json web token ,一般用于用户认证(前后端分离/微信小程序/app开发)
1.什么是token
token 临时且唯一 保证不能重复 缓存有效期机制
如何生成
uuid生成,作为rediskey放入redis中
redis的key作为有效期
session存在缺陷:放入服务器(不共享)
session 中的sessionId类似于token
token优点:
1.保证安全性 (隐藏参数的真实性)
2.临时且唯一
jwt结构
header
playload
signature
保证负载数据是服务器签发的
经过编码之后的
依赖
<!-- https://mvnrepository.com/artifact/com.auth0/java-jwt -->
<dependency>
<groupId>com.auth0</groupId>
<artifactId>java-jwt</artifactId>
<version>3.15.0</version>
</dependency>```
令牌的获取
@Test
void contextLoads() {
//eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJleHAiOjE2MTk5NjE4NzYsInVzZXJpZCI6IjEyMyJ9.IOmncqSZnlXzzRrKo1W7j3jRuvc_AvWWY_vURYS8G7Lom6wzjXQ6C0mHRjKi4-2iz2vbOyY9ghxvmLxRoeh0DQ
HashMap<String,Object> map=new HashMap<>();
Calendar calendar=Calendar.getInstance();
calendar.add(Calendar.SECOND,20);
String token = JWT.create()
.withHeader(map)
.withClaim("userid", "123")
.withExpiresAt(calendar.getTime())//过期时间
.sign(Algorithm.HMAC512("!@#$%"));
System.out.println(token);
}
获取验证签名
@Test
public void test()
{
//创建验证对象
JWTVerifier jwtVerifier = JWT.require(Algorithm.HMAC512("!@#$%")).build();
DecodedJWT verify = jwtVerifier.verify("eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJleHAiOjE2MTk5NjI0OTQsInVzZXJpZCI6MTIzLCJ1c2VybmFtZSI6Imx6bSJ9.VwFY1EOZS4_u-pHswmcmPHYDlW9Yd-glyIG5lPYSaC0g39_tDXbhYt3CUOH4Ip6iqDyMwptE5Jf3O0p2Z3ABJQ");
System.out.println(verify.getClaim("userid"));
System.out.println(verify.getClaim("username"));
System.out.println(verify.getPayload());
System.out.println(verify.getSignature());
}
封装工具类
public class JWTUtils {
private static String TOKEN = "token!Q@W3e4r";
/**
* 生成token
* @param map //传入payload
* @return 返回token
*/
public static String getToken(Map<String,String> map){
JWTCreator.Builder builder = JWT.create();
map.forEach((k,v)->{
builder.withClaim(k,v);
});
Calendar instance = Calendar.getInstance();
instance.add(Calendar.SECOND,7);
builder.withExpiresAt(instance.getTime());
return builder.sign(Algorithm.HMAC256(TOKEN));
}
/**
* 验证token
* @param token
* @return
*/
public static void verify(String token){
JWT.require(Algorithm.HMAC256(TOKEN)).build().verify(token); // 如果验证通过,则不会把报错,否则会报错
}
/**
* 获取token中payload
* @param token
* @return
*/
public static DecodedJWT getToken(String token){
return JWT.require(Algorithm.HMAC256(TOKEN)).build().verify(token);
}
}