utf-8";
}
if (cookieValue == null) {
cookieValue = "";
} else {
cookieValue = URLEncoder.encode(cookieValue, encodeString);
}
Cookie cookie = new Cookie(cookieName, cookieValue);
if (cookieMaxAge != null && cookieMaxAge > 0)
cookie.setMaxAge(cookieMaxAge);
if (null != request)// 设置域名的cookie
cookie.setDomain(getDomainName(request));
cookie.setPath("/");
if(httpOnly != null) {
cookie.setHttpOnly(httpOnly);
}
response.addCookie(cookie);
} catch (Exception e) {
logger.error("Cookie Encode Error.", e);
}
}
/** * 得到cookie的域名 */
private static final String getDomainName(HttpServletRequest request) {
String domainName = null;
String serverName = request.getRequestURL().toString();
if (serverName == null || serverName.equals("")) {
domainName = "";
} else {
serverName = serverName.toLowerCase();
serverName = serverName.substring(7);
final int end = serverName.indexOf("/");
serverName = serverName.substring(0, end);
final String[] domains = serverName.split("\\.");
int len = domains.length;
if (len > 3) {
// www.xxx.com.cn
domainName = domains[len - 3] + "." + domains[len - 2] + "." + domains[len - 1];
} else if (len <= 3 && len > 1) {
// xxx.com or xxx.cn
domainName = domains[len - 2] + "." + domains[len - 1];
} else {
domainName = serverName;
}
}
if (domainName != null && domainName.indexOf(":") > 0) {
String[] ary = domainName.split("\\:");
domainName = ary[0];
}
return domainName;
}
}
html:
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Title</title>
<script src="https://cdn.bootcdn.net/ajax/libs/jquery/3.5.1/jquery.min.js"></script>
</head>
<body>
<div id="form_data">
<input type="text" name="name" id="name"><br>
<input type="password" name="password" id="password"><br>
<button id="sub_ajax">login in</button>
</div>
<div id="res"></div>
<button id="getData">获取数据</button>
<hr>
<table border="1" id="dataTable">
<tr>
<td>id</td>
<td>name</td>
</tr>
</table>
<script> $("#sub_ajax").click(function () {
$.ajax({
url:'/user/login', type:'post', dataType:'json', data:{
name:$("#name").val()}, success:function (res) {
$("#res").html(res.token); }, error:function (res) {
console.log(res); } }) }); $("#getData").click(function () {
$.ajax({
url:'/user/list', type:'get', dataType:'json', data:{
}, success:function (res) {
var tb = '<tr>\n' + ' <td>id</td>\n' + ' <td>name</td>\n' + ' </tr>'; for(var i = 0; i < res.length; i++){
var tr = '<tr>\n' + ' <td>'+res[i].id+'</td>\n' + ' <td>'+res[i].name+'</td>\n' + ' </tr>'; tb += tr; } $("#dataTable").html(tb); }, error:function (res) {
console.log(res); } }) }); </script>
</body>
</html>
et’,
dataType:‘json’,
data:{},
success:function (res) {
var tb = ‘\n’ +
’ id\n’ +
’ name\n’ +
’ ‘;
for(var i = 0; i < res.length; i++){
var tr = ‘\n’ +
’ ’+res[i].id+‘\n’ +
’ ‘+res[i].name+’\n’ +
’ ';
tb += tr;
}
$(“#dataTable”).html(tb);
},
error:function (res) {
console.log(res);
}
})
});
边栏推荐
- Geoserver+mysql+openlayers
- 面试官:谈谈如何防止消息丢失和消息重复
- 动态规划常见实例详解
- golang刷leetcode动态规划(12)最小路径和
- golang面试题
- Brain-computer interface 003 | Musk said that he has realized a virtual self-dialogue with the cloud, and related concept shares have risen sharply
- Geoserver+mysql+openlayers2
- MySQL安装配置教程(超级详细、保姆级)
- thinkphp框架5.0.23安全更新问题-漏洞修复-/thinkphp/library/think/App.php具体怎么改以及为什么要这么改
- Mppt光伏最大功率点跟踪控制matlab仿真
猜你喜欢
随机推荐
视频隐写一
3 and a half years of testing experience, I don't have 20K, it seems it's time to change jobs
Nature Microbiology综述:聚焦藻际--浮游植物和细菌互作的生态界面
如何正确地配置入口文件?
【心理学 · 人物】第一期
idea 配置resin
golang刷leetcode 经典(9)为运算表达式设计优先级
动态折线图,制作原来是这么简单
【OpenNI2】资料整理 -- 不断更新中
2022-07-26
Brain-computer interface 003 | Musk said that he has realized a virtual self-dialogue with the cloud, and related concept shares have risen sharply
LSB利器-zsteg
你想要的宏基因组-微生物组知识全在这(2022.8)
MySQL安装时一直卡在starting server
js Fetch返回数据res.json()报错问题
Boyun Selected as Gartner China DevOps Representative Vendor
1.0.0到1.0.2的底层数据库表的更新,需要再重新自建数据库吗?
Therapy | How to Identify and Deal with Negative Thoughts
MYSQL关键字执行顺序?
Mppt photovoltaic maximum power point tracking control matlab simulation