JWT
使用JJWT
###快速入门(后面有封装用法)
依赖
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt</artifactId>
<version>0.9.0</version>
</dependency>
生成令牌并解析
public static void main(String[] args) {
JwtBuilder builder= Jwts.builder()
.setId("888") //设置唯一编号
.setSubject("小白")//设置主题 可以是JSON数据
.setIssuedAt(new Date())//设置签发日期
.signWith(SignatureAlgorithm.HS256,"itcast");//设置签名 使用HS256算法,并设置SecretKey(字符串)
//构建 并返回一个字符串
System.out.println( builder.compact() );
String jwt = builder.compact();
Claims claims = Jwts.parser().setSigningKey("itcast").parseClaimsJws(jwt).getBody();
System.out.println(claims);
}
输出结果:
eyJhbGciOiJIUzI1NiJ9.eyJqdGkiOiI4ODgiLCJzdWIiOiLlsI_nmb0iLCJpYXQiOjE1ODcwNDEzMDd9.vLUDlR86I--WrdvT708KN6OHFKWCj7PwZU--ZLqUYzI
{jti=888, sub=小白, iat=1587041307}
注意加密和解密必须使用同一个签名才可以
设置JWT过期时间
//当前时间
long currentTimeMillis = System.currentTimeMillis();
Date date = new Date(currentTimeMillis+10000);
JwtBuilder builder= Jwts.builder()
.setId("888") //设置唯一编号
.setSubject("小白")//设置主题 可以是JSON数据
.setIssuedAt(new Date())//设置签发日期
.setExpiration(date)
.signWith(SignatureAlgorithm.HS256,"itcast");//设置签名 使用HS256算法,并设置SecretKey(字符串)
//构建 并返回一个字符串
System.out.println( builder.compact() );
自定义claims
如果你想存储更多的信息(例如角色)可以定义自定义claims。
public void createJWT(){
//当前时间
long currentTimeMillis = System.currentTimeMillis();
currentTimeMillis+=1000000L;
Date date = new Date(currentTimeMillis);
JwtBuilder builder= Jwts.builder()
.setId("888") //设置唯一编号
.setSubject("小白")//设置主题 可以是JSON数据
.setIssuedAt(new Date())//设置签发日期
.setExpiration(date)//设置过期时间
.claim("roles","admin")//设置角色
.signWith(SignatureAlgorithm.HS256,"itcast");//设置签名 使用HS256算法,并设置SecretKey(字符串)
//构建 并返回一个字符串
System.out.println( builder.compact() );
}
封装后的工具类
package com.xxx.xxx2.util;
import io.jsonwebtoken.JwtBuilder;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import java.util.Base64;
import java.util.Date;
/**
* JWT工具类
*/
public class JwtUtil {
//有效期为
public static final Long JWT_TTL = 3600000L;// 60 * 60 *1000 一个小时
//设置秘钥明文
public static final String JWT_KEY = "xxx";
/**
* 创建token
* @param id
* @param subject
* @param ttlMillis
* @return
*/
public static String createJWT(String id, String subject, Long ttlMillis) {
SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.HS256;
long nowMillis = System.currentTimeMillis();
Date now = new Date(nowMillis);
if(ttlMillis==null){
ttlMillis=JwtUtil.JWT_TTL;
}
long expMillis = nowMillis + ttlMillis;
Date expDate = new Date(expMillis);
SecretKey secretKey = generalKey();
JwtBuilder builder = Jwts.builder()
.setId(id) //唯一的ID
.setSubject(subject) // 主题 可以是JSON数据
.setIssuer("admin") // 签发者
.setIssuedAt(now) // 签发时间
.signWith(signatureAlgorithm, secretKey) //使用HS256对称加密算法签名, 第二个参数为秘钥
.setExpiration(expDate);// 设置过期时间
return builder.compact();
}
/**
* 生成加密后的秘钥 secretKey
* @return
*/
public static SecretKey generalKey() {
byte[] encodedKey = Base64.getDecoder().decode(JwtUtil.JWT_KEY);
SecretKey key = new SecretKeySpec(encodedKey, 0, encodedKey.length, "AES");
return key;
}
/**
* 解析
*
* @param jwt
* @return
* @throws Exception
*/
public static Claims parseJWT(String jwt) throws Exception {
SecretKey secretKey = generalKey();
return Jwts.parser()
.setSigningKey(secretKey)
.parseClaimsJws(jwt)
.getBody();
}
}
生成token
String token = JwtUtil.createJWT(UUID.randomUUID().toString(), "token中携带的数据", null);
解析token
JwtUtil.parseJWT(token);
使用非对称加密生成JWT
1.依赖
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-data</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-oauth2</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-security</artifactId>
</dependency>
2.生成私钥
keytool -genkeypair -alias 密钥别名 -keyalg 加密算法的名称(RSA) -keypass 密钥的访问密码 -keystore 最终生成的文件名称一般后缀是jks -storepass 密钥库的访问密码
keytool -genkeypair -alias changgou -keyalg RSA -keypass changgou -keystore changgou.jks -storepass changgou
3.生成公钥
keytool -list -rfc --keystore changgou.jks | openssl x509 -inform pem -pubkey
4.生成jwt
package com.changgou.oauth;
import com.alibaba.fastjson.JSON;
import org.junit.Test;
import org.springframework.core.io.ClassPathResource;
import org.springframework.security.jwt.Jwt;
import org.springframework.security.jwt.JwtHelper;
import org.springframework.security.jwt.crypto.sign.RsaSigner;
import org.springframework.security.rsa.crypto.KeyStoreKeyFactory;
import java.security.KeyPair;
import java.security.interfaces.RSAPrivateKey;
import java.util.HashMap;
import java.util.Map;
public class CreateJWTTest {
@Test
public void createJWT(){
//基于私钥生成jwt
//1. 创建一个秘钥工厂
//1: 指定私钥的位置
ClassPathResource classPathResource = new ClassPathResource("changgou.jks");
//2: 指定秘钥库的密码
String keyPass = "changgou";
KeyStoreKeyFactory keyStoreKeyFactory = new KeyStoreKeyFactory(classPathResource,keyPass.toCharArray());
//2. 基于工厂获取私钥
String alias = "changgou";
String password = "changgou";
KeyPair keyPair = keyStoreKeyFactory.getKeyPair(alias, password.toCharArray());
//将当前的私钥转换为rsa私钥
RSAPrivateKey rsaPrivateKey = (RSAPrivateKey) keyPair.getPrivate();
//3.生成jwt
Map<String,String> map = new HashMap();
map.put("company","heima");
map.put("address","beijing");
Jwt jwt = JwtHelper.encode(JSON.toJSONString(map), new RsaSigner(rsaPrivateKey));
String jwtEncoded = jwt.getEncoded();
System.out.println(jwtEncoded);
}
}
5.解密jwt
package com.changgou.oauth;
import org.junit.Test;
import org.springframework.security.jwt.Jwt;
import org.springframework.security.jwt.JwtHelper;
import org.springframework.security.jwt.crypto.sign.RsaVerifier;
public class ParseJwtTest {
@Test
public void parseJwt(){
//基于公钥去解析jwt
String jwt ="eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJhZGRyZXNzIjoiYmVpamluZyIsImNvbXBhbnkiOiJoZWltYSJ9.iijApV8zarqmkAUCvg8-te2WbXV3W4i9aN5cafw-tPjMnDIXXQXBdyQzKA2arUTQ9zaI6hOevW7XrbEFn-WHm1XJDWx-jt_HLqc0IRi1B5OSzD5ZgVoe3cqCqIVLYcfe-1f2Q5z78ZTZ5206KBTa-h1SA0799ETygmG_PA3Tv_gSn0R2NriDxj7OQS529IvQtwO4yesUcwVzjhjkFHECLuvrKfvHjtUXblSiZd_xMaqqHfcZwG2FEht5_MfqvcdbdcnV5O8VdsSKvxvX3ujSqSKvH8Ezi6YnlTZe0gbrWFyKjsZAM_FCfrqz47kmBEppyFaQq6yAqaOf2O0Di37Q_g";
//使用自己私钥对应的公钥
String publicKey ="-----BEGIN PUBLIC KEY-----MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjwGOEtoYeGyigK3CzThHP7C3uNJKTde5/Is0c/RPMCFaZIb/iLn8R4MZ77pMsUjYF/5Ab93ksryq8IaRCO7ZUYKl1WsvkWgVoNBxbl+KjrA65LUmB+azpiQipZOvBc+iSXvbF2HuT1ArVtpGkWUE0rtAENf41xUrPew2nCOWt/6DTpH+wmuuUCbW6bH1nBxHsW4OqZ3qwfv6d4oXdOyTifaZ8mpht8Tv52gP983Kno9lZTrIBJvtr5S0ALQ9nZ8TXHpl7oVD4ZnSHqu2pMxMndKMN/ouJ8orLqpHAO0v7FXgnEgX/o0wYhsXW/UnAtOB9jeFiomwj06a/w2tYkDDswIDAQAB-----END PUBLIC KEY-----";
Jwt token = JwtHelper.decodeAndVerify(jwt, new RsaVerifier(publicKey));
String claims = token.getClaims();
System.out.println(claims);
}
}