1.什么是jwt
把安全数据封装起来 ,以json字符串的格式进行传输
public class Test {
@org.junit.Test
public void jwt() {
//jwt -->三部分组成
long time = 1000 * 60 * 60 * 24;
String key = "admin";
JwtBuilder builder = Jwts.builder();
//1. header:一般由两部分组成,一部分是声明类型,一部分是声明加密的算法。
String compact = builder.setHeaderParam("type", "JWT")
.setHeaderParam("alg", "HS256")
//2. payload(载荷):存放需要传输的信息,一般存放用户的相关数据,比如用户的ID,用户的权限等。
.claim("username", "tom")
.claim("role", "admin")
.setSubject("admin-test")
.setExpiration(new Date(System.currentTimeMillis() + time))
.setId(UUID.randomUUID().toString())
//3. signature:是将header和payload进行加密生成的签名,防止数据在传输过程中被篡改。
.signWith(SignatureAlgorithm.HS256, key)
.compact();
System.out.println(compact);
JwtParser parser = Jwts.parser();
Jws<Claims> claimsJws = parser.setSigningKey(key).parseClaimsJws(compact);
Claims body = claimsJws.getBody();
System.out.println(body.get("username"));
System.out.println(body.getSubject());
}
@org.junit.Test
public void Login() {
//模拟前端携带的账号和密码访问
String name = "admin";
String password = "123456";
JwtBuilder builder = Jwts.builder();
String key = name;
String token = null;
if (name.equals("admin") && password.equals("123456")) {
token = builder.setHeaderParam("type", "JWT")
.setHeaderParam("alg", "HS256")
.claim("name", name)
.claim("password", password)
.setSubject(name)
.setId(password)
.setExpiration(new Date(System.currentTimeMillis() + 1000 * 60 * 60 * 24))
.signWith(SignatureAlgorithm.HS256, key)
.compact();
System.out.println(token);
} else {
System.out.println("错误");
}
System.out.println("访问其他请求(请携带token):");
String next = token;
if (next.equals(token)) {
System.out.println("获取token成功,正在解析获取id");
Jws<Claims> claimsJws = Jwts.parser().setSigningKey(key).parseClaimsJws(token);
System.out.println(claimsJws.getBody().getId());
System.out.println(claimsJws.getBody().get("name"));
System.out.println(claimsJws.getBody().get("password"));
System.out.println(claimsJws.getBody().getSubject());
} else {
System.out.println("未带token,不可访问");
}
}
}