1、引入jwt的pom依赖
<!-- 引入jwt-->
<dependency>
<groupId>com.auth0</groupId>
<artifactId>java-jwt</artifactId>
<version>3.4.0</version>
</dependency>
2、JWT基本使用
@Test
void testJwt(){
HashMap<String,Object> map = new HashMap<>();
Calendar instance = Calendar.getInstance();
instance.add(Calendar.SECOND,200);
String sign = JWT.create()
.withHeader(map) //header
.withClaim("userId", 123456) //payload
.withClaim("username", "zhangSan")
.withExpiresAt(instance.getTime()) //设置过期时间
.sign(Algorithm.HMAC256("!FAFSDFD")); //签名 相当于秘钥
System.out.println(sign);
}
@Test
void testJwtVerify(){
JWTVerifier build = JWT.require(Algorithm.HMAC256("!FAFSDFD")).build(); //需要用相同的编码方式
DecodedJWT verify = build.verify("eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjE2Mjc4NjQ2ODUsInVzZXJJZCI6MTIzNDU2LCJ1c2VybmFtZSI6InpoYW5nU2FuIn0.WKrqLzDQs4NWXa2WW1RrLbC1S7BLeAcguvYBzqK7NuI"); //sign的值
System.out.println(verify.getClaim("userId").asInt());
System.out.println(verify.getClaim("username").asString());
}
3、常见异常信息
- SignatureVerificationException : 签名不一致异常
- TokenExporedException : 令牌过期异常
- AlgorithmMismatchException: 算法不匹配异常
- InvalidClaimException: 失效的payload异常
4、封装JWT工具类
package com.twoGroup.boot.utils;
import com.auth0.jwt.JWT;
import com.auth0.jwt.JWTCreator;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.interfaces.DecodedJWT;
import java.util.Calendar;
import java.util.Map;
public class JWTUtils {
private static final String SING = "!F@AFSDFD4151EARS";
/**'
* 生成token header.payload,sing
*/
public static String getToken(Map<String,String> map) {
Calendar instance = Calendar.getInstance();
instance.add(Calendar.DATE,7); //默认指定过去时间为 7天
//创建jwt builder
JWTCreator.Builder builder = JWT.create();
//payload
map.forEach((k,v)->{
builder.withClaim(k,v);
});
String token = builder.withExpiresAt(instance.getTime()). //指定令牌过期时间
sign(Algorithm.HMAC256(SING)); //sing
return token;
}
/**
* 验证token 合法性 异常信息在这会报出
*/
public static void verify(String token){
JWT.require(Algorithm.HMAC256(SING)).build().verify(token);
}
/**
* 获取token信息的方法
*/
public static DecodedJWT getTokenInfo(String token){
DecodedJWT verify = JWT.require(Algorithm.HMAC256(SING)).build().verify(token);
return verify;
}
}
/**
* 或者不要getTokenInfo方法 直接在verify内返回
*/
// public static DecodedJWT verify(String token){
// return JWT.require(Algorithm.HMAC256(SING)).build().verify(token);
// }