JWT

java中使用JWT

JWT简介

HEADER:ALGORITHM & TOKEN TYPE

{
  "alg": "HS256",
  "typ": "JWT"
}

PAYLOAD:DATA

{
  "sub": "1234567890",
    "id":1,
  "name": "John Doe",
  "iat": 1516239022
}

VERIFY SIGNATURE

HMACSHA256(
  base64UrlEncode(header) + "." +
  base64UrlEncode(payload),
  SIGNATURE(secret)
)

• 第一部分称为头部（header)， 声明类型以及加密的算法，然后base64加密得到

• 第二部分称为载荷（payload)，存放的就是有效信息，比如签发者，过期时间，标识等， 然后base64加密得到

• 第三部分称为签证（signature)，由 header +payload+secret(盐)， 然后base64加密得到

导入MAVEN依赖

jdk8+

<dependency>
    <groupId>io.jsonwebtoken</groupId>
    <artifactId>jjwt</artifactId>
    <version>0.9.1</version>
</dependency>
<dependency>
    <groupId>javax.xml.bind</groupId>
    <artifactId>jaxb-api</artifactId>
    <version>2.4.0-b180830.0359</version>
</dependency>
<dependency>
    <groupId>com.sun.xml.bind</groupId>
    <artifactId>jaxb-impl</artifactId>
    <version>3.0.0-M4</version>
</dependency>
<dependency>
    <groupId>com.sun.xml.bind</groupId>
    <artifactId>jaxb-core</artifactId>
    <version>3.0.0-M4</version>
</dependency>
<dependency>
    <groupId>javax.activation</groupId>
    <artifactId>activation</artifactId>
    <version>1.1.1</version>
</dependency>

测试

public class MyTest
{
    private String signature = "corgi";

    @Test
    public void creatJWT()
    {

        //用来构建JWT对象
        JwtBuilder jwtBuilder = Jwts.builder();
        String jwtToken = jwtBuilder
                //head
                .setHeaderParam("typ", "jwt")
                .setHeaderParam("alg", "HS256")
                //payload
                .claim("uid", "1")
                .claim("pass", "1")
                .setSubject("corgi")
                //有效时常
                .setExpiration(new Date(System.currentTimeMillis() + Duration.ofDays(1).toMillis()))
                .setId(UUID.randomUUID().toString())
                //签名
                .signWith(SignatureAlgorithm.HS256, signature)
                .compact();
        System.out.println(jwtToken);

    }

    @Test
    public void parseJWT()
    {
        String token = "eyJ0eXAiOiJqd3QiLCJhbGciOiJIUzI1NiJ9.eyJ1aWQiOiIxIiwicGFzcyI6IjEiLCJzdWIiOiJjb3JnaSIsImV4cCI6MTY0Nzc0MjMxMywianRpIjoiODNhOGI4ZjAtNjZjYy00MjQ5LWI0NzItMjhhNDdlZGE2MTZiIn0.tBy2vqc7DHkFFxbEFPw1JXSzhCYW7931IBlDfxwYzAs";
        JwtParser jwtParser = Jwts.parser();
        Jws<Claims> claimsJwt =
                jwtParser.setSigningKey(signature).parseClaimsJws(token);
        Claims claims = claimsJwt.getBody();
        String uid = (String) claims.get("uid");
        String pass = (String) claims.get("pass");
        System.out.println(uid+","+pass);
    }
}

SpringMVC中使用JWT做用户验证

private static final String signature = "corgi**";

    public static String  getJWT(Integer uid)
    {

        //用来构建JWT对象
        JwtBuilder jwtBuilder = Jwts.builder();
        String jwtToken = jwtBuilder
                .setHeaderParam("typ", "jwt")
                .setHeaderParam("alg", "HS256")
                .claim("uid", uid)
                .setSubject("test")
                .setExpiration(new Date(System.currentTimeMillis() + Duration.ofDays(1).toMillis()))
                .setId(UUID.randomUUID().toString())
                .signWith(SignatureAlgorithm.HS256, signature)
                .compact();
        return jwtToken;

    }

    public static Integer findUid(String token)
    {
        JwtParser jwtParser = Jwts.parser();
        Jws<Claims> claimsJwt =
                jwtParser.setSigningKey(signature).parseClaimsJws(token);
        Claims claims = claimsJwt.getBody();
        Integer uid = (Integer) claims.get("uid");
        Date expiration = claims.getExpiration();
        System.out.println(uid+","+expiration);
        return uid;
    }