当前位置:网站首页>JWT-JSON WEB TOKEN
JWT-JSON WEB TOKEN
2022-07-06 06:08:00 【雪峰.贵】
一、JWT是什么?
二、JWT的组成
- Header: 记录令牌的类型,签名的算法名。{“alg”:“HS256”,“type”:“JWT”}
- Payload:记录用户信息。{“username”:“GXF”,“id”:“1”}
- Signature:防止Token被篡改,提高安全性。根据Header和Payload计算出来的一个字符串。
三、Token组成
token=BASE64(Header).BASE64(Payload).BASE64(Signature)
四、Signature的组成
Signature是由Header里的alg指定的算法计算出来。
Signature=指定的算法(BASE64(Header).BASE64(Payload),密钥)
五、使用
- 加依赖
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-api</artifactId>
<version>0.10.7</version>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-impl</artifactId>
<version>0.10.7</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-jackson</artifactId>
<version>0.10.7</version>
<scope>runtime</scope>
</dependency>
- 加配置
jwt:
secret: 123456 #密钥
# 有效期,单位秒,默认2周
expire-time-in-second: 1209600
- 加工具类
import com.google.common.collect.Maps;
import io.jsonwebtoken.*;
import io.jsonwebtoken.security.Keys;
import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.codec.binary.Base64;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;
import javax.crypto.SecretKey;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
@Slf4j
@RequiredArgsConstructor
@SuppressWarnings("WeakerAccess")
@Component
public class JwtOperator {
/** * 秘钥 * - 默认aaabbbcccdddeeefffggghhhiiijjjkkklllmmmnnnooopppqqqrrrsssttt */
@Value("${secret:aaabbbcccdddeeefffggghhhiiijjjkkklllmmmnnnooopppqqqrrrsssttt}")
private String secret;
/** * 有效期,单位秒 * - 默认2周 */
@Value("${expire-time-in-second:1209600}")
private Long expirationTimeInSecond;
/** * 从token中获取claim * * @param token token * @return claim */
public Claims getClaimsFromToken(String token) {
try {
return Jwts.parser()
.setSigningKey(this.secret.getBytes())
.parseClaimsJws(token)
.getBody();
} catch (ExpiredJwtException | UnsupportedJwtException | MalformedJwtException | IllegalArgumentException e) {
log.error("token解析错误", e);
throw new IllegalArgumentException("Token invalided.");
}
}
/** * 获取token的过期时间 * * @param token token * @return 过期时间 */
public Date getExpirationDateFromToken(String token) {
return getClaimsFromToken(token)
.getExpiration();
}
/** * 判断token是否过期 * * @param token token * @return 已过期返回true,未过期返回false */
private Boolean isTokenExpired(String token) {
Date expiration = getExpirationDateFromToken(token);
return expiration.before(new Date());
}
/** * 计算token的过期时间 * * @return 过期时间 */
public Date getExpirationTime() {
return new Date(System.currentTimeMillis() + this.expirationTimeInSecond * 1000);
}
/** * 为指定用户生成token * * @param claims 用户信息 * @return token */
public String generateToken(Map<String, Object> claims) {
Date createdTime = new Date();
Date expirationTime = this.getExpirationTime();
byte[] keyBytes = secret.getBytes();
SecretKey key = Keys.hmacShaKeyFor(keyBytes);
return Jwts.builder()
.setClaims(claims)
.setIssuedAt(createdTime)
.setExpiration(expirationTime)
// 你也可以改用你喜欢的算法
// 支持的算法详见:https://github.com/jwtk/jjwt#features
.signWith(key, SignatureAlgorithm.HS256)
.compact();
}
/** * 判断token是否非法 * * @param token token * @return 未过期返回true,否则返回false */
public Boolean validateToken(String token) {
return !isTokenExpired(token);
}
// public static void main(String[] args) {
// // 1. 初始化
// JwtOperator jwtOperator = new JwtOperator();
// jwtOperator.expirationTimeInSecond = 1209600L;
// jwtOperator.secret = "aaabbbcccdddeeefffggghhhiiijjjkkklllmmmnnnooopppqqqrrrsssttt";
//
// // 2.设置用户信息
// HashMap<String, Object> objectObjectHashMap = Maps.newHashMap();
// objectObjectHashMap.put("id", "1");
//
// // 测试1: 生成token
// String token = jwtOperator.generateToken(objectObjectHashMap);
// // 会生成类似该字符串的内容: eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjEiLCJpYXQiOjE1NjU1ODk4MTcsImV4cCI6MTU2Njc5OTQxN30.27_QgdtTg4SUgxidW6ALHFsZPgMtjCQ4ZYTRmZroKCQ
// System.out.println(token);
//
// // 将我改成上面生成的token!!!
// String someToken = "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjEiLCJpYXQiOjE1NjU1OTQ1NjIsImV4cCI6MTU2NjgwNDE2Mn0.PAvWPcQAZnSlYKNbZr4O1l9aA4LPphuq0OG2QIs7O5E\n";
// // 测试2: 如果能token合法且未过期,返回true
// Boolean validateToken = jwtOperator.validateToken(someToken);
// System.out.println(validateToken);
//
// // 测试3: 获取用户信息
// Claims claims = jwtOperator.getClaimsFromToken(someToken);
// System.out.println(claims);
//
// // 将我改成你生成的token的第一段(以.为边界)
// String encodedHeader = "eyJhbGciOiJIUzI1NiJ9";
// // 测试4: 解密Header
// byte[] header = Base64.decodeBase64(encodedHeader.getBytes());
// System.out.println(new String(header));
//
// // 将我改成你生成的token的第二段(以.为边界)
// String encodedPayload = "eyJpZCI6IjEiLCJpYXQiOjE1NjU1ODk1NDEsImV4cCI6MTU2Njc5OTE0MX0";
// // 测试5: 解密Payload
// byte[] payload = Base64.decodeBase64(encodedPayload.getBytes());
// System.out.println(new String(payload));
//
// // 测试6: 这是一个被篡改的token,因此会报异常,说明JWT是安全的
// jwtOperator.validateToken("eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjEiLCJpYXQiOjE1NjU1ODk3MzIsImV4cCI6MTU2Njc5OTMzMn0.nDv25ex7XuTlmXgNzGX46LqMZItVFyNHQpmL9UQf-aUxxx");
// }
}
边栏推荐
- 使用Nacos管理配置
- The ECU of 21 Audi q5l 45tfsi brushes is upgraded to master special adjustment, and the horsepower is safely and stably increased to 305 horsepower
- 测试周期被压缩?教你9个方法去应对
- Seven imperceptible truths in software testing
- Amazon Engineer: eight important experiences I learned in my career
- Postman核心功能解析-参数化和测试报告
- Understanding of processes and threads
- 黑猫带你学UFS协议第4篇:UFS协议栈详解
- Network protocol model
- Request forwarding and redirection
猜你喜欢
Fault, error, failure of functional safety
【无App Push 通用测试方案
Sqlmap tutorial (III) practical skills II
HCIA review
IP day 16 VLAN MPLS configuration
【微信小程序】搭建开发工具环境
Basic knowledge of error
Web service connector: Servlet
JMeter做接口测试,如何提取登录Cookie
The ECU of 21 Audi q5l 45tfsi brushes is upgraded to master special adjustment, and the horsepower is safely and stably increased to 305 horsepower
随机推荐
【微信小程序】搭建开发工具环境
Clock in during winter vacation
Company video accelerated playback
公司視頻加速播放
PAT(乙级)2022年夏季考试
LeetCode 1200. 最小绝对差
Nodejs realizes the third-party login of Weibo
Hongliao Technology: Liu qiangdong's "heavy hand"
Analysis report on development trends and investment planning of China's methanol industry from 2022 to 2028
HCIA复习
Usage of test macro of GTEST
Amazon Engineer: eight important experiences I learned in my career
[postman] test script writing and assertion details
黑猫带你学eMMC协议第10篇:eMMC读写操作详解(read & write)
The ECU of 21 Audi q5l 45tfsi brushes is upgraded to master special adjustment, and the horsepower is safely and stably increased to 305 horsepower
[C language] qsort function
H3C V7 switch configuration IRF
Web service connector: Servlet
2022 software testing workflow to know
还在为如何编写Web自动化测试用例而烦恼嘛?资深测试工程师手把手教你Selenium 测试用例编写