JSON Web Token,简称 JWT, 是一个开放的标准(RFC 7519),它定义了以一种紧凑的、自包含的 JSON 对象在各方之间安全传输信息的方式。该信息含有数字签名,可以被验证和信任。
JWT的介绍这里就不说了,想了解的可以看一下这边博客:JSON Web Token 入门教程
或者直接参考官方网站:https://jwt.io
项目是SpringBoot2.0,下面直接上代码。
Maven配置:
<dependency>
<groupId>com.auth0</groupId>
<artifactId>java-jwt</artifactId>
<version>3.3.0</version>
</dependency>
JWT工具:
这里使用了自定义字段和官方建议字段
package com.example.demo.util; import com.auth0.jwt.JWT;
import com.auth0.jwt.JWTVerifier;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.interfaces.Claim;
import com.auth0.jwt.interfaces.DecodedJWT;
import java.util.Calendar;
import java.util.Date;
import java.util.HashMap;
import java.util.Map; /**
* @date 2019/4/25 11:46
* @atuther wangbo
*/
public class JwtUtil { //密钥
public static final String SECRET = "sdjhakdhajdklsl;o653632";
//过期时间:秒
public static final int EXPIRE = 5; /**
* 生成Token
* @param userId
* @param userName
* @return
* @throws Exception
*/
public static String createToken(String userId, String userName) throws Exception {
Calendar nowTime = Calendar.getInstance();
nowTime.add(Calendar.SECOND, EXPIRE);
Date expireDate = nowTime.getTime(); Map<String, Object> map = new HashMap<>();
map.put("alg", "HS256");
map.put("typ", "JWT"); String token = JWT.create()
.withHeader(map)//头
.withClaim("userId", userId)
.withClaim("userName", userName)
.withSubject("测试")//
.withIssuedAt(new Date())//签名时间
.withExpiresAt(expireDate)//过期时间
.sign(Algorithm.HMAC256(SECRET));//签名
return token;
} /**
* 验证Token
* @param token
* @return
* @throws Exception
*/
public static Map<String, Claim> verifyToken(String token)throws Exception{
JWTVerifier verifier = JWT.require(Algorithm.HMAC256(SECRET)).build();
DecodedJWT jwt = null;
try {
jwt = verifier.verify(token);
}catch (Exception e){
throw new RuntimeException("凭证已过期,请重新登录");
}
return jwt.getClaims();
} /**
* 解析Token
* @param token
* @return
*/
public static Map<String, Claim> parseToken(String token){
DecodedJWT decodedJWT = JWT.decode(token);
return decodedJWT.getClaims();
} }
测试类:
public static void main(String[] args){
try {
String token = JwtUtil.createToken("12345", "wangbo");
System.out.println("token=" + token);
//Thread.sleep(5000);
Map<String, Claim> map = JwtUtil.verifyToken(token);
//Map<String, Claim> map = JwtUtil.parseToken(token);
//遍历
for (Map.Entry<String, Claim> entry : map.entrySet()){
if (entry.getValue().asString() != null){
System.out.println(entry.getKey() + "===" + entry.getValue().asString());
}else {
System.out.println(entry.getKey() + "===" + entry.getValue().asDate());
}
}
}catch (Exception e){
e.printStackTrace();
}
测试结果:
token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiLmtYvor5UiLCJ1c2VyTmFtZSI6IndhbmdibyIsImV4cCI6MTU1NjE3NjYwNiwidXNlcklkIjoiMTIzNDUiLCJpYXQiOjE1NTYxNzY2MDF9.FNVh-NbFHgScsbbuwLvQL-sOqLuaAoI8jxMvudq81J8
sub===测试
userName===wangbo
exp===Thu Apr 25 15:16:46 CST 2019
userId===12345
iat===Thu Apr 25 15:16:41 CST 2019
基本就是这些了。