一、常见的认证机制:
- HTTP Basic Auth
- 请求带用户名和密码
- Cookie Auth
- Cookie 和 Session
- OAuth
- 第三方登录
- Token Auth
- 支持跨域访问
- 无状态
- 更适用于 CDN
- 去耦
- 不需要考虑对 CSRF(跨域请求伪造) 的防范
二、JWT(json web token)
-
由头部、载荷、签名组成。
-
标准中注册的声明
-
公共的声明
-
私有的声明
-
创建 Token:
import io.jsonwebtoken.JwtBuilder; import io.jsonwebtoken.Jwts; import io.jsonwebtoken.SignatureAlgorithm; import org.junit.Test; import java.util.Date; /** * @author 华韵流风 * @ClassName JJwtTest * @Date 2021/10/13 15:09 * @packageName PACKAGE_NAME * @Description TODO */ public class JJwtTest { @Test public void makeToken() { JwtBuilder builder = Jwts.builder().setId("888").setSubject("小白").setIssuedAt(new Date()).signWith(SignatureAlgorithm.HS256, "zhong"); System.out.println(builder.compact()); } }
-
解析 token:
-
@Test public void parseToken() { String token = "eyJhbGciOiJIUzI1NiJ9.eyJqdGkiOiI4ODgiLCJzdWIiOiLlsI_nmb0iLCJpYXQiOjE2MzQxMDkzMzh9.2VZRHclfK06QTVDhoFTaCu-Oc-M7jKtDs_KNnVSBiUA"; Claims claims = Jwts.parser().setSigningKey("zhong").parseClaimsJws(token).getBody(); System.out.println("id:" + claims.getId()); System.out.println("subject:" + claims.getSubject()); System.out.println("issuedAt:" + claims.getIssuedAt()); System.out.println(claims); }
-
-
设置过期时间:
@Test public void overTimeToken() { long now = System.currentTimeMillis(); long exp = now + 1000 * 60; JwtBuilder builder = Jwts.builder().setId("888").setSubject("小白").setIssuedAt(new Date()).signWith(SignatureAlgorithm.HS256, "zhong").setExpiration(new Date(exp)); System.out.println(builder.compact()); } @Test public void parseOverTimeToken() { String compactJws = "eyJhbGciOiJIUzI1NiJ9.eyJqdGkiOiI4ODgiLCJzdWIiOiLlsI_nmb0iLCJpYXQiOjE2MzQxMTA0ODUsImV4cCI6MTYzNDExMDU0M30.miyxfc5M6ir43x5SXWBota7pAiBcxR0B-hXg8UQYEQw"; Claims claims = Jwts.parser().setSigningKey("zhong").parseClaimsJws(compactJws).getBody(); System.out.println("id:" + claims.getId()); System.out.println("subject:" + claims.getSubject()); SimpleDateFormat sdf = new SimpleDateFormat("yyyy‐MM‐dd hh:mm:ss"); System.out.println("签发时间:" + sdf.format(claims.getIssuedAt())); System.out.println("过期时间:" + sdf.format(claims.getExpiration())); System.out.println("当前时间:" + sdf.format(new Date())); }