token接口的实现

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

package org.example.config;
 
import com.auth0.jwt.JWT;
import com.auth0.jwt.JWTVerifier;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.interfaces.DecodedJWT;
 
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
 
/**
 * token生成类
 */
public class TokenUtil {
    // 设置过期时间
    private static final long EXPIRE_DATE = 10 * 60 * 1000;
 
    // token 密钥
    private static final String TOKEN_SECRET = "ZCEQIUBFKSJBFJH2020BQWE";
 
    /**
     * 获取token
     * @param username
     * @param password
     * @return
     */
    public static String getToken(String username, String password) {
       String token = null;
       try{
           // 过期时间
           Date date = new Date(System.currentTimeMillis()+EXPIRE_DATE);
           // 密钥加密算法(哈希)
           Algorithm algorithm = Algorithm.HMAC256(TOKEN_SECRET);
           // 设置头部信息
           Map<String, Object> header  = new HashMap<String, Object>();
           header.put("typ", "JWT");
           header.put("alg", "HS256");
           //携带username，password信息，生成签名
 
           /**
            * JWT.create() 创建token
            *
            * withHeader(header)  指定JWT的头部（header）
            *
            *withClaim("username", username) 和 .withClaim("password", password)
            *方法用于向JWT的有效负载（payload）中添加声明（claim）。声明是关于实体（通常是用户）和其他数据的断言。
            *
            * withExpiresAt(Date date) 该方法用于设置JWT的过期时间
            *
            *sign(algorithm) ----使用指定的算法对令牌进行签名
            *
            */
           token = JWT.create()
                   .withHeader(header)
                   .withClaim("username",username)
                   .withClaim("password",password)
                   .withExpiresAt(date)
                   .sign(algorithm);
       }catch (Exception e){
           e.printStackTrace();
           return null;
       }
       return token;
    }
 
    /**
     * 验证token是否有效
     * @param token
     * @return
     */
    public static boolean verify(String token) {
        try{
            // 使用HMAC256算法和TOKEN_SECRET作为密钥创建Algorithm对象。
            // TOKEN_SECRET应是一个预定义的私有字符串常量，用于生成和验证JWT的签名。
            Algorithm algorithm = Algorithm.HMAC256(TOKEN_SECRET);
 
            // 根据指定的algorithm创建一个JWTVerifier实例。这个实例将用于验证传入的JWT是否合法有效
            JWTVerifier verifier = JWT.require(algorithm).build();
            // 调用verifier的verify方法，并传入待验证的token。
            // 如果token是有效的，则返回解析后的DecodedJWT对象；否则抛出异常。
            DecodedJWT jwt = verifier.verify(token);
            return true;
        }catch (Exception e){
            e.printStackTrace();
            return false;
        }
 
    }
 
}<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>
    <!--配置启动-->
    <parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
        <version>2.5.4</version>
        <relativePath/>
    </parent>
    <!--配置项目名，jdk版本-->
    <groupId>org.example</groupId>
    <artifactId>TokenApp</artifactId>
    <version>0.0.1</version>
    <packaging>war</packaging>
    <name>TokenApp</name>
    <description>SpringBoot project</description>
    <properties>
        <java.version>1.8</java.version>
    </properties>
 
    <dependencies>
        <!--配置-->
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>
        <dependency>
            <groupId>org.projectlombok</groupId>
            <artifactId>lombok</artifactId>
            <optional>true</optional>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-tomcat</artifactId>
            <scope>provided</scope>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
            <scope>test</scope>
        </dependency>
        <dependency>
            <groupId>com.google.code.gson</groupId>
            <artifactId>gson</artifactId>
            <version>2.8.7</version>
        </dependency>
    </dependencies>
 
    <build>
        <!-- war打包插件，设定war包名称不带版本号 -->
        <finalName>TokenApp</finalName>
        <plugins>
            <plugin>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-maven-plugin</artifactId>
                <version>2.5.4</version>
                <configuration>
                    <excludes>
                        <exclude>
                            <groupId>org.projectlombok</groupId>
                            <artifactId>lombok</artifactId>
                        </exclude>
                    </excludes>
                </configuration>
            </plugin>
            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-resources-plugin</artifactId>
                <version>3.1.0</version>
            </plugin>
        </plugins>
    </build>
</project>