jdk17亲测有效
1.引入jar包
<!--jwt令牌-->
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt</artifactId>
<version>0.9.1</version>
</dependency>
<!--jwt相关依赖,1.8以上的需要引入以下依赖-->
<dependency>
<groupId>javax.xml.bind</groupId>
<artifactId>jaxb-api</artifactId>
<version>2.3.1</version>
</dependency>
<dependency>
<groupId>com.sun.xml.bind</groupId>
<artifactId>jaxb-impl</artifactId>
<version>3.0.2</version>
</dependency>
<dependency>
<groupId>org.glassfish.jaxb</groupId>
<artifactId>jaxb-core</artifactId>
<version>3.0.2</version>
</dependency>
<dependency>
<groupId>javax.activation</groupId>
<artifactId>activation</artifactId>
<version>1.1.1</version>
</dependency>
jwt令牌测试,可以先放在test文件夹中进行测试,也可跳过
public class cordJwt {
private long time = 1000 * 60 * 60 * 1;
private String sign = "admin";
//创建
@Test
public void createJwt() {
JwtBuilder builder = Jwts.builder();
String jwtToken = builder
//指定头部信息
.setHeaderParam("typ", "JWT") //指定token类型
.setHeaderParam("alg", "HS256") //指定加密算法
//指定载荷信息
.claim("username", "talent_dog")
.claim("password", "123456")
.setSubject("admin_test") //指定主题名称
.setExpiration(new Date(System.currentTimeMillis() + time)) //指定过期时间
.setId(UUID.randomUUID().toString()) //指定唯一标识
//指定签名
.signWith(SignatureAlgorithm.HS256, sign) //指定加密算法及签名
.compact();
System.out.println(jwtToken);
}
//检查是否符合jwt语法规则
@Test
public void checkJwt() {
String token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VybmFtZSI6InRhbGVudF9kb2ciLCJwYXNzd29yZCI6IjEyMzQ1NiIsInN1YiI6ImFkbWluX3Rlc3QiLCJleHAiOjE3MDI2MzUyNTQsImp0aSI6IjNhNDQxMWJiLTY5ZWEtNGFiYS05NDg2LWNjYjdlYzkzMjEzOCJ9.Y5XvfP5ZBlUPM1jKZRTTK0ZP8DDprs_8sIdVde773_Y";
boolean signed = Jwts.parser().isSigned(token);
System.out.println(signed);
}
//解析jwt
@Test
public void parseJwt() {
String token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VybmFtZSI6InRhbGVudF9kb2ciLCJwYXNzd29yZCI6IjEyMzQ1NiIsInN1YiI6ImFkbWluX3Rlc3QiLCJleHAiOjE3MDI2MzUyNTQsImp0aSI6IjNhNDQxMWJiLTY5ZWEtNGFiYS05NDg2LWNjYjdlYzkzMjEzOCJ9.Y5XvfP5ZBlUPM1jKZRTTK0ZP8DDprs_8sIdVde773_Y";
JwtParser parser = Jwts.parser(); //创建解析器对象
//类似于map集合
Jws<Claims> claimsJws = parser.setSigningKey(sign).parseClaimsJws(token);//设置签名及解析,转换为key-value的结构
//获取存储信息
System.out.println(claimsJws.getHeader());
System.out.println(claimsJws.getBody());
System.out.println(claimsJws.getSignature());
//使用get(String),get(String,Class)方法获取值
System.out.println(claimsJws.getBody().get("username"));
System.out.println(claimsJws.getBody().get("password", String.class));
}
}
jwt封装类
public class JwtUtil {
private static long time = 1000 * 60 * 60 * 1; // 设置过期时间
private static String sign = "admin"; //签名
//创建
public static String createJwt(Object data) {
JwtBuilder builder = Jwts.builder();
String jwtToken = builder
//指定头部信息
.setHeaderParam("typ", "JWT") //指定token类型
.setHeaderParam("alg", "HS256") //指定加密算法
//指定载荷信息
.claim("data", data)
.setSubject("admin_test") //指定主题名称
.setExpiration(new Date(System.currentTimeMillis() + time)) //指定过期时间
.setId(UUID.randomUUID().toString()) //指定唯一标识
//指定签名
.signWith(SignatureAlgorithm.HS256, sign) //指定加密算法及签名
.compact();
return jwtToken;
}
//检查是否符合jwt语法规则
//可以配合拦截器interceptor一起使用
public static boolean checkJwt(String jwtStr) {
if (jwtStr == null || jwtStr.length() == 0) {
return false; //jwt过期
}
return Jwts.parser().isSigned(jwtStr);
}
//解析jwt
public static Jws<Claims> parseJwt(String jwtStr) {
JwtParser parser = Jwts.parser(); //创建解析器对象
//类似于map集合
Jws<Claims> claimsJws = parser.setSigningKey(sign).parseClaimsJws(jwtStr);//设置签名及解析,转换为key-value的结构
return claimsJws;
}
}
jwt拦截器
@Configuration
public class TokenIterceptor implements HandlerInterceptor {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
String token = request.getHeader("token"); //获取请求头中的token,前端必须放在请求头中
if (!JwtUtil.checkJwt(token)){
return false;
}
return true;
}
}