JSON Web Token的使用

JSON Web Token(JWT)是一个非常轻巧的规范。这个规范允许我们使用JWT在用户和服务器之间传递安全可靠的信息。
1、

1 <dependency>
2     <groupId>io.jsonwebtoken</groupId>
3     <artifactId>jjwt</artifactId>
4     <version>0.6.0</version>
5 </dependency>

2、创建TokenUtils类

 1 package xxxxxx;
 2 
 3 import java.security.Key;
 4 import java.util.Date;
 5 import java.util.Map;
 6 
 7 import javax.crypto.spec.SecretKeySpec;
 8 
 9 import org.apache.commons.codec.binary.Base64;
10 
11 import xxxxxx.Cst;
12 
13 import io.jsonwebtoken.Claims;
14 import io.jsonwebtoken.Jws;
15 import io.jsonwebtoken.JwtBuilder;
16 import io.jsonwebtoken.Jwts;
17 import io.jsonwebtoken.SignatureAlgorithm;
18 import io.jsonwebtoken.impl.crypto.MacProvider;
19 
20 public class TokenUtils {
21     // 版本
22     public static String TOKEN_VERSION = "1";
23     // 设置发行人
24     public static String ISSUER = "zhicall";
25     // 设置抽象主题
26     public static String SUBJECT = "subject";
27     
28     // HS256 私钥
29     public static String HS256KEY = "xxxxxx";
30     
31     public static SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.HS256;
32     
33     public static Key signingKey = new SecretKeySpec(Base64.decodeBase64(HS256KEY), signatureAlgorithm.getJcaName());
34 
35     public static String getJWTString(String login, Map<String, Object> claims) {
36         
37         long nowMillis = System.currentTimeMillis();
38         claims.put(Claims.ID, TOKEN_VERSION);
39         claims.put(Claims.ISSUER, ISSUER);
40         claims.put(Claims.SUBJECT, SUBJECT);
41         claims.put(Claims.AUDIENCE, login);
42         claims.put(Claims.EXPIRATION, new Date(nowMillis + (Cst.TOKEN_TIMEOUT_MIN * 60 * 1000)));
43         claims.put(Claims.ISSUED_AT, new Date(nowMillis));
44         
45         JwtBuilder jwtBuilder = Jwts.builder().setClaims(claims);
46         //System.out.println(System.currentTimeMillis() - nowMillis);
47         jwtBuilder.signWith(signatureAlgorithm, signingKey);
48         return jwtBuilder.compact();
49     }
50 
51     public static boolean isValid(String token) {
52         try {
53             Jws<Claims> jwsClaims = Jwts.parser().setSigningKey(signingKey).parseClaimsJws(token.trim());
54             Long exp = (Long) jwsClaims.getBody().get(Claims.EXPIRATION);
55             //System.out.println(exp - System.currentTimeMillis());
56             return exp - System.currentTimeMillis() > 0;
57         } catch (Exception e) {
58             e.printStackTrace();
59             return false;
60         }
61     }
62 
63     public static Map<String, Object> parseJWTtoMap(String token) {
64         Claims claims = Jwts.parser().setSigningKey(signingKey).parseClaimsJws(token.trim()).getBody();
65         return claims;
66     }
67     
68     public static String getHS512Key() {
69         Key key = MacProvider.generateKey(SignatureAlgorithm.HS512);
70         String keyStr = Base64.encodeBase64String(key.getEncoded());
71         return keyStr;
72     }
73 }

3、调用getJWTString(String login, Map<String, Object> claims)方法可以创建token、claims是个map,可以传入其他的信息,比如权限,角色等信息、

posted on 2017-05-19 11:12  祥昊  阅读(11565)  评论(0编辑  收藏  举报

导航