JWT
1. 什么是JWT?
JSON Web Token,通过数字签名的方式,以JSON对象为载体,在不同的服务终端之间安全的传输信息;
2. JWT有什么用?
JWT最常见的场景就是授权认证,一旦用户登录,后续每个请求都将包含JWT,系统在每次处理用户请求之前,都要先进行JWT安全校验,通过后在进行处理;
3. JWT的组成
JWT右3部分组成,使用.进行拼接。
eyJ0eXAiOiJqd3QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VybmFtZSI6InpoYW5nc2FuIiwicm9sZSI6ImFkbWluIiwic3ViIjoiYWRtaW4tdGVzdCIsImV4cCI6MTY4NjU0MDczMSwianRpIjoiOTc2MGY2MjUtMmM1ZS00YzgzLWE4M2QtYTY3MDY4YmFkZTNhIn0.wJDEgWculFDYcY_xFLqOIKEQU38L-JF2NT5ls4yBWwE
这三部分分别是:
-
Header
{
'typ': 'JWT',
'alg': 'HS256'
}
-
Payload(有效信息的存放点)
{
'sub': '123456',
'name': 'john',
'admin': true
}
-
Signature
var encodeString = base64UrlEncode(header)+'.'+base64UrlEncode(payload);
var signature = HMACSHA256(encodedString, 'secure'); //这里的secure就是盐
4. 依赖引入
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt</artifactId>
<version>0.9.1</version>
</dependency>
5. JWT实现
package org.example;
import io.jsonwebtoken.*;
import org.junit.jupiter.api.Test;
import java.util.Date;
import java.util.UUID;
public class JwtTest {
//有效期
private final long expiration = 1000 * 60 * 60 * 24; //一天
//加密key
private final String secureKey = "admin";
@Test
public void jwt(){
//获取JWT构造对象
JwtBuilder jwtBuilder = Jwts.builder();
String jwtToken = jwtBuilder
//header
.setHeaderParam("typ", "jwt")
.setHeaderParam("alg", "HS256")
//payload
.claim("username", "zhangsan")
.claim("role", "admin")
.setSubject("admin-test") //主题
.setExpiration(new Date(System.currentTimeMillis() + expiration))//有效期:一天
.setId(UUID.randomUUID().toString())//id
//signature
.signWith(SignatureAlgorithm.HS256, secureKey)
//将上面的三部分:header、payload、signature拼接成一个字符串
.compact();
// System.out.println(jwtToken);
}
@Test
public void parser(){
//jwt token
String jwtTokenString = "eyJ0eXAiOiJqd3QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VybmFtZSI6InpoYW5nc2FuIiwicm9sZSI6ImFkbWluIiwic3ViIjoiYWRtaW4tdGVzdCIsImV4cCI6MTY4NjU0MDczMSwianRpIjoiOTc2MGY2MjUtMmM1ZS00YzgzLWE4M2QtYTY3MDY4YmFkZTNhIn0.wJDEgWculFDYcY_xFLqOIKEQU38L-JF2NT5ls4yBWwE";
//获取JWT解密对象
JwtParser jwtParser = Jwts.parser();
Jws<Claims> claimsJws = jwtParser
.setSigningKey(secureKey)//传入加密时的key
.parseClaimsJws(jwtTokenString);//将jwt token转换为一个集合
//获取payload数据
Claims payloads = claimsJws.getBody();
//获取用户名
System.out.println(payloads.get("username")); //zhangsan
//有效期
System.out.println(payloads.getExpiration());//Mon Jun 12 11:32:11 CST 2023
JwsHeader headers = claimsJws.getHeader();
System.out.println(headers.get("alg"));//HS256
}
}
