一实现思路
二:实现步骤
1.导入依赖
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt</artifactId>
<version>0.9.0</version>
</dependency>
2.生成token
@Test
public void jwtTokenCreateTest(){
JwtBuilder builder = Jwts.builder()
.setId("666").setSubject("好好学习天天向上")
.setIssuedAt(new Date())
//添加自定义属性
.claim("role","admin")
.setExpiration(new Date(new Date().getTime()+600000))
.signWith(SignatureAlgorithm.HS256,"maoguidong");
String jwtToken = builder.compact();
System.out.println(jwtToken);
}
3.解析Token,验证token的正确性
@Test
public void jwtTokenParseTest(){
String token = "eyJhbGciOiJIUzI1NiJ9.eyJqdGkiOiI2NjYiLCJzdWIiOiLooYzotbDlnKjniZt" +
"B55qE6Lev5LiKIiwiaWF0IjoxNTYxMjE2ODc4LCJleHAiOjE1NjEyMTY4ODF9.GhmAQ_G8aFExXc84Wefl13SwAJBqkDtQ05EsAqpAUUw";
Claims claims = Jwts.parser().setSigningKey("maoguidong")
.parseClaimsJws(token).getBody();
System.out.println(claims.getId());
System.out.println(claims.getSubject());
System.out.println(claims.getIssuedAt());
System.out.println(claims.getExpiration());
//获取属性
System.out.println(claims.get("role"));
}
注意:过期或者信息不正确,都会抛出相关异常。
4.工具类生成token
public class JwtUtils {
//密钥由调用方来决定
private String secretKey;
//有效期也由调用方来决定
private long ttl;
public String getSecretKey() {
return secretKey;
}
public void setSecretKey(String secretKey) {
this.secretKey = secretKey;
}
public long getTtl() {
return ttl;
}
public void setTtl(long ttl) {
this.ttl = ttl;
}
public String createJwtToken(String id,String subject){
long now = System.currentTimeMillis();
JwtBuilder jwtBuilder = Jwts.builder()
.setId(id).setSubject(subject)
.setIssuedAt(new Date(now))
.signWith(SignatureAlgorithm.HS256,secretKey);
if(ttl > 0){
jwtBuilder.setExpiration(new Date(now+ttl));
}
return jwtBuilder.compact();
}
public Claims parseJwtToken(String jwtToken){
return Jwts.parser().setSigningKey(secretKey)
.parseClaimsJws(jwtToken).getBody();
}
}