Java实现token的生成与验证-登录功能
二、基于JWT的token认证实现
JWT:JSON Web Token,其实token就是一段字符串,由三部分组成:Header,Payload,Signature
1、引入依赖
<dependency> <groupId>com.auth0</groupId> <artifactId>java-jwt</artifactId> <version>3.8.2</version> </dependency>
2、设置密钥和生存时间
//设置过期时间 private static final long EXPIRE_DATE=30*60*100000; //token秘钥 private static final String TOKEN_SECRET = "ZCEQIUBFKSJBFJH2020BQWE";
3、实现签名方法
public static String token (String username,String password){ String token = ""; try { //过期时间 Date date = new Date(System.currentTimeMillis()+EXPIRE_DATE); //秘钥及加密算法 Algorithm algorithm = Algorithm.HMAC256(TOKEN_SECRET); //设置头部信息 Map<String,Object> header = new HashMap<>(); header.put("typ","JWT"); header.put("alg","HS256"); //携带username,password信息,生成签名 token = JWT.create() .withHeader(header) .withClaim("username",username) .withClaim("password",password).withExpiresAt(date) .sign(algorithm); }catch (Exception e){ e.printStackTrace(); return null; } return token; }
4、验证token
public static boolean verify(String token){ /** * @desc 验证token,通过返回true * @create 2019/1/18/018 9:39 * @params [token]需要校验的串 **/ try { Algorithm algorithm = Algorithm.HMAC256(TOKEN_SECRET); JWTVerifier verifier = JWT.require(algorithm).build(); DecodedJWT jwt = verifier.verify(token); return true; }catch (Exception e){ e.printStackTrace(); return false; } }
5、测试
1)、直接用生成的token去验证,成功
public static void main(String[] args) { String username ="zhangsan"; String password = "123"; String token = token(username,password); System.out.println(token); boolean b = verify(token); System.out.println(b); }
三、完整的Token工具类代码
package xxx.utils; //你的包 import com.auth0.jwt.JWT; import com.auth0.jwt.JWTVerifier; import com.auth0.jwt.algorithms.Algorithm; import com.auth0.jwt.interfaces.DecodedJWT; import java.util.Date; import java.util.HashMap; import java.util.Map; /** * @desc 使用token验证用户是否登录 * @author zm **/ public class TokenUtils { //设置过期时间 private static final long EXPIRE_DATE=30*60*100000; //token秘钥 private static final String TOKEN_SECRET = "ZCfasfhuaUUHufguGuwu2020BQWE"; public static String token (String username,String password){ String token = ""; try { //过期时间 Date date = new Date(System.currentTimeMillis()+EXPIRE_DATE); //秘钥及加密算法 Algorithm algorithm = Algorithm.HMAC256(TOKEN_SECRET); //设置头部信息 Map<String,Object> header = new HashMap<>(); header.put("typ","JWT"); header.put("alg","HS256"); //携带username,password信息,生成签名 token = JWT.create() .withHeader(header) .withClaim("username",username) .withClaim("password",password).withExpiresAt(date) .sign(algorithm); }catch (Exception e){ e.printStackTrace(); return null; } return token; } public static boolean verify(String token){ /** * @desc 验证token,通过返回true * @params [token]需要校验的串 **/ try { Algorithm algorithm = Algorithm.HMAC256(TOKEN_SECRET); JWTVerifier verifier = JWT.require(algorithm).build(); DecodedJWT jwt = verifier.verify(token); return true; }catch (Exception e){ e.printStackTrace(); return false; } } public static void main(String[] args) { String username ="zhangsan"; String password = "123"; String token = token(username,password); System.out.println(token); boolean b = verify("eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwYXNzd22yZCI6IjEyMyIsImV4cCI6MTU3ODE5NzQxMywidXNlcm5hbWUiOiJ6aGFuZ3NhbiJ9.IyTZT0tISQQZhGhsNuaqHGV8LD7idjUYjn3MGbulmJg"); System.out.println(b); } }