JSON Web Token的使用
JSON Web Token(JWT)是一个非常轻巧的规范。这个规范允许我们使用JWT在用户和服务器之间传递安全可靠的信息。
1、
1 <dependency> 2 <groupId>io.jsonwebtoken</groupId> 3 <artifactId>jjwt</artifactId> 4 <version>0.6.0</version> 5 </dependency>
2、创建TokenUtils类
1 package xxxxxx; 2 3 import java.security.Key; 4 import java.util.Date; 5 import java.util.Map; 6 7 import javax.crypto.spec.SecretKeySpec; 8 9 import org.apache.commons.codec.binary.Base64; 10 11 import xxxxxx.Cst; 12 13 import io.jsonwebtoken.Claims; 14 import io.jsonwebtoken.Jws; 15 import io.jsonwebtoken.JwtBuilder; 16 import io.jsonwebtoken.Jwts; 17 import io.jsonwebtoken.SignatureAlgorithm; 18 import io.jsonwebtoken.impl.crypto.MacProvider; 19 20 public class TokenUtils { 21 // 版本 22 public static String TOKEN_VERSION = "1"; 23 // 设置发行人 24 public static String ISSUER = "zhicall"; 25 // 设置抽象主题 26 public static String SUBJECT = "subject"; 27 28 // HS256 私钥 29 public static String HS256KEY = "xxxxxx"; 30 31 public static SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.HS256; 32 33 public static Key signingKey = new SecretKeySpec(Base64.decodeBase64(HS256KEY), signatureAlgorithm.getJcaName()); 34 35 public static String getJWTString(String login, Map<String, Object> claims) { 36 37 long nowMillis = System.currentTimeMillis(); 38 claims.put(Claims.ID, TOKEN_VERSION); 39 claims.put(Claims.ISSUER, ISSUER); 40 claims.put(Claims.SUBJECT, SUBJECT); 41 claims.put(Claims.AUDIENCE, login); 42 claims.put(Claims.EXPIRATION, new Date(nowMillis + (Cst.TOKEN_TIMEOUT_MIN * 60 * 1000))); 43 claims.put(Claims.ISSUED_AT, new Date(nowMillis)); 44 45 JwtBuilder jwtBuilder = Jwts.builder().setClaims(claims); 46 //System.out.println(System.currentTimeMillis() - nowMillis); 47 jwtBuilder.signWith(signatureAlgorithm, signingKey); 48 return jwtBuilder.compact(); 49 } 50 51 public static boolean isValid(String token) { 52 try { 53 Jws<Claims> jwsClaims = Jwts.parser().setSigningKey(signingKey).parseClaimsJws(token.trim()); 54 Long exp = (Long) jwsClaims.getBody().get(Claims.EXPIRATION); 55 //System.out.println(exp - System.currentTimeMillis()); 56 return exp - System.currentTimeMillis() > 0; 57 } catch (Exception e) { 58 e.printStackTrace(); 59 return false; 60 } 61 } 62 63 public static Map<String, Object> parseJWTtoMap(String token) { 64 Claims claims = Jwts.parser().setSigningKey(signingKey).parseClaimsJws(token.trim()).getBody(); 65 return claims; 66 } 67 68 public static String getHS512Key() { 69 Key key = MacProvider.generateKey(SignatureAlgorithm.HS512); 70 String keyStr = Base64.encodeBase64String(key.getEncoded()); 71 return keyStr; 72 } 73 }
3、调用getJWTString(String login, Map<String, Object> claims)方法可以创建token、claims是个map,可以传入其他的信息,比如权限,角色等信息、