依赖
<dependency>
<groupId>com.auth0</groupId>
<artifactId>java-jwt</artifactId>
<version>3.4.0</version>
</dependency>
代码如下:
package com.utils;
import com.auth0.jwt.JWT;
import com.auth0.jwt.JWTVerifier;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.exceptions.JWTVerificationException;
import com.auth0.jwt.interfaces.DecodedJWT;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
/**
* Created with IntelliJ IDEA.
*
* @Auther: cqwuliu
* @Date: 2022/11/26/22:50 will_isme@163.com
* @Description:
*/
public class JWTUtil {
/**
* token过期时间 过期时间2分钟
*/
private static final long EXPIRE_TIME = 2*60*1000;
/**
* token秘钥,设置的复杂点这里用一串uuid,并用HMAC256加密的
*/
private static final String TOKEN_SECRET = "JFKDJFKGFGFGIFG8R9589589";
/**
* 生成签名token,30分钟过期
* @param userName 用户名
* //@param userId 用户ID
* @param loginTime 登录时间
* @return 生成的token
*/
public static String generatorToken(String userName ,String loginTime) {
//过期时间
Date date = new Date(System.currentTimeMillis()+EXPIRE_TIME );
//秘钥及加密算法
Algorithm algorithm = Algorithm.HMAC256(TOKEN_SECRET);
//设置头部信息
Map<String,Object> header = new HashMap<String,Object>(2);
header.put("type","JWT");
header.put("alg","HS256");
//附带用户信息,生成token
return JWT.create()
.withHeader(header)
.withIssuer("auth0")
.withClaim("userName",userName)
// .withClaim("userId",userId)
.withClaim("loginTime",loginTime)
.withExpiresAt(date)
.sign(algorithm);
}
/**
* 检验token是否正确
* @param token 需要校验的token
* @return 校验是否成功
*/
public static boolean verify(String token){
try {
//设置签名的加密算法:HMAC256
Algorithm algorithm = Algorithm.HMAC256(TOKEN_SECRET);
JWTVerifier verifier = JWT.require(algorithm).build();
DecodedJWT jwt = verifier.verify(token);
return true;
} catch (Exception e){
return false;
}
}
/**
* 先验证token是否被伪造,然后解码token。
* @param token 字符串token
* @return 解密后的DecodedJWT对象,可以读取token中的数据。
*/
public DecodedJWT deToken(final String token) {
DecodedJWT jwt = null;
try {
// 使用了HMAC256加密算法。
// mysecret是用来加密数字签名的**。
JWTVerifier verifier = JWT.require(Algorithm.HMAC256(TOKEN_SECRET))
.withIssuer("auth0")
.build(); //Reusable verifier instance
jwt = verifier.verify(token);
} catch (JWTVerificationException exception){
//Invalid signature/claims
exception.printStackTrace();
} catch (IllegalArgumentException e) {
e.printStackTrace();
}
return jwt;
}
}
测试代码
package com.utils;
import com.auth0.jwt.JWT;
import com.auth0.jwt.JWTVerifier;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.exceptions.JWTVerificationException;
import com.auth0.jwt.interfaces.DecodedJWT;
import java.io.UnsupportedEncodingException;
/**
* Created with IntelliJ IDEA.
*
* @Auther: cqwuliu
* @Date: 2022/11/27/0:14 will_isme@163.com
* @Description:
*/
public final class Decrypt {
public static void main(String[] args) {
// 生成token
JWTUtil encrypt = new JWTUtil();
String token = JWTUtil.generatorToken("zhangchao", "20220101");
// 打印token
System.out.println("token: " + token);
// 解密token
DecodedJWT jwt = encrypt.deToken(token);
System.out.println("issuer: " + jwt.getIssuer());
System.out.println("username: " + jwt.getClaim("userName").asString());
System.out.println("time: " + jwt.getClaim("loginTime").asString());
System.out.println("过期时间: " + jwt.getExpiresAt());
}
}