JWT 比session更好的分布式前后端认证方案
JWT_java
<dependency>
<groupId>com.auth0</groupId>
<artifactId>java-jwt</artifactId>
<version>3.10.3</version>
</dependency>
class SpringbootJwtApplicationTests {
@Test
void contextLoads() {
Calendar instance = Calendar.getInstance();
instance.add(Calendar.SECOND,200);
String token = JWT.create()
.withClaim("userId", 12)
.withClaim("userName", "hello")
.withExpiresAt(instance.getTime())
.sign(Algorithm.HMAC256("!QW@#C2"));
System.out.println(token);
}
@Test
public void test(){
JWTVerifier jwtVerifier = JWT.require(Algorithm.HMAC256("!QW@#C2")).build();
DecodedJWT verify = jwtVerifier.verify("eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyTmFtZSI6ImhlbGxvIiwiZXhwIjoxNjAxMDg5OTU2LCJ1c2VySWQiOjEyfQ.Npk4nU1bCvd9uRf4_7SCQ8VjklkWXERB6x349-bmebA");
System.out.println(verify.getClaim("userId").asInt());
System.out.println(verify.getClaim("userName").asString());
System.out.println(verify.getExpiresAt());
}
}
JWT封装 (JWTUtils)
package com.ll.springboot_jwt.utils;
import com.auth0.jwt.JWT;
import com.auth0.jwt.JWTCreator;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.interfaces.DecodedJWT;
import java.util.Calendar;
import java.util.Map;
public class JWTUtils {
private static final String SING = "!QW@#C266YX33";
public static String getToken(Map<String,String> map){
Calendar instance = Calendar.getInstance();
instance.add(Calendar.DATE,7);
JWTCreator.Builder builder = JWT.create();
map.forEach((k,v)->{
builder.withClaim(k,v);
});
String token = builder.withExpiresAt(instance.getTime())
.sign(Algorithm.HMAC256(SING));
return token;
}
public static DecodedJWT verify(String token){
return JWT.require(Algorithm.HMAC256(SING)).build().verify(token);
}
}