JWT(JSON Web Token)是一种无状态登录认证技术,详细说明可参看官网文档 https://jwt.io/introduction
1、使用JWT实现用户登录认证
具体代码如下:
(1)引用 Maven 依赖 :
<dependency> <groupId>com.auth0</groupId> <artifactId>java-jwt</artifactId> <version>3.5.0</version> </dependency>
(2)编写工具类:
/* * Copyright (c) 2018-2028, Wujingjie All rights reserved. * * Author: wujingjie (wuhang2008it@hotmail.com) */ package com.test.common.utils; import com.auth0.jwt.JWT; import com.auth0.jwt.JWTVerifier; import com.auth0.jwt.algorithms.Algorithm; import com.auth0.jwt.interfaces.Claim; import com.auth0.jwt.interfaces.DecodedJWT; import lombok.extern.slf4j.Slf4j; import org.apache.commons.lang3.StringUtils; import java.util.Date; import java.util.HashMap; import java.util.Map; @Slf4j public class TokenUtil { /** * token过期时间 */ private static final long EXPIRE_TIME = 30 * 60 * 1000; /** * token秘钥 */ private static final String TOKEN_SECRET = "wujingjie"; /** * 生成签名,30分钟过期 * @param username 用户名 * @param password 密码 * @param deviceId 设备ID * @param loginTime 登录时间 * @return */ public static String sign(String username,String password,String deviceId,String loginTime) { try { // 设置过期时间 Date date = new Date(System.currentTimeMillis() + EXPIRE_TIME); // 私钥和加密算法 Algorithm algorithm = Algorithm.HMAC256(TOKEN_SECRET); // 返回token字符串 return JWT.create() .withClaim("userName", username) .withClaim("password", password) .withClaim("deviceId", deviceId) .withClaim("loginTime", loginTime) .withExpiresAt(date) .sign(algorithm); } catch (Exception e) { log.info("生成签名异常信息 = {}",e.toString()); return ""; } } /** * 检验token是否正确 * @param token 需要校验的token * @return 校验是否成功 */ public static boolean verify(String token){ try { //设置签名的加密算法:HMAC256 Algorithm algorithm = Algorithm.HMAC256(TOKEN_SECRET); JWTVerifier verifier = JWT.require(algorithm).build(); DecodedJWT jwt = verifier.verify(token); return true; } catch (Exception e){ log.info("检验token异常信息 = {}",e.toString()); return false; } } /** * 解析token * @param token * @return */ public static Map<String,String> analysis(String token) { Map<String,String> map = new HashMap<>(8); if (StringUtils.isEmpty(token)) { return map; } DecodedJWT decodedJWT = JWT.decode(token); Map<String,Claim> claimsMap = decodedJWT.getClaims(); for (String key : claimsMap.keySet()) { map.put(key,claimsMap.get(key).asString()); } return map; } /** * 验证并解析token * @param token * @return */ public static Map<String, String> verifyAndAnalysis(String token) { Map<String, String> map = new HashMap<>(8); if (StringUtils.isEmpty(token)) { return map; } try { //设置签名的加密算法:HMAC256 Algorithm algorithm = Algorithm.HMAC256(TOKEN_SECRET); JWTVerifier verifier = JWT.require(algorithm).build(); DecodedJWT jwt = verifier.verify(token); //验证成功则解析 Map<String, Claim> claimsMap = jwt.getClaims(); for (String key : claimsMap.keySet()) { map.put(key, claimsMap.get(key).asString()); } return map; } catch (Exception e) { log.info("验证并解析token异常信息 = {}",e.toString()); return map; } } }
2、运行结果
public static void main(String[] args) { //生成签名,30分钟过期 System.out.println(TokenUtil.sign("wujingjie", "123456", "119", "2023-05-21 15:18:30")); } 执行结果: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJwYXNzd29yZCI6IjEyMzQ1NiIsImxvZ2luVGltZSI6IjIwMjMtMDUtMjEgMTU6MTg6MzAiLCJ1c2VyTmFtZSI6Ind1amluZ2ppZSIsImV4cCI6MTY4NTAwMzUwMSwiZGV2aWNlSWQiOiIxMTkifQ.KQZqWE_LgPx_6dZQNQjrFRFLiR1792-vtGhSAyfKG7I