JWT笔记
参考资料
三部分组成,用 . 拼接
例如:
dhuashduiahsuidhais.djasiojdioasjiodas.dsaojdoijasiod
Header
{
'type':'JWT', //token的类型
'alg':'HS256' //算法的名称
}
将以上信息进行base64加密之后就变成了jwt的第一部分
Payload
存放有效信息的地方
{
"sub":"123456",
"name":'sjon',
"admin":true
}
将以上信息进行base64加密之后得到jwt的第二部分
Signature
Signatrue是将加密之后的Header和Payload用 . 去拼接,然后将结果通过Header中声明的算法进行加密
代码案例
依赖
<!--JWT依赖-->
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt</artifactId>
<version>0.9.1</version>
</dependency>
<!--JWT测试依赖-->
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-annotations</artifactId>
<version>2.9.7</version>
</dependency>
<!-- jaxb依赖包 -->
<dependency>
<groupId>javax.xml.bind</groupId>
<artifactId>jaxb-api</artifactId>
<version>2.3.0</version>
</dependency>
<dependency>
<groupId>com.sun.xml.bind</groupId>
<artifactId>jaxb-impl</artifactId>
<version>2.3.0</version>
</dependency>
<dependency>
<groupId>com.sun.xml.bind</groupId>
<artifactId>jaxb-core</artifactId>
<version>2.3.0</version>
</dependency>
<dependency>
<groupId>javax.activation</groupId>
<artifactId>activation</artifactId>
<version>1.1.1</version>
</dependency>
<!--JWT测试依赖-->
代码
public class JwtTest {
private long time = 1000*60*24; //一天时间
private String signature = "admin";
//获取token
@Test
public void test(){
//创建JWT对象
JwtBuilder jwtBuilder = Jwts.builder();
//设置JWT的三部分
String jwtToken = jwtBuilder
//header
.setHeaderParam("typ", "jwt")
.setHeaderParam("alg","HS256")
//payload
.claim("username","Tom")
.claim("role", "admin")
.setSubject("admin-test")
//设置有效时间 当前时间加上过期时间
.setExpiration(new Date(System.currentTimeMillis() + time))
.setId(UUID.randomUUID().toString())
//Signature
.signWith(SignatureAlgorithm.HS256,signature)
//将将部分进行拼接
.compact();
System.out.println(jwtToken);
//结果: //eyJ0eXAiOiJqd3QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VybmFtZSI6IlRvbSIsInJvbGUiOiJhZG1pbiIsInN1YiI6ImFkbWluLXRlc3QiLCJleHAiOjE2NTA1NDU1MTcsImp0aSI6IjU3ZjQ1NzY5LTlhMTYtNGJjNS1hNzQ4LTU4YWFiMzllNTA2NyJ9.-D1p6LjkyFWBVVdRSR43CwTTYDB9O9g1v5nb98TLFbo
}
//token解密
@Test
public void pares(){
//需要解密的token
String token = "eyJ0eXAiOiJqd3QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VybmFtZSI6IlRvbSIsInJvbGUiOiJhZG1pbiIsInN1YiI6ImFkbWluLXRlc3QiLCJleHAiOjE2NTA1NDU1MTcsImp0aSI6IjU3ZjQ1NzY5LTlhMTYtNGJjNS1hNzQ4LTU4YWFiMzllNTA2NyJ9.-D1p6LjkyFWBVVdRSR43CwTTYDB9O9g1v5nb98TLFbo";
//创建JwtParser对象
JwtParser jwtParser = Jwts.parser();
//解密 通过signature进行签名,也通过signature进行解密
Jws<Claims> claimsJws = jwtParser.setSigningKey(signature).parseClaimsJws(token);
Claims claims = claimsJws.getBody();
//取数据
System.out.println(claims.get("username"));
System.out.println(claims.get("role"));
System.out.println(claims.getId());
System.out.println(claims.getSubject());
System.out.println(claims.getExpiration());
}
}
